Chiebot-Mirror/boringssl - boringssl - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
David Schinazi	3d8b8c3df2	Add support for the new QUIC TLS extension codepoint IETF QUIC draft 33 is replacing the TLS extension codepoint for QUIC transport parameters from 0xffa5 to 57. To support multiple versions of Chrome, we need to support both codepoints in BoringSSL. This CL adds support for the new codepoint in a way that can be enabled on individual connections. Note that when BoringSSL is not in QUIC mode, it will error if it sees the new codepoint as a server but it will ignore the legacy codepoint as that could be a different private usage of that codepoint. Change-Id: I314f8f0b169cedd96eeccc42b44153e97044388c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44704 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com>	4 years ago
David Benjamin	47d1274fd2	Make QUIC tests work with early data. This changes the format of the mock QUIC transport to include an explicit encryption level, matching real QUIC a bit better. In particular, we need that extra data to properly skip rejected early data on the shim side. (On the runner, we manage it by synchronizing with the TLS stack. Still, the levels make it a bit more accurate.) Testing sending and receiving of actual early data is not very relevant in QUIC since application I/O is external, but this allows us to more easily run the same tests in TLS and QUIC. Along the way, improve error-reporting in mock_quick_transport.cc so it's easier to diagnose record-level mismatches. Change-Id: I96175a4023134b03d61dac089f8e7ff4eb627933 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44988 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>	4 years ago
Steven Valdez	51607f1fe1	Implement draft-vvv-tls-alps-01. (Original CL by svaldez, reworked by davidben.) Change-Id: I8570808fa5e96a1c9e6e03c4877039a22e73254f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42404 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>	4 years ago
David Benjamin	bb72a8d649	Allow specifying different initial and resumption expectations. We have an ad-hoc expectResumeVersion, and I'll want to add one for ALPS (to confirm changing ALPS on resumption works). We probably could have done with such a test for ALPN too. Wrap all the ConnectionState expectations into a struct with an optional resumeExpectations field. Also move the OCSPResponse() method to ConnectionState for consistency. Change-Id: Icaabf5571c51e78ed078f57de0e04928d3f3fa8d Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43084 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com>	5 years ago
Adam Langley	fb0c05cac2	acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>	5 years ago