Chiebot-Mirror/boringssl - boringssl - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
David Benjamin	dfddbc4ded	Align with OpenSSL on TLS 1.3 cipher suite constants. Our TLS 1.3 stack predates OpenSSL's. We chose TLS1_CK_* to align with the existing names. OpenSSL made a new convention, TLS1_3_CK_. Match them. This means that, in the likely event that TLS 1.4 uses the same constants, they'll have weird names, just as several of our constants still say SSL3_ but it doesn't particularly matter. Change-Id: I97f29b224d0d282e946344e4b907f2df2be39ce1 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53425 Auto-Submit: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Bob Beck <bbe@google.com> Reviewed-by: Bob Beck <bbe@google.com>	3 years ago
Adam Langley	451ea3ca3e	Add SSL_[CTX_]_set_compliance_policy. These functions aid in meeting specific compliance goals and allows configuration of things like TLS 1.3 cipher suites, which are otherwise not configurable. Change-Id: I668afc734a19ecd4b996eaa23be73ce259b13fa2 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52625 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>	3 years ago
David Benjamin	bcef51424b	Const-correct message creation hooks. Make it a little clearer they shouldn't be updating sequence numbers, enqueuing the message, etc. That's left to add_message. (ECH clients need to construct a pair of parallel ClientHellos.) Change-Id: I554a8f200d464727bc219b66931b3d0bae266f76 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47908 Reviewed-by: Adam Langley <agl@google.com>	4 years ago
David Benjamin	b571e77773	Add experimental handshake hints API. See go/handshake-hints (internal). CL originally by Bin Wu <wub@google.com>. I just reworked the tests and tidied it up a bit. This is the start of a replacement for the split handshakes API. For now, only TLS 1.3 is supported. It starts with an initial set of hints, but we can add more later. (In particular, we should probably apply the remote handshaker's extension order to avoid needing to capability protect such changes.) Change-Id: I7b6a6dfaa84c6c6e3436d2a4026c3652b8a79f0f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46535 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>	4 years ago
David Benjamin	084064becc	Add a few missing SSL_R_BIO_NOT_SET cases. The ssl_buffer.cc code handles this, but since outgoing handshake I/O goes through a different path, it was missing these checks. Change-Id: I4fed62b435b577645c405d0d995511a58d47a702 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46531 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>	4 years ago
Adam Langley	fb0c05cac2	acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>	5 years ago