Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/mono/boringssl.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/ssl/d1_pkt.c
AgeCommit message (Collapse)Author
2014-12-14Reformatting of several DTLS source files.Adam Langley
This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
2014-12-14Remove method swap in DTLS_ANY_VERSION.David Benjamin
DTLS_method() can now negotiate versions without switching methods. Change-Id: I0655b3221b6e7e4b3ed4acc45f1f41c594447021 Reviewed-on: https://boringssl-review.googlesource.com/2582 Reviewed-by: Adam Langley <agl@google.com>
2014-12-14Pull SSL3_ENC_METHOD out of SSL_METHOD.David Benjamin
SSL3_ENC_METHOD will remain version-specific while SSL_METHOD will become protocol-specific. This finally removes all the version-specific portions of SSL_METHOD but the version tag itself. (SSL3_ENC_METHOD's version-specific bits themselves can probably be handled by tracking a canonicalized protocol version. It would simplify version comparisons anyway. The one catch is SSLv3 has a very different table. But that's a cleanup for future. Then again, perhaps a version-specific method table swap somewhere will be useful later for TLS 1.3.) Much of this commit was generated with sed invocation: s/method->ssl3_enc/enc_method/g Change-Id: I2b192507876aadd4f9310240687e562e56e6c0b1 Reviewed-on: https://boringssl-review.googlesource.com/2581 Reviewed-by: Adam Langley <agl@google.com>
2014-12-05Check EVP_Cipher return values.David Benjamin
PR#1767 (Imported from upstream's fe78f08d1541211566a5656395186bfbdc61b6f8) Not sure this is reachable (upstream's PR references custom engines), but better be tidy. Note this is slightly different from upstream's: EVP_Cipher is documented to return -1 on failure, not 0. Change-Id: I836f12b73c6912a8ae8cbd37cfd3d33466acbc9e Reviewed-on: https://boringssl-review.googlesource.com/2478 Reviewed-by: Adam Langley <agl@google.com>
2014-12-02Replace s->first_packet with a s->s3->have_version bit.David Benjamin
first_packet is a temporary connection-global flag set for the duration of some call and then queried from other code. This kind of logic is too difficult to reason through. It also incorrectly treats renegotiate ClientHellos as pre-version-negotiation records. This eliminates the need to query enc_write_ctx (which wasn't EVP_AEAD-aware anyway). Instead, take a leaf from Go TLS's book and add a have_version bit. This is placed on s->s3 as it is connection state; s->s3 automatically gets reset on SSL_clear while s doesn't. This new flag will also be used to determine whether to do the V2ClientHello sniff when the version-locked methods merge into SSLv23_method. It will also replace needing to condition s->method against a dummy DTLS_ANY_VERSION value to determine whether DTLS version negotiation has happened yet. Change-Id: I5c8bc6258b182ba4ab175a48a84eab6d3a001333 Reviewed-on: https://boringssl-review.googlesource.com/2442 Reviewed-by: Adam Langley <agl@google.com>
2014-12-02Remove SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.David Benjamin
It's unused. Also per the previous commit message, it historically had a bug anyway. Change-Id: I5868641e7938ddebbc0ffd72d218c81cd17c7739 Reviewed-on: https://boringssl-review.googlesource.com/2437 Reviewed-by: Adam Langley <agl@google.com>
2014-12-02Fix DTLS_ANY_VERSION and add tests.David Benjamin
This fixes bugs that kept the tests from working: - Resolve DTLS version and cookie before the session. - In DTLS_ANY_VERSION, ServerHello should be read with first_packet = 1. This is a regression from f2fedefdcaf62f10b566f55858c25f35112072ea. We'll want to do the same for TLS, but first let's change this to a boolean has_version in a follow-up. Things not yet fixed: - DTLS code is not EVP_AEAD-aware. Those ciphers are disabled for now. - On the client, DTLS_ANY_VERSION creates SSL_SESSIONs with the wrong ssl_version. The tests pass because we no longer enforce the match as of e37216f56009fbf48c3a1e733b7a546ca6dfc2af. (In fact, we've gone from the server ignoring ssl_version and client enforcing to the client mostly ignoring ssl_version and the server enforcing.) - ssl3_send_client_hello's ssl_version check checks for equality against s->version rather than >. Change-Id: I5a0dde221b2009413df9b9443882b9bf3b29519c Reviewed-on: https://boringssl-review.googlesource.com/2403 Reviewed-by: Adam Langley <agl@google.com>
2014-11-11Remove #if 0'd code documenting an old bug.David Benjamin
It was a bug anyway. Change-Id: I59d680ce3615a4b24e72a9b6fa16939d83cc15ac Reviewed-on: https://boringssl-review.googlesource.com/2234 Reviewed-by: Adam Langley <agl@google.com>
2014-11-11Keep retransmit window size architecture-independent.David Benjamin
Parameters like these should not change between 32-bit and 64-bit. 64 is also the value recommended in RFC 6347, section 4.1.2.6. Document those fields while I'm here. Change-Id: I8481ee0765ff3d261a96a2e1a53b6ad6695b2d42 Reviewed-on: https://boringssl-review.googlesource.com/2222 Reviewed-by: Adam Langley <agl@google.com>
2014-11-11Remove DTLSv1_listen.David Benjamin
This was added in http://rt.openssl.org/Ticket/Display.html?id=2033 to support a mode where a DTLS socket would statelessly perform the ClientHello / HelloVerifyRequest portion of the handshake, to be handed off to a socket specific to this peer address. This is not used by WebRTC or other current consumers. If we need to support something like this, it would be cleaner to do the listen portion (cookieless ClientHello + HelloVerifyRequest) externally and then spin up an SSL instance on receipt of a cookied ClientHello. This would require a slightly more complex BIO to replay the second ClientHello but would avoid peppering the DTLS handshake state with a special short-circuiting mode. Change-Id: I7a413932edfb62f8b9368912a9a0621d4155f1aa Reviewed-on: https://boringssl-review.googlesource.com/2220 Reviewed-by: Adam Langley <agl@google.com>
2014-11-04Make SSL_MODE_AUTO_RETRY the default.Adam Langley
Without SSL_MODE_AUTO_RETRY, even blocking mode will return SSL_ERROR_WANT_{READ|WRITE} in the event of a renegotiation. The comments in the code speak only of "nasty problems" unless this is done. The original commit that added SSL_MODE_AUTO_RETRY (54f10e6adce56eb2e59936e32216162aadc5d050) gives a little more detail: The [...] behaviour is needed by applications such as s_client and s_server that use select() to determine when to use SSL_read. Without the -nbio flag, s_client will use select() to find when the socket is readable and then call SSL_read with a blocking socket. However, this will still block in the event of an incomplete record, so the delay is already unbounded. This it's very unclear what the point of this behaviour ever was. Perhaps if the read and write paths were different sockets where the read socket was non-blocking but the write socket was blocking. But that seems like an implausible situation to worry too much about. Change-Id: I9d9f2526afc2e0fd0e5440e9a047f419a2d61afa Reviewed-on: https://boringssl-review.googlesource.com/2140 Reviewed-by: Adam Langley <agl@google.com>
2014-11-04DTLS1_AD_MISSING_HANDSHAKE_MESSAGE does not exist.David Benjamin
This code isn't compiled in. It seems there was some half-baked logic for a 7-byte alert that includes more information about handshake messages retransmit. No such alert exists, and the code had a FIXME anyway. If it gets resurrected in DTLS 1.3 or some extension, we can deal with it then. Change-Id: I8784ea8ee44bb8da4b0fe5d5d507997526557432 Reviewed-on: https://boringssl-review.googlesource.com/2121 Reviewed-by: Adam Langley <agl@google.com>
2014-08-18Remove SSL_OP_CISCO_ANYCONNECT.David Benjamin
I see no internal users and the existence of a THIRD version encoding complicates all version-checking logic. Also convert another version check to SSL_IS_DTLS that was missed earlier. Change-Id: I60d215f57d44880f6e6877889307dc39dbf838f7 Reviewed-on: https://boringssl-review.googlesource.com/1550 Reviewed-by: Adam Langley <agl@google.com>
2014-08-04Remove OPENSSL_NO_TLS{,1}Alex Chernyakhovsky
A modern TLS library without full support for TLS does not make sense. Change-Id: I032537d1412f6e4effc9a2dd47123baf0084b4c6 Reviewed-on: https://boringssl-review.googlesource.com/1382 Reviewed-by: Adam Langley <agl@google.com>
2014-07-30Fix some DTLS alerts.David Benjamin
Caught by clang scan-build. Change-Id: Ib17368557d3e8b2edac91e0441e64c21a5eb1318 Reviewed-on: https://boringssl-review.googlesource.com/1341 Reviewed-by: Adam Langley <agl@google.com>
2014-06-27Remove heartbeat extension.David Benjamin
Change-Id: I0273a31e49c5367b89b9899553e3ebe13ec50687 Reviewed-on: https://boringssl-review.googlesource.com/1050 Reviewed-by: Adam Langley <agl@google.com>
2014-06-25Remove more remnants of compression.David Benjamin
Change-Id: I721914594fc92a66d95c7ec2088f13b68e964103
2014-06-21Added SSLErr call for internal error in dtls1_buffer_recordAdam Langley
(Imported from upstream's de8a5b523f38377c8e0d9098ebff880749156db6)
2014-06-21Delays the queue insertion until after the ssl3_setup_buffers() call due to ↵Adam Langley
use-after-free bug. PR#3362 (Imported from upstream's 8de85b00484e7e4ca6f0b6e174fb1dc97db91281)
2014-06-21CBC record splitting.Adam Langley
This patch removes support for empty records (which is almost universally disabled via SSL_OP_ALL) and adds optional support for 1/n-1 record splitting. The latter is not enabled by default, since it's not typically used on servers, but it should be enabled in web browsers since there are known attacks in that case (see BEAST).
2014-06-21Inital import.Adam Langley
Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
    generated by cgit v1.2.3 (git 2.25.1) at 2024-09-03 11:03:57 +0300