Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
  1. 15 3月, 2018 2 次提交
  3. 01 3月, 2018 1 次提交
  5. 04 12月, 2017 2 次提交
  7. 08 11月, 2017 1 次提交
  9. 18 10月, 2017 1 次提交
  11. 09 10月, 2017 1 次提交
  13. 22 6月, 2017 1 次提交
  15. 21 6月, 2017 1 次提交
  17. 08 5月, 2017 1 次提交
  19. 10 3月, 2017 1 次提交
  21. 03 3月, 2017 1 次提交
  23. 16 2月, 2017 1 次提交
    • M
      Don't change the state of the ETM flags until CCS processing · 28a31a0a
      Matt Caswell 提交于 
      In 1.1.0 changing the ciphersuite during a renegotiation can result in
a crash leading to a DoS attack. In master this does not occur with TLS
(instead you get an internal error, which is still wrong but not a security
issue) - but the problem still exists in the DTLS code.

The problem is caused by changing the flag indicating whether to use ETM
or not immediately on negotiation of ETM, rather than at CCS. Therefore,
during a renegotiation, if the ETM state is changing (usually due to a
change of ciphersuite), then an error/crash will occur.

Due to the fact that there are separate CCS messages for read and write
we actually now need two flags to determine whether to use ETM or not.

CVE-2017-3733
Reviewed-by: NRichard Levitte <levitte@openssl.org>
      28a31a0a
  25. 08 2月, 2017 1 次提交
  27. 23 11月, 2016 1 次提交
  29. 16 11月, 2016 3 次提交
    • M
      Fix a typo in a comment · 395cc5cd
      Matt Caswell 提交于 
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      395cc5cd
    • M
      Fixed various style issues in the key_share code · 94ed2c67
      Matt Caswell 提交于 
      Numerous style issues as well as references to TLS1_3_VERSION instead of
SSL_IS_TLS13(s)
Reviewed-by: NRich Salz <rsalz@openssl.org>
      94ed2c67
    • M
      Start using the key_share data to derive the PMS · 0f1e51ea
      Matt Caswell 提交于 
      The previous commits put in place the logic to exchange key_share data. We
now need to do something with that information. In <= TLSv1.2 the equivalent
of the key_share extension is the ServerKeyExchange and ClientKeyExchange
messages. With key_share those two messages are no longer necessary.

The commit removes the SKE and CKE messages from the TLSv1.3 state machine.
TLSv1.3 is completely different to TLSv1.2 in the messages that it sends
and the transitions that are allowed. Therefore, rather than extend the
existing <=TLS1.2 state transition functions, we create a whole new set for
TLSv1.3. Intially these are still based on the TLSv1.2 ones, but over time
they will be amended.

The new TLSv1.3 transitions remove SKE and CKE completely. There's also some
cleanup for some stuff which is not relevant to TLSv1.3 and is easy to
remove, e.g. the DTLS support (we're not doing DTLSv1.3 yet) and NPN.

I also disable EXTMS for TLSv1.3. Using it was causing some added
complexity, so rather than fix it I removed it, since eventually it will not
be needed anyway.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      0f1e51ea
  31. 04 11月, 2016 6 次提交
  33. 18 8月, 2016 1 次提交
  35. 06 8月, 2016 1 次提交
  37. 22 6月, 2016 1 次提交
  39. 18 5月, 2016 1 次提交
  41. 21 3月, 2016 1 次提交
  43. 08 3月, 2016 1 次提交
    • M
      Lazily initialise the compression buffer · 0220fee4
      Matt Caswell 提交于 
      With read pipelining we use multiple SSL3_RECORD structures for reading.
There are SSL_MAX_PIPELINES (32) of them defined (typically not all of these
would be used). Each one has a 16k compression buffer allocated! This
results in a significant amount of memory being consumed which, most of the
time, is not needed.  This change swaps the allocation of the compression
buffer to be lazy so that it is only done immediately before it is actually
used.
Reviewed-by: NTim Hudson <tjh@openssl.org>
      0220fee4
  45. 03 3月, 2016 1 次提交
    • E
      Refactor ClientHello extension parsing · 06217867
      Emilia Kasper 提交于 
      1) Simplify code with better PACKET methods.

2) Make broken SNI parsing explicit. SNI was intended to be extensible
to new name types but RFC 4366 defined the syntax inextensibly, and
OpenSSL has never parsed SNI in a way that would allow adding a new name
type. RFC 6066 fixed the definition but due to broken implementations
being widespread, it appears impossible to ever extend SNI.

3) Annotate resumption behaviour. OpenSSL doesn't currently handle all
extensions correctly upon resumption. Annotate for further clean-up.

4) Send an alert on ALPN protocol mismatch.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
      06217867
  47. 24 2月, 2016 1 次提交
  49. 19 2月, 2016 2 次提交
    • R
      Fix {TLS,CIPHER}_DEBUG compiles. · d1776fde
      Rich Salz 提交于 
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      d1776fde
    • R
      Remove outdated DEBUG flags. · d63a5e5e
      Rich Salz 提交于 
      Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem used.
Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
For pkcs12 stuff put OPENSSL_ in front of the macro name.
Merge TLS_DEBUG into SSL_DEBUG.
Various things just turned on/off asserts, mainly for checking non-NULL
arguments, which is now removed: camellia, bn_ctx, crypto/modes.
Remove some old debug code, that basically just printed things to stderr:
  DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
  RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
      d63a5e5e
  51. 17 2月, 2016 1 次提交
    • R
      Implement the use of heap manipulator implementions · 05c7b163
      Richard Levitte 提交于 
      - Make use of the functions given through CRYPTO_set_mem_functions().
- CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_secure_free() now receive
  __FILE__ and __LINE__.
- The API for CRYPTO_set_mem_functions() and CRYPTO_get_mem_functions()
  is slightly changed, the implementation for free() now takes a couple
  of extra arguments, taking __FILE__ and __LINE__.
- The CRYPTO_ memory functions will *always* receive __FILE__ and __LINE__
  from the corresponding OPENSSL_ macros, regardless of if crypto-mdebug
  has been enabled or not.  The reason is that if someone swaps out the
  malloc(), realloc() and free() implementations, we can't know if they
  will use them or not.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      05c7b163
  53. 27 1月, 2016 1 次提交
    • R
      Remove /* foo.c */ comments · 34980760
      Rich Salz 提交于 
      This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
      34980760
  55. 19 1月, 2016 1 次提交
  57. 12 1月, 2016 1 次提交
  59. 08 12月, 2015 1 次提交