- 14 3月, 2020 1 次提交
-
-
由 Benjamin Kaduk 提交于
The TLS (pre-1.3) ChangeCipherState message is usually used to indicate the switch from the unencrypted to encrypted part of the handshake. However, it can also be used in cases where there is an existing session (such as during resumption handshakes) or when changing from one cipher to a different one (such as during renegotiation when the cipher list offered by the client has changed). This test serves to exercise such situations, allowing us to detect whether session objects are being modified in cases when they must remain immutable for thread-safety purposes. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10943) (cherry picked from commit 3cd14e5e65011660ad8e3603cf871c8366b565fd)
-
- 12 2月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
The hostname_cb in sslapitest.c was originally only defined if TLSv1.3 was enabled. A recently added test now uses this unconditionally, so we move the function implementation earlier in the file, and always compile it in. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11014) (cherry picked from commit 104a733df65dfd8c3dd110de9bd56f6ebfc8f2f6)
-
- 31 1月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
Test this on both the client and the server after a normal handshake, and after a resumption handshake. We also test what happens if an inconsistent SNI is set between the original handshake and the resumption handshake. Finally all of this is also tested in TLSv1.2 and TLSv1.3. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/10018) (cherry picked from commit 49ef3d0719f132629ab76d4bcb4ab0c1e016277a)
-
- 28 9月, 2019 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9681)
-
- 04 9月, 2019 1 次提交
-
-
由 raja-ashok 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9621)
-
- 14 8月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
Actually supply a chain and then test: 1) A successful check of both the ee and chain certs 2) A failure to check the ee cert 3) A failure to check a chain cert Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9443)
-
- 27 6月, 2019 1 次提交
-
-
由 Benjamin Kaduk 提交于
Augment the cert_cb sslapitest to include a run that uses SSL_check_chain() to inspect the certificate prior to installing it on the SSL object. If the check shows the certificate as not valid in that context, we do not install a certificate at all, so the handshake will fail later on in processing (tls_choose_sigalg()), exposing the indicated regression. Currently it fails, since we have not yet set the shared sigalgs by the time the cert_cb runs. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9157) (cherry picked from commit 7cb8fb07e8b71dc1fdcb0de10af7fed4347f6ea4)
-
- 03 6月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8773) (cherry picked from commit a77b4dba237d001073d2d1c5d55c674a196c949f)
-
- 26 2月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8347)
-
- 23 2月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
Prior to this commit we were keeping a count of how many KeyUpdates we have processed and failing if we had had too many. This simplistic approach is not sufficient for long running connections. Since many KeyUpdates would not be a particular good DoS route anyway, the simplest solution is to simply remove the key update count. Fixes #8068 Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/8299) (cherry picked from commit 3409a5ff8a44ddaf043d83ed22e657ae871be289)
-
- 15 2月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
The original 1.1.1 design was to use SSL_CB_HANDSHAKE_START and SSL_CB_HANDSHAKE_DONE to signal start/end of a post-handshake message exchange in TLSv1.3. Unfortunately experience has shown that this confuses some applications who mistake it for a TLSv1.2 renegotiation. This means that KeyUpdate messages are not handled properly. This commit removes the use of SSL_CB_HANDSHAKE_START and SSL_CB_HANDSHAKE_DONE to signal the start/end of a post-handshake message exchange. Individual post-handshake messages are still signalled in the normal way. This is a potentially breaking change if there are any applications already written that expect to see these TLSv1.3 events. However, without it, KeyUpdate is not currently usable for many applications. Fixes #8069 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8096) (cherry picked from commit 4af5836b55442f31795eff6c8c81ea7a1b8cf94b)
-
- 24 1月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
During a DTLS handshake we may need to periodically handle timeouts in the DTLS timer to ensure retransmits due to lost packets are performed. However, one peer will always complete a handshake before the other. The DTLS timer stops once the handshake has finished so any handshake messages lost after that point will not automatically get retransmitted simply by calling DTLSv1_handle_timeout(). However attempting an SSL_read implies a DTLSv1_handle_timeout() and additionally will process records received from the peer. If those records are themselves retransmits then we know that the peer has not completed its handshake yet and a retransmit of our final flight automatically occurs. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8047) (cherry picked from commit 80c455d5ae405e855391e298a2bf8a24629dd95d)
-
- 05 12月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Fix some issues in tls13_hkdf_expand() which impact the above function for TLSv1.3. In particular test that we can use the maximum label length in TLSv1.3. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7755) (cherry picked from commit 0fb2815b873304d145ed00283454fc9f3bd35e6b)
-
- 12 11月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7503) (cherry picked from commit fb8c83599e869516552f7c27bdc4dd26947fe657)
-
- 30 10月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/7413) (cherry picked from commit 6e46c065b9b97212d63ef1f321b08fb7fa6b320d)
-
- 15 10月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7308) (cherry picked from commit 7f1d923aa9dc55dd23a7741e4341ec421c683941)
-
- 22 9月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/7257) (cherry picked from commit cd6fe29f5bad1a350a039673e06f83ec7a7ef619)
-
- 07 9月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
Even though we already sent close_notify the server may not have recieved it yet and could issue a CertificateRequest to us. Since we've already sent close_notify we can't send any reasonable response so we just ignore it. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7114)
-
由 Kurt Roeckx 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7114)
-
- 04 9月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Add a test to check that we create the correct number of tickets after a TLSv1.3 PSK. Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7097)
-
- 20 8月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
We already have SSL_set_post_handshake_auth(). This just adds the SSL_CTX equivalent. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6938)
-
由 Matt Caswell 提交于
Having post handshake auth automatically switched on breaks some applications written for TLSv1.2. This changes things so that an explicit function call is required for a client to indicate support for post-handshake auth. Fixes #6933. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6938)
-
- 19 7月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6737)
-
- 17 7月, 2018 3 次提交
-
-
由 Matt Caswell 提交于
Also fixes a function name typo. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/6729)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6722)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6722)
-
- 06 7月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6655)
-
- 04 7月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6634)
-
- 03 7月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Tickets are supposed to be single use so we remove them from the cache on use. Fixes #6377 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6601)
-
- 02 7月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
This also adds the ability to control this through s_server Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6469)
-
由 Matt Caswell 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6469)
-
- 27 6月, 2018 4 次提交
-
-
由 Matt Caswell 提交于
Currently if you encounter application data while waiting for a close_notify from the peer, and you have called SSL_shutdown() then you will get a -1 return (fatal error) and SSL_ERROR_SYSCALL from SSL_get_error(). This isn't accurate (it should be SSL_ERROR_SSL) and isn't persistent (you can call SSL_shutdown() again and it might then work). We change this into a proper fatal error that is persistent. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6340)
-
由 Matt Caswell 提交于
In the case where we are shutdown for writing and awaiting a close_notify back from a subsequent SSL_shutdown() call we skip over handshake data that is received. This should not be treated as an error - instead it should be signalled with SSL_ERROR_WANT_READ. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6340)
-
由 Matt Caswell 提交于
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6340)
-
由 Matt Caswell 提交于
Implement support for stateful TLSv1.3 tickets, and use them if SSL_OP_NO_TICKET is set. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6563)
-
- 23 5月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6321)
-
由 Kurt Roeckx 提交于
Because TLS 1.3 sends more non-application data records some clients run into problems because they don't expect SSL_read() to return and set SSL_ERROR_WANT_READ after processing it. This can cause problems for clients that use blocking I/O and use select() to see if data is available. It can be cleared using SSL_CTX_clear_mode(). Reviewed-by: NMatt Caswell <matt@openssl.org> GH: #6260
-
- 22 5月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6321)
-
- 21 5月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
In TLSv1.2 and below we always cache new sessions by default on the server side in the internal cache (even when we're using session tickets). This is in order to support resumption from a session id. In TLSv1.3 there is no session id. It is only possible to resume using the ticket. Therefore, in the default case, there is no point in caching the session in the internal store. There is still a reason to call the external cache new session callback because applications may be using the callbacks just to know about when sessions are created (and not necessarily implementing a full cache). If the application also implements the remove session callback then we are forced to also store it in the internal cache so that we can create timeout events. Otherwise the external cache could just fill up indefinitely. This mostly addresses the issue described in #5628. That issue also proposes having an option to not create full stateless tickets when using the internal cache. That aspect hasn't been addressed yet. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/6293)
-
- 17 5月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5227)
-