- 15 2月, 2017 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2623)
-
由 Dr. Stephen Henson 提交于
Add inline function ssl_has_cert which checks to see if a certificate and private key for a given index are not NULL. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2623)
-
- 14 2月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
For converting the 2 byte group id into an unsigned int. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2341)
-
- 11 2月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
The original intent of SSL_PKEY_RSA_SIGN and SSL_PKEY_RSA_ENC was to support two different keys for RSA signing and decrypt. However this was never implemented and we only ever set one key and the other was always NULL. Replace with single SSL_PKEY_RSA type. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2587)
-
- 08 2月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add SSL_kANY and SSL_aANY contants for TLS 1.3 ciphersuites. Return appropriate text strings when they are used. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2550)
-
- 02 2月, 2017 2 次提交
-
-
由 Dr. Stephen Henson 提交于
New function tls_choose_sigalg(). This is a signature algorithm version of ssl3_choose_cipher(): it picks and sets the appropriate signature algorithm and certificate based on shared signature algorithms. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2339)
-
由 Cory Benfield 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2287)
-
- 01 2月, 2017 1 次提交
-
-
由 Todd Short 提交于
session_ctx and initial_ctx are aliases of each other, and with the opaque data structures, there's no need to keep both around. Since there were more references of session_ctx, replace all instances of initial_ctx with session_ctx. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2334)
-
- 31 1月, 2017 4 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
-
由 Dr. Stephen Henson 提交于
Remove unnecessary lookup operations: use the indices and data in the lookup table directly. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2324)
-
- 30 1月, 2017 15 次提交
-
-
由 Dr. Stephen Henson 提交于
Since every supported signature algorithm is now an entry in the SIGALG_LOOKUP table we can replace shared signature algortihms with pointers to constant table entries. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
由 Dr. Stephen Henson 提交于
Store peer signature type in s->s3->tmp.peer_sigtype and check it to see if the peer used PSS. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
The newly added SSL3_CK_CIPHERSUITE_FLAG shouldn't be in a public header file Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
Changing the value of SSL_MAX_MASTER_KEY_LENGTH had some unexpected side effects in the <=TLS1.2 code which apparently relies on this being 48 for interoperability. Therefore create a new define for the TLSv1.3 resumption master secret which can be up to 64 bytes. Found through the boring test suite. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
Remove "magic" return values and use an enum instead. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
If we have deserialized the SSL_SESSION then in some circumstances the session->cipher value is NULL. We were patching up in some places but not in others. We should just do it as part of loading the SSL_SESSION. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
psk_kex_mode stores the available modes - not the one which we selected. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
Update SSL_SESSION to store the age_add and use it where needed. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
This is required for the later addition of resumption support. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
The record layer was making decisions that should really be left to the state machine around unexpected handshake messages that are received after the initial handshake (i.e. renegotiation related messages). This commit removes that code from the record layer and updates the state machine accordingly. This simplifies the state machine and paves the way for handling other messages post-handshake such as the NewSessionTicket in TLSv1.3. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
- 27 1月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2290)
-
- 25 1月, 2017 1 次提交
-
-
由 FdaSilvaYY 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1618)
-
- 24 1月, 2017 1 次提交
-
-
由 Cory Benfield 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1646)
-
- 12 1月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
A guard was in the wrong place in the header file. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2212)
-
- 11 1月, 2017 8 次提交
-
-
由 Matt Caswell 提交于
TLSv1.3 introduces PSS based sigalgs. Offering these in a TLSv1.3 client implies that the client is prepared to accept these sigalgs even in TLSv1.2. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
-
由 Matt Caswell 提交于
A misreading of the TLS1.3 spec meant we were using the handshake hashes up to and including the Client Finished to calculate the client application traffic secret. We should be only use up until the Server Finished. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
-
由 Matt Caswell 提交于
The sigalgs work has made some old lookup tables and functions redundant so remove them. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
-
由 Matt Caswell 提交于
We had an extra layer of indirection in looking up hashes and sigs based on sigalgs which is now no longer necessary. This removes it. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
-
由 Matt Caswell 提交于
The extensions refactor made this function redundant so we can remove it. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
-
由 Matt Caswell 提交于
In TLSv1.2 an individual sig alg is represented by 1 byte for the hash and 1 byte for the signature. In TLSv1.3 each sig alg is represented by two bytes, where the two bytes together represent a single hash and signature combination. This converts the internal representation of sigalgs to use a single int for the pair, rather than a pair of bytes. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
-