- 07 7月, 2017 5 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
-
由 Matt Caswell 提交于
In most scenarios the length of the input data is the hashsize, or 0 if the data is NULL. However with the new ticket_nonce changes the length can be different. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
-
由 Matt Caswell 提交于
This just adds the processing for sending and receiving the newly added ticket_nonce field. It doesn't actually use it yet. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
-
- 06 7月, 2017 1 次提交
-
-
由 Benjamin Kaduk 提交于
If the result of a SSL_{CTX_,}set_{min,max}_proto_version() call leaves the min and max version identical, and support for that version is compiled out of the library, return an error. Such an object has no hope of successfully completing a handshake, and this error may be easier to decipher than the resulting handshake failure. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3422)
-
- 03 7月, 2017 3 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3667)
-
由 Bernd Edlinger 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3667)
-
由 Matt Caswell 提交于
We need to use the hashsize in generating the exportsecret not 0! Otherwise we end up with random garbage for the secret. It was pure chance that this passed the tests previously. It so happens that, because we call SSL_export_keying_material() repeatedly for different scenarios in the test, we end up in the tls13_export_keying_material() at exactly the same position in the stack each time and therefore end up using the same random garbage secret each time! Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3810)
-
- 30 6月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
There are no public TLSv1_3_*method() functions so OPENSSL_NO_TLS1_3_METHOD doesn't make any sense and should be removed. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3800)
-
- 29 6月, 2017 3 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3782)
-
由 Matt Caswell 提交于
Fixes #3680 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3782)
-
由 Todd Short 提交于
Properly copy ext.alpn_session in ssl_session_dup() Use OPENSSL_strndup() as that's used in ssl_asn1.c Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3770)
-
- 25 6月, 2017 1 次提交
-
-
由 Benjamin Kaduk 提交于
In draft-ietf-tls-tls13-20 Appendix B we find that: This section describes protocol types and constants. Values listed as _RESERVED were used in previous versions of TLS and are listed here for completeness. TLS 1.3 implementations MUST NOT send them but might receive them from older TLS implementations. Similarly, in section 4.2.3 we see: Legacy algorithms Indicates algorithms which are being deprecated because they use algorithms with known weaknesses, specifically SHA-1 which is used in this context with either with RSA using RSASSA-PKCS1-v1_5 or ECDSA. These values refer solely to signatures which appear in certificates (see Section 4.4.2.2) and are not defined for use in signed TLS handshake messages. Endpoints SHOULD NOT negotiate these algorithms but are permitted to do so solely for backward compatibility. Clients offering these values MUST list them as the lowest priority (listed after all other algorithms in SignatureSchemeList). TLS 1.3 servers MUST NOT offer a SHA-1 signed certificate unless no valid certificate chain can be produced without it (see Section 4.4.2.2). However, we are currently sending the SHA2-based DSA signature schemes and many SHA1-based schemes, which is in contradiction with the specification. Because TLS 1.3 support will appear in OpenSSL 1.1, we are bound by stability requirements to continue to offer the DSA signature schemes and the deprecated hash algorithms. at least until OpenSSL 1.2. However, for pure TLS 1.3 clients that do not offer lower TLS versions, we can be compliant. Do so, and leave a note to revisit the issue when we are permitted to break with sacred historical tradition. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3326)
-
- 24 6月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
Following on from the previous commit this fixes another instance where we need to treat a -ve return from EVP_DigestVerify() as a bad signature. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3756)
-
由 Matt Caswell 提交于
Prior to 72ceb6a6 we treated all failures from the call to EVP_DigestVerifyFinal() as if it were a bad signature, and failures in EVP_DigestUpdate() as an internal error. After that commit we replaced this with the one-shot function EVP_DigestVerify() and treated a 0 return as a bad signature and a negative return as an internal error. However, some signature errors can be negative (e.g. according to the docs if the form of the signature is wrong). Therefore we should treat all <=0 returns as a bad signature. This fixes a boringssl test failure. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3756)
-
- 22 6月, 2017 3 次提交
-
-
由 Alexey Komnin 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3751)
-
由 David Benjamin 提交于
Per RFC 7905, the cipher suite names end in "_SHA256". The original implementation targeted the -03 draft, but there was a -04 draft right before the RFC was published to make the names consistent. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3748)
-
由 Paul Yang 提交于
initialize some local variables Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3741)
-
- 21 6月, 2017 21 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3735)
-
由 Matt Caswell 提交于
The value of BIO_CTRL_DGRAM_SET_PEEK_MODE was clashing with the value for BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. In an SCTP enabled build BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE was used unconditionally with the reasoning that it would be ignored if SCTP wasn't in use. Unfortunately due to this clash, this wasn't the case. The BIO ended up going into peek mode and was continually reading the same data over and over - throwing it away as a replay. Fixes #3723 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3724)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Matt Caswell 提交于
Found while developing the PSK tests Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-