- 29 8月, 2017 1 次提交
-
-
由 Kurt Roeckx 提交于
The one creating the DRBG should instantiate it, it's there that we know which parameters we should use to instantiate it. This splits the rand init in two parts to avoid a deadlock because when the global drbg is created it wands to call rand_add on the global rand method. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> GH: #4268
-
- 25 8月, 2017 2 次提交
-
-
由 Richard Levitte 提交于
This is a vestige from pre-1.1.0 OpenSSL Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4256)
-
由 Kazuki Yamaguchi 提交于
A condition was removed by commit 1053a6e2; presumably it was an unintended change. Restore the previous behavior so the get_session_cb won't be called with zero-length session ID. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4236)
-
- 23 8月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Remove GETPID_IS_MEANINGLESS and osslargused. Move socket-related things to new file internal/sockets.h; this is now only needed by four(!!!) files. Compiles should be a bit faster. Remove USE_SOCKETS ifdef's Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4209)
-
- 22 8月, 2017 1 次提交
-
-
由 Pauli 提交于
Cast arguments to the various ctype functions to unsigned char to match their documentation. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4203)
-
- 18 8月, 2017 1 次提交
-
-
由 Todd Short 提交于
Force non-empty padding extension. When enabled, force the padding extension to be at least 1 byte long. WebSphere application server cannot handle having an empty extension (e.g. EMS/EtM) as the last extension in a client hello. This moves the SigAlgs extension last for TLSv1.2 to avoid this issue. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3921)
-
- 15 8月, 2017 2 次提交
-
-
由 Benjamin Kaduk 提交于
The existing function SSL_get_current_cipher() queries the current session for the ciphersuite in use, but there is no way for application code to determine what ciphersuite has been negotiated and will be used in the future, prior to ChangeCipherState (or the TLS 1.3 equivalent) causing the new cipher to take effect and become visible in the session information. Expose this information to appropriate application callbacks to use during the handshake. The name SSL_get_pending_cipher() was chosen for compatibility with BoringSSL's routine of that name. Improve the note on macro implementations in SSL_get_current_cipher.pod while here. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4070)
-
由 Benjamin Kaduk 提交于
Commit 02f0274e moved ALPN processing into an extension finalization function, as the only documented ordering requirement from previous commits was that ALPN processing occur after SNI processing, and SNI processing is performed before the extension finalization step. However, it is useful for applications' alpn_select callbacks to run after ciphersuite selection as well -- at least one application protocol specification (HTTP/2) imposes restrictions on which ciphersuites are usable with that protocol. Since it is generally more preferrable to have a successful TLS connection with a default application protocol than to fail the TLS connection and not be able to have the preferred application protocol, it is good to give the alpn_select callback information about the ciphersuite to be used, so that appropriate restrctions can be enforced in application code. Accordingly, split the ALPN handling out into a separate tls_handl_alpn() function akin to tls_handle_status_request(), called from tls_post_process_client_hello(). This is an alternative to resuscitating ssl_check_clienthello_tlsext_late(), something of an awkwward name itself. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4070)
-
- 11 8月, 2017 1 次提交
-
-
由 FdaSilvaYY 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4108)
-
- 10 8月, 2017 1 次提交
-
-
由 Benjamin Kaduk 提交于
If s->hit is set, s->session corresponds to a session created on a previous connection, and is a data structure that is potentially shared across other SSL objects. As such, there are thread-safety issues with modifying the structure without taking its lock (and of course all corresponding read accesses would also need to take the lock as well), which have been observed to cause double-frees. Regardless of thread-safety, the resumed session object is intended to reflect parameters of the connection that created the session, and modifying it to reflect the parameters from the current connection is confusing. So, modifications to the session object during ClientHello processing should only be performed on new connections, i.e., those where s->hit is not set. The code mostly got this right, providing such checks when processing SNI and EC point formats, but the supported groups (formerly supported curves) extension was missing it, which is fixed by this commit. However, TLS 1.3 makes the suppported_groups extension mandatory (when using (EC)DHE, which is the normal case), checking for the group list in the key_share extension processing. But, TLS 1.3 only [0] supports session tickets for session resumption, so the session object in question is the output of d2i_SSL_SESSION(), and will not be shared across SSL objects. Thus, it is safe to modify s->session for TLS 1.3 connections. [0] A psk_find_session callback can also be used, but the restriction that each callback execution must produce a distinct SSL_SESSION structure can be documented when the psk_find_session callback documentation is completed. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4123)
-
- 09 8月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4072)
-
- 07 8月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Also use "" not <> for all include cryptlib Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4082)
-
- 03 8月, 2017 5 次提交
-
-
由 Rich Salz 提交于
Give each SSL object it's own DRBG, chained to the parent global DRBG which is used only as a source of randomness into the per-SSL DRBG. This is used for all session, ticket, and pre-master secret keys. It is NOT used for ECDH key generation which use only the global DRBG. (Doing that without changing the API is tricky, if not impossible.) Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4050)
-
由 Rich Salz 提交于
If RAND_add wraps around, XOR with existing. Add test to drbgtest that does the wrap-around. Re-order seeding and stop after first success. Add RAND_poll_ex() Use the DF and therefore lower RANDOMNESS_NEEDED. Also, for child DRBG's, mix in the address as the personalization bits. Centralize the entropy callbacks, from drbg_lib to rand_lib. (Conceptually, entropy is part of the enclosing application.) Thanks to Dr. Matthias St Pierre for the suggestion. Various code cleanups: -Make state an enum; inline RANDerr calls. -Add RAND_POLL_RETRIES (thanks Pauli for the idea) -Remove most RAND_seed calls from rest of library -Rename DRBG_CTX to RAND_DRBG, etc. -Move some code from drbg_lib to drbg_rand; drbg_lib is now only the implementation of NIST DRBG. -Remove blocklength Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4019)
-
由 Matt Caswell 提交于
Move the definition of ossl_assert() out of e_os.h which is intended for OS specific things. Instead it is moved into internal/cryptlib.h. This also changes the definition to remove the (int) cast. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4073)
-
由 Lingmo Zhu 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4014)
-
由 Lingmo Zhu 提交于
The comment "The following should not return 1, otherwise, things are very strange" is from the very first commit of OpenSSL. The really meaning of the comment is if the identical session can be found from internal cache after calling get_session_cb but not found before calling get_session_cb, it is just strange. The value 1 was originated from the old doc of SSLeay, reversed from the actual return value of SSL_CTX_add_session(). Anyway either return value of SSL_CTX_add_session() should not interrupt the session resumption process. So the checking of return value of SSL_CTX_add_session() is not necessary. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4014)
-
- 01 8月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
If a new_session_cb is set then it was only ever getting invoked if !s->hit is true. This is sensible for <=TLSv1.2 but does not work for TLSv1.3. Fixes #4045 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4068)
-
由 Todd Short 提交于
Some extensions were being displayed twice, before they were parsed, and again after they were parsed. The supported_versions extension was not being fully displayed, as it was processed differently than other extensions. Move the debug callback to where the extensions are first collected, to catch all the extensions as they come in, so they are ordered correctly. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3911)
-
- 31 7月, 2017 6 次提交
-
-
由 David Benjamin 提交于
The names of these ciphers have an "SSL_" prefix, but the RFC names use "TLS_": https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 This dates back to these ciphers being originally defined in SSLv3. As SSLv3 is on its way out anyway and this is a new set of APIs, consistently use the TLS names. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4007)
-
由 Xiaoyin Liu 提交于
TLS_ST_SR_NEXT_PROTO means "SSLv3/TLS read next proto" Fix typo in the message for TLS_ST_SW_CERT_STATUS Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4054)
-
由 Xiaoyin Liu 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4052)
-
由 Xiaoyin Liu 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4049)
-
由 Xiaoyin Liu 提交于
Remove the function prototypes for ssl_cert_get0_next_certificate, ssl_set_default_md, tls1_shared_list, dtls1_send_newsession_ticket, tls1_ctrl, and tls1_callback_ctrl, all of which are not defined. It also changed the signature of the function pqueue_next to `pitem *pqueue_next(piterator *item)` in pqueue.c, making it match the prototype in ssl_locl.h. (`piterator *` is equivalent to `pitem **`.) Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4049)
-
由 Xiaoyin Liu 提交于
This patch removes the prototype of function RECORD_LAYER_set_write_sequence from record_locl.h, since this function is not defined. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4051)
-
- 28 7月, 2017 1 次提交
-
-
由 Paul Yang 提交于
Documentation and test cases are also updated Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3783)
-
- 26 7月, 2017 1 次提交
-
-
由 Todd Short 提交于
OpenSSL already has the feature of SSL_MODE_RELEASE_BUFFERS that can be set to release the read or write buffers when data has finished reading or writing. OpenSSL will automatically re-allocate the buffers as needed. This can be quite aggressive in terms of memory allocation. This provides a manual mechanism. SSL_free_buffers() will free the data buffers if there's no pending data. SSL_alloc_buffers() will realloc them; but this function is not strictly necessary, as it's still done automatically in the state machine. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2240)
-
- 21 7月, 2017 1 次提交
-
-
由 Paul Yang 提交于
Fixes: issue #3747 make SSL_CIPHER_standard_name globally available and introduce a new function OPENSSL_cipher_name. A new option '-convert' is also added to 'openssl ciphers' app. Documentation and test cases are added. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3859)
-
- 19 7月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
We now allow a different protocol version when reusing a session so we can unconditionally reset the SSL_METHOD if it has changed. Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3954)
-
由 Matt Caswell 提交于
SSL_clear() does not reset the SSL_METHOD if a session already exists in the SSL object. However, TLSv1.3 does not have an externally visible version fixed method (only an internal one). The state machine assumes that we are always starting from a version flexible method for TLSv1.3. The simplest solution is to just fix SSL_clear() to always reset the method if it is using the internal TLSv1.3 version fixed method. Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3954)
-
- 18 7月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
TLSv1.3 draft-21 requires the ticket nonce to be at least 1 byte in length. However NSS sends a zero length nonce. This is actually ok because the next draft will allow zero length nonces anyway, so we should tolerate this. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3957)
-
由 Matt Caswell 提交于
early_data is not allowed after an HRR. We failed to handle that correctly. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3933)
-
- 17 7月, 2017 1 次提交
-
-
由 Tatsuhiro Tsujikawa 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3941)
-
- 13 7月, 2017 7 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-
由 Dr. Stephen Henson 提交于
The functiontls12_get_pkey_idx is only used to see if a certificate index is enabled: call ssl_cert_is_disabled instead. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
-