- 29 3月, 2017 1 次提交
-
-
由 FdaSilvaYY 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3066)
-
- 24 3月, 2017 3 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3022)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3022)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3022)
-
- 21 3月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Commit 6b1bb98f moved the processing of ClientHello extensions into the state machine post-processing stage. After processing s->init_num is reset to 0, so by post-processing we cannot rely on its value. Unfortunately we were using it to handle the PSK extension. This causes the handshake to fail. We were using init_num to figure out the length of ClientHello2 so we can remove it from the handshake_buffer. The handshake_buffer holds the transcript of all the messages sent so far. For PSK processing though we only want to add in a partial ClientHello2. This commit changes things so we just work out where ClientHello2 starts, working forward from the beginning of handshake_buffer. Fixes #2983 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2996)
-
- 18 3月, 2017 4 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2918)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2918)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2918)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2918)
-
- 16 3月, 2017 10 次提交
-
-
由 Matt Caswell 提交于
In OpenSSL 1.1.0 the padding extension MUST be last because it calculates the length of everything that has been written into the ClientHello to determine whether it needs to be padded or not. With TLSv1.3 that isn't possible because the specification requires that the PSK extension is last. Therefore we need to fix the padding extension to take account of any PSK extension that will be later added. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2968)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2895)
-
由 Matt Caswell 提交于
Choose a new ciphersuite for the HRR. Don't just use the one from the session. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2895)
-
由 Matt Caswell 提交于
Don't include a PSK that does not have the right hash for the selected ciphersuite following an HRR. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2895)
-
由 Matt Caswell 提交于
Draft-19 changes the HRR transcript hash so that the initial ClientHello is replaced in the transcript with a special synthetic message_hash message that just contains a hash of ClientHello1 as its message body. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2895)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2895)
-
由 Matt Caswell 提交于
As per draft-19 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2895)
-
由 Matt Caswell 提交于
The end of early data is now indicated by a new handshake message rather than an alert. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2895)
-
由 Benjamin Kaduk 提交于
tls1_get_curvelist() does not read from its third parameter, so the assignments prior to function call were dead code and can be removed. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2952)
-
由 Benjamin Kaduk 提交于
Instead of making a positive comparison against the invalid value that our server would send, make a negative check against the only value that is not an error. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2953)
-
- 15 3月, 2017 2 次提交
-
-
由 Benjamin Kaduk 提交于
Zero out the length alongside the NULLing of the pointer, to bring parity between the selected and proposed fields.. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2954)
-
由 Benjamin Kaduk 提交于
No need to break out of the loop and repeat the loop termination condition when we can just return. Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2949)
-
- 10 3月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2898)
-
由 Matt Caswell 提交于
We need to check that the PSK extension in a ClientHello is the last one. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2896)
-
- 08 3月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
In TLSv1.3 the above messages signal a key change. The spec requires that the end of these messages must align with a record boundary. We can detect this by checking for decrypted but as yet unread record data sitting in OpenSSL buffers at the point where we process the messages. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2875)
-
- 07 3月, 2017 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> GH: #2850
-
- 05 3月, 2017 3 次提交
-
-
由 Matt Caswell 提交于
If early data is sent to a server, but ALPN is not used then memcmp is called with a NULL pointer which is undefined behaviour. Fixes #2841 Reviewed-by: NKurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2845)
-
由 Matt Caswell 提交于
We do not allow the generation of TLSv1.3 cookies. But if we receive one in an HRR we will echo it back in the ClientHello. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2839)
-
由 Matt Caswell 提交于
A leak of an SSL_SESSION object can occur when decoding a psk extension on an error path when using TLSv1.3 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2843)
-
- 04 3月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2840)
-
- 03 3月, 2017 11 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2831)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
-
由 Matt Caswell 提交于
Also simplifies the state machine a bit. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
-
由 Matt Caswell 提交于
Check that we actually resumed the session, and that we selected the first identity. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
-