- 07 8月, 2018 1 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6786)
-
- 06 8月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
In some scenarios the connection could fail without an alert being sent. This causes a later assertion failure. Thanks to Quarkslab for reporting this. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/6852)
-
- 20 7月, 2018 3 次提交
-
-
由 Benjamin Kaduk 提交于
In particular, adhere to the rule that we must not modify any property of an SSL_SESSION object once it is (or might be) in a session cache. Such modifications are thread-unsafe and have been observed to cause crashes at runtime. To effect this change, standardize on the property that SSL_SESSION->ext.hostname is set only when that SNI value has been negotiated by both parties for use with that session. For session resumption this is trivially the case, so only new handshakes are affected. On the client, the new semantics are that the SSL->ext.hostname is for storing the value configured by the caller, and this value is used when constructing the ClientHello. On the server, SSL->ext.hostname is used to hold the value received from the client. Only if the SNI negotiation is successful will the hostname be stored into the session object; the server can do this after it sends the ServerHello, and the client after it has received and processed the ServerHello. This obviates the need to remove the hostname from the session object in case of failed negotiation (a change that was introduced in commit 9fb6cb81 in order to allow TLS 1.3 early data when SNI was present in the ClientHello but not the session being resumed), which was modifying cached sessions in certain cases. (In TLS 1.3 we always produce a new SSL_SESSION object for new connections, even in the case of resumption, so no TLS 1.3 handshakes were affected.) Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6378)
-
由 Benjamin Kaduk 提交于
These tiny functions only read from the input SSL, and we are about to use them from functions that only have a const SSL* available, so propagate const a bit further. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6378)
-
由 Matt Caswell 提交于
The spec says that a client MUST set legacy_version to TLSv1.2, and requires servers to verify that it isn't SSLv3. Fixes #6600 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6747)
-
- 19 7月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
It is not valid to send early_data after an HRR has been received. Fixes #6734 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6737)
-
- 17 7月, 2018 3 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6724)
-
由 Matt Caswell 提交于
Previously we were failing to issue new tickets if a resumption attempt failed. Fixes #6654 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6722)
-
由 Matt Caswell 提交于
If we issue new tickets due to post-handshake authentication there is no reason to remove previous tickets from the cache. The code that did that only removed the last session anyway - so if more than one ticket got issued then those other tickets are still valid. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6722)
-
- 14 7月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
Check that we are either configured for PSK, or that we have a TLSv1.3 capable certificate type. DSA certs can't be used in TLSv1.3 and we don't (currently) allow GOST ones either (owing to the lack of standard sig algs). Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6650)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6650)
-
- 03 7月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
Tickets are supposed to be single use so we remove them from the cache on use. Fixes #6377 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6601)
-
由 Matt Caswell 提交于
In TLSv1.2 and below we should remove an old session from the client session cache in the event that we receive a new session ticket from the server. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6601)
-
- 02 7月, 2018 3 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6469)
-
由 Matt Caswell 提交于
Fixes #6389 Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6469)
-
由 Matt Caswell 提交于
Fixes #6574 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6593)
-
- 27 6月, 2018 3 次提交
-
-
由 Matt Caswell 提交于
During anti-replay we cache the ticket anyway, so there is no point in using a full stateless ticket. Fixes #6391 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6563)
-
由 Matt Caswell 提交于
Implement support for stateful TLSv1.3 tickets, and use them if SSL_OP_NO_TICKET is set. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6563)
-
由 Matt Caswell 提交于
Separate out as a new function the code to write out data which is specific to a stateless ticket. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6563)
-
- 25 6月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Sessions should be immutable once they are in the cache because they could be shared with other threads. If you change them then this can cause corruptions and races Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6561)
-
- 11 6月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
TLSv1.3 ignores the alert level, so we should suppress sending of warning only alerts. Fixes #6211 Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6370)
-
- 07 6月, 2018 3 次提交
-
-
由 Matt Caswell 提交于
Improves readability Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6415)
-
由 Matt Caswell 提交于
We generate the secrets based on the nonce immediately so there is no need to keep the nonce. Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6415)
-
由 Matt Caswell 提交于
All tickets on a connection need to have a unique nonce. When this was originally implemented we only ever sent one ticket on the conneciton so this didn't matter. We were just using the value 0. Now we can get multiple tickets to we need to start doing the ticket nonce properly. Fixes #6387 Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6415)
-
- 31 5月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Fix some instances where we weren't checking the error return. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6373)
-
- 22 5月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6321)
-
- 17 5月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5227)
-
由 Matt Caswell 提交于
We send a session ticket automatically in TLSv1.3 at the end of the handshake. This commit provides the ability to set how many tickets should be sent. By default this is one. Fixes #4978 Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5227)
-
- 15 5月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Also retains support for drafts 27 and 26 Fixes #6257 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6258)
-
- 12 5月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
In DTLS if we have buffered a fragment for a zero length message (e.g. ServerHelloDone) then, when we unbuffered the fragment, we were attempting to memcpy the contents of the fragment which is zero length and a NULL pointer. This is undefined behaviour. We should check first whether we have a zero length fragment. Fixes a travis issue. [extended tests] Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6223)
-
- 11 5月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
Don't call the decrypt ticket callback if we've already encountered a fatal error. Do call it if we have an empty ticket present. Change the return code to have 5 distinct returns codes and separate it from the input status value. Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6198)
-
由 Matt Caswell 提交于
The return value from the ticket_key callback was not properly handled in TLSv1.3, so that a ticket was *always* renewed even if the callback requested that it should not be. Also the ticket decrypt callback was not being called at all in TLSv1.3. Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6198)
-
- 08 5月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
During a full handshake the server is the last one to "speak". The timer should continue to run until we know that the client has received our last flight (e.g. because we receive some application data). Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6170)
-
由 Matt Caswell 提交于
Fixes #4929 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6170)
-
- 24 4月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
In 1.0.2 and below we always send the same client_version in a reneg ClientHello that we sent the first time around, regardless of what version eventually gets negotiated. According to a comment in statem_clnt.c this is a workaround for some buggy servers that choked if we changed the version used in the RSA encrypted premaster secret. In 1.1.0+ this behaviour no longer occurs. This restores the original behaviour. Fixes #1651 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6059)
-
由 Matt Caswell 提交于
This dead code should have been removed as part of #5874 but got missed. Found by Coverity. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6049)
-
- 20 4月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
In 1.1.0 and before calling SSL_in_init() from the info_callback at SSL_CB_HANDSHAKE_DONE would return 0. This commit fixes it so that it does again for 1.1.1. This broke Node. Fixes #4574 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6019)
-
- 18 4月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Fixes #5934 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5983)
-
- 17 4月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
The first session ticket sent by the server is actually tacked onto the end of the first handshake from a state machine perspective. However in reality this is a post-handshake message, and should be preceeded by a handshake start event from an info callback perspective. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5874)
-
由 Matt Caswell 提交于
Fixes #5721 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5874)
-