1. 28 9月, 2019 1 次提交
  2. 26 2月, 2019 1 次提交
  3. 03 1月, 2019 1 次提交
  4. 08 8月, 2018 1 次提交
  5. 31 3月, 2018 1 次提交
  6. 20 3月, 2018 1 次提交
  7. 19 3月, 2018 2 次提交
  8. 15 3月, 2018 2 次提交
  9. 01 3月, 2018 1 次提交
  10. 04 12月, 2017 2 次提交
  11. 08 11月, 2017 1 次提交
  12. 18 10月, 2017 1 次提交
  13. 09 10月, 2017 1 次提交
  14. 22 6月, 2017 1 次提交
  15. 21 6月, 2017 1 次提交
  16. 08 5月, 2017 1 次提交
  17. 10 3月, 2017 1 次提交
  18. 03 3月, 2017 1 次提交
  19. 16 2月, 2017 1 次提交
    • M
      Don't change the state of the ETM flags until CCS processing · 28a31a0a
      Matt Caswell 提交于
      In 1.1.0 changing the ciphersuite during a renegotiation can result in
      a crash leading to a DoS attack. In master this does not occur with TLS
      (instead you get an internal error, which is still wrong but not a security
      issue) - but the problem still exists in the DTLS code.
      
      The problem is caused by changing the flag indicating whether to use ETM
      or not immediately on negotiation of ETM, rather than at CCS. Therefore,
      during a renegotiation, if the ETM state is changing (usually due to a
      change of ciphersuite), then an error/crash will occur.
      
      Due to the fact that there are separate CCS messages for read and write
      we actually now need two flags to determine whether to use ETM or not.
      
      CVE-2017-3733
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      28a31a0a
  20. 08 2月, 2017 1 次提交
  21. 23 11月, 2016 1 次提交
  22. 16 11月, 2016 3 次提交
    • M
      Fix a typo in a comment · 395cc5cd
      Matt Caswell 提交于
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      395cc5cd
    • M
      Fixed various style issues in the key_share code · 94ed2c67
      Matt Caswell 提交于
      Numerous style issues as well as references to TLS1_3_VERSION instead of
      SSL_IS_TLS13(s)
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      94ed2c67
    • M
      Start using the key_share data to derive the PMS · 0f1e51ea
      Matt Caswell 提交于
      The previous commits put in place the logic to exchange key_share data. We
      now need to do something with that information. In <= TLSv1.2 the equivalent
      of the key_share extension is the ServerKeyExchange and ClientKeyExchange
      messages. With key_share those two messages are no longer necessary.
      
      The commit removes the SKE and CKE messages from the TLSv1.3 state machine.
      TLSv1.3 is completely different to TLSv1.2 in the messages that it sends
      and the transitions that are allowed. Therefore, rather than extend the
      existing <=TLS1.2 state transition functions, we create a whole new set for
      TLSv1.3. Intially these are still based on the TLSv1.2 ones, but over time
      they will be amended.
      
      The new TLSv1.3 transitions remove SKE and CKE completely. There's also some
      cleanup for some stuff which is not relevant to TLSv1.3 and is easy to
      remove, e.g. the DTLS support (we're not doing DTLSv1.3 yet) and NPN.
      
      I also disable EXTMS for TLSv1.3. Using it was causing some added
      complexity, so rather than fix it I removed it, since eventually it will not
      be needed anyway.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      0f1e51ea
  23. 04 11月, 2016 6 次提交
  24. 18 8月, 2016 1 次提交
  25. 06 8月, 2016 1 次提交
  26. 22 6月, 2016 1 次提交
  27. 18 5月, 2016 1 次提交
  28. 21 3月, 2016 1 次提交
  29. 08 3月, 2016 1 次提交
    • M
      Lazily initialise the compression buffer · 0220fee4
      Matt Caswell 提交于
      With read pipelining we use multiple SSL3_RECORD structures for reading.
      There are SSL_MAX_PIPELINES (32) of them defined (typically not all of these
      would be used). Each one has a 16k compression buffer allocated! This
      results in a significant amount of memory being consumed which, most of the
      time, is not needed.  This change swaps the allocation of the compression
      buffer to be lazy so that it is only done immediately before it is actually
      used.
      Reviewed-by: NTim Hudson <tjh@openssl.org>
      0220fee4
  30. 03 3月, 2016 1 次提交
    • E
      Refactor ClientHello extension parsing · 06217867
      Emilia Kasper 提交于
      1) Simplify code with better PACKET methods.
      
      2) Make broken SNI parsing explicit. SNI was intended to be extensible
      to new name types but RFC 4366 defined the syntax inextensibly, and
      OpenSSL has never parsed SNI in a way that would allow adding a new name
      type. RFC 6066 fixed the definition but due to broken implementations
      being widespread, it appears impossible to ever extend SNI.
      
      3) Annotate resumption behaviour. OpenSSL doesn't currently handle all
      extensions correctly upon resumption. Annotate for further clean-up.
      
      4) Send an alert on ALPN protocol mismatch.
      Reviewed-by: NKurt Roeckx <kurt@openssl.org>
      06217867