- 24 11月, 2016 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Don't use what is in supported_versions for the RSA pre-master Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 23 11月, 2016 6 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
In one case we weren't always sending an unexpected message alert if we don't get what we expect. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
There is a set of miscellaneous processing for OCSP, CT etc at the end of the ServerDone processing. In TLS1.3 we don't have a ServerDone, so this needs to move elsewhere. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
This is a major overhaul of the TLSv1.3 state machine. Currently it still looks like TLSv1.2. This commit changes things around so that it starts to look a bit less like TLSv1.2 and bit more like TLSv1.3. After this commit we have: ClientHello + key_share ----> ServerHello +key_share {CertificateRequest*} {Certificate*} {CertificateStatus*} <---- {Finished} {Certificate*} {CertificateVerify*} {Finished} ----> [ApplicationData] <---> [Application Data] Key differences between this intermediate position and the final TLSv1.3 position are: - No EncryptedExtensions message yet - No server side CertificateVerify message yet - CertificateStatus still exists as a separate message - A number of the messages are still in the TLSv1.2 format - Still running on the TLSv1.2 record layer Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
TLSv1.3 has a NewSessionTicket message, but it is *completely* different to the TLSv1.2 one and may as well have been called something else. This commit removes the old style NewSessionTicket from TLSv1.3. We will have to add the new style one back in later. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 17 11月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
We should use the macro for testing if we are using TLSv1.3 rather than checking s->version directly. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 16 11月, 2016 4 次提交
-
-
由 Matt Caswell 提交于
Numerous style issues as well as references to TLS1_3_VERSION instead of SSL_IS_TLS13(s) Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The previous commits put in place the logic to exchange key_share data. We now need to do something with that information. In <= TLSv1.2 the equivalent of the key_share extension is the ServerKeyExchange and ClientKeyExchange messages. With key_share those two messages are no longer necessary. The commit removes the SKE and CKE messages from the TLSv1.3 state machine. TLSv1.3 is completely different to TLSv1.2 in the messages that it sends and the transitions that are allowed. Therefore, rather than extend the existing <=TLS1.2 state transition functions, we create a whole new set for TLSv1.3. Intially these are still based on the TLSv1.2 ones, but over time they will be amended. The new TLSv1.3 transitions remove SKE and CKE completely. There's also some cleanup for some stuff which is not relevant to TLSv1.3 and is easy to remove, e.g. the DTLS support (we're not doing DTLSv1.3 yet) and NPN. I also disable EXTMS for TLSv1.3. Using it was causing some added complexity, so rather than fix it I removed it, since eventually it will not be needed anyway. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
At the moment the server doesn't yet do anything with this information. We still need to send the server's key_share info back to the client. That will happen in subsequent commits. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 14 11月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1669)
-
- 10 11月, 2016 9 次提交
-
-
由 Matt Caswell 提交于
This is a skin deep change, which simply renames most places where we talk about curves in a TLS context to groups. This is because TLS1.3 has renamed the extension, and it can now include DH groups too. We still only support curves, but this rename should pave the way for a future extension for DH groups. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Added some TODOs, refactored a couple of things and added a SSL_IS_TLS13() macro. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
There were a few places where we weren't checking to see if we were using the draft TLS1.3 version or not. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Renegotiation does not exist in TLS1.3, so we need to disable it at some point. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Replace a bare ";" with "continue;" for the body of a for loop. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
If supported_versions is present it takes precedence. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
We can end up with a NULL SSL_METHOD function if a method has been disabled. If that happens then we shouldn't call vent->smeth(). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 09 11月, 2016 13 次提交
-
-
由 EasySec 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1859)
-
由 Matt Caswell 提交于
The size if fixed by the protocol and won't change even if sizeof(clienthello.random) does. Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Don't use a sub-packet, just load it. Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
For consistency with the TLSv1.3 spec. Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Add a blank line, take one away - due to feedback received during review. Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Based on review feedback received. Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
We should be freeing up the raw extension data after we've finished with it. Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
In the case of an SSLv2 compat ClientHello we weren't setting up the compression methods correctly, which could lead to uninit reads or crashes. Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 08 11月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
This partially reverts commit c636c1c4. It also tweaks the documentation and comments in this area. On the client side the documented interface for SSL_CTX_set_verify()/SSL_set_verify() is that setting the flag SSL_VERIFY_PEER causes verfication of the server certificate to take place. Previously what was implemented was that if *any* flag was set then verification would take place. The above commit improved the semantics to be as per the documented interface. However, we have had a report of at least one application where an application was incorrectly using the interface and used *only* SSL_VERIFY_FAIL_IF_NO_PEER_CERT on the client side. In OpenSSL prior to the above commit this still caused verification of the server certificate to take place. After this commit the application silently failed to verify the server certificate. Ideally SSL_CTX_set_verify()/SSL_set_verify() could be modified to indicate if invalid flags were being used. However these are void functions! The simplest short term solution is to revert to the previous behaviour which at least means we "fail closed" rather than "fail open". Thanks to Cory Benfield for reporting this issue. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 07 11月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
We read it later in grow_init_buf(). If CCS is the first thing received in a flight, then it will use the init_msg from the last flight we received. If the init_buf has been grown in the meantime then it will point to some arbitrary other memory location. This is likely to result in grow_init_buf() attempting to grow to some excessively large amount which is likely to fail. In practice this should never happen because the only time we receive a CCS as the first thing in a flight is in an abbreviated handshake. None of the preceding messages from the server flight would be large enough to trigger this. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 04 11月, 2016 2 次提交
-
-
由 Matt Caswell 提交于
Travis is reporting one file at a time shadowed variable warnings where "read" has been used. This attempts to go through all of libssl and replace "read" with "readbytes" to fix all the problems in one go. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-