- 18 6月, 2019 3 次提交
-
-
由 Matt Caswell 提交于
The previous 2 commits moved supported groups and ciphers out of the session object to avoid race conditions. We now also move ecpointformats for consistency. There does not seem to be a race condition with access to this data since it is only ever set in a non-resumption handshake. However, there is no reason for it to be in the session. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9176)
-
由 Matt Caswell 提交于
Similarly to the previous commit we were storing the peer offered list of ciphers in the session. In practice there is no need for this information to be avilable from one resumption to the next since this list is specific to a particular handshake. Since the session object is supposed to be immutable we should not be updating it once we have decided to resume. The solution is to remove the session list out of the session object. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9176)
-
由 Matt Caswell 提交于
In TLSv1.3 the supported groups can be negotiated each time a handshake occurs, regardless of whether we are resuming or not. We should not store the supported groups information in the session because session objects can be shared between multiple threads and we can end up with race conditions. For most users this won't be seen because, by default, we use stateless tickets in TLSv1.3 which don't get shared. However if you use SSL_OP_NO_TICKET (to get stateful tickets in TLSv1.3) then this can happen. The answer is to move the supported the supported group information into the SSL object instead. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9176)
-
- 03 6月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
If we receive a KeyUpdate message (update requested) from the peer while we are in the middle of a write, we should defer sending the responding KeyUpdate message until after the current write is complete. We do this by waiting to send the KeyUpdate until the next time we write and there is no pending write data. This does imply a subtle change in behaviour. Firstly the responding KeyUpdate message won't be sent straight away as it is now. Secondly if the peer sends multiple KeyUpdates without us doing any writing then we will only send one response, as opposed to previously where we sent a response for each KeyUpdate received. Fixes #8677 Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8773) (cherry picked from commit feb9e31c40c49de6384dd0413685e9b5a15adc99)
-
- 28 5月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9034)
-
- 28 3月, 2019 1 次提交
-
-
由 Paul Monson 提交于
CLA: trivial Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8590) (cherry picked from commit 0b885f72c2b18c57173e134a03ed013cd1ac361e)
-
- 05 3月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
Sessions must be immutable once they can be shared with multiple threads. We were breaking that rule by writing the ticket index into it during the handshake. This can lead to incorrect behaviour, including failed connections in multi-threaded environments. Reported by David Benjamin. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8383) (cherry picked from commit c96ce52ce293785b54a42d119c457aef739cc2ce)
-
- 26 2月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8347)
-
- 23 2月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
Prior to this commit we were keeping a count of how many KeyUpdates we have processed and failing if we had had too many. This simplistic approach is not sufficient for long running connections. Since many KeyUpdates would not be a particular good DoS route anyway, the simplest solution is to simply remove the key update count. Fixes #8068 Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/8299) (cherry picked from commit 3409a5ff8a44ddaf043d83ed22e657ae871be289)
-
- 15 2月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
The original 1.1.1 design was to use SSL_CB_HANDSHAKE_START and SSL_CB_HANDSHAKE_DONE to signal start/end of a post-handshake message exchange in TLSv1.3. Unfortunately experience has shown that this confuses some applications who mistake it for a TLSv1.2 renegotiation. This means that KeyUpdate messages are not handled properly. This commit removes the use of SSL_CB_HANDSHAKE_START and SSL_CB_HANDSHAKE_DONE to signal the start/end of a post-handshake message exchange. Individual post-handshake messages are still signalled in the normal way. This is a potentially breaking change if there are any applications already written that expect to see these TLSv1.3 events. However, without it, KeyUpdate is not currently usable for many applications. Fixes #8069 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8096) (cherry picked from commit 4af5836b55442f31795eff6c8c81ea7a1b8cf94b)
-
- 01 2月, 2019 1 次提交
-
-
由 Michael Tuexen 提交于
When computing the end-point shared secret, don't take the terminating NULL character into account. Please note that this fix breaks interoperability with older versions of OpenSSL, which are not fixed. Fixes #7956 Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7957) (cherry picked from commit 09d62b336d9e2a11b330d45d4f0f3f37cbb0d674)
-
- 24 1月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
This commit erroneously kept the DTLS timer running after the end of the handshake. This is not correct behaviour and shold be reverted. This reverts commit f7506416. Fixes #7998 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8047) (cherry picked from commit bcc1f3e2baa9caa83a0a94bd19fb37488ef3ee57)
-
- 09 1月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
We were setting a limit of SSL3_RT_MAX_PLAIN_LENGTH on the size of the ClientHello. AFAIK there is nothing in the standards that requires this limit. The limit goes all the way back to when support for extensions was first added for TLSv1.0. It got converted into a WPACKET max size in 1.1.1. Most likely it was originally added to avoid the complexity of having to grow the init_buf in the middle of adding extensions. With WPACKET this is irrelevant since it will grow automatically. This issue came up when an attempt was made to send a very large certificate_authorities extension in the ClientHello. We should just remove the limit. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7424) (cherry picked from commit 7835e97b6ff5cd94a10c5aeac439f4aa145a77b2)
-
- 07 1月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
The cryptopro extension is supposed to be unsolicited and appears in the ServerHello only. Additionally it is unofficial and unregistered - therefore we should really treat it like any other unknown extension if we see it in the ClientHello. Fixes #7747 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7984) (cherry picked from commit 23fed8ba0ec895e1b2a089cae380697f15170afc)
-
- 06 1月, 2019 1 次提交
-
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7985) (cherry picked from commit 673e0bbbe4b9cbd19a247c0b18c171bb0421915a)
-
- 05 12月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Fix some issues in tls13_hkdf_expand() which impact the above function for TLSv1.3. In particular test that we can use the maximum label length in TLSv1.3. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7755) (cherry picked from commit 0fb2815b873304d145ed00283454fc9f3bd35e6b)
-
- 27 11月, 2018 1 次提交
-
-
由 Paul Yang 提交于
If compile OpenSSL with SSL_DEBUG macro, some test cases will cause the process crashed in the debug code. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7707) (cherry picked from commit 5a4481f0e0bbf836c7f41805e84617784cb6b1db)
-
- 14 11月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7620) (cherry picked from commit 65d2c16cbe0da8efed2f285f59930297326fb435)
-
- 12 11月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
SSL(_CTX)?_set_client_CA_list() was a server side only function in 1.1.0. If it was called on the client side then it was ignored. In 1.1.1 it now makes sense to have a CA list defined for both client and server (the client now sends it the the TLSv1.3 certificate_authorities extension). Unfortunately some applications were using the same SSL_CTX for both clients and servers and this resulted in some client ClientHellos being excessively large due to the number of certificate authorities being sent. This commit seperates out the CA list updated by SSL(_CTX)?_set_client_CA_list() and the more generic SSL(_CTX)?_set0_CA_list(). This means that SSL(_CTX)?_set_client_CA_list() still has no effect on the client side. If both CA lists are set then SSL(_CTX)?_set_client_CA_list() takes priority. Fixes #7411 Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7503) (cherry picked from commit 98732979001dbb59320803713c4c91ba40234250)
-
由 Matt Caswell 提交于
TLSv1.3 is more restrictive about the curve used. There must be a matching sig alg defined for that curve. Therefore if we are using some other curve in our certificate then we should not negotiate TLSv1.3. Fixes #7435 Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7442) (cherry picked from commit de4dc598024fd0a9c2b7a466fd5323755d369522)
-
- 08 11月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
use_ecc() was always returning 1 because there are default (TLSv1.3) ciphersuites that use ECC - even if those ciphersuites are disabled by other options. Fixes #7471 Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/7479) (cherry picked from commit 589b6227a85ea0133fe91d744b16dd72edee929a)
-
- 04 11月, 2018 1 次提交
-
-
由 Benjamin Kaduk 提交于
Commit 9ef9088c switched the SSL/SSL_CTX statistics counters to using Thread-Sanitizer-friendly primitives. However, it erroneously converted an addition of -1 (for s->session_ctx->stats.sess_accept) to an addition of +1, since that is the only counter API provided by the internal tsan_assist.h header until the previous commit. This means that for each accepted (initial) connection, the session_ctx's counter would get doubly incremented, and the (switched) ctx's counter would also get incremented. Restore the counter decrement so that each accepted connection increments exactly one counter exactly once (in net effect). Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7464) (cherry picked from commit 2aaa0b146b967397a6e61fa8df969e7847f82086)
-
- 30 10月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
In TLSv1.2 and below a CertificateRequest is sent after the Certificate from the server. This means that by the time the client_cert_cb is called on receipt of the CertificateRequest a call to SSL_get_peer_certificate() will return the server certificate as expected. In TLSv1.3 a CertificateRequest is sent before a Certificate message so calling SSL_get_peer_certificate() returns NULL. To workaround this we delay calling the client_cert_cb until after we have processed the CertificateVerify message, when we are doing TLSv1.3. Fixes #7384 Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/7413) (cherry picked from commit e45620140fce22c3251440063bc17440289d730c)
-
- 29 10月, 2018 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7194) (cherry picked from commit 60690b5b8396d7d5234cd067206190fb8aca78d2)
-
- 19 10月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Fixes #7428 Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7431) (cherry picked from commit 01666a8c1db3ecfb999e1a8f2c5436d114f95681)
-
- 17 10月, 2018 1 次提交
-
-
由 Mansour Ahmadi 提交于
Reviewed-by: NPaul Yang <yang.yang@baishancloud.com> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7405) (cherry picked from commit 61bef9bde09dc6099a7c59baa79898e3b003fec3)
-
- 22 9月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Otherwise the sig algs are reset if SSL_set_SSL_CTX() gets called. Fixes #7244 Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/7257) (cherry picked from commit 524006dd1b80c1a86a20119ad988666a80d8d8f5)
-
- 12 9月, 2018 1 次提交
-
-
由 Bernd Edlinger 提交于
Fixes: #7161 (hopefully) Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7175) (cherry picked from commit 6839a7a7f4973a3fc2f87b12664c26d524bef1f4)
-
- 08 9月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
PR #3783 introduce coded to reset the server side SNI state in SSL_do_handshake() to ensure any erroneous config time SNI changes are cleared. Unfortunately SSL_do_handshake() can be called mid-handshake multiple times so this is the wrong place to do this and can mean that any SNI data is cleared later on in the handshake too. Therefore move the code to a more appropriate place. Fixes #7014 Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/7149)
-
- 07 9月, 2018 3 次提交
-
-
由 Ben Kaduk 提交于
Commit 1c4aa31d modified the state machine to clean up stale ext.hostname values from SSL objects in the case when SNI was not negotiated for the current handshake. This is natural from the TLS perspective, since this information is an extension that the client offered but we ignored, and since we ignored it we do not need to keep it around for anything else. However, as documented in https://github.com/openssl/openssl/issues/7014 , there appear to be some deployed code that relies on retrieving such an ignored SNI value from the client, after the handshake has completed. Because the 1.1.1 release is on a stable branch and should preserve the published ABI, restore the historical behavior by retaining the ext.hostname value sent by the client, in the SSL structure, for subsequent retrieval. [extended tests] Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7115)
-
由 Matt Caswell 提交于
The is_tls13_capable() function should not return 0 if no certificates are configured directly because a certificate callback is present. Fixes #7140 Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7141)
-
由 Matt Caswell 提交于
If we've sent a close_notify then we are restricted about what we can do in response to handshake messages that we receive. However we can sensibly process NewSessionTicket messages. We can also process a KeyUpdate message as long as we also ignore any request for us to update our sending keys. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7114)
-
- 04 9月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
Treat a connection using an external PSK like we would a resumption and send a single NewSessionTicket afterwards. Fixes #6941 Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7097)
-
由 Matt Caswell 提交于
If a client sends data to a server and then immediately closes without waiting to read the NewSessionTickets then the server can receive EPIPE when trying to write the tickets and never gets the opportunity to read the data that was sent. Therefore we ignore EPIPE when writing out the tickets in TLSv1.3 Fixes #6904 Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6944)
-
- 22 8月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7013)
-
由 Matt Caswell 提交于
We need to ensure that the min-max version range we use when constructing the ClientHello is the same range we use when we validate the version selected by the ServerHello. Otherwise this may appear as a fallback or downgrade. Fixes #6964 Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7013)
-
- 20 8月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Having post handshake auth automatically switched on breaks some applications written for TLSv1.2. This changes things so that an explicit function call is required for a client to indicate support for post-handshake auth. Fixes #6933. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6938)
-
- 15 8月, 2018 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6741)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6741)
-
- 14 8月, 2018 1 次提交
-
-
由 Dmitry Yakovlev 提交于
To avoid crash (same as #5138 fixed in 44f23cd2) CLA: trivial Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6937)
-