- 04 12月, 2017 3 次提交
-
-
由 Matt Caswell 提交于
Follow up from the conversion to use SSLfatal() in the state machine to clean things up a bit more. [extended tests] Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
-
- 26 9月, 2017 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Replace tls1_ec_curve_id2nid() with tls_group_id_lookup() which returns the TLS_GROUP_INFO for the group. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/=4412)
-
- 09 9月, 2017 2 次提交
-
-
由 David Benjamin 提交于
It is otherwise unclear what all the magic numbers mean. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4349)
-
由 David Benjamin 提交于
"Early callback" is a little ambiguous now that early data exists. Perhaps "ClientHello callback"? Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4349)
-
- 01 9月, 2017 1 次提交
-
-
由 Andy Polyakov 提交于
This is actually not all warnings, only return values. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4297)
-
- 31 8月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
-
- 15 8月, 2017 1 次提交
-
-
由 Benjamin Kaduk 提交于
Commit 02f0274e moved ALPN processing into an extension finalization function, as the only documented ordering requirement from previous commits was that ALPN processing occur after SNI processing, and SNI processing is performed before the extension finalization step. However, it is useful for applications' alpn_select callbacks to run after ciphersuite selection as well -- at least one application protocol specification (HTTP/2) imposes restrictions on which ciphersuites are usable with that protocol. Since it is generally more preferrable to have a successful TLS connection with a default application protocol than to fail the TLS connection and not be able to have the preferred application protocol, it is good to give the alpn_select callback information about the ciphersuite to be used, so that appropriate restrctions can be enforced in application code. Accordingly, split the ALPN handling out into a separate tls_handl_alpn() function akin to tls_handle_status_request(), called from tls_post_process_client_hello(). This is an alternative to resuscitating ssl_check_clienthello_tlsext_late(), something of an awkwward name itself. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4070)
-
- 03 8月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Give each SSL object it's own DRBG, chained to the parent global DRBG which is used only as a source of randomness into the per-SSL DRBG. This is used for all session, ticket, and pre-master secret keys. It is NOT used for ECDH key generation which use only the global DRBG. (Doing that without changing the API is tricky, if not impossible.) Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4050)
-
- 18 7月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
early_data is not allowed after an HRR. We failed to handle that correctly. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3933)
-
- 07 7月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
-
由 Matt Caswell 提交于
This just adds the processing for sending and receiving the newly added ticket_nonce field. It doesn't actually use it yet. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
-
- 21 6月, 2017 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
由 Rich Salz 提交于
This is done with the kind permission of Nokia. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3722)
-
- 20 6月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Approved by Oracle. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3585)
-
- 16 6月, 2017 4 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3623)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3623)
-
由 Matt Caswell 提交于
This does things as per the recommendation in the TLSv1.3 spec. It also means that the server will always choose its preferred ciphersuite. Previously the server would only select ciphersuites compatible with the session. Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3623)
-
由 Matt Caswell 提交于
Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3623)
-
- 12 6月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> CLA: trivial (Merged from https://github.com/openssl/openssl/pull/3419)
-
- 07 6月, 2017 1 次提交
-
-
由 Todd Short 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3432)
-
- 19 5月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
We are quite inconsistent about which alerts get sent. Specifically, these alerts should be used (normally) in the following circumstances: SSL_AD_DECODE_ERROR = The peer sent a syntactically incorrect message SSL_AD_ILLEGAL_PARAMETER = The peer sent a message which was syntactically correct, but a parameter given is invalid for the context SSL_AD_HANDSHAKE_FAILURE = The peer's messages were syntactically and semantically correct, but the parameters provided were unacceptable to us (e.g. because we do not support the requested parameters) SSL_AD_INTERNAL_ERROR = We messed up (e.g. malloc failure) The standards themselves aren't always consistent but I think the above represents the best interpretation. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3480)
-
- 11 5月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3436)
-
- 10 5月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
It is illegal in a TLSv1.3 ClientHello to send anything other than the NULL compression method. We should send an alert if we find anything else there. Previously we were ignoring this error. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3410)
-
- 03 5月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Fixes #2442 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3367)
-
- 26 4月, 2017 3 次提交
-
-
由 Tatsuhiro Tsujikawa 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3244)
-
由 Tatsuhiro Tsujikawa 提交于
Previously, init and finalization function for extensions are called per extension block, rather than per message. This commit changes that behaviour, and now they are called per message. The parse function is still called per extension block. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3244)
-
由 Matt Caswell 提交于
The function tls_early_post_process_client_hello() was overwriting the passed "al" parameter even if it was successful. The caller of that function, tls_post_process_client_hello(), sets "al" to a sensible default (HANDSHAKE_FAILURE), but this was being overwritten to be INTERNAL_ERROR. The result is a "no shared cipher" error (and probably other similar errors) were being reported back to the client with an incorrect INTERNAL_ERROR alert. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3314)
-
- 25 4月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
There was code existing which attempted to handle the case where application data is received after a reneg handshake has started in SCTP. In normal DTLS we just fail the connection if this occurs, so there doesn't seem any reason to try and work around it for SCTP. In practice it didn't work properly anyway and is probably a bad idea to start with. Fixes #3251 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3286)
-
- 07 4月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
This move prepares for the later addition of the new custom extensions API. The context codes have an additional "SSL_" added to their name to ensure we don't have name clashes with other applications. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
-
- 29 3月, 2017 1 次提交
-
-
由 FdaSilvaYY 提交于
Fix some comments too [skip ci] Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3069)
-
- 24 3月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3022)
-
- 18 3月, 2017 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2918)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2918)
-
- 16 3月, 2017 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2895)
-
由 Matt Caswell 提交于
Choose a new ciphersuite for the HRR. Don't just use the one from the session. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2895)
-