| #
8c1a5343 |
| 03-Oct-2016 |
Matt Caswell |
Convert master_secret_size code to size_t
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
7ee8627f |
| 07-Sep-2016 |
Matt Caswell |
Convert libssl writing for size_t
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
eda75751 |
| 06-Sep-2016 |
Matt Caswell |
Further libssl size_t-ify of reading
Writing still to be done
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
582a17d6 |
| 21-Oct-2016 |
Matt Caswell |
Add the SSL_METHOD for TLSv1.3 and all other base changes required
Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.
T
Add the SSL_METHOD for TLSv1.3 and all other base changes required
Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.
This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol
and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not
a "real" TLS1.3 ciphersuite).
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
4a01c59f |
| 30-Sep-2016 |
Matt Caswell |
Harmonise setting the header and closing construction
Ensure all message types work the same way including CCS so that the state
machine doesn't need to know about special cases. Put all
Harmonise setting the header and closing construction
Ensure all message types work the same way including CCS so that the state
machine doesn't need to know about special cases. Put all the special logic
into ssl_set_handshake_header() and ssl_close_construct_packet().
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
a29fa98c |
| 29-Sep-2016 |
Matt Caswell |
Rename ssl_set_handshake_header2()
ssl_set_handshake_header2() was only ever a temporary name while we had
to have ssl_set_handshake_header() for code that hadn't been converted to
W
Rename ssl_set_handshake_header2()
ssl_set_handshake_header2() was only ever a temporary name while we had
to have ssl_set_handshake_header() for code that hadn't been converted to
WPACKET yet. No code remains that needed that so we can rename it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
e2726ce6 |
| 29-Sep-2016 |
Matt Caswell |
Remove ssl_set_handshake_header()
Remove the old ssl_set_handshake_header() implementations. Later we will
rename ssl_set_handshake_header2() to ssl_set_handshake_header().
Revi
Remove ssl_set_handshake_header()
Remove the old ssl_set_handshake_header() implementations. Later we will
rename ssl_set_handshake_header2() to ssl_set_handshake_header().
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
28ff8ef3 |
| 29-Sep-2016 |
Matt Caswell |
Convert CertificateRequest construction to WPACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
150e2985 |
| 28-Sep-2016 |
Matt Caswell |
Delete some unneeded code
Some functions were being called from both code that used WPACKETs and code
that did not. Now that more code has been converted to use WPACKETs some of
that
Delete some unneeded code
Some functions were being called from both code that used WPACKETs and code
that did not. Now that more code has been converted to use WPACKETs some of
that duplication can be removed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
08029dfa |
| 20-Sep-2016 |
Matt Caswell |
Convert WPACKET_put_bytes to use convenience macros
All the other functions that take an argument for the number of bytes
use convenience macros for this purpose. We should do the same w
Convert WPACKET_put_bytes to use convenience macros
All the other functions that take an argument for the number of bytes
use convenience macros for this purpose. We should do the same with
WPACKET_put_bytes().
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
de451856 |
| 08-Sep-2016 |
Matt Caswell |
Address WPACKET review comments
A few style tweaks here and there. The main change is that curr and
packet_len are now offsets into the buffer to account for the fact that
the pointe
Address WPACKET review comments
A few style tweaks here and there. The main change is that curr and
packet_len are now offsets into the buffer to account for the fact that
the pointers can change if the buffer grows. Also dropped support for the
WPACKET_set_packet_len() function. I thought that was going to be needed
but so far it hasn't been. It doesn't really work any more due to the
offsets change.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
0217dd19 |
| 06-Sep-2016 |
Matt Caswell |
Move from explicit sub-packets to implicit ones
No need to declare an explicit sub-packet. Just start one.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
ae2f7b37 |
| 05-Sep-2016 |
Matt Caswell |
Rename PACKETW to WPACKET
To avoid confusion with the read PACKET structure.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
2c7b4dbc |
| 03-Aug-2016 |
Matt Caswell |
Convert tls_construct_client_hello() to use PACKETW
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
ef28891b |
| 18-Aug-2016 |
Rich Salz |
Put DES into "not default" category.
Add CVE to CHANGES
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
| #
d33726b9 |
| 30-Jul-2016 |
Rich Salz |
To avoid SWEET32 attack, move 3DES to weak
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| #
a230b26e |
| 05-Aug-2016 |
Emilia Kasper |
Indent ssl/
Run util/openssl-format-source on ssl/
Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.
Reviewed-by: Rich Salz <
Indent ssl/
Run util/openssl-format-source on ssl/
Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
fddfc0af |
| 06-Aug-2016 |
Remi Gacogne |
Add missing session id and tlsext_status accessors
* SSL_SESSION_set1_id()
* SSL_SESSION_get0_id_context()
* SSL_CTX_get_tlsext_status_cb()
* SSL_CTX_get_tlsext_status_arg()
Add missing session id and tlsext_status accessors
* SSL_SESSION_set1_id()
* SSL_SESSION_get0_id_context()
* SSL_CTX_get_tlsext_status_cb()
* SSL_CTX_get_tlsext_status_arg()
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
| #
0a699a07 |
| 15-Aug-2016 |
Dr. Stephen Henson |
Fix no-ec
Fix no-ec builds by having separate functions to create keys based on
an existing EVP_PKEY and a curve id.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
ec24630a |
| 11-Aug-2016 |
Dr. Stephen Henson |
Modify TLS support for new X25519 API.
When handling ECDH check to see if the curve is "custom" (X25519 is
currently the only curve of this type) and instead of setting a curve
NID j
Modify TLS support for new X25519 API.
When handling ECDH check to see if the curve is "custom" (X25519 is
currently the only curve of this type) and instead of setting a curve
NID just allocate a key of appropriate type.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
387cf213 |
| 08-Jul-2016 |
David Woodhouse |
Fix cipher support for DTLS1_BAD_VER
Commit 3eb2aff40 ("Add support for minimum and maximum protocol version
supported by a cipher") disabled all ciphers for DTLS1_BAD_VER.
That
Fix cipher support for DTLS1_BAD_VER
Commit 3eb2aff40 ("Add support for minimum and maximum protocol version
supported by a cipher") disabled all ciphers for DTLS1_BAD_VER.
That wasn't helpful. Give them back.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
| #
52eede5a |
| 19-Jul-2016 |
Dr. Stephen Henson |
Sanity check in ssl_get_algorithm2().
RT#4600
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
0907d710 |
| 06-Jul-2016 |
Matt Caswell |
Split out PSK preamble and RSA from process CKE code
The tls_process_client_key_exchange() function is far too long. This
splits out the PSK preamble processing, and the RSA processing i
Split out PSK preamble and RSA from process CKE code
The tls_process_client_key_exchange() function is far too long. This
splits out the PSK preamble processing, and the RSA processing into
separate functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
3c82e437 |
| 03-Jun-2016 |
FdaSilvaYY |
Add checks on sk_TYPE_push() returned result
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| #
30b96765 |
| 07-Jun-2016 |
Matt Caswell |
Add SSL_CTX_get_tlsext_status_type()
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
