#
8c1a5343 |
| 03-Oct-2016 |
Matt Caswell |
Convert master_secret_size code to size_t Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
7ee8627f |
| 07-Sep-2016 |
Matt Caswell |
Convert libssl writing for size_t Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
eda75751 |
| 06-Sep-2016 |
Matt Caswell |
Further libssl size_t-ify of reading Writing still to be done Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
582a17d6 |
| 21-Oct-2016 |
Matt Caswell |
Add the SSL_METHOD for TLSv1.3 and all other base changes required Includes addition of the various options to s_server/s_client. Also adds one of the new TLS1.3 ciphersuites. T
Add the SSL_METHOD for TLSv1.3 and all other base changes required Includes addition of the various options to s_server/s_client. Also adds one of the new TLS1.3 ciphersuites. This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not a "real" TLS1.3 ciphersuite). Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
4a01c59f |
| 30-Sep-2016 |
Matt Caswell |
Harmonise setting the header and closing construction Ensure all message types work the same way including CCS so that the state machine doesn't need to know about special cases. Put all
Harmonise setting the header and closing construction Ensure all message types work the same way including CCS so that the state machine doesn't need to know about special cases. Put all the special logic into ssl_set_handshake_header() and ssl_close_construct_packet(). Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
a29fa98c |
| 29-Sep-2016 |
Matt Caswell |
Rename ssl_set_handshake_header2() ssl_set_handshake_header2() was only ever a temporary name while we had to have ssl_set_handshake_header() for code that hadn't been converted to W
Rename ssl_set_handshake_header2() ssl_set_handshake_header2() was only ever a temporary name while we had to have ssl_set_handshake_header() for code that hadn't been converted to WPACKET yet. No code remains that needed that so we can rename it. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
e2726ce6 |
| 29-Sep-2016 |
Matt Caswell |
Remove ssl_set_handshake_header() Remove the old ssl_set_handshake_header() implementations. Later we will rename ssl_set_handshake_header2() to ssl_set_handshake_header(). Revi
Remove ssl_set_handshake_header() Remove the old ssl_set_handshake_header() implementations. Later we will rename ssl_set_handshake_header2() to ssl_set_handshake_header(). Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
28ff8ef3 |
| 29-Sep-2016 |
Matt Caswell |
Convert CertificateRequest construction to WPACKET Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
150e2985 |
| 28-Sep-2016 |
Matt Caswell |
Delete some unneeded code Some functions were being called from both code that used WPACKETs and code that did not. Now that more code has been converted to use WPACKETs some of that
Delete some unneeded code Some functions were being called from both code that used WPACKETs and code that did not. Now that more code has been converted to use WPACKETs some of that duplication can be removed. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
08029dfa |
| 20-Sep-2016 |
Matt Caswell |
Convert WPACKET_put_bytes to use convenience macros All the other functions that take an argument for the number of bytes use convenience macros for this purpose. We should do the same w
Convert WPACKET_put_bytes to use convenience macros All the other functions that take an argument for the number of bytes use convenience macros for this purpose. We should do the same with WPACKET_put_bytes(). Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
de451856 |
| 08-Sep-2016 |
Matt Caswell |
Address WPACKET review comments A few style tweaks here and there. The main change is that curr and packet_len are now offsets into the buffer to account for the fact that the pointe
Address WPACKET review comments A few style tweaks here and there. The main change is that curr and packet_len are now offsets into the buffer to account for the fact that the pointers can change if the buffer grows. Also dropped support for the WPACKET_set_packet_len() function. I thought that was going to be needed but so far it hasn't been. It doesn't really work any more due to the offsets change. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
0217dd19 |
| 06-Sep-2016 |
Matt Caswell |
Move from explicit sub-packets to implicit ones No need to declare an explicit sub-packet. Just start one. Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
ae2f7b37 |
| 05-Sep-2016 |
Matt Caswell |
Rename PACKETW to WPACKET To avoid confusion with the read PACKET structure. Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
2c7b4dbc |
| 03-Aug-2016 |
Matt Caswell |
Convert tls_construct_client_hello() to use PACKETW Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
ef28891b |
| 18-Aug-2016 |
Rich Salz |
Put DES into "not default" category. Add CVE to CHANGES Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
#
d33726b9 |
| 30-Jul-2016 |
Rich Salz |
To avoid SWEET32 attack, move 3DES to weak Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
#
a230b26e |
| 05-Aug-2016 |
Emilia Kasper |
Indent ssl/ Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: Rich Salz <
Indent ssl/ Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
fddfc0af |
| 06-Aug-2016 |
Remi Gacogne |
Add missing session id and tlsext_status accessors * SSL_SESSION_set1_id() * SSL_SESSION_get0_id_context() * SSL_CTX_get_tlsext_status_cb() * SSL_CTX_get_tlsext_status_arg()
Add missing session id and tlsext_status accessors * SSL_SESSION_set1_id() * SSL_SESSION_get0_id_context() * SSL_CTX_get_tlsext_status_cb() * SSL_CTX_get_tlsext_status_arg() Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
0a699a07 |
| 15-Aug-2016 |
Dr. Stephen Henson |
Fix no-ec Fix no-ec builds by having separate functions to create keys based on an existing EVP_PKEY and a curve id. Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
ec24630a |
| 11-Aug-2016 |
Dr. Stephen Henson |
Modify TLS support for new X25519 API. When handling ECDH check to see if the curve is "custom" (X25519 is currently the only curve of this type) and instead of setting a curve NID j
Modify TLS support for new X25519 API. When handling ECDH check to see if the curve is "custom" (X25519 is currently the only curve of this type) and instead of setting a curve NID just allocate a key of appropriate type. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
387cf213 |
| 08-Jul-2016 |
David Woodhouse |
Fix cipher support for DTLS1_BAD_VER Commit 3eb2aff40 ("Add support for minimum and maximum protocol version supported by a cipher") disabled all ciphers for DTLS1_BAD_VER. That
Fix cipher support for DTLS1_BAD_VER Commit 3eb2aff40 ("Add support for minimum and maximum protocol version supported by a cipher") disabled all ciphers for DTLS1_BAD_VER. That wasn't helpful. Give them back. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
52eede5a |
| 19-Jul-2016 |
Dr. Stephen Henson |
Sanity check in ssl_get_algorithm2(). RT#4600 Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
0907d710 |
| 06-Jul-2016 |
Matt Caswell |
Split out PSK preamble and RSA from process CKE code The tls_process_client_key_exchange() function is far too long. This splits out the PSK preamble processing, and the RSA processing i
Split out PSK preamble and RSA from process CKE code The tls_process_client_key_exchange() function is far too long. This splits out the PSK preamble processing, and the RSA processing into separate functions. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
3c82e437 |
| 03-Jun-2016 |
FdaSilvaYY |
Add checks on sk_TYPE_push() returned result Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
|
#
30b96765 |
| 07-Jun-2016 |
Matt Caswell |
Add SSL_CTX_get_tlsext_status_type() Reviewed-by: Rich Salz <rsalz@openssl.org>
|