#
43054d3d |
| 11-Sep-2017 |
Matt Caswell |
Add support for sending TLSv1.3 cookies This just adds the various extension functions. More changes will be required to actually use them. Reviewed-by: Ben Kaduk <kaduk@mit.edu
Add support for sending TLSv1.3 cookies This just adds the various extension functions. More changes will be required to actually use them. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
show more ...
|
#
48e5119a |
| 19-Jan-2018 |
Richard Levitte |
Copyright update of more files that have changed this year Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5110)
|
#
a41a6120 |
| 10-Jan-2018 |
Patrick Schlangen |
Make data argument const in SSL_dane_tlsa_add The data argument of SSL_dane_tlsa_add is used read-only, so it should be const. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Make data argument const in SSL_dane_tlsa_add The data argument of SSL_dane_tlsa_add is used read-only, so it should be const. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5056)
show more ...
|
#
f7414b08 |
| 27-Dec-2017 |
Matt Caswell |
Disable partial writes for early data We don't keep track of the number of bytes written between in the SSL_write_ex() call and the subsequent flush. If the flush needs to be retried
Disable partial writes for early data We don't keep track of the number of bytes written between in the SSL_write_ex() call and the subsequent flush. If the flush needs to be retried then we will have forgotten how many bytes actually got written. The simplest solution is to just disable it for this scenario. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4802)
show more ...
|
#
2a8db717 |
| 27-Nov-2017 |
Matt Caswell |
Don't flush the ClientHello if we're going to send early data We'd like the first bit of early_data and the ClientHello to go in the same TCP packet if at all possible to enable things l
Don't flush the ClientHello if we're going to send early data We'd like the first bit of early_data and the ClientHello to go in the same TCP packet if at all possible to enable things like TCP Fast Open. Also, if you're only going to send one block of early data then you also don't need to worry about TCP_NODELAY. Fixes #4783 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4802)
show more ...
|
#
a93ba405 |
| 24-Nov-2017 |
Dr. Matthias St. Pierre |
Add master DRBG for reseeding A third shared DRBG is added, the so called master DRBG. Its sole purpose is to reseed the two other shared DRBGs, the public and the private DRBG. The
Add master DRBG for reseeding A third shared DRBG is added, the so called master DRBG. Its sole purpose is to reseed the two other shared DRBGs, the public and the private DRBG. The randomness for the master DRBG is either pulled from the os entropy sources, or added by the application using the RAND_add() call. The master DRBG reseeds itself automatically after a given number of generate requests, but can also be reseeded using RAND_seed() or RAND_add(). A reseeding of the master DRBG is automatically propagated to the public and private DRBG. This construction fixes the problem, that up to now the randomness provided by RAND_add() was added only to the public and not to the private DRBG. Signed-off-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4402)
show more ...
|
#
fce78bd4 |
| 15-Dec-2017 |
Bernd Edlinger |
Fix invalid function type casts. Rename bio_info_cb to BIO_info_cb. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4493)
|
#
a5816a5a |
| 07-Nov-2017 |
Matt Caswell |
Implement session id TLSv1.3 middlebox compatibility mode Clients will send a "fake" session id and servers must echo it back. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged fro
Implement session id TLSv1.3 middlebox compatibility mode Clients will send a "fake" session id and servers must echo it back. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
show more ...
|
#
cbe29648 |
| 07-Dec-2017 |
Rich Salz |
Consistent formatting for sizeof(foo) Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4872)
|
#
dd5a4279 |
| 04-Dec-2017 |
Matt Caswell |
Fix some formatting nits Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
|
#
f63a17d6 |
| 21-Nov-2017 |
Matt Caswell |
Convert the state machine code to use SSLfatal() Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4778)
|
#
cf72c757 |
| 05-Nov-2017 |
FdaSilvaYY |
Implement Maximum Fragment Length TLS extension. Based on patch from Tomasz Moń: https://groups.google.com/forum/#!topic/mailing.openssl.dev/fQxXvCg1uQY Reviewed-by: Matt Caswel
Implement Maximum Fragment Length TLS extension. Based on patch from Tomasz Moń: https://groups.google.com/forum/#!topic/mailing.openssl.dev/fQxXvCg1uQY Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/1008)
show more ...
|
#
1fcb4e4d |
| 17-Oct-2017 |
Benjamin Kaduk |
Use atomics for SSL_CTX statistics It is expected that SSL_CTX objects are shared across threads, and as such we are responsible for ensuring coherent data accesses. Aligned integer
Use atomics for SSL_CTX statistics It is expected that SSL_CTX objects are shared across threads, and as such we are responsible for ensuring coherent data accesses. Aligned integer accesses ought to be atomic already on all supported architectures, but we can be formally correct. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4549)
show more ...
|
#
7a908204 |
| 26-Oct-2017 |
Paul Yang |
Simplify the stack reservation Use the newly introduced sk_TYPE_new_reserve API to simplify the reservation of stack as creating it. Reviewed-by: Tim Hudson <tjh@openssl.org>
Simplify the stack reservation Use the newly introduced sk_TYPE_new_reserve API to simplify the reservation of stack as creating it. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4592)
show more ...
|
#
e6b10c34 |
| 24-Oct-2017 |
Bernd Edlinger |
Fix error handling in SSL_new Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4580)
|
#
26a7d938 |
| 17-Oct-2017 |
KaoruToda |
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541)
show more ...
|
#
2139145b |
| 11-Oct-2017 |
Benjamin Kaduk |
Add missing RAND_DRBG locking The drbg's lock must be held across calls to RAND_DRBG_generate() to prevent simultaneous modification of internal state. This was observed in prac
Add missing RAND_DRBG locking The drbg's lock must be held across calls to RAND_DRBG_generate() to prevent simultaneous modification of internal state. This was observed in practice with simultaneous SSL_new() calls attempting to seed the (separate) per-SSL RAND_DRBG instances from the global rand_drbg instance; this eventually led to simultaneous calls to ctr_BCC_update() attempting to increment drbg->bltmp_pos for their respective partial final block, violating the invariant that bltmp_pos < 16. The AES operations performed in ctr_BCC_blocks() makes the race window quite easy to trigger. A value of bltmp_pos greater than 16 induces catastrophic failure in ctr_BCC_final(), with subtraction overflowing and leading to an attempt to memset() to zero a very large range, which eventually reaches an unmapped page and segfaults. Provide the needed locking in get_entropy_from_parent(), as well as fixing a similar issue in RAND_priv_bytes(). There is also an unlocked call to RAND_DRBG_generate() in ssl_randbytes(), but the requisite serialization is already guaranteed by the requirements on the application's usage of SSL objects, and no further locking is needed for correct behavior. In that case, leave a comment noting the apparent discrepancy and the reason for its safety (at present). Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4328)
show more ...
|
#
c16de9d8 |
| 31-Aug-2017 |
Dr. Matthias St. Pierre |
Fix reseeding issues of the public RAND_DRBG Reseeding is handled very differently by the classic RAND_METHOD API and the new RAND_DRBG api. These differences led to some problems when
Fix reseeding issues of the public RAND_DRBG Reseeding is handled very differently by the classic RAND_METHOD API and the new RAND_DRBG api. These differences led to some problems when the new RAND_DRBG was made the default OpenSSL RNG. In particular, RAND_add() did not work as expected anymore. These issues are discussed on the thread '[openssl-dev] Plea for a new public OpenSSL RNG API' and in Pull Request #4328. This commit fixes the mentioned issues, introducing the following changes: - Replace the fixed size RAND_BYTES_BUFFER by a new RAND_POOL API which facilitates collecting entropy by the get_entropy() callback. - Don't use RAND_poll()/RAND_add() for collecting entropy from the get_entropy() callback anymore. Instead, replace RAND_poll() by RAND_POOL_acquire_entropy(). - Add a new function rand_drbg_restart() which tries to get the DRBG in an instantiated state by all means, regardless of the current state (uninstantiated, error, ...) the DRBG is in. If the caller provides entropy or additional input, it will be used for reseeding. - Restore the original documented behaviour of RAND_add() and RAND_poll() (namely to reseed the DRBG immediately) by a new implementation based on rand_drbg_restart(). - Add automatic error recovery from temporary failures of the entropy source to RAND_DRBG_generate() using the rand_drbg_restart() function. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4328)
show more ...
|
#
208fb891 |
| 09-Oct-2017 |
KaoruToda |
Since return is inconsistent, I removed unnecessary parentheses and unified them. - return (0); -> return 0; - return (1); -> return 1; - return (-1); -> return -1; Reviewed-
Since return is inconsistent, I removed unnecessary parentheses and unified them. - return (0); -> return 0; - return (1); -> return 1; - return (-1); -> return -1; Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4500)
show more ...
|
#
f32b0abe |
| 28-Sep-2017 |
Pauli |
Remove unnecessary #include <openssl/lhash.h> directives. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4431)
|
#
e431363f |
| 18-Sep-2017 |
Pauli |
Add stack space reservations. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4386)
|
#
b92d7b62 |
| 23-Sep-2017 |
Kurt Roeckx |
Use size of entries, not size of the pointer. Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #4410
|
#
9e84a42d |
| 22-Sep-2017 |
Dr. Stephen Henson |
Store groups as uint16_t Instead of storing supported groups in on-the-wire format store them as parsed uint16_t values. This simplifies handling of groups as the values can be direc
Store groups as uint16_t Instead of storing supported groups in on-the-wire format store them as parsed uint16_t values. This simplifies handling of groups as the values can be directly used instead of being converted. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4406)
show more ...
|
#
79b4444d |
| 21-Sep-2017 |
Dr. Matthias St. Pierre |
Cleanup whitespace in ssl_lib.c (tabs to spaces) Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl
Cleanup whitespace in ssl_lib.c (tabs to spaces) Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4383)
show more ...
|
#
6aaa29fb |
| 14-Sep-2017 |
Dr. Stephen Henson |
Allow use of RSA-PSS certificates in TLS 1.2 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4368)
|