#
61c32649 |
| 27-Jan-2017 |
Matt Caswell |
Remove unneccessary comments Now we're using an enum the values themselves are self explanatory Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openss
Remove unneccessary comments Now we're using an enum the values themselves are self explanatory Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
#
1a9f457c |
| 25-Jan-2017 |
Matt Caswell |
If we have no suitable PSK kex modes then don't attempt to resume Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
|
#
ddf6ec00 |
| 20-Jan-2017 |
Matt Caswell |
Make the "ticket" function return codes clearer Remove "magic" return values and use an enum instead. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/
Make the "ticket" function return codes clearer Remove "magic" return values and use an enum instead. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
#
1f5b44e9 |
| 20-Jan-2017 |
Matt Caswell |
Miscellaneous style tweaks based on feedback received Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
|
#
534a43ff |
| 19-Jan-2017 |
Matt Caswell |
Always ensure that session->cipher is set If we have deserialized the SSL_SESSION then in some circumstances the session->cipher value is NULL. We were patching up in some places but not
Always ensure that session->cipher is set If we have deserialized the SSL_SESSION then in some circumstances the session->cipher value is NULL. We were patching up in some places but not in others. We should just do it as part of loading the SSL_SESSION. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
#
128ae276 |
| 19-Jan-2017 |
Matt Caswell |
Move session version consistency check Make sure the session version consistency check is inside ssl_get_prev_session(). Also fixes a bug where an inconsistent version can cause a se
Move session version consistency check Make sure the session version consistency check is inside ssl_get_prev_session(). Also fixes a bug where an inconsistent version can cause a seg fault in TLSv1.3. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
#
1053a6e2 |
| 18-Jan-2017 |
Matt Caswell |
Implement Server side of PSK extension parsing Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
|
#
e7a28df7 |
| 13-Jan-2017 |
Matt Caswell |
Add a TODO around handling of SSL_get_session() and SSL_get1_session() These functions are problematic in TLSv1.3 because the server sends the NewSessionTicket message after the handshak
Add a TODO around handling of SSL_get_session() and SSL_get1_session() These functions are problematic in TLSv1.3 because the server sends the NewSessionTicket message after the handshake has finished. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
#
38088ce9 |
| 22-Dec-2016 |
Bernd Edlinger |
Fix a ssl session leak due to OOM in lh_SSL_SESSION_insert - s == NULL can mean c is a new session *or* lh_insert was unable to create a hash entry. - use lh_SSL_SESSION_retrieve t
Fix a ssl session leak due to OOM in lh_SSL_SESSION_insert - s == NULL can mean c is a new session *or* lh_insert was unable to create a hash entry. - use lh_SSL_SESSION_retrieve to check for this error condition. - If it happens simply remove the extra reference again. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2138)
show more ...
|
#
1ed327f7 |
| 09-Jan-2017 |
Rich Salz |
Review comments Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2052)
|
#
aff8c126 |
| 08-Dec-2016 |
Rich Salz |
Move extension data into sub-structs Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2052)
|
#
2f545ae4 |
| 27-Aug-2016 |
Kurt Roeckx |
Add support for reference counting using C11 atomics Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1500
|
#
c87386a2 |
| 03-Nov-2016 |
Matt Caswell |
Add a TLS version consistency check during session resumption This is a temporary fix for while we are still using the old session resumption logic in the TLSv1.3 code. Due to difference
Add a TLS version consistency check during session resumption This is a temporary fix for while we are still using the old session resumption logic in the TLSv1.3 code. Due to differences in EXTMS support we can't resume a <=TLSv1.2 session in a TLSv1.3 connection (the EXTMS consistency check causes the connection to abort). This causes test failures. Ultimately we will rewrite the session resumption logic for TLSv1.3 so this problem will go away. But until then we need a quick fix to keep the tests happy. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
de4d764e |
| 09-Nov-2016 |
Matt Caswell |
Rename the Elliptic Curves extension to supported_groups This is a skin deep change, which simply renames most places where we talk about curves in a TLS context to groups. This is becau
Rename the Elliptic Curves extension to supported_groups This is a skin deep change, which simply renames most places where we talk about curves in a TLS context to groups. This is because TLS1.3 has renamed the extension, and it can now include DH groups too. We still only support curves, but this rename should pave the way for a future extension for DH groups. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
de7d61d5 |
| 31-Oct-2016 |
Matt Caswell |
Improve some comment documentation following the extensions refactor Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
1ab3836b |
| 22-Oct-2016 |
Matt Caswell |
Refactor ClientHello processing so that extensions get parsed earlier Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
348240c6 |
| 19-Oct-2016 |
Matt Caswell |
Fix misc size_t issues causing Windows warnings in 64 bit Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
582a17d6 |
| 21-Oct-2016 |
Matt Caswell |
Add the SSL_METHOD for TLSv1.3 and all other base changes required Includes addition of the various options to s_server/s_client. Also adds one of the new TLS1.3 ciphersuites. T
Add the SSL_METHOD for TLSv1.3 and all other base changes required Includes addition of the various options to s_server/s_client. Also adds one of the new TLS1.3 ciphersuites. This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not a "real" TLS1.3 ciphersuite). Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0 |
|
#
a230b26e |
| 05-Aug-2016 |
Emilia Kasper |
Indent ssl/ Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: Rich Salz <
Indent ssl/ Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
fddfc0af |
| 06-Aug-2016 |
Remi Gacogne |
Add missing session id and tlsext_status accessors * SSL_SESSION_set1_id() * SSL_SESSION_get0_id_context() * SSL_CTX_get_tlsext_status_cb() * SSL_CTX_get_tlsext_status_arg()
Add missing session id and tlsext_status accessors * SSL_SESSION_set1_id() * SSL_SESSION_get0_id_context() * SSL_CTX_get_tlsext_status_cb() * SSL_CTX_get_tlsext_status_arg() Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
48593cb1 |
| 13-Aug-2016 |
Matt Caswell |
Convert SSL_SESSION* functions to use const getters Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
|
#
e9281323 |
| 12-Aug-2016 |
Rich Salz |
GH1446: Add SSL_SESSION_get0_cipher Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1451)
|
Revision tags: OpenSSL_1_1_0-pre6 |
|
#
e8aa8b6c |
| 28-Jun-2016 |
FdaSilvaYY |
Fix a few if(, for(, while( inside code. Fix some indentation at the same time Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merge
Fix a few if(, for(, while( inside code. Fix some indentation at the same time Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1292)
show more ...
|
Revision tags: OpenSSL-fips-2_0_13 |
|
#
e4612d02 |
| 13-Jun-2016 |
Matt Caswell |
Remove sessions from external cache, even if internal cache not used. If the SSL_SESS_CACHE_NO_INTERNAL_STORE cache mode is used then we weren't removing sessions from the external cache
Remove sessions from external cache, even if internal cache not used. If the SSL_SESS_CACHE_NO_INTERNAL_STORE cache mode is used then we weren't removing sessions from the external cache, e.g. if an alert occurs the session is supposed to be automatically removed. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
947f3156 |
| 05-Jun-2016 |
Kurt Roeckx |
Initialize the session_id ssl_session_hash() always looks at the first 4 bytes, regardless of the length. A client can send a session id that's shorter, and the callback could also g
Initialize the session_id ssl_session_hash() always looks at the first 4 bytes, regardless of the length. A client can send a session id that's shorter, and the callback could also generate one that's shorter. So we make sure that the rest of the buffer is initliazed to 0 so that we always calculate the same hash. Found by tis-interpreter, also previously reported as RT #2871 Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #2911
show more ...
|