| #
61c32649 |
| 27-Jan-2017 |
Matt Caswell |
Remove unneccessary comments
Now we're using an enum the values themselves are self explanatory
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openss
Remove unneccessary comments
Now we're using an enum the values themselves are self explanatory
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
| #
1a9f457c |
| 25-Jan-2017 |
Matt Caswell |
If we have no suitable PSK kex modes then don't attempt to resume
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
|
| #
ddf6ec00 |
| 20-Jan-2017 |
Matt Caswell |
Make the "ticket" function return codes clearer
Remove "magic" return values and use an enum instead.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/
Make the "ticket" function return codes clearer
Remove "magic" return values and use an enum instead.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
| #
1f5b44e9 |
| 20-Jan-2017 |
Matt Caswell |
Miscellaneous style tweaks based on feedback received
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
|
| #
534a43ff |
| 19-Jan-2017 |
Matt Caswell |
Always ensure that session->cipher is set
If we have deserialized the SSL_SESSION then in some circumstances the
session->cipher value is NULL. We were patching up in some places but not
Always ensure that session->cipher is set
If we have deserialized the SSL_SESSION then in some circumstances the
session->cipher value is NULL. We were patching up in some places but not
in others. We should just do it as part of loading the SSL_SESSION.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
| #
128ae276 |
| 19-Jan-2017 |
Matt Caswell |
Move session version consistency check
Make sure the session version consistency check is inside
ssl_get_prev_session(). Also fixes a bug where an inconsistent version can
cause a se
Move session version consistency check
Make sure the session version consistency check is inside
ssl_get_prev_session(). Also fixes a bug where an inconsistent version can
cause a seg fault in TLSv1.3.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
| #
1053a6e2 |
| 18-Jan-2017 |
Matt Caswell |
Implement Server side of PSK extension parsing
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
|
| #
e7a28df7 |
| 13-Jan-2017 |
Matt Caswell |
Add a TODO around handling of SSL_get_session() and SSL_get1_session()
These functions are problematic in TLSv1.3 because the server sends the
NewSessionTicket message after the handshak
Add a TODO around handling of SSL_get_session() and SSL_get1_session()
These functions are problematic in TLSv1.3 because the server sends the
NewSessionTicket message after the handshake has finished.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
| #
38088ce9 |
| 22-Dec-2016 |
Bernd Edlinger |
Fix a ssl session leak due to OOM in lh_SSL_SESSION_insert
- s == NULL can mean c is a new session *or* lh_insert was
unable to create a hash entry.
- use lh_SSL_SESSION_retrieve t
Fix a ssl session leak due to OOM in lh_SSL_SESSION_insert
- s == NULL can mean c is a new session *or* lh_insert was
unable to create a hash entry.
- use lh_SSL_SESSION_retrieve to check for this error condition.
- If it happens simply remove the extra reference again.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2138)
show more ...
|
| #
1ed327f7 |
| 09-Jan-2017 |
Rich Salz |
Review comments
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
|
| #
aff8c126 |
| 08-Dec-2016 |
Rich Salz |
Move extension data into sub-structs
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
|
| #
2f545ae4 |
| 27-Aug-2016 |
Kurt Roeckx |
Add support for reference counting using C11 atomics
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1500
|
| #
c87386a2 |
| 03-Nov-2016 |
Matt Caswell |
Add a TLS version consistency check during session resumption
This is a temporary fix for while we are still using the old session
resumption logic in the TLSv1.3 code. Due to difference
Add a TLS version consistency check during session resumption
This is a temporary fix for while we are still using the old session
resumption logic in the TLSv1.3 code. Due to differences in EXTMS support
we can't resume a <=TLSv1.2 session in a TLSv1.3 connection (the EXTMS
consistency check causes the connection to abort). This causes test
failures.
Ultimately we will rewrite the session resumption logic for TLSv1.3 so this
problem will go away. But until then we need a quick fix to keep the tests
happy.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
de4d764e |
| 09-Nov-2016 |
Matt Caswell |
Rename the Elliptic Curves extension to supported_groups
This is a skin deep change, which simply renames most places where we talk
about curves in a TLS context to groups. This is becau
Rename the Elliptic Curves extension to supported_groups
This is a skin deep change, which simply renames most places where we talk
about curves in a TLS context to groups. This is because TLS1.3 has renamed
the extension, and it can now include DH groups too. We still only support
curves, but this rename should pave the way for a future extension for DH
groups.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
de7d61d5 |
| 31-Oct-2016 |
Matt Caswell |
Improve some comment documentation following the extensions refactor
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
1ab3836b |
| 22-Oct-2016 |
Matt Caswell |
Refactor ClientHello processing so that extensions get parsed earlier
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
348240c6 |
| 19-Oct-2016 |
Matt Caswell |
Fix misc size_t issues causing Windows warnings in 64 bit
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
582a17d6 |
| 21-Oct-2016 |
Matt Caswell |
Add the SSL_METHOD for TLSv1.3 and all other base changes required
Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.
T
Add the SSL_METHOD for TLSv1.3 and all other base changes required
Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.
This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol
and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not
a "real" TLS1.3 ciphersuite).
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_1_0 |
|
| #
a230b26e |
| 05-Aug-2016 |
Emilia Kasper |
Indent ssl/
Run util/openssl-format-source on ssl/
Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.
Reviewed-by: Rich Salz <
Indent ssl/
Run util/openssl-format-source on ssl/
Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
fddfc0af |
| 06-Aug-2016 |
Remi Gacogne |
Add missing session id and tlsext_status accessors
* SSL_SESSION_set1_id()
* SSL_SESSION_get0_id_context()
* SSL_CTX_get_tlsext_status_cb()
* SSL_CTX_get_tlsext_status_arg()
Add missing session id and tlsext_status accessors
* SSL_SESSION_set1_id()
* SSL_SESSION_get0_id_context()
* SSL_CTX_get_tlsext_status_cb()
* SSL_CTX_get_tlsext_status_arg()
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
| #
48593cb1 |
| 13-Aug-2016 |
Matt Caswell |
Convert SSL_SESSION* functions to use const getters
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
|
| #
e9281323 |
| 12-Aug-2016 |
Rich Salz |
GH1446: Add SSL_SESSION_get0_cipher
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1451)
|
|
Revision tags: OpenSSL_1_1_0-pre6 |
|
| #
e8aa8b6c |
| 28-Jun-2016 |
FdaSilvaYY |
Fix a few if(, for(, while( inside code.
Fix some indentation at the same time
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merge
Fix a few if(, for(, while( inside code.
Fix some indentation at the same time
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1292)
show more ...
|
|
Revision tags: OpenSSL-fips-2_0_13 |
|
| #
e4612d02 |
| 13-Jun-2016 |
Matt Caswell |
Remove sessions from external cache, even if internal cache not used.
If the SSL_SESS_CACHE_NO_INTERNAL_STORE cache mode is used then we weren't
removing sessions from the external cache
Remove sessions from external cache, even if internal cache not used.
If the SSL_SESS_CACHE_NO_INTERNAL_STORE cache mode is used then we weren't
removing sessions from the external cache, e.g. if an alert occurs the
session is supposed to be automatically removed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
947f3156 |
| 05-Jun-2016 |
Kurt Roeckx |
Initialize the session_id
ssl_session_hash() always looks at the first 4 bytes, regardless of the length.
A client can send a session id that's shorter, and the callback could also
g
Initialize the session_id
ssl_session_hash() always looks at the first 4 bytes, regardless of the length.
A client can send a session id that's shorter, and the callback could also
generate one that's shorter. So we make sure that the rest of the buffer is
initliazed to 0 so that we always calculate the same hash.
Found by tis-interpreter, also previously reported as RT #2871
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #2911
show more ...
|
