#
2c7bd692 |
| 31-Jan-2017 |
Cory Benfield |
Add support for logging out TLSv1.3 secrets Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/op
Add support for logging out TLSv1.3 secrets Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2287)
show more ...
|
Revision tags: OpenSSL_1_0_2k, OpenSSL_1_1_0d |
|
#
ec15acb6 |
| 13-Jan-2017 |
Matt Caswell |
Construct the client side psk extension for TLSv1.3 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
|
#
04904312 |
| 30-Dec-2016 |
Matt Caswell |
Verify that the sig algs extension has been sent for TLSv1.3 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
|
#
ace081c1 |
| 29-Dec-2016 |
Matt Caswell |
Fix client application traffic secret A misreading of the TLS1.3 spec meant we were using the handshake hashes up to and including the Client Finished to calculate the client applica
Fix client application traffic secret A misreading of the TLS1.3 spec meant we were using the handshake hashes up to and including the Client Finished to calculate the client application traffic secret. We should be only use up until the Server Finished. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
show more ...
|
#
6612d87b |
| 15-Dec-2016 |
Matt Caswell |
Use the correct size for TLSv1.3 finished keys We need to use the length of the handshake hash for the length of the finished key. Reviewed-by: Rich Salz <rsalz@openssl.org>
Use the correct size for TLSv1.3 finished keys We need to use the length of the handshake hash for the length of the finished key. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
show more ...
|
Revision tags: OpenSSL-fips-2_0_15 |
|
#
6c670174 |
| 21-Nov-2016 |
Matt Caswell |
Fix a travis compilation error Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
bebc0c7d |
| 17-Nov-2016 |
Matt Caswell |
Use the TLSv1.3 nonce construction This updates the record layer to use the TLSv1.3 style nonce construciton. It also updates TLSProxy and ossltest to be able to recognise the new la
Use the TLSv1.3 nonce construction This updates the record layer to use the TLSv1.3 style nonce construciton. It also updates TLSProxy and ossltest to be able to recognise the new layout. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
0528f253 |
| 24-Nov-2016 |
Matt Caswell |
Fix a bogus uninit var warning Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
902d036c |
| 23-Nov-2016 |
Matt Caswell |
Fix a double ;; causing a travis failure Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
6530c490 |
| 23-Nov-2016 |
Matt Caswell |
Fix some style issues with TLSv1.3 state machine PR Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
f5ca0b04 |
| 21-Nov-2016 |
Matt Caswell |
Fix some style issues identified during review Reviewed-by: Rich Salz <rsalz@openssl.org>
|
Revision tags: OpenSSL-fips-2_0_14 |
|
#
6484776f |
| 11-Nov-2016 |
Matt Caswell |
Create the Finished message payload The previous commit had a dummy payload for the Finished data. This commit fills it in with a real value. Reviewed-by: Rich Salz <rsalz@opens
Create the Finished message payload The previous commit had a dummy payload for the Finished data. This commit fills it in with a real value. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0c |
|
#
92760c21 |
| 09-Nov-2016 |
Matt Caswell |
Update state machine to be closer to TLS1.3 This is a major overhaul of the TLSv1.3 state machine. Currently it still looks like TLSv1.2. This commit changes things around so that it sta
Update state machine to be closer to TLS1.3 This is a major overhaul of the TLSv1.3 state machine. Currently it still looks like TLSv1.2. This commit changes things around so that it starts to look a bit less like TLSv1.2 and bit more like TLSv1.3. After this commit we have: ClientHello + key_share ----> ServerHello +key_share {CertificateRequest*} {Certificate*} {CertificateStatus*} <---- {Finished} {Certificate*} {CertificateVerify*} {Finished} ----> [ApplicationData] <---> [Application Data] Key differences between this intermediate position and the final TLSv1.3 position are: - No EncryptedExtensions message yet - No server side CertificateVerify message yet - CertificateStatus still exists as a separate message - A number of the messages are still in the TLSv1.2 format - Still running on the TLSv1.2 record layer Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
0d9824c1 |
| 08-Nov-2016 |
Matt Caswell |
Implement tls13_change_cipher_state() Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
6925a948 |
| 08-Nov-2016 |
Matt Caswell |
Ensure the key and iv labels are declared as static Fixes a travis failure Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
34574f19 |
| 08-Nov-2016 |
Matt Caswell |
Add support for TLS1.3 secret generation Nothing is using this yet, it just adds the underlying functions necesary for generating the TLS1.3 secrets. Reviewed-by: Rich Salz <rsa
Add support for TLS1.3 secret generation Nothing is using this yet, it just adds the underlying functions necesary for generating the TLS1.3 secrets. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|