| #
ea09abc8 |
| 14-Jan-2019 |
Matt Caswell |
Don't get the mac type in TLSv1.3
We don't use this information so we shouldn't fetch it. As noted in the
comments in #8005.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged f
Don't get the mac type in TLSv1.3
We don't use this information so we shouldn't fetch it. As noted in the
comments in #8005.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8020)
show more ...
|
| #
0b4233f5 |
| 16-Dec-2018 |
Bernd Edlinger |
Fix a minor nit in the hkdflabel size
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/
Fix a minor nit in the hkdflabel size
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7913)
show more ...
|
| #
2c18d164 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in ssl/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7768)
|
| #
0fb2815b |
| 04-Dec-2018 |
Matt Caswell |
Fix some SSL_export_keying_material() issues
Fix some issues in tls13_hkdf_expand() which impact the above function
for TLSv1.3. In particular test that we can use the maximum label leng
Fix some SSL_export_keying_material() issues
Fix some issues in tls13_hkdf_expand() which impact the above function
for TLSv1.3. In particular test that we can use the maximum label length
in TLSv1.3.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7755)
show more ...
|
| #
ed371b8c |
| 03-Dec-2018 |
Matt Caswell |
Revert "Reduce stack usage in tls13_hkdf_expand"
This reverts commit ec0c5f5693e39c5a013f81e6dd9dfd09ec65162d.
SSL_export_keying_material() may use longer label lengths.
Fi
Revert "Reduce stack usage in tls13_hkdf_expand"
This reverts commit ec0c5f5693e39c5a013f81e6dd9dfd09ec65162d.
SSL_export_keying_material() may use longer label lengths.
Fixes #7712
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7755)
show more ...
|
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
| #
ec0c5f56 |
| 23-Sep-2018 |
Bernd Edlinger |
Reduce stack usage in tls13_hkdf_expand
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pul
Reduce stack usage in tls13_hkdf_expand
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7297)
show more ...
|
|
Revision tags: OpenSSL_1_1_1 |
|
| #
8f39d8af |
| 04-Sep-2018 |
Shane Lontis |
key zeroization fix for a branch path of tls13_final_finish_mac
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https:/
key zeroization fix for a branch path of tls13_final_finish_mac
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7110)
show more ...
|
|
Revision tags: OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i |
|
| #
7426cd34 |
| 07-Aug-2018 |
Matt Caswell |
Ensure that we write out alerts correctly after early_data
If we sent early_data and then received back an HRR, the enc_write_ctx
was stale resulting in errors if an alert needed to be s
Ensure that we write out alerts correctly after early_data
If we sent early_data and then received back an HRR, the enc_write_ctx
was stale resulting in errors if an alert needed to be sent.
Thanks to Quarkslab for reporting this.
In any case it makes little sense to encrypt alerts using the
client_early_traffic_secret, so we add special handling for alerts sent
after early_data. All such alerts are sent in plaintext.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6887)
show more ...
|
| #
43a0f273 |
| 30-Jul-2018 |
Matt Caswell |
Fix some TLSv1.3 alert issues
Ensure that the certificate required alert actually gets sent (and doesn't
get translated into handshake failure in TLSv1.3).
Ensure that proper re
Fix some TLSv1.3 alert issues
Ensure that the certificate required alert actually gets sent (and doesn't
get translated into handshake failure in TLSv1.3).
Ensure that proper reason codes are given for the new TLSv1.3 alerts.
Remove an out of date macro for TLS13_AD_END_OF_EARLY_DATA. This is a left
over from an earlier TLSv1.3 draft that is no longer used.
Fixes #6804
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6809)
show more ...
|
|
Revision tags: OpenSSL_1_1_1-pre8 |
|
| #
4ff1a526 |
| 01-Jun-2018 |
Matt Caswell |
Fix TLSv1.3 ticket nonces
All tickets on a connection need to have a unique nonce. When this was
originally implemented we only ever sent one ticket on the conneciton so
this didn't
Fix TLSv1.3 ticket nonces
All tickets on a connection need to have a unique nonce. When this was
originally implemented we only ever sent one ticket on the conneciton so
this didn't matter. We were just using the value 0. Now we can get multiple
tickets to we need to start doing the ticket nonce properly.
Fixes #6387
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6415)
show more ...
|
| #
bceae201 |
| 29-May-2018 |
Matt Caswell |
EVP_MD_size() can return an error
Fix some instances where we weren't checking the error return.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/opens
EVP_MD_size() can return an error
Fix some instances where we weren't checking the error return.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6373)
show more ...
|
|
Revision tags: OpenSSL_1_1_1-pre7 |
|
| #
de9f5b35 |
| 18-May-2018 |
Matt Caswell |
Use the client app traffic secret for PHA Finished message
The TLSv1.3 spec requires us to use the client application traffic secret
during generation of the Finished message following a
Use the client app traffic secret for PHA Finished message
The TLSv1.3 spec requires us to use the client application traffic secret
during generation of the Finished message following a post handshake
authentication.
Fixes #6263
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/6297)
show more ...
|
|
Revision tags: OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h |
|
| #
01a2a654 |
| 21-Mar-2018 |
Peter Wu |
Add support for logging early exporter secret
This will be necessary to enable Wireshark to decrypt QUIC 0-RTT data.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Rich
Add support for logging early exporter secret
This will be necessary to enable Wireshark to decrypt QUIC 0-RTT data.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5702)
show more ...
|
| #
6329ce8f |
| 20-Mar-2018 |
Peter Wu |
Add support for logging TLS 1.3 exporter secret
NSS 3.34 and boringssl have support for "EXPORTER_SECRET"
(https://bugzilla.mozilla.org/show_bug.cgi?id=1287711) which is needed
for Q
Add support for logging TLS 1.3 exporter secret
NSS 3.34 and boringssl have support for "EXPORTER_SECRET"
(https://bugzilla.mozilla.org/show_bug.cgi?id=1287711) which is needed
for QUIC 1-RTT decryption support in Wireshark.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5702)
show more ...
|
|
Revision tags: OpenSSL_1_1_1-pre3 |
|
| #
16cfc2c9 |
| 08-Mar-2018 |
Kurt Roeckx |
Don't use a ssl specific DRBG anymore
Since the public and private DRBG are per thread we don't need one
per ssl object anymore. It could also try to get entropy from a DRBG
that's r
Don't use a ssl specific DRBG anymore
Since the public and private DRBG are per thread we don't need one
per ssl object anymore. It could also try to get entropy from a DRBG
that's really from an other thread because the SSL object moved to an
other thread.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5547)
show more ...
|
| #
d4ef4fbf |
| 16-Mar-2018 |
Bernd Edlinger |
Fix a crash in SSLfatal due to invalid enc_write_ctx
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5645)
|
| #
f929439f |
| 15-Mar-2018 |
Matt Caswell |
Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key()
Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per
feedback.
Reviewed-by: Richard Levitte <lev
Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key()
Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per
feedback.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
show more ...
|
| #
e32b52a2 |
| 05-Mar-2018 |
Matt Caswell |
Add support for setting raw private HMAC keys
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
|
|
Revision tags: OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n |
|
| #
d91f4568 |
| 05-Nov-2017 |
Kurt Roeckx |
Tell the ciphers which DRBG to use for generating random bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #4672
|
| #
b38ede80 |
| 04-Feb-2018 |
Tatsuhiro Tsujikawa |
Export keying material using early exporter master secret
This commit adds SSL_export_keying_material_early() which exports
keying material using early exporter master secret.
R
Export keying material using early exporter master secret
This commit adds SSL_export_keying_material_early() which exports
keying material using early exporter master secret.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5252)
show more ...
|
| #
6738bf14 |
| 13-Feb-2018 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
1f5878b8 |
| 21-Jan-2018 |
Tatsuhiro Tsujikawa |
Make sure that exporting keying material is allowed
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/op
Make sure that exporting keying material is allowed
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4944)
show more ...
|
| #
b1a51abb |
| 18-Jan-2018 |
Tatsuhiro Tsujikawa |
Remove generation of exporter master secret on client application traffic
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https:/
Remove generation of exporter master secret on client application traffic
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4944)
show more ...
|
| #
2221ec10 |
| 16-Dec-2017 |
Tatsuhiro Tsujikawa |
Generate exporter_master_secret after server Finished
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/
Generate exporter_master_secret after server Finished
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4944)
show more ...
|
| #
d4d2f3a4 |
| 23-Nov-2017 |
Matt Caswell |
Convert more functions in ssl/statem/statem.c to use SSLfatal()
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4778)
|
