Skip to content
  1. Mar 01, 2018
    • Andy Polyakov's avatar
      ec/asm/x25519-x86_64.pl: remove redundant carry chain. · e72bf967
      Andy Polyakov authored
      
      
      Why is it redundant? We're looking at carry from addition of small,
      11-bit number to 256-bit one. And carry would mean only one thing,
      resulting first limb being small number and remaing ones - zeros.
      Hence adding 38 to first limb can't carry.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5476)
      e72bf967
    • Benjamin Kaduk's avatar
      Do not set a nonzero default max_early_data · c39e4048
      Benjamin Kaduk authored
      
      
      When early data support was first added, this seemed like a good
      idea, as it would allow applications to just add SSL_read_early_data()
      calls as needed and have things "Just Work".  However, for applications
      that do not use TLS 1.3 early data, there is a negative side effect.
      Having a nonzero max_early_data in a SSL_CTX (and thus, SSL objects
      derived from it) means that when generating a session ticket,
      tls_construct_stoc_early_data() will indicate to the client that
      the server supports early data.  This is true, in that the implementation
      of TLS 1.3 (i.e., OpenSSL) does support early data, but does not
      necessarily indicate that the server application supports early data,
      when the default value is nonzero.  In this case a well-intentioned
      client would send early data along with its resumption attempt, which
      would then be ignored by the server application, a waste of network
      bandwidth.
      
      Since, in order to successfully use TLS 1.3 early data, the application
      must introduce calls to SSL_read_early_data(), it is not much additional
      burden to require that the application also calls
      SSL_{CTX_,}set_max_early_data() in order to enable the feature; doing
      so closes this scenario where early data packets would be sent on
      the wire but ignored.
      
      Update SSL_read_early_data.pod accordingly, and make s_server and
      our test programs into applications that are compliant with the new
      requirements on applications that use early data.
      
      Fixes #4725
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5483)
      c39e4048
  2. Feb 28, 2018
  3. Feb 27, 2018
  4. Feb 26, 2018
  5. Feb 24, 2018
  6. Feb 23, 2018