- Jan 30, 2017
-
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Changing the value of SSL_MAX_MASTER_KEY_LENGTH had some unexpected side effects in the <=TLS1.2 code which apparently relies on this being 48 for interoperability. Therefore create a new define for the TLSv1.3 resumption master secret which can be up to 64 bytes. Found through the boring test suite. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Now that we support internal tests properly, we can test wpacket even in shared builds. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
When we have support for KeyUpdate we might consider doing that instead. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Remove "magic" return values and use an enum instead. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
TLSProxy normally fires off s_client, which creates a connection to the server. TLSProxy also pipes some data to send to the process and s_client automatically exits when the pipe hits eof. Unfortunately this means that it sends the data and closes before it has processed the NewSessionTicket returned from the server in TLSv1.3. This commits adds an option for s_client to stay loaded until the sesion has been processed. A side effect of this is that s_client never sends a close_notify in this mode, so we count success as seeing that data has been transferred. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
In TLSv1.3 the connection will be created before the session is established. In OpenSSL we send the NewSessionTicket message immediately after the client finished has been received. Therefore we change create_ssl_connection() to attempt a read of application data after the handshake has completed. We expect this to fail but it will force the reading of the NewSessionTicket and the session to be set up. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
If we have deserialized the SSL_SESSION then in some circumstances the session->cipher value is NULL. We were patching up in some places but not in others. We should just do it as part of loading the SSL_SESSION. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
psk_kex_mode stores the available modes - not the one which we selected. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Don't attempt to add a TLS1.3 session to a TLS1.2 ClientHello session ticket extensions. Similarly don't add a TLS1.2 session to a TLS1.3 psk extension. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Make sure the session version consistency check is inside ssl_get_prev_session(). Also fixes a bug where an inconsistent version can cause a seg fault in TLSv1.3. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
This mops up various edge cases with key_shares and makes sure we still generate the handshake secret if we haven't been provided with one but we have a PSK. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Requires a refactor of the ServerHello parsing, so that we parse first and then subsequently process. This is because the resumption information is held in the extensions block which is parsed last - but we need to know that information earlier. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Update SSL_SESSION to store the age_add and use it where needed. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
For the psk extension we need to fill in all the lengths of the message so far, even though we haven't closed the WPACKET yet. This provides a function to do that. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Previously "-sess_out" wrote out the session as soon as the handshake finished. In TLSv1.3 this won't work because the NewSessionTicket message arrives post-handshake. Instead we use the session callback mechanism to do this. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
These functions are problematic in TLSv1.3 because the server sends the NewSessionTicket message after the handshake has finished. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
This is required for the later addition of resumption support. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
We still ignore it for now, but at least its in the right place. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
The record layer was making decisions that should really be left to the state machine around unexpected handshake messages that are received after the initial handshake (i.e. renegotiation related messages). This commit removes that code from the record layer and updates the state machine accordingly. This simplifies the state machine and paves the way for handling other messages post-handshake such as the NewSessionTicket in TLSv1.3. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
Matt Caswell authored
This flag is never set by anything so remove it. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-