- Nov 29, 2016
-
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
This updates the record layer to use the TLSv1.3 style nonce construciton. It also updates TLSProxy and ossltest to be able to recognise the new layout. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Commit b3618f44 added a test for mac-then-encrypt. However the test fails when running with "enable-tls1_3". The problem is that the test creates a connection, which ends up being TLSv1.3. However it also restricts the ciphers to a single mac-then-encrypt ciphersuite that is not TLSv1.3 compatible so the connection aborts and the test fails. Mac-then-encrypt is not relevant to TLSv1.3, so the test should disable that protocol version. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Calling SSL_set_accept_state() after DTLSv1_listen() clears the state, so SSL_accept() no longer works. In 1.0.2 calling DTLSv1_listen() would set the accept state automatically. We should still do that. Fixes #1989 Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Nov 28, 2016
-
-
Rich Salz authored
Test suite used from boring, written by David Benjamin. Test driver converted from C++ to C. Added a Perl program to check the testsuite file. Extensive review feedback incorporated (thanks folks). Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Emilia Kasper authored
Verify that the encrypt-then-mac negotiation is handled correctly. Additionally, when compiled with no-asm, this test ensures coverage for the constant-time MAC copying code in ssl3_cbc_copy_mac. The proxy-based CBC padding test covers that as well but it's nevertheless better to have an explicit handshake test for mac-then-encrypt. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Nov 25, 2016
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
This makes S/MIME and CMS signing in MIME format for SHA1 work again. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
GH issue #1916 affects only big-endian platforms. TLS is not affected, because TLS fragment is never big enough. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
GH issue #1916 affects only big-endian platforms. TLS is not affected, because TLS fragment is never big enough. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
The bug was introduced in 80d27cdb , one too many instructions was removed. It went unnoticed, because new subroutine introduced in previous commit is called in real-life RSA/DSA/DH cases, while original code is called only in rare tests. The bug was caught in test_fuzz. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Nov 24, 2016
-
-
Kurt Roeckx authored
Reviewed-by: Emilia Käsper <emilia@openssl.org> GH: #2003
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Nov 23, 2016
-
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Don't use what is in supported_versions for the RSA pre-master Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
ossl_shim had some TLS1.3 defines that are now in ssl.h so need to be removed. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
The SSL_IS_TLS13() macro wasn't quite right. It would come back with true in the case where we haven't yet negotiated TLSv1.3, but it could be negotiated. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Add various different handshake types that are possible. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Current s_server can only get an OCSP Response from an OCSP responder. This provides the capability to instead get the OCSP Response from a DER encoded file. This should make testing of OCSP easier. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
After the client processes the server's initial flight in TLS1.3 it may respond with either an encrypted, or an unencrypted alert. We needed to teach TLSProxy about this so that it didn't issue spurious warnings. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
In one case we weren't always sending an unexpected message alert if we don't get what we expect. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
There is a set of miscellaneous processing for OCSP, CT etc at the end of the ServerDone processing. In TLS1.3 we don't have a ServerDone, so this needs to move elsewhere. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
The previous commit had a dummy payload for the Finished data. This commit fills it in with a real value. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
This is a major overhaul of the TLSv1.3 state machine. Currently it still looks like TLSv1.2. This commit changes things around so that it starts to look a bit less like TLSv1.2 and bit more like TLSv1.3. After this commit we have: ClientHello + key_share ----> ServerHello +key_share {CertificateRequest*} {Certificate*} {CertificateStatus*} <---- {Finished} {Certificate*} {CertificateVerify*} {Finished} ----> [ApplicationData] <---> [Application Data] Key differences between this intermediate position and the final TLSv1.3 position are: - No EncryptedExtensions message yet - No server side CertificateVerify message yet - CertificateStatus still exists as a separate message - A number of the messages are still in the TLSv1.2 format - Still running on the TLSv1.2 record layer Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
TLSv1.3 has a NewSessionTicket message, but it is *completely* different to the TLSv1.2 one and may as well have been called something else. This commit removes the old style NewSessionTicket from TLSv1.3. We will have to add the new style one back in later. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Commit 94ed2c67 dropped a ! operator by mistake, which causes extended master secret connections to fail. This puts in back. Reviewed-by: Richard Levitte <levitte@openssl.org>
-