wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Matt Caswell 7426cd343d Ensure that we write out alerts correctly after early_data 
If we sent early_data and then received back an HRR, the enc_write_ctx
was stale resulting in errors if an alert needed to be sent.

Thanks to Quarkslab for reporting this.

In any case it makes little sense to encrypt alerts using the
client_early_traffic_secret, so we add special handling for alerts sent
after early_data. All such alerts are sent in plaintext.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6887)
2018-08-08 10:16:58 +01:00
..
record Ensure that we write out alerts correctly after early_data 2018-08-08 10:16:58 +01:00
statem Ensure that we write out alerts correctly after early_data 2018-08-08 10:16:58 +01:00
bio_ssl.c Add comments to NULL func ptrs in bio_method_st 2017-12-18 07:04:48 +10:00
build.info Move ssl/t1_ext.c to ssl/statem/extensions_cust.c 2017-04-07 13:41:04 +01:00
d1_lib.c More record layer conversions to use SSLfatal() 2017-12-08 16:42:02 +00:00
d1_msg.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
d1_srtp.c Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
methods.c Drop support for OPENSSL_NO_TLS1_3_METHOD 2017-06-30 09:41:46 +01:00
packet.c Update copyright year 2018-04-17 15:18:40 +02:00
packet_locl.h Remove __cplusplus preamble from internal headers 2018-06-22 12:24:59 +02:00
pqueue.c Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
s3_cbc.c Move ossl_assert 2017-08-03 10:48:00 +01:00
s3_enc.c Ensure that we write out alerts correctly after early_data 2018-08-08 10:16:58 +01:00
s3_lib.c Add TODO comment for a nonsensical public API 2018-07-20 07:12:24 -05:00
s3_msg.c Update copyright year 2018-02-13 13:59:25 +00:00
ssl_asn1.c Don't use OPENSSL_strdup() for copying alpn_selected 2018-06-21 11:07:45 +01:00
ssl_cert.c Check that the public key OID matches the sig alg 2018-07-18 09:58:56 +01:00
ssl_cert_table.h Update copyright year 2018-03-20 13:08:46 +00:00
ssl_ciph.c Harmonize use of sk_TYPE_find's return value. 2018-08-07 08:56:54 +02:00
ssl_conf.c Add the ability to configure anti-replay via SSL_CONF 2018-07-02 15:06:12 +01:00
ssl_err.c Fix some TLSv1.3 alert issues 2018-07-31 09:31:50 +01:00
ssl_init.c Fix setting of ssl_strings_inited. 2018-08-07 15:08:03 -04:00
ssl_lib.c ssl/*: switch to switch to Thread-Sanitizer-friendly primitives. 2018-08-07 09:08:23 +02:00
ssl_locl.h ssl/*: switch to switch to Thread-Sanitizer-friendly primitives. 2018-08-07 09:08:23 +02:00
ssl_mcnf.c Move the loading of the ssl_conf module to libcrypto 2018-04-05 15:30:12 +01:00
ssl_rsa.c Update copyright year 2018-03-20 13:08:46 +00:00
ssl_sess.c ssl/*: switch to switch to Thread-Sanitizer-friendly primitives. 2018-08-07 09:08:23 +02:00
ssl_stat.c Merge HRR into ServerHello 2017-12-14 15:06:37 +00:00
ssl_txt.c Address coverity-reported NULL dereference in SSL_SESSION_print() 2018-07-01 18:20:11 -05:00
ssl_utst.c Remove heartbeat support 2016-11-13 16:24:02 -05:00
t1_enc.c Ensure that we write out alerts correctly after early_data 2018-08-08 10:16:58 +01:00
t1_lib.c Check that the public key OID matches the sig alg 2018-07-18 09:58:56 +01:00
t1_trce.c Suport TLSv1.3 draft 28 2018-05-15 10:02:59 +01:00
tls13_enc.c Ensure that we write out alerts correctly after early_data 2018-08-08 10:16:58 +01:00
tls_srp.c Use the private RNG for data that is not public 2018-04-02 22:22:43 +02:00