Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
9 个月 前同步成功

通知 8
Star 18
Fork 1
T
Third Party Openssl

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

切换分支/标签
  1. 15 8月, 2018 1 次提交
  3. 08 8月, 2018 1 次提交
  5. 15 5月, 2018 1 次提交
  7. 19 4月, 2018 1 次提交
  9. 14 4月, 2018 1 次提交
  11. 08 4月, 2018 1 次提交
  13. 23 3月, 2018 1 次提交
  15. 14 3月, 2018 1 次提交
  17. 21 2月, 2018 1 次提交
    • M
      Remove a spurious TLSProxy byte in TLSv1.3 · 6c61b274
      Matt Caswell 提交于 
      When the proxy re-encrypted a TLSv1.3 record it was adding a spurious
byte onto the end. This commit removes that.

The "extra" byte was intended to be the inner content type of the record.
However, TLSProxy was actually adding the original encrypted data into the
record (which already has the inner content type in it) and then adding
the spurious additional content type byte on the end (and adjusting the
record length accordingly).

It is interesting to look at why this didn't cause a failure:

The receiving peer first attempts to decrypt the data. Because this is
TLSProxy we always use a GCM based ciphersuite with a 16 byte tag. When
we decrypt this it actually gets diverted to the ossltest engine. All this
does is go through the motions of encrypting/decrypting but just passes
back the original data. Crucially it will never fail because of a bad tag!
The receiving party thinks the spurious additional byte is part of the
tag and the ossltest engine ignores it.

This means the data that gets passed back to the record layer still has
an additional spurious byte on it - but because the 16 byte tag has been
removed, this is actually the first byte of the original tag. Again
because we are using ossltest engine we aren't actually creating "real"
tags - we only ever emit 16, 0 bytes for the tag. So the spurious
additional byte always has the value 0. The TLSv1.3 spec says that records
can have additional 0 bytes on the end of them - this is "padding". So the
record layer interprets this 0 byte as padding and strips it off to end up
with the originally transmitted record data - which it can now process
successfully.
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5370)
      6c61b274
  19. 13 2月, 2018 1 次提交
  21. 26 1月, 2018 1 次提交
  23. 14 12月, 2017 3 次提交
  25. 15 8月, 2017 1 次提交
  27. 07 7月, 2017 1 次提交
  29. 04 5月, 2017 1 次提交
  31. 29 3月, 2017 1 次提交
  33. 16 3月, 2017 1 次提交
  35. 06 12月, 2016 2 次提交
  37. 30 11月, 2016 1 次提交
  39. 23 11月, 2016 2 次提交
  41. 10 11月, 2016 1 次提交
  43. 07 11月, 2016 1 次提交
  45. 03 11月, 2016 1 次提交
  47. 02 11月, 2016 1 次提交
  49. 16 8月, 2016 1 次提交
  51. 20 4月, 2016 1 次提交
  53. 14 8月, 2015 1 次提交
  55. 12 8月, 2015 1 次提交
    • M
      Add a libssl test harness · 631c1206
      Matt Caswell 提交于 
      This commit provides a set of perl modules that support the testing of
libssl. The test harness operates as a man-in-the-middle proxy between
s_server and s_client. Both s_server and s_client must be started using the
"-testmode" option which loads the new OSSLTEST engine.

The test harness enables scripts to be written that can examine the packets
sent during a handshake, as well as (potentially) modifying them so that
otherwise illegal handshake messages can be sent.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
      631c1206