Tom Thorogood
f4a6690edc
crypto/tls: generate unique ticket_age_add for each ticket
...
#23 -- CLA ok -- re-author to me+google@tomthorogood.co.uk
2017-09-05 21:06:35 +01:00
Filippo Valsorda
7f449cbaa7
tris: add SessionTicketSealer
2017-09-05 21:06:35 +01:00
Filippo Valsorda
4f7b5988a3
crypto/tls: add ConnectionState.Unique0RTTToken
2017-09-05 21:06:35 +01:00
Filippo Valsorda
0d97989e0d
tris: move Commit to just before key share generation
...
In particular move it to after cipher suite negotiation and after
HelloRetryRequest check.
2017-09-05 21:06:35 +01:00
Brendan Mc
ed105dc308
crypto/tls: add SignedCertificateTimestamps and OCSPStaple to 1.3
2017-09-05 21:06:35 +01:00
Filippo Valsorda
9b94b65b7b
crypto/tls: send two session tickets to TLS 1.3 clients
2017-09-05 21:06:35 +01:00
Filippo Valsorda
740fc926aa
tris: add single line TLSDEBUG=short
2017-09-05 21:06:35 +01:00
Filippo Valsorda
c758567785
crypto/tls: detect unexpected leftover handshake data
...
There should be no data in the Handshake buffer on encryption state
changes (including implicit 1.3 transitions). Checking that also blocks
all Handshake messages fragmented across CCS.
BoGo: PartialClientFinishedWithClientHello
2017-09-05 21:06:35 +01:00
Filippo Valsorda
4191962f25
crypto/tls: use correct alerts
...
BoGo: Resume-Server-PSKBinderFirstExtension
BoGo: Resume-Server-ExtraPSKBinder
BoGo: Resume-Server-ExtraIdentityNoBinder
BoGo: Renegotiate-Server-Forbidden
BoGo: NoNullCompression
BoGo: TrailingMessageData-*
2017-09-05 21:06:35 +01:00
Filippo Valsorda
1bc19494f8
tris: tolerate NSS sending obfuscated_ticket_age as seconds
2017-09-05 21:06:34 +01:00
Filippo Valsorda
faefac5f1a
crypto/tls: stop ConfirmHandshake from locking on any Read
...
ConfirmHandshake should block on a Read until the handshakeConfirmed
state is reached, but past that it shouldn't.
2017-09-05 21:06:34 +01:00
Filippo Valsorda
341de96a61
crypto/tls: fix Conn.phase data races
...
Phase should only be accessed under in.Mutex. Handshake and all Read
operations obtain that lock. However, many functions checking for
handshakeRunning only obtain handshakeMutex: reintroduce
handshakeCompleted for them. ConnectionState and Close check for
handshakeConfirmed, introduce an atomic flag for them.
2017-09-05 21:06:34 +01:00
Filippo Valsorda
3e31621f57
crypto/tls: pick the first group the client sent a key share for
...
Fixes NCC-2016-002
2017-09-05 21:06:34 +01:00
Filippo Valsorda
5c4af70647
tris: drop QuietError
2017-09-05 21:06:34 +01:00
Filippo Valsorda
180bfdbd68
crypto/tls: finish the session ticket state checks
2017-09-05 21:06:34 +01:00
Filippo Valsorda
f8c15889af
crypto/tls: implement TLS 1.3 server 0-RTT
2017-09-05 21:06:34 +01:00
Filippo Valsorda
1117f76fcc
crypto/tls: return from Handshake before the Client Finished in 1.3
2017-09-05 21:06:34 +01:00
Filippo Valsorda
ee3048cfd2
crypto/tls: implement TLS 1.3 server PSK
2017-09-05 21:06:34 +01:00
Filippo Valsorda
6c3765bb15
tris: add error tracing with CH dumping
2017-09-05 21:06:34 +01:00
Filippo Valsorda
8052dc002f
tris: extend ConnectionInfo
2017-09-05 21:06:34 +01:00
Filippo Valsorda
4b0d17eca3
crypto/tls: implement TLS 1.3 minimal server
2017-09-05 21:06:29 +01:00