- 05 12月, 2015 1 次提交
-
-
由 Kurt Roeckx 提交于
This only gets used to set a specific curve without actually checking that the peer supports it or not and can therefor result in handshake failures that can be avoided by selecting a different cipher. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 30 11月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 28 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Various updates following feedback from the recent commit of the new GOST2012 code. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 25 11月, 2015 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 24 11月, 2015 1 次提交
-
-
由 Dmitry Belyavsky 提交于
This patch contains the necessary changes to provide GOST 2012 ciphersuites in TLS. It requires the use of an external GOST 2012 engine. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 21 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
The al variable could be uninitialised in an error path. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 20 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
There are lots of calls to EVP functions from within libssl There were various places where we should probably check the return value but don't. This adds these checks. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 10 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
if we have a malloc |x = OPENSSL_malloc(...)| sometimes we check |x| for NULL and sometimes we treat it as a boolean |if(!x) ...|. Standardise the approach in libssl. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 06 11月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
The SCTP code is not compiled by default. This fixes some compilation problems in that code. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
We finish the handshake when we move into the TLS_ST_OK state. At various points we were also unnecessarily finishing it when we were reading/writing the Finished message. It's much simpler just to do it in TLS_ST_OK, so remove the other calls. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 30 10月, 2015 18 次提交
-
-
由 Matt Caswell 提交于
There was a discrepancy between what ciphersuites we allowed to send a CertificateRequest, and what ciphersuites we allowed to receive one. So add PSK and SRP to the disallowed ones. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Some functions were marked as inline in statem_srvr.c where they probably didn't need to be, so remove it. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
There was a few uses of snprintf in the DTLS SCTP code which made more sense to be a memcpy. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Add the ossl_statem prefix to various funtions to avoid name clashes. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Various enums were introduced as part of the state machine rewrite. As a matter of style it is preferred for these to be typedefs. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Fix another instance of |al| being unitialised in certain error scenarios. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
A number of error codes were wrong due to a rebase of the state machine code. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
tls_process_client_hello() failed to initialise the |al| variable in some (error) scenarios. This could cause issues with creating the alert. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Add an OSSL_ prefix onto STATEM Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The |no_cert_verify| should be in the state machine structure not in SSL Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Change various state machine functions to use the prefix ossl_statem instead. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Move some function definitions around within the state machine to make sure they are in the correct files. Also create a statem_locl.h header for stuff entirely local to the state machine code and move various definitions into it. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Pull out the state machine into a separate sub directory. Also moved some functions which were nothing to do with the state machine but were in state machine files. Pulled all the SSL_METHOD definitions into one place...most of those files had very little left in them any more. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Previously each message specific process function would create its own PACKET structure. Rather than duplicate all of this code lots of times we should create it in the state machine itself. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Clean up and remove lots of code that is now no longer needed due to the move to the new state machine. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Implement all of the necessary changes to make DTLS on the server work with the new state machine code. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Implement all of the necessary changes for moving TLS server side processing into the new state machine code. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Split the TLS server ssl3_get_* and ssl3_send_* functions into two ready for the migration to the new state machine code. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 24 10月, 2015 1 次提交
-
-
由 Alessandro Ghedini 提交于
RT#4081 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 15 10月, 2015 1 次提交
-
-
由 Emilia Kasper 提交于
False positive: gcc (4.8) can't figure out the SSL_IS_DTLS logic. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 09 10月, 2015 1 次提交
-
-
由 Emilia Kasper 提交于
Note that this commit constifies a user callback parameter and therefore will break compilation for applications using this callback. But unless they are abusing write access to the buffer, the fix is trivial. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 07 10月, 2015 1 次提交
-
-
由 Emilia Kasper 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 06 10月, 2015 3 次提交
-
-
由 Emilia Kasper 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Emilia Kasper 提交于
Fix alerts. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Emilia Kasper 提交于
Move all packet parsing to the beginning of the method. This limits the SSLv2 compatibility soup to the parsing, and makes the rest of the processing uniform. This is also needed for simpler EMS support: EMS servers need to do an early scan for EMS to make resumption decisions. This'll be easier when the entire ClientHello is parsed in the beginning. As a side effect, 1) PACKETize ssl_get_prev_session and tls1_process_ticket; and 2) Delete dead code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 23 9月, 2015 1 次提交
-
-
由 Emilia Kasper 提交于
Since SSLv3, a CipherSuite is always 2 bytes. The only place where we need 3-byte ciphers is SSLv2-compatible ClientHello processing. So, remove the ssl_put_cipher_by_char indirection. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 18 9月, 2015 1 次提交
-
-
由 Emilia Kasper 提交于
The bookmark API results in a lot of boilerplate error checking that can be much more easily achieved with a simple struct copy. It also lays the path for removing the third PACKET field. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 17 9月, 2015 1 次提交
-
-
由 Emilia Kasper 提交于
Simplify encrypted premaster secret reading by using new methods in the PACKET API. Don't overwrite the packet buffer. RSA decrypt accepts truncated ciphertext with leading zeroes omitted, so it's even possible that by crafting a valid ciphertext with several leading zeroes, this could cause a few bytes out-of-bounds write. The write is harmless because of the size of the underlying message buffer, but nevertheless we shouldn't write into the packet. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 15 9月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
For server use a PSK identity hint value in the CERT structure which is inherited when SSL_new is called and which allows applications to set hints on a per-SSL basis. The previous version of SSL_use_psk_identity_hint tried (wrongly) to use the SSL_SESSION structure. PR#4039 Reviewed-by: NMatt Caswell <matt@openssl.org>
-