- 16 12月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 10 12月, 2015 1 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 09 12月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add new flag TLS1_FLAGS_RECEIVED_EXTMS which is set when the peer sends the extended master secret extension. Server now sends extms if and only if the client sent extms. Check consistency of extms extension when resuming sessions following (where practical) RFC7627. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 06 12月, 2015 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> MR: #364
-
- 05 12月, 2015 3 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Kurt Roeckx 提交于
SSL_{CTX}_set_tmp_ecdh() allows to set 1 EC curve and then tries to use it. On the other hand SSL_{CTX_}set1_curves() allows you to set a list of curves, but only when SSL_{CTX_}set_ecdh_auto() was called to turn it on. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Kurt Roeckx 提交于
This only gets used to set a specific curve without actually checking that the peer supports it or not and can therefor result in handshake failures that can be avoided by selecting a different cipher. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 30 11月, 2015 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Don't hard code EVP_sha* etc for signature algorithms: use table indices instead. Add SHA224 and SHA512 to tables. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 28 11月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Change handshake hash array into a single digest context simplifying the handhake hash code. Use EVP_md5_sha1() if needed for handshake hashes in TLS 1.1 and earlier. Simplify PRF code to also use a single digest and treat EVP_md5_sha1() as a special case. Modify algorithm2 field of ciphers to use a single index value for handshake hash and PRF instead of a bitmap. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 26 11月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 25 11月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 24 11月, 2015 1 次提交
-
-
由 Dmitry Belyavsky 提交于
This patch contains the necessary changes to provide GOST 2012 ciphersuites in TLS. It requires the use of an external GOST 2012 engine. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 21 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
The following entry points have been made async aware: SSL_accept SSL_read SSL_write Also added is a new mode - SSL_MODE_ASYNC. Calling the above functions with the async mode enabled will initiate a new async job. If an async pause is encountered whilst executing the job (such as for example if using SHA1/RSA with the Dummy Async engine), then the above functions return with SSL_WANT_ASYNC. Calling the functions again (with exactly the same args as per non-blocking IO), will resume the job where it left off. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 20 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
There are lots of calls to EVP functions from within libssl There were various places where we should probably check the return value but don't. This adds these checks. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 14 11月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
This disables some ciphersuites which aren't supported in SSL v3: specifically PSK ciphersuites which use SHA256 or SHA384 for the MAC. Thanks to the Open Crypto Audit Project for identifying this issue. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 11 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
The new function SSL_use_certificate_chain_file was always crashing in the internal function use_certificate_chain_file because it would pass a NULL value for SSL_CTX *, but use_certificate_chain_file would unconditionally try to dereference it. Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 08 11月, 2015 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 30 10月, 2015 21 次提交
-
-
由 Matt Caswell 提交于
There were a few remaining references to SSLv2 support which are no longer relevant now that it has been removed. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The function dtls1_link_min_mtu() was only used within d1_lib.c so make it static. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The SSL variable |in_handshake| seems misplaced. It would be better to have it in the STATEM structure. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Add an OSSL_ prefix onto STATEM Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The |no_cert_verify| should be in the state machine structure not in SSL Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The next_state variable is no longer needed in the new state machine. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Move some function definitions around within the state machine to make sure they are in the correct files. Also create a statem_locl.h header for stuff entirely local to the state machine code and move various definitions into it. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Pull out the state machine into a separate sub directory. Also moved some functions which were nothing to do with the state machine but were in state machine files. Pulled all the SSL_METHOD definitions into one place...most of those files had very little left in them any more. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
ssl_get_message is no longer used so it should be removed from ssl_method_st Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Previously each message specific process function would create its own PACKET structure. Rather than duplicate all of this code lots of times we should create it in the state machine itself. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The SSL structure contained a "state" variable that kept track of the state machine in the old code. The new state machine does not use this so it can be removed. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The SSL structure contained a "type" variable that was set to either SSL_ST_ACCEPT or SSL_ST_CONNECT depending on whether we are the server or the client. This duplicates the capability of the "server" variable and was actually rarely used. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Clean up and remove lots of code that is now no longer needed due to the move to the new state machine. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Implement all of the necessary changes to make DTLS on the server work with the new state machine code. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Split the TLS server ssl3_get_* and ssl3_send_* functions into two ready for the migration to the new state machine code. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Remove all the functions and dead code that is now no longer required as a result of the DTLS client move into the new state machine code. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Move all DTLS client side processing into the new state machine code. A subsequent commit will clean up the old dead code. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Create a dtls_get_message function similar to the old dtls1_get_message but in the format required for the new state machine code. The old function will eventually be deleted in later commits. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
This swaps the implementation of the client TLS state machine to use the new state machine code instead. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The new state machine code will split up the reading and writing of hanshake messages into discrete phases. In order to facilitate that the existing "get" type functions will be split into two halves: one to get the message and one to process it. The "send" type functions will also have all work relating to constructing the message split out into a separate function just for that. For some functions there will also be separate pre and post "work" phases to prepare or update state. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
This is the first drop of the new state machine code. The rewrite has the following objectives: - Remove duplication of state code between client and server - Remove duplication of state code between TLS and DTLS - Simplify transitions and bring the logic together in a single location so that it is easier to validate - Remove duplication of code between each of the message handling functions - Receive a message first and then work out whether that is a valid transition - not the other way around (the other way causes lots of issues where we are expecting one type of message next but actually get something else) - Separate message flow state from handshake state (in order to better understand each) - message flow state = when to flush buffers; handling restarts in the event of NBIO events; handling the common flow of steps for reading a message and the common flow of steps for writing a message etc - handshake state = what handshake message are we working on now - Control complexity: only the state machine can change state: keep all the state changes local to a file This builds on previous state machine related work: - Surface CCS processing in the state machine - Version negotiation rewrite Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-