- 30 1月, 2017 7 次提交
-
-
由 Matt Caswell 提交于
Requires a refactor of the ServerHello parsing, so that we parse first and then subsequently process. This is because the resumption information is held in the extensions block which is parsed last - but we need to know that information earlier. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
This is required for the later addition of resumption support. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
We still ignore it for now, but at least its in the right place. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
由 Matt Caswell 提交于
The record layer was making decisions that should really be left to the state machine around unexpected handshake messages that are received after the initial handshake (i.e. renegotiation related messages). This commit removes that code from the record layer and updates the state machine accordingly. This simplifies the state machine and paves the way for handling other messages post-handshake such as the NewSessionTicket in TLSv1.3. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
-
- 11 1月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
-
- 06 1月, 2017 4 次提交
-
-
由 Matt Caswell 提交于
This variable represents the index of the cert within the chain, so give it a name that better represents that. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2020)
-
由 Matt Caswell 提交于
We remove the separate CertificateStatus message for TLSv1.3, and instead send back the response in the appropriate Certificate message extension. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2020)
-
由 Matt Caswell 提交于
Continuing from the previous commit we also need to extend the extensions framework to supply the Certificate we just read during parsing. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2020)
-
由 Matt Caswell 提交于
The Certificate message in TLS1.3 has an extensions block for each Certificate. Therefore we need to extend tls_construct_extensions() to pass in the certificate we are working on. We also pass in the position in the chain (with 0 being the first certificate). Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2020)
-
- 09 12月, 2016 14 次提交
-
-
由 Matt Caswell 提交于
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Because extensions were keyed by type which is sparse, we were continually scanning the list to find the one we wanted. The way we stored them also had the side effect that we were running initialisers/finalisers in a different oder to the parsers. In this commit we change things so that we instead key on an index value for each extension. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Remove some functions that are no longer needed now that we have the new extension framework. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The _clienthello_ in the extensions parsing functions is overly specific. Better to keep the convention to just _client_ Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
This lays the foundation for a later move to have the extensions built and placed into the correct message for TLSv1.3 (e.g. ServerHello or EncryptedExtensions). Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Later we will have client extensions code too. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
This builds on the work started in 1ab3836b and extends is so that each extension has its own identified parsing functions, as well as an allowed context identifying which messages and protocols it is relevant for. Subsequent commits will do a similar job for the ServerHello extensions. This will enable us to have common functions for processing extension blocks no matter which of the multiple messages they are received from. In TLSv1.3 a number of different messages have extension blocks, and some extensions have moved from one message to another when compared to TLSv1.2. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
At this stage the message is just empty. We need to fill it in with extension data. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 23 11月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
There is a set of miscellaneous processing for OCSP, CT etc at the end of the ServerDone processing. In TLS1.3 we don't have a ServerDone, so this needs to move elsewhere. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 09 11月, 2016 2 次提交
-
-
由 Matt Caswell 提交于
Based on review feedback received. Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 04 11月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Writing still to be done Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 03 10月, 2016 5 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
We now set the handshake header, and close the packet directly in the write_state_machine. This is now possible because it is common for all messages. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
tls_construct_finished() used to have different arguments to all of the other construction functions. It doesn't anymore, so there is no neeed to treat it as a special case. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Move setting the handshake header up a level into the state machine code in order to reduce boilerplate. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Instead of initialising, finishing and cleaning up the WPACKET in every message construction function, we should do it once in write_state_machine(). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 18 8月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 18 5月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 27 1月, 2016 1 次提交
-
-
由 Rich Salz 提交于
This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 30 10月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
Add the ossl_statem prefix to various funtions to avoid name clashes. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Various enums were introduced as part of the state machine rewrite. As a matter of style it is preferred for these to be typedefs. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-