1. 12 8月, 2015 14 次提交
  2. 11 8月, 2015 3 次提交
  3. 10 8月, 2015 1 次提交
  4. 09 8月, 2015 2 次提交
  5. 07 8月, 2015 3 次提交
  6. 06 8月, 2015 1 次提交
  7. 05 8月, 2015 3 次提交
  8. 04 8月, 2015 5 次提交
  9. 03 8月, 2015 7 次提交
    • M
      Fix make errors for the CCS changes · 496dbe18
      Matt Caswell 提交于
      The move of CCS into the state machine was causing make errors to fail. This
      fixes it.
      Reviewed-by: NTim Hudson <tjh@openssl.org>
      496dbe18
    • M
      Fix ssl3_read_bytes handshake fragment bug · e9f6b9a1
      Matt Caswell 提交于
      The move of CCS into the state machine introduced a bug in ssl3_read_bytes.
      The value of |recvd_type| was not being set if we are satisfying the request
      from handshake fragment storage. This can occur, for example, with
      renegotiation and causes the handshake to fail.
      Reviewed-by: NTim Hudson <tjh@openssl.org>
      e9f6b9a1
    • M
      Move DTLS CCS processing into the state machine · c69f2adf
      Matt Caswell 提交于
      Continuing on from the previous commit this moves the processing of DTLS
      CCS messages out of the record layer and into the state machine.
      Reviewed-by: NTim Hudson <tjh@openssl.org>
      c69f2adf
    • M
      Move TLS CCS processing into the state machine · 657da85e
      Matt Caswell 提交于
      The handling of incoming CCS records is a little strange. Since CCS is not
      a handshake message it is handled differently to normal handshake messages.
      Unfortunately whilst technically it is not a handhshake message the reality
      is that it must be processed in accordance with the state of the handshake.
      Currently CCS records are processed entirely within the record layer. In
      order to ensure that it is handled in accordance with the handshake state
      a flag is used to indicate that it is an acceptable time to receive a CCS.
      
      Previously this flag did not exist (see CVE-2014-0224), but the flag should
      only really be considered a workaround for the problem that CCS is not
      visible to the state machine.
      
      Outgoing CCS messages are already handled within the state machine.
      
      This patch makes CCS visible to the TLS state machine. A separate commit
      will handle DTLS.
      Reviewed-by: NTim Hudson <tjh@openssl.org>
      657da85e
    • M
      PACKETise ClientHello processing · 9ceb2426
      Matt Caswell 提交于
      Uses the new PACKET code to process the incoming ClientHello including all
      extensions etc.
      Reviewed-by: NTim Hudson <tjh@openssl.org>
      9ceb2426
    • M
      PACKET unit tests · 6fc2ef20
      Matt Caswell 提交于
      Add some unit tests for the new PACKET API
      Reviewed-by: NTim Hudson <tjh@openssl.org>
      6fc2ef20
    • M
      Add initial packet parsing code · 7e729bb5
      Matt Caswell 提交于
      Provide more robust (inline) functions to replace n2s, n2l, etc. These
      functions do the same thing as the previous macros, but also keep track
      of the amount of data remaining and return an error if we try to read more
      data than we've got.
      Reviewed-by: NTim Hudson <tjh@openssl.org>
      7e729bb5
  10. 02 8月, 2015 1 次提交