- 30 10月, 2015 14 次提交
-
-
由 Matt Caswell 提交于
ssl.h and ssl3.h have a number of defines for the various states in the old state machine code. Since this is public API it is not desirable to just remove them. Instead redefine them to the closest equivalent state in the new state machine code. If an application calls SSL_state then the return value can still be compared against these old values if necessary. However not all values have an equivalent state in the new code, so these are just redefined to a dummy value. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Clean up and remove lots of code that is now no longer needed due to the move to the new state machine. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Implement all of the necessary changes to make DTLS on the server work with the new state machine code. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Implement all of the necessary changes for moving TLS server side processing into the new state machine code. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Split the TLS server ssl3_get_* and ssl3_send_* functions into two ready for the migration to the new state machine code. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Remove all the functions and dead code that is now no longer required as a result of the DTLS client move into the new state machine code. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Move all DTLS client side processing into the new state machine code. A subsequent commit will clean up the old dead code. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Create a dtls_get_message function similar to the old dtls1_get_message but in the format required for the new state machine code. The old function will eventually be deleted in later commits. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Remove redundant code following moving client side TLS handling to the new state machine implementation. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
This swaps the implementation of the client TLS state machine to use the new state machine code instead. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The new state machine code will split up the reading and writing of hanshake messages into discrete phases. In order to facilitate that the existing "get" type functions will be split into two halves: one to get the message and one to process it. The "send" type functions will also have all work relating to constructing the message split out into a separate function just for that. For some functions there will also be separate pre and post "work" phases to prepare or update state. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
This is the first drop of the new state machine code. The rewrite has the following objectives: - Remove duplication of state code between client and server - Remove duplication of state code between TLS and DTLS - Simplify transitions and bring the logic together in a single location so that it is easier to validate - Remove duplication of code between each of the message handling functions - Receive a message first and then work out whether that is a valid transition - not the other way around (the other way causes lots of issues where we are expecting one type of message next but actually get something else) - Separate message flow state from handshake state (in order to better understand each) - message flow state = when to flush buffers; handling restarts in the event of NBIO events; handling the common flow of steps for reading a message and the common flow of steps for writing a message etc - handshake state = what handshake message are we working on now - Control complexity: only the state machine can change state: keep all the state changes local to a file This builds on previous state machine related work: - Surface CCS processing in the state machine - Version negotiation rewrite Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The function ssl3_get_message gets a whole message from the underlying bio and returns it to the state machine code. The new state machine code will split this into two discrete steps: get the message header and get the message body. This commit splits the existing function into these two sub steps to facilitate the state machine implementation. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Pascal Cuoq 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@akamai.com> MR #1276, RT #4107
-
- 29 10月, 2015 1 次提交
-
-
由 Rich Salz 提交于
If something was "present in all versions" of SSLeay, or if it was added to a version of SSLeay (and therefore predates OpenSSL), remove mention of it. Documentation history now starts with OpenSSL. Remove mention of all history before OpenSSL 0.9.8, inclusive. Remove all AUTHOR sections. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 28 10月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Old API for use with OpenSSL-0.9.6. Remove it. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 27 10月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 26 10月, 2015 1 次提交
-
-
由 Ben Laurie 提交于
Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 25 10月, 2015 1 次提交
-
-
由 Ben Laurie 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 24 10月, 2015 10 次提交
-
-
由 Ben Laurie 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Alessandro Ghedini 提交于
RT#4081 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Alessandro Ghedini 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Alessandro Ghedini 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Alessandro Ghedini 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Alessandro Ghedini 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Alessandro Ghedini 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Alessandro Ghedini 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Alessandro Ghedini 提交于
0 is a valid file descriptor. RT#4068 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Alessandro Ghedini 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 23 10月, 2015 2 次提交
-
-
由 Adam Eijdenberg 提交于
Previous language was unclear. New language isn't pretty but I believe it is more accurate. Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
[fixes github issue #447] Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 22 10月, 2015 5 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Because the default error macro generator assumes the header file with error macros is in include/openssl and therefore generates a C file with error texts that include <openssl/{name}.h>, we need to generate the error macros and texts for CT separately, since the CT module doesn't follow the default criteria. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 21 10月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
The function SSLv23_server_method() is an old name. New code should use TLS_server_method() instead. Therefore don't use SSLv23_server_method() in an example in the docs. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Change the sanity check in PACKET_buf_init to check for excessive length buffers, which should catch the interesting cases where len has been cast from a negative value whilst avoiding any undefined behaviour. RT#4094 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 19 10月, 2015 2 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-