提交 · c69f2adf71d888ba1a2090ec0be3319eb024efe3 · OpenHarmony / Third Party Openssl

03 8月, 2015 5 次提交

Move DTLS CCS processing into the state machine · c69f2adf

由 Matt Caswell 提交于 6月 02, 2015

Continuing on from the previous commit this moves the processing of DTLS
CCS messages out of the record layer and into the state machine.
Reviewed-by: NTim Hudson <tjh@openssl.org>

c69f2adf

Move TLS CCS processing into the state machine · 657da85e

由 Matt Caswell 提交于 5月 11, 2015

The handling of incoming CCS records is a little strange. Since CCS is not
a handshake message it is handled differently to normal handshake messages.
Unfortunately whilst technically it is not a handhshake message the reality
is that it must be processed in accordance with the state of the handshake.
Currently CCS records are processed entirely within the record layer. In
order to ensure that it is handled in accordance with the handshake state
a flag is used to indicate that it is an acceptable time to receive a CCS.

Previously this flag did not exist (see CVE-2014-0224), but the flag should
only really be considered a workaround for the problem that CCS is not
visible to the state machine.

Outgoing CCS messages are already handled within the state machine.

This patch makes CCS visible to the TLS state machine. A separate commit
will handle DTLS.
Reviewed-by: NTim Hudson <tjh@openssl.org>

657da85e

PACKETise ClientHello processing · 9ceb2426

由 Matt Caswell 提交于 4月 16, 2015

Uses the new PACKET code to process the incoming ClientHello including all
extensions etc.
Reviewed-by: NTim Hudson <tjh@openssl.org>

9ceb2426

PACKET unit tests · 6fc2ef20

由 Matt Caswell 提交于 4月 17, 2015

Add some unit tests for the new PACKET API
Reviewed-by: NTim Hudson <tjh@openssl.org>

6fc2ef20

Add initial packet parsing code · 7e729bb5

由 Matt Caswell 提交于 4月 14, 2015

Provide more robust (inline) functions to replace n2s, n2l, etc. These
functions do the same thing as the previous macros, but also keep track
of the amount of data remaining and return an error if we try to read more
data than we've got.
Reviewed-by: NTim Hudson <tjh@openssl.org>

7e729bb5

02 8月, 2015 6 次提交
- B
  Fix refactoring breakage. · bb484020
  由 Ben Laurie 提交于 8月 02, 2015
```
Reviewed-by: NRich Salz <rsalz@openssl.org>
```
  bb484020
- D
  don't reset return value to 0 · 5a168057
  由 Dr. Stephen Henson 提交于 8月 02, 2015
```
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
  5a168057
- B
  Add -Wconditional-uninitialized to clang strict warnings. · 480405e4
  由 Ben Laurie 提交于 8月 02, 2015
```
Reviewed-by: NRich Salz <rsalz@openssl.org>
```
  480405e4
- B
  Build with --strict-warnings on FreeBSD. · d237a273
  由 Ben Laurie 提交于 8月 02, 2015
```
Reviewed-by: NRich Salz <rsalz@openssl.org>
```
  d237a273
- B
  Make BSD make happy with subdirectories. · 9e83e6cd
  由 Ben Laurie 提交于 8月 01, 2015
```
Reviewed-by: Richard Levitte
```
  9e83e6cd
- D
  GH336: Return an exit code if report fails · e36ce2d9
  由 Dirk Wetter 提交于 7月 31, 2015
```
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
  e36ce2d9
01 8月, 2015 4 次提交

B
Only define PAGE_SIZE if not already defined. · 34750dc2
由 Ben Laurie 提交于 7月 31, 2015
```
Reviewed-by: NRich Salz <rsalz@openssl.org>
```
34750dc2

Remove erroneous server_random filling · e1e088ec

由 Matt Caswell 提交于 6月 25, 2015

Commit e481f9b9 removed OPENSSL_NO_TLSEXT from the code.

Previously if OPENSSL_NO_TLSEXT *was not* defined then the server random was
filled during getting of the ClientHello. If it *was* defined then the
server random would be filled in ssl3_send_server_hello(). Unfortunately in
commit e481f9b9 the OPENSSL_NO_TLSEXT guards were removed but *both*
server random fillings were left in. This could cause problems for session
ticket callbacks.
Reviewed-by: NStephen Henson <steve@openssl.org>

e1e088ec

L
Clear BN-mont values when free'ing it. · 1a586b39
由 Loganaden Velvindron 提交于 7月 31, 2015
```
From a CloudFlare patch.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
```
1a586b39

Various doc fixes from GH pull requests · 740ceb5b

由 Rich Salz 提交于 7月 31, 2015

Thanks folks:
        348 Benjamin Kaduk
        317 Christian Brueffer
        254 Erik Tews
        253 Erik Tews
        219 Carl Mehner
        155 (ghost)
        95 mancha
        51 DominikNeubauer
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

740ceb5b

31 7月, 2015 5 次提交
- K
  RT3742: Add xmpp_server to s_client. · 898ea7b8
  由 Kai Engert 提交于 7月 29, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  898ea7b8
- A
  RT3963: Allow OCSP stapling with -rev and -www · be0c0361
  由 Adam Eijdenberg 提交于 7月 29, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  be0c0361
- A
  RT3962: Check accept_count only if not unlimited · e46bcca2
  由 Adam Eijdenberg 提交于 7月 29, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  e46bcca2
- A
  RT3961: Fix switch/case errors in flag parsing · 902c6b95
  由 Adam Eijdenberg 提交于 7月 29, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  902c6b95
- N
  RT3959: Fix misleading comment · 119ab03a
  由 Nicholas Cooper 提交于 7月 29, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  119ab03a
30 7月, 2015 20 次提交

D
cleanse psk_identity on error · 3df16cc2
由 Dr. Stephen Henson 提交于 7月 28, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
3df16cc2
D
Free and cleanse pms on error · a784665e
由 Dr. Stephen Henson 提交于 7月 28, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
a784665e
D
Don't request certificates for any PSK ciphersuite · a3f7ff2b
由 Dr. Stephen Henson 提交于 7月 11, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
a3f7ff2b
D
CAMELLIA PSK ciphersuites from RFC6367 · 69a3a9f5
由 Dr. Stephen Henson 提交于 6月 30, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
69a3a9f5
D
Add PSK ciphersuites to docs · b2f8ab86
由 Dr. Stephen Henson 提交于 6月 29, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
b2f8ab86
D
Update CHANGES · 23237159
由 Dr. Stephen Henson 提交于 6月 29, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
23237159
D
Add RFC4785 ciphersuites · 5516fcc0
由 Dr. Stephen Henson 提交于 6月 29, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
5516fcc0

Add RFC4279, RFC5487 and RFC5489 ciphersuites. · ea6114c6

由 Dr. Stephen Henson 提交于 6月 28, 2015

Note: some of the RFC4279 ciphersuites were originally part of PR#2464.
Reviewed-by: NMatt Caswell <matt@openssl.org>

ea6114c6

D
Initial new PSK ciphersuite defines · f40ecbc3
由 Dr. Stephen Henson 提交于 6月 28, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
f40ecbc3
D
Add full PSK trace support · 2a1a04e1
由 Dr. Stephen Henson 提交于 6月 28, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
2a1a04e1

PSK premaster secret derivation. · 8a0a12e5

由 Dr. Stephen Henson 提交于 6月 28, 2015

Move PSK premaster secret algorithm to ssl_generate_master secret so
existing key exchange code can be used and modified slightly to add
the PSK wrapping structure.
Reviewed-by: NMatt Caswell <matt@openssl.org>

8a0a12e5

Extended PSK server support. · 85269210

由 Dr. Stephen Henson 提交于 6月 28, 2015

Add support for RSAPSK, DHEPSK and ECDHEPSK server side.

Update various checks to ensure certificate and server key exchange messages
are only sent when required.

Update message handling. PSK server key exchange parsing now include an
identity hint prefix for all PSK server key exchange messages. PSK
client key exchange message expects PSK identity and requests key for
all PSK key exchange ciphersuites.

Update flags for RSA, DH and ECDH so they are also used in PSK.
Reviewed-by: NMatt Caswell <matt@openssl.org>

85269210

Extended PSK client support. · 7689082b

由 Dr. Stephen Henson 提交于 6月 28, 2015

Add support for RSAPSK, DHEPSK and ECDHEPSK client side.

Update various checks to ensure certificate and server key exchange messages
are only expected when required.

Update message handling. PSK server key exchange parsing now expects an
identity hint prefix for all PSK server key exchange messages. PSK
client key exchange message requests PSK identity and key for all PSK
key exchange ciphersuites and includes identity in message.

Update flags for RSA, DH and ECDH so they are also used in PSK.
Reviewed-by: NMatt Caswell <matt@openssl.org>

7689082b

PSK PRF correction. · 12053a81

由 Dr. Stephen Henson 提交于 6月 28, 2015

For SHA384 PRF PSK ciphersuites we have to switch to default PRF for
TLS < 1.2
Reviewed-by: NMatt Caswell <matt@openssl.org>

12053a81

D
Make auto DH work with DHEPSK · adc5506a
由 Dr. Stephen Henson 提交于 6月 28, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
adc5506a
D
Check for kECDH with extensions. · 13be69f3
由 Dr. Stephen Henson 提交于 6月 30, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
13be69f3
D
Enable PSK if corresponding mask set. · 526f94ad
由 Dr. Stephen Henson 提交于 6月 28, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
526f94ad
D
Disable all PSK if no callback. · fe5eef3a
由 Dr. Stephen Henson 提交于 6月 28, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
fe5eef3a
D
Disable unsupported PSK algorithms · 332a251f
由 Dr. Stephen Henson 提交于 6月 28, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
332a251f
D
new PSK text constants · 8baac6a2
由 Dr. Stephen Henson 提交于 6月 28, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
8baac6a2

OpenHarmony / Third Party Openssl 大约 1 年 前同步成功

OpenHarmony / Third Party Openssl
大约 1 年前同步成功