Skip to content
  1. Aug 03, 2015
    • Matt Caswell's avatar
      Move TLS CCS processing into the state machine · 657da85e
      Matt Caswell authored
      
      
      The handling of incoming CCS records is a little strange. Since CCS is not
      a handshake message it is handled differently to normal handshake messages.
      Unfortunately whilst technically it is not a handhshake message the reality
      is that it must be processed in accordance with the state of the handshake.
      Currently CCS records are processed entirely within the record layer. In
      order to ensure that it is handled in accordance with the handshake state
      a flag is used to indicate that it is an acceptable time to receive a CCS.
      
      Previously this flag did not exist (see CVE-2014-0224), but the flag should
      only really be considered a workaround for the problem that CCS is not
      visible to the state machine.
      
      Outgoing CCS messages are already handled within the state machine.
      
      This patch makes CCS visible to the TLS state machine. A separate commit
      will handle DTLS.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      657da85e
    • Matt Caswell's avatar
      PACKETise ClientHello processing · 9ceb2426
      Matt Caswell authored
      
      
      Uses the new PACKET code to process the incoming ClientHello including all
      extensions etc.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      9ceb2426
    • Matt Caswell's avatar
      PACKET unit tests · 6fc2ef20
      Matt Caswell authored
      
      
      Add some unit tests for the new PACKET API
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      6fc2ef20
    • Matt Caswell's avatar
      Add initial packet parsing code · 7e729bb5
      Matt Caswell authored
      
      
      Provide more robust (inline) functions to replace n2s, n2l, etc. These
      functions do the same thing as the previous macros, but also keep track
      of the amount of data remaining and return an error if we try to read more
      data than we've got.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      7e729bb5
  2. Aug 02, 2015
  3. Aug 01, 2015
  4. Jul 31, 2015
  5. Jul 30, 2015