Skip to content
  1. Aug 13, 2015
  2. Aug 12, 2015
  3. Aug 11, 2015
  4. Aug 10, 2015
  5. Aug 08, 2015
  6. Aug 06, 2015
  7. Aug 04, 2015
  8. Aug 03, 2015
    • Matt Caswell's avatar
      Fix warning when compiling with no-ec2m · 8d11b7c7
      Matt Caswell authored
      
      
      EC_KEY_set_public_key_affine_coordinates was using some variables that only
      apply if OPENSSL_NO_EC2M is not defined.
      
      Reviewed-by: default avatarViktor Dukhovni <viktor@openssl.org>
      8d11b7c7
    • Matt Caswell's avatar
      Fix make errors for the CCS changes · 496dbe18
      Matt Caswell authored
      
      
      The move of CCS into the state machine was causing make errors to fail. This
      fixes it.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      496dbe18
    • Matt Caswell's avatar
      Fix ssl3_read_bytes handshake fragment bug · e9f6b9a1
      Matt Caswell authored
      
      
      The move of CCS into the state machine introduced a bug in ssl3_read_bytes.
      The value of |recvd_type| was not being set if we are satisfying the request
      from handshake fragment storage. This can occur, for example, with
      renegotiation and causes the handshake to fail.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      e9f6b9a1
    • Matt Caswell's avatar
      Move DTLS CCS processing into the state machine · c69f2adf
      Matt Caswell authored
      
      
      Continuing on from the previous commit this moves the processing of DTLS
      CCS messages out of the record layer and into the state machine.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      c69f2adf
    • Matt Caswell's avatar
      Move TLS CCS processing into the state machine · 657da85e
      Matt Caswell authored
      
      
      The handling of incoming CCS records is a little strange. Since CCS is not
      a handshake message it is handled differently to normal handshake messages.
      Unfortunately whilst technically it is not a handhshake message the reality
      is that it must be processed in accordance with the state of the handshake.
      Currently CCS records are processed entirely within the record layer. In
      order to ensure that it is handled in accordance with the handshake state
      a flag is used to indicate that it is an acceptable time to receive a CCS.
      
      Previously this flag did not exist (see CVE-2014-0224), but the flag should
      only really be considered a workaround for the problem that CCS is not
      visible to the state machine.
      
      Outgoing CCS messages are already handled within the state machine.
      
      This patch makes CCS visible to the TLS state machine. A separate commit
      will handle DTLS.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      657da85e