- Nov 02, 2015
-
-
Matt Caswell authored
A buggy application that call SSL_write with a different length after a NBIO event could cause an OPENSSL_assert to be reached. The assert is not actually necessary because there was an explicit check a little further down that would catch this scenario. Therefore remove the assert an move the check a little higher up. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
An OPENSSL_assert was being used which could fail (e.g. on a malloc failure). Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
This OPENSSL_assert in (d)tls1_hearbeat is trivially always going to be true because it is testing the sum of values that have been set as constants just a few lines above and nothing has changed them. Therefore remove this. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Soheil Rashidi authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Nov 01, 2015
-
-
Rich Salz authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Rich Salz authored
Close GH Issue 69 Close GH PR 457 Some other updates By Rich Salz, Alessandro Ghedini, Steve Marquess, Collin Anderson Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Oct 30, 2015
-
-
Rich Salz authored
All instances of SSLeay (any combination of case) were replaced with the case-equivalent OpenSSL. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
There were a few remaining references to SSLv2 support which are no longer relevant now that it has been removed. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
There was a discrepancy between what ciphersuites we allowed to send a CertificateRequest, and what ciphersuites we allowed to receive one. So add PSK and SRP to the disallowed ones. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Some functions were marked as inline in statem_srvr.c where they probably didn't need to be, so remove it. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
|tls_process_finished| was checking that |peer_finish_md_len| was non-negative. However neither |tls1_final_finish_mac| or |ssl3_final_finish_mac| can ever return a negative value, so the check is superfluous. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Due the rest of the state machine changes it makes sense to change the SSL_state_string return strings from 3* to T*. They are not SSL3 specific Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
There was a few uses of snprintf in the DTLS SCTP code which made more sense to be a memcpy. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Add the ossl_statem prefix to various funtions to avoid name clashes. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Various enums were introduced as part of the state machine rewrite. As a matter of style it is preferred for these to be typedefs. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The function dtls1_link_min_mtu() was only used within d1_lib.c so make it static. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Clang with --strict-warnings was complaining about an uninitalised variable. In reality it will never be used uninitialised but clang can't figure out the logic, so just init it anyway to silence the warning. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Rebasing the state machine code introduced a problem with empty NewSessionTicket processing. The return value from the tls_process_new_session_ticket() is supposed to be an enum, but a bare integer was being used. Unfortunately this is valid C so the compiler doesn't pick it up. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Fix another instance of |al| being unitialised in certain error scenarios. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
A number of error codes were wrong due to a rebase of the state machine code. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The SSL variable |in_handshake| seems misplaced. It would be better to have it in the STATEM structure. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
tls_process_client_hello() failed to initialise the |al| variable in some (error) scenarios. This could cause issues with creating the alert. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Adding the new state machine broke the DTLSv1_listen code because calling SSL_in_before() was erroneously returning true after DTLSv1_listen had successfully completed. This change ensures that SSL_in_before returns false. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Remove repeated blocks of checking SSL and then SSL_CTX for the info_callback. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Remove all the defines for the old state machines states. Mapping old to new is probably going to cause more problems than it solves so it is probably better to just remove them. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Add an OSSL_ prefix onto STATEM Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
SSL_state has been replaced by SSL_get_state and SSL_set_state is no longer supported. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The |no_cert_verify| should be in the state machine structure not in SSL Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Change various state machine functions to use the prefix ossl_statem instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The macros SSL_in_connect_init() and SSL_in_accept_init() inadvertently depended on SSL structure internals. This fixes it to use public API calls instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Rename the enum HANDSHAKE_STATE to OSSL_HANDSHAKE_STATE to ensure there are no namespace clashes, and convert it into a typedef. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Fixed some issues in the logic for determining whether an SKE should be expected or not. In particular only allow an SKE for RSA if its export and the key size is not allowed. Also fix the ephemeral ciphersuite checks and add in a missing call to ssl3_check_cert_and_algorithm(). Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Update the return type for SSL_state in the documentation. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Update the CHANGES file for the state machine rewrite Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
s_server was (ab)using SSL_set_state to force a renegotiation. This is a bad way to do things and does not work with the new state machine code, so we need to do it a different way. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Fix an out of date reference to old state machine code in a comment Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-