Skip to content
  1. Aug 03, 2015
    • Matt Caswell's avatar
      Fix make errors for the CCS changes · 496dbe18
      Matt Caswell authored
      
      
      The move of CCS into the state machine was causing make errors to fail. This
      fixes it.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      496dbe18
    • Matt Caswell's avatar
      Fix ssl3_read_bytes handshake fragment bug · e9f6b9a1
      Matt Caswell authored
      
      
      The move of CCS into the state machine introduced a bug in ssl3_read_bytes.
      The value of |recvd_type| was not being set if we are satisfying the request
      from handshake fragment storage. This can occur, for example, with
      renegotiation and causes the handshake to fail.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      e9f6b9a1
    • Matt Caswell's avatar
      Move DTLS CCS processing into the state machine · c69f2adf
      Matt Caswell authored
      
      
      Continuing on from the previous commit this moves the processing of DTLS
      CCS messages out of the record layer and into the state machine.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      c69f2adf
    • Matt Caswell's avatar
      Move TLS CCS processing into the state machine · 657da85e
      Matt Caswell authored
      
      
      The handling of incoming CCS records is a little strange. Since CCS is not
      a handshake message it is handled differently to normal handshake messages.
      Unfortunately whilst technically it is not a handhshake message the reality
      is that it must be processed in accordance with the state of the handshake.
      Currently CCS records are processed entirely within the record layer. In
      order to ensure that it is handled in accordance with the handshake state
      a flag is used to indicate that it is an acceptable time to receive a CCS.
      
      Previously this flag did not exist (see CVE-2014-0224), but the flag should
      only really be considered a workaround for the problem that CCS is not
      visible to the state machine.
      
      Outgoing CCS messages are already handled within the state machine.
      
      This patch makes CCS visible to the TLS state machine. A separate commit
      will handle DTLS.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      657da85e
    • Matt Caswell's avatar
      PACKETise ClientHello processing · 9ceb2426
      Matt Caswell authored
      
      
      Uses the new PACKET code to process the incoming ClientHello including all
      extensions etc.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      9ceb2426
    • Matt Caswell's avatar
      PACKET unit tests · 6fc2ef20
      Matt Caswell authored
      
      
      Add some unit tests for the new PACKET API
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      6fc2ef20
    • Matt Caswell's avatar
      Add initial packet parsing code · 7e729bb5
      Matt Caswell authored
      
      
      Provide more robust (inline) functions to replace n2s, n2l, etc. These
      functions do the same thing as the previous macros, but also keep track
      of the amount of data remaining and return an error if we try to read more
      data than we've got.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      7e729bb5
  2. Aug 02, 2015
  3. Aug 01, 2015
  4. Jul 31, 2015
  5. Jul 30, 2015