- Nov 06, 2015
-
-
Matt Caswell authored
We finish the handshake when we move into the TLS_ST_OK state. At various points we were also unnecessarily finishing it when we were reading/writing the Finished message. It's much simpler just to do it in TLS_ST_OK, so remove the other calls. Reviewed-by:Viktor Dukhovni <viktor@openssl.org>
-
- Nov 05, 2015
-
-
Dr. Stephen Henson authored
Rebuild error source files: the new mkerr.pl functionality will now pick up and translate static function names properly. Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: -
Dr. Stephen Henson authored
In mkerr.pl read parse functions names in C source files and use them for translation and sanity checks. Reviewed-by: -
Matt Caswell authored
The various dtls1_get*_methods did not handle the DTLS_ANY_VERSION case, so this needed to be added. Reviewed-by:Tim Hudson <tjh@openssl.org>
-
- Nov 04, 2015
-
-
Matt Caswell authored
EVP_SignInit_ex was missing from the NAME section of its man page so typing "man EVP_SignInit_ex" failed to load the page. Reviewed-by:Stephen Henson <steve@openssl.org>
-
- Nov 02, 2015
-
-
Richard Levitte authored
Reviewed-by:Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
The actual implementation has the state of the connection being controlled with the peer parameter, non-NULL meaning connected and NULL meaning connected. Reviewed-by:Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
No dummy arguments. Reviewed-by: -
Richard Levitte authored
BIO_int_ctrl isn't made for the purpose BIO_get_conn_int_port used it for. This also changes BIO_C_GET_CONNECT to actually return the port instead of assigning it to a pointer that was never returned back to the caller. Reviewed-by: -
Matt Caswell authored
Clarify that git format-patch output is preferred for creating patch files. Reviewed-by: -
Matt Caswell authored
A buggy application that call SSL_write with a different length after a NBIO event could cause an OPENSSL_assert to be reached. The assert is not actually necessary because there was an explicit check a little further down that would catch this scenario. Therefore remove the assert an move the check a little higher up. Reviewed-by: -
Matt Caswell authored
An OPENSSL_assert was being used which could fail (e.g. on a malloc failure). Reviewed-by: -
Matt Caswell authored
This OPENSSL_assert in (d)tls1_hearbeat is trivially always going to be true because it is testing the sum of values that have been set as constants just a few lines above and nothing has changed them. Therefore remove this. Reviewed-by: -
Soheil Rashidi authored
Signed-off-by:
-
- Nov 01, 2015
-
-
Rich Salz authored
Reviewed-by:Kurt Roeckx <kurt@openssl.org>
-
Rich Salz authored
Close GH Issue 69 Close GH PR 457 Some other updates By Rich Salz, Alessandro Ghedini, Steve Marquess, Collin Anderson Reviewed-by: -
Rich Salz authored
Reviewed-by:Matt Caswell <matt@openssl.org>
-
- Oct 30, 2015
-
-
Rich Salz authored
All instances of SSLeay (any combination of case) were replaced with the case-equivalent OpenSSL. Reviewed-by: -
Matt Caswell authored
There were a few remaining references to SSLv2 support which are no longer relevant now that it has been removed. Reviewed-by:
-
Matt Caswell authored
There was a discrepancy between what ciphersuites we allowed to send a CertificateRequest, and what ciphersuites we allowed to receive one. So add PSK and SRP to the disallowed ones. Reviewed-by:
-
Matt Caswell authored
Some functions were marked as inline in statem_srvr.c where they probably didn't need to be, so remove it. Reviewed-by:
-
Matt Caswell authored
|tls_process_finished| was checking that |peer_finish_md_len| was non-negative. However neither |tls1_final_finish_mac| or |ssl3_final_finish_mac| can ever return a negative value, so the check is superfluous. Reviewed-by:
-
Matt Caswell authored
Due the rest of the state machine changes it makes sense to change the SSL_state_string return strings from 3* to T*. They are not SSL3 specific Reviewed-by:
-
Matt Caswell authored
There was a few uses of snprintf in the DTLS SCTP code which made more sense to be a memcpy. Reviewed-by:
-
Matt Caswell authored
Add the ossl_statem prefix to various funtions to avoid name clashes. Reviewed-by:
-
Matt Caswell authored
Various enums were introduced as part of the state machine rewrite. As a matter of style it is preferred for these to be typedefs. Reviewed-by:
-
Matt Caswell authored
The function dtls1_link_min_mtu() was only used within d1_lib.c so make it static. Reviewed-by:
-
Matt Caswell authored
Clang with --strict-warnings was complaining about an uninitalised variable. In reality it will never be used uninitialised but clang can't figure out the logic, so just init it anyway to silence the warning. Reviewed-by:
-
Matt Caswell authored
Rebasing the state machine code introduced a problem with empty NewSessionTicket processing. The return value from the tls_process_new_session_ticket() is supposed to be an enum, but a bare integer was being used. Unfortunately this is valid C so the compiler doesn't pick it up. Reviewed-by:
-
Matt Caswell authored
Fix another instance of |al| being unitialised in certain error scenarios. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
A number of error codes were wrong due to a rebase of the state machine code. Reviewed-by:
-
Matt Caswell authored
The SSL variable |in_handshake| seems misplaced. It would be better to have it in the STATEM structure. Reviewed-by:
-
Matt Caswell authored
tls_process_client_hello() failed to initialise the |al| variable in some (error) scenarios. This could cause issues with creating the alert. Reviewed-by:
-
Matt Caswell authored
Adding the new state machine broke the DTLSv1_listen code because calling SSL_in_before() was erroneously returning true after DTLSv1_listen had successfully completed. This change ensures that SSL_in_before returns false. Reviewed-by:
-
