wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
14679 commits 20 branches 302 tags 153 MiB
Commit graph

10 commits

Author SHA1 Message Date
Dr. Stephen Henson
bc71f91064 Remove fixed DH ciphersuites. 
Remove all fixed DH ciphersuites and associated logic.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-19 16:14:51 +00:00
Matt Caswell
2a9b96548a Updates to GOST2012 
Various updates following feedback from the recent commit of the new
GOST2012 code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
 2015-11-27 17:23:14 +00:00
Dmitry Belyavsky
e44380a990 Patch containing TLS implementation for GOST 2012 
This patch contains the necessary changes to provide GOST 2012
ciphersuites in TLS. It requires the use of an external GOST 2012 engine.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-11-23 16:09:42 +00:00
Matt Caswell
8d16c58fa4 Remove some redundant assignments 
We were setting |s->renegotiate| and |s->new_session| to 0 twice in
tls_finish_handshake. This is redundant so now we just do it once!

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
 2015-11-06 15:32:44 +00:00
Matt Caswell
e657515620 Don't finish the handshake twice 
We finish the handshake when we move into the TLS_ST_OK state. At various
points we were also unnecessarily finishing it when we were reading/writing
the Finished message. It's much simpler just to do it in TLS_ST_OK, so
remove the other calls.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
 2015-11-06 15:32:44 +00:00
Matt Caswell
956de7b287 Remove superfluous check 
|tls_process_finished| was checking that |peer_finish_md_len| was
non-negative. However neither |tls1_final_finish_mac| or
|ssl3_final_finish_mac| can ever return a negative value, so the check is
superfluous.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-10-30 08:39:47 +00:00
Matt Caswell
be3583fa40 Convert enums to typedefs 
Various enums were introduced as part of the state machine rewrite. As a
matter of style it is preferred for these to be typedefs.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-10-30 08:39:47 +00:00
Matt Caswell
fe3a329117 Change statem prefix to ossl_statem 
Change various state machine functions to use the prefix ossl_statem
instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-10-30 08:39:46 +00:00
Matt Caswell
61ae935a98 More state machine reorg 
Move some function definitions around within the state machine to make sure
they are in the correct files. Also create a statem_locl.h header for stuff
entirely local to the state machine code and move various definitions into
it.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-10-30 08:38:18 +00:00
Matt Caswell
8ba708e516 Reorganise state machine files 
Pull out the state machine into a separate sub directory. Also moved some
functions which were nothing to do with the state machine but were in state
machine files. Pulled all the SSL_METHOD definitions into one place...most
of those files had very little left in them any more.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-10-30 08:38:18 +00:00
Renamed from ssl/s3_both.c (Browse further)