aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/s3_enc.c
Commit message (Collapse)AuthorAgeFilesLines
* Convert master_secret_size code to size_tMatt Caswell2016-11-041-8/+14
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Convert libssl writing for size_tMatt Caswell2016-11-041-4/+9
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Indent ssl/Emilia Kasper2016-08-181-26/+24
| | | | | | | | | Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: Rich Salz <rsalz@openssl.org>
* check return values for EVP_Digest*() APIsDr. Stephen Henson2016-07-151-18/+22
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add some missing return value checksMatt Caswell2016-06-131-1/+4
| | | | | | Some misc return value checks Reviewed-by: Rich Salz <rsalz@openssl.org>
* Handle a memory allocation failure in ssl3_init_finished_mac()Matt Caswell2016-06-031-2/+9
| | | | | | | | | The ssl3_init_finished_mac() function can fail, in which case we need to propagate the error up through the stack. RT#3198 Reviewed-by: Rich Salz <rsalz@openssl.org>
* The ssl3_digest_cached_records() function does not handle errors properlyMatt Caswell2016-05-261-5/+4
| | | | | | | | | | The ssl3_digest_cached_records() function was failing to handle errors that might be returned from EVP_DigestSignInit() and EVP_DigestSignUpdate(). RT#4180 Reviewed-by: Stephen Henson <steve@openssl.org>
* Copyright consolidation 01/10Rich Salz2016-05-171-107/+7
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* various spelling fixesFdaSilvaYY2016-04-281-2/+2
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/952)
* Revert "various spelling fixes"Rich Salz2016-04-041-2/+2
| | | | | | | This reverts commit 620d540bd47a96fb6905fbbdd8ea5167a8841a3e. It wasn't reviewed. Reviewed-by: Rich Salz <rsalz@openssl.org>
* various spelling fixesFdaSilvaYY2016-04-041-2/+2
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Lazily initialise the compression bufferMatt Caswell2016-03-071-2/+0
| | | | | | | | | | | | With read pipelining we use multiple SSL3_RECORD structures for reading. There are SSL_MAX_PIPELINES (32) of them defined (typically not all of these would be used). Each one has a 16k compression buffer allocated! This results in a significant amount of memory being consumed which, most of the time, is not needed. This change swaps the allocation of the compression buffer to be lazy so that it is only done immediately before it is actually used. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Refactor ClientHello extension parsingEmilia Kasper2016-03-031-0/+2
| | | | | | | | | | | | | | | | | 1) Simplify code with better PACKET methods. 2) Make broken SNI parsing explicit. SNI was intended to be extensible to new name types but RFC 4366 defined the syntax inextensibly, and OpenSSL has never parsed SNI in a way that would allow adding a new name type. RFC 6066 fixed the definition but due to broken implementations being widespread, it appears impossible to ever extend SNI. 3) Annotate resumption behaviour. OpenSSL doesn't currently handle all extensions correctly upon resumption. Annotate for further clean-up. 4) Send an alert on ALPN protocol mismatch. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Remove /* foo.c */ commentsRich Salz2016-01-261-1/+0
| | | | | | | | | | | | This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Adapt all EVP_CIPHER_CTX users for it becoming opaqueRichard Levitte2016-01-121-7/+5
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Cleanup: fix all sources that used EVP_MD_CTX_(create|init|destroy)Richard Levitte2015-12-071-11/+11
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Adapt the rest of the source to the removal of (EVP_MD_CTX|HMAC_CTX)_cleanupRichard Levitte2015-12-071-1/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Adjust all accesses to EVP_MD_CTX to use accessor functions.Richard Levitte2015-12-071-41/+55
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove support for all 40 and 56 bit ciphers.Kurt Roeckx2015-12-051-33/+3
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #364
* fix function code discrepancyDr. Stephen Henson2015-11-271-2/+2
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* PRF and handshake hash revision.Dr. Stephen Henson2015-11-271-111/+33
| | | | | | | | | | | | | | Change handshake hash array into a single digest context simplifying the handhake hash code. Use EVP_md5_sha1() if needed for handshake hashes in TLS 1.1 and earlier. Simplify PRF code to also use a single digest and treat EVP_md5_sha1() as a special case. Modify algorithm2 field of ciphers to use a single index value for handshake hash and PRF instead of a bitmap. Reviewed-by: Matt Caswell <matt@openssl.org>
* Remove unused cert_verify_mac codeDr. Stephen Henson2015-11-251-5/+0
| | | | Reviewed-by: Andy Polyakov <appro@openssl.org>
* Ensure all EVP calls have their returns checked where appropriateMatt Caswell2015-11-201-27/+36
| | | | | | | | There are lots of calls to EVP functions from within libssl There were various places where we should probably check the return value but don't. This adds these checks. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Avoid duplication.Dr. Stephen Henson2015-06-231-1/+7
| | | | | | | | We always free the handshake buffer when digests are freed so move it into ssl_free_digest_list() Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Tidy up ssl3_digest_cached_records logic.Dr. Stephen Henson2015-06-231-33/+30
| | | | | | | | | | | | | | | Rewrite ssl3_digest_cached_records handling. Only digest cached records if digest array is NULL: this means it is safe to call ssl3_digest_cached_records multiple times (subsequent calls are no op). Remove flag TLS1_FLAGS_KEEP_HANDSHAKE instead only update handshake buffer if digest array is NULL. Add additional "keep" parameter to ssl3_digest_cached_records to indicate if the handshake buffer should be retained after digesting cached records (needed for TLS 1.2 client authentication). Reviewed-by: Matt Caswell <matt@openssl.org>
* Revert "Avoid duplication."Dr. Stephen Henson2015-06-211-7/+1
| | | | | | | | | This reverts commit d480e182fe20fcaeca7817a4693eeaf594bb1a32. Commit broke TLS handshakes due to fragility of digest caching: that will be fixed separately. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Avoid duplication.Dr. Stephen Henson2015-06-211-1/+7
| | | | | | | We always free the handshake buffer when digests are freed so move it into ssl_free_digest_list() Reviewed-by: Rich Salz <rsalz@openssl.org>
* remove unnecessary NULL checksDr. Stephen Henson2015-06-211-2/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* clear/cleanse cleanupRich Salz2015-05-301-4/+6
| | | | | | | Where we called openssl_cleanse, make sure we do it on all error paths. Be consistent in use of sizeof(foo) when possible. Reviewed-by: Andy Polyakov <appro@openssl.org>
* memset, memcpy, sizeof consistency fixesRich Salz2015-05-051-2/+3
| | | | | | | | Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr) for memset and memcpy. Remove needless casts for those functions. For memset, replace alternative forms of zero with 0. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Use safer sizeof variant in mallocRich Salz2015-05-041-2/+2
| | | | | | | | | | | | | For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(*p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: Richard Levitte <levitte@openssl.org>
* free NULL cleanup 11Rich Salz2015-05-011-8/+4
| | | | | | | | | | | | | | | | | | | Don't check for NULL before calling free functions. This gets: ERR_STATE_free ENGINE_free DSO_free CMAC_CTX_free COMP_CTX_free CONF_free NCONF_free NCONF_free_data _CONF_free_data A sk_free use within OBJ_sigid_free TS_TST_INFO_free (rest of TS_ API was okay) Doc update for UI_free (all uses were fine) X509V3_conf_free X509V3_section_free X509V3_string_free Reviewed-by: Richard Levitte <levitte@openssl.org>
* free cleanup almost the finaleRich Salz2015-04-301-5/+2
| | | | | | | | | | Add OPENSSL_clear_free which merges cleanse and free. (Names was picked to be similar to BN_clear_free, etc.) Removed OPENSSL_freeFunc macro. Fixed the small simple ones that are left: CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked Reviewed-by: Richard Levitte <levitte@openssl.org>
* Code style: space after 'if'Viktor Dukhovni2015-04-161-3/+3
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Move ssl3_record_sequence_update into record layerMatt Caswell2015-03-261-11/+0
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Move read_sequence and write_sequence from s->s3 to s->rlayerMatt Caswell2015-03-261-2/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Introduce macro RECORD_LAYER_setup_comp_bufferMatt Caswell2015-03-261-2/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Move more SSL3_RECORD oriented functions into ssl3_record.cMatt Caswell2015-03-261-169/+0
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Encapsulate s->s3->wrecMatt Caswell2015-03-261-2/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Encapsulate s->s3->rrecMatt Caswell2015-03-261-6/+4
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* free NULL cleanupRich Salz2015-03-251-2/+1
| | | | | | | This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free BIO_free BIO_free_all BIO_vfree Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix missing return value checksMatt Caswell2015-03-231-2/+8
| | | | | | | | Ensure that all functions have their return values checked where appropriate. This covers all functions defined and called from within libssl. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Cleanse buffersMatt Caswell2015-03-111-0/+1
| | | | | | Cleanse various intermediate buffers used by the PRF. Reviewed-by: Richard Levitte <levitte@openssl.org>
* More comment realignmentmaster-post-reformatMatt Caswell2015-01-221-7/+8
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Run util/openssl-format-source -v -c .Matt Caswell2015-01-221-736/+732
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Fix source where indent will not be able to copeMatt Caswell2015-01-221-1/+2
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* More commentsMatt Caswell2015-01-221-2/+4
| | | | | | | | | | | | | | | | | Conflicts: crypto/dsa/dsa_vrf.c crypto/ec/ec2_smpl.c crypto/ec/ecp_smpl.c Conflicts: demos/bio/saccept.c ssl/d1_clnt.c Conflicts: bugs/dggccbug.c demos/tunala/cb.c Reviewed-by: Tim Hudson <tjh@openssl.org>
* ssl3_digest_cached_records: check for NULL after allocating ↵Jonas Maebe2014-12-101-0/+5
| | | | | | | s->s3->handshake_dgst Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org>
* Remove some unnecessary OPENSSL_FIPS referencesDr. Stephen Henson2014-12-081-2/+0
| | | | | | FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS capable. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Remove SSLv2 supportKurt Roeckx2014-12-041-2/+0
| | | | | | The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: Richard Levitte <levitte@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-25 10:00:32 +0000