aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/s3_pkt.c
Commit message (Collapse)AuthorAgeFilesLines
* Moved s3_pkt.c, s23_pkt.c and d1_pkt.c into the record layer.Matt Caswell2015-03-261-1300/+0
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Split out non record layer functions out of s3_pkt.c and d1_pkt.c intoMatt Caswell2015-03-261-116/+2
| | | | | | the new files s3_msg.c and s1_msg.c respectively. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Move SSL3_RECORD oriented functions into ssl3_record.cMatt Caswell2015-03-261-348/+0
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Encapsulate s->s3->wrecMatt Caswell2015-03-261-2/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Encapsulate s->s3->rrecMatt Caswell2015-03-261-3/+3
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Encapsulate access to s->s3->wbufMatt Caswell2015-03-261-4/+6
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Encapsulate SSL3_BUFFER and all access to s->s3->rbuf.Matt Caswell2015-03-261-7/+16
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Create a RECORD_LAYER structure and move read_ahead into it.Matt Caswell2015-03-261-2/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix missing return value checksMatt Caswell2015-03-231-1/+4
| | | | | | | | Ensure that all functions have their return values checked where appropriate. This covers all functions defined and called from within libssl. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Multiblock corrupted pointer fixMatt Caswell2015-03-191-1/+1
| | | | | | | | | | | | | | | | OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking IO. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used then it is likely that a segmentation fault will be triggered, thus enabling a potential DoS attack. CVE-2015-0290 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org>
* Use constants not numbersKurt Cancemi2015-03-051-2/+2
| | | | | | | | | This patch uses warning/fatal constants instead of numbers with comments for warning/alerts in d1_pkt.c and s3_pkt.c RT#3725 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Unchecked malloc fixesMatt Caswell2015-03-051-0/+4
| | | | | | | Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error paths as I spotted them along the way. Reviewed-by: Tim Hudson <tjh@openssl.org>
* dead code cleanup: #if 0 in sslRich Salz2015-02-061-69/+0
| | | | | | | | I left many "#if 0" lines, usually because I thought we would probably want to revisit them later, or because they provided some useful internal documentation tips. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Live code cleanup; #if 1 removalRich Salz2015-02-051-4/+0
| | | | | | A few minor cleanups to remove pre-processor "#if 1" stuff. Reviewed-by: Richard Levitte <levitte@openssl.org>
* OPENSSL_NO_XXX cleanup: NO_TLS, NO_TLS1Rich Salz2015-01-271-2/+0
| | | | | | TLS and TLS1 are no longer optional. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Make DTLS always act as if read_ahead is set. The actual value of read_aheadMatt Caswell2015-01-271-1/+2
| | | | | | | | is ignored for DTLS. RT#3657 Reviewed-by: Andy Polyakov <appro@openssl.org>
* Re-align some comments after running the reformat script.Matt Caswell2015-01-221-25/+25
| | | | | | | This should be a one off operation (subsequent invokation of the script should not move them) Reviewed-by: Tim Hudson <tjh@openssl.org>
* Rerun util/openssl-format-source -v -c .master-post-auto-reformatMatt Caswell2015-01-221-4/+2
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Run util/openssl-format-source -v -c .Matt Caswell2015-01-221-1625/+1592
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Fix source where indent will not be able to copeMatt Caswell2015-01-221-1/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Fix crash in dtls1_get_record whilst in the listen state where you get twoDr. Stephen Henson2015-01-081-0/+2
| | | | | | | | | separate reads performed - one for the header and one for the body of the handshake record. CVE-2014-3571 Reviewed-by: Matt Caswell <matt@openssl.org>
* mark all block comments that need format preserving so thatTim Hudson2014-12-301-9/+18
| | | | | | | indent will not alter them when reformatting comments Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Add checks to the return value of EVP_Cipher to prevent silent encryption ↵Matt Caswell2014-11-271-2/+1
| | | | | | | | failure. PR#1767 Reviewed-by: Richard Levitte <levitte@openssl.org>
* RT 3060: amend patchEmilia Kasper2014-08-221-1/+1
| | | | | | | | Use existing error code SSL_R_RECORD_TOO_SMALL for too many empty records. For ease of backporting the patch to release branches. Reviewed-by: Bodo Moeller <bodo@openssl.org>
* RT 1505: Use SSL3_AL_FATAL not "2"Matthieu Crapet2014-08-081-1/+1
| | | | | | Use SSL3_AL_FATAL instead of the literal constant "2" Every bit of cleanup helps. Reviewed-by: Matt Caswell <matt@openssl.org>
* s3_pkt.c: fix typo.Andy Polyakov2014-07-051-1/+1
|
* Reduce casting nastiness.Ben Laurie2014-07-051-2/+9
|
* Remove redundant check.Ken Ballou2014-06-271-1/+1
| | | | PR#3174
* Fixed Windows compilation failureMatt Caswell2014-06-221-0/+1
|
* Fix signed/unsigned comparisons.Felix Laurie von Massenbach2014-06-171-3/+3
|
* Added OPENSSL_assert check as per PR#3377 reported by Rainer Jung ↵Matt Caswell2014-06-121-1/+2
| | | | <rainer.jung@kippdata.de>
* Fix for CVE-2014-0224Dr. Stephen Henson2014-06-051-0/+9
| | | | | | | | | | Only accept change cipher spec when it is expected instead of at any time. This prevents premature setting of session keys before the master secret is determined which an attacker could use as a MITM attack. Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue and providing the initial fix this patch is based on. (cherry picked from commit bc8923b1ec9c467755cd86f7848c50ee8812e441)
* Additional CVE-2014-0224 protection.Dr. Stephen Henson2014-06-051-1/+1
| | | | | | Return a fatal error if an attempt is made to use a zero length master secret. (cherry picked from commit 006cd7083f76ed5cb0d9a914857e9231ef1bc317)
* Fixed NULL pointer dereference. See PR#3321Matt Caswell2014-05-121-3/+4
|
* Move length check earlier to ensure we don't go beyond the end of the user's ↵Matt Caswell2014-05-111-14/+15
| | | | buffer. PR#3320
* safety check to ensure we dont send out beyond the users bufferTim Hudson2014-05-111-0/+15
|
* Fix use after free.Ben Laurie2014-04-231-1/+1
|
* ssl/s3_pkt.c: detect RAND_bytes error in multi-block.Andy Polyakov2014-02-141-3/+4
|
* Fix warnings.Ben Laurie2014-02-051-1/+5
|
* ssl/s3_pkt.c: move multi-block processing to ssl3_write_bytes.Andy Polyakov2014-02-051-2/+170
| | | | | | | | This allows to process multiple fragmets of maximum fragment size, as opposite to chopping maximum-sized fragments to multiple smaller ones. This approach relies on dynamic allocation of larger buffers, which we trade for performance improvement, for several *times* in some situations.
* s3_pkt.c: move ssl3_release_write_buffer to ssl3_write_bytes.Andy Polyakov2014-02-051-4/+6
| | | | | If application has more data than maximum fragment, hold to buffer for whole write, as opposite to per-fragment strategy.
* Don't change version number if session establishedDr. Stephen Henson2014-01-021-1/+1
| | | | | | | | | | When sending an invalid version number alert don't change the version number to the client version if a session is already established. Thanks to Marek Majkowski for additional analysis of this issue. PR#3191
* Check EVP errors for handshake digests.Dr. Stephen Henson2013-12-181-1/+7
| | | | | Partial mitigation of PR#3200 (cherry picked from commit 0294b2be5f4c11e60620c0018674ff0e17b14238)
* ssl/s3_pkt.c: add initial multi-block encrypt.Andy Polyakov2013-10-081-0/+53
|
* Experimental encrypt-then-mac support.Dr. Stephen Henson2013-09-081-2/+33
| | | | | | | | | | | Experimental support for encrypt then mac from draft-gutmann-tls-encrypt-then-mac-02.txt To enable it set the appropriate extension number (0x10 for the test server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10 For non-compliant peers (i.e. just about everything) this should have no effect.
* misspellings fixes by https://github.com/vlajos/misspell_fixerVeres Lajos2013-09-051-1/+1
|
* Limit the number of empty records that will be processed consecutivelyAdam Langley2013-06-131-1/+18
| | | | | | in order to prevent ssl3_get_record from never returning. Reported by "oftc_must_be_destroyed" and George Kadianakis.
* Use enc_flags when deciding protocol variations.Dr. Stephen Henson2013-03-181-6/+6
| | | | | | Use the enc_flags field to determine whether we should use explicit IV, signature algorithms or SHA256 default PRF instead of hard coding which versions support each requirement.
* Fix error codes.Dr. Stephen Henson2013-02-261-1/+1
|
* ssl/*: revert "remove SSL_RECORD->orig_len" and merge "fix IV".Andy Polyakov2013-02-081-6/+6
| | | | | Revert is appropriate because binary compatibility is not an issue in 1.1.
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-14 03:43:42 +0000