summaryrefslogtreecommitdiffstats
path: root/ssl/d1_enc.c
AgeCommit message (Collapse)Author
2015-01-22Run util/openssl-format-source -v -c .Matt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Additional comment changes for reformat of 0.9.8Matt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2013-02-05Update DTLS code to match CBC decoding in TLS.Ben Laurie
This change updates the DTLS code to match the constant-time CBC behaviour in the TLS. (cherry picked from commit 9f27de170d1b7bef3d46d41382dc4dafde8b3900) (cherry picked from commit 5e4ca556e970edb8a7f364fcb6ee6818a965a60b) Conflicts: ssl/d1_enc.c ssl/d1_pkt.c ssl/s3_pkt.c
2013-02-05Don't crash when processing a zero-length, TLS >= 1.1 record.Ben Laurie
The previous CBC patch was bugged in that there was a path through enc() in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left at the previous value which could suggest that the packet was a sufficient length when it wasn't. (cherry picked from commit 6cb19b7681f600b2f165e4adc57547b097b475fd) (cherry picked from commit 2c948c1bb218f4ae126e14fd3453d42c62b93235) Conflicts: ssl/s3_enc.c
2013-02-05Fixups.Ben Laurie
2013-02-05Make CBC decoding constant time.Ben Laurie
This patch makes the decoding of SSLv3 and TLS CBC records constant time. Without this, a timing side-channel can be used to build a padding oracle and mount Vaudenay's attack. This patch also disables the stitched AESNI+SHA mode pending a similar fix to that code. In order to be easy to backport, this change is implemented in ssl/, rather than as a generic AEAD mode. In the future this should be changed around so that HMAC isn't in ssl/, but crypto/ as FIPS expects. (cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e) Conflicts: crypto/evp/c_allc.c ssl/ssl_algs.c ssl/ssl_locl.h ssl/t1_enc.c (cherry picked from commit 3622239826698a0e534dcf0473204c724bb9b4b4) Conflicts: ssl/d1_enc.c ssl/s3_enc.c ssl/s3_pkt.c ssl/ssl3.h ssl/ssl_algs.c ssl/t1_enc.c
2012-05-10Sanity check record length before skipping explicit IV in DTLSDr. Stephen Henson
to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333)
2011-01-04Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failedDr. Stephen Henson
alert.
2010-06-12Fix gcc 4.6 warnings. Check TLS server hello extension length.Ben Laurie
2009-09-13Submitted by: Julia Lawall <julia@diku.dk>Dr. Stephen Henson
The functions ENGINE_ctrl(), OPENSSL_isservice(), CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix so the return code is checked correctly.
2009-01-05Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMPLutz Jänicke
Some #include statements were not properly protected. This will go unnoted on most systems as openssl/comp.h tends to be installed as a system header file by default but may become visible when cross compiling.
2008-11-10Make -DKSSL_DEBUG work again.Dr. Stephen Henson
2006-02-08backport recent changes from the cvs headNils Larsch
2005-04-26fix SSLerr stuff for DTLS1 code;Bodo Möller
move some functions from exported header <openssl/dtl1.h> into "ssl_locl.h"; fix silly indentation (a TAB is *not* always 4 spaces)
2005-04-26Add DTLS support.Ben Laurie
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-23 04:50:18 +0000