summaryrefslogtreecommitdiffstats
path: root/ssl/t1_enc.c
AgeCommit message (Collapse)Author
2015-02-27Fixed missing return value checks.Matt Caswell
Added various missing return value checks in tls1_change_cipher_state. Reviewed-by: Richard Levitte <levitte@openssl.org> Conflicts: ssl/t1_enc.c
2015-02-12Missing OPENSSL_free on error path.Eric Dequin
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 1d2932de4cefcc200f175863a42c311916269981)
2015-01-22Run util/openssl-format-source -v -c .Matt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Move more comments that confuse indentMatt Caswell
Conflicts: crypto/dsa/dsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl_locl.h Conflicts: crypto/bn/rsaz_exp.c crypto/evp/e_aes_cbc_hmac_sha1.c crypto/evp/e_aes_cbc_hmac_sha256.c ssl/ssl_locl.h Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Fix strange formatting by indentMatt Caswell
Conflicts: crypto/hmac/hmac.h Conflicts: crypto/evp/e_aes_cbc_hmac_sha256.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Fix source where indent will not be able to copeMatt Caswell
Conflicts: apps/ciphers.c ssl/s3_pkt.c Conflicts: crypto/ec/ec_curve.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22mark all block comments that need format preserving so thatTim Hudson
indent will not alter them when reformatting comments (cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960) Conflicts: crypto/bn/bn_lcl.h crypto/bn/bn_prime.c crypto/engine/eng_all.c crypto/rc4/rc4_utl.c crypto/sha/sha.h ssl/kssl.c ssl/t1_lib.c Conflicts: crypto/rc4/rc4_enc.c crypto/x509v3/v3_scts.c crypto/x509v3/v3nametest.c ssl/d1_both.c ssl/s3_srvr.c ssl/ssl.h ssl/ssl_locl.h ssl/ssltest.c ssl/t1_lib.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-17Clear warnings/errors within TLS_DEBUG code sectionsRichard Levitte
Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit bf68456f538cacc9dcfd00986962aef0e8538289)
2014-12-17Clear warnings/errors within KSSL_DEBUG code sectionsRichard Levitte
Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 53332a75d16a5bb3b9d90c15fcf38d2e87160a52)
2014-10-15Support TLS_FALLBACK_SCSV.Bodo Moeller
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-06-28Fix compilation with -DSSL_DEBUG -DTLS_DEBUG -DKSSL_DEBUGyogesh nagarkar
PR#3141 (cherry picked from commit d183545d4589f1e7a40190400b8b99ea3d1f7f97)
2014-05-31Use correct digest when exporting keying material.Dr. Stephen Henson
PR#3319 (cherry picked from commit 84691390eae86befd33c83721dacedb539ae34e6)
2014-05-24Fix for non compilation with TLS_DEBUG definedMatt Caswell
2014-02-25ssl/t1_enc.c: check EVP_MD_CTX_copy return value.Andy Polyakov
PR: 3201 (cherry picked from commit 03da57fe14f2de5bde9d4496a2ae9a4ae8879f88)
2013-12-20Fix DTLS retransmission from previous session.Dr. Stephen Henson
For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. CVE-2013-6450.
2013-12-18Check EVP errors for handshake digests.Dr. Stephen Henson
Partial mitigation of PR#3200
2013-02-01ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.Andy Polyakov
2013-01-31Timing fix mitigation for FIPS mode.Dr. Stephen Henson
We have to use EVP in FIPS mode so we can only partially mitigate timing differences. Make an extra call to EVP_DigestSignUpdate to hash additonal blocks to cover any timing differences caused by removal of padding.
2013-01-28Update DTLS code to match CBC decoding in TLS.Ben Laurie
This change updates the DTLS code to match the constant-time CBC behaviour in the TLS.
2013-01-28Don't crash when processing a zero-length, TLS >= 1.1 record.Ben Laurie
The previous CBC patch was bugged in that there was a path through enc() in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left at the previous value which could suggest that the packet was a sufficient length when it wasn't.
2013-01-28Make CBC decoding constant time.Ben Laurie
This patch makes the decoding of SSLv3 and TLS CBC records constant time. Without this, a timing side-channel can be used to build a padding oracle and mount Vaudenay's attack. This patch also disables the stitched AESNI+SHA mode pending a similar fix to that code. In order to be easy to backport, this change is implemented in ssl/, rather than as a generic AEAD mode. In the future this should be changed around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
2012-09-21* ssl/t1_enc.c (tls1_change_cipher_state): Stupid bug. Fortunately inRichard Levitte
debugging code that's seldom used.
2012-05-10Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 andDr. Stephen Henson
DTLS to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333)
2012-05-10oops, revert unrelated changeDr. Stephen Henson
2012-05-10Reported by: Solar Designer of OpenwallDr. Stephen Henson
Make sure tkeylen is initialised properly when encrypting CMS messages.
2012-03-13ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER [from HEAD].Andy Polyakov
2011-12-13Remove redundant TLS exporter.Ben Laurie
2011-12-13SSL export fixes (from Adam Langley).Ben Laurie
2011-12-02Fix exporter.Ben Laurie
2011-12-02Fix warnings.Ben Laurie
2011-11-25PR: 1794Dr. Stephen Henson
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Reviewed by: steve Make SRP conformant to rfc 5054. Changes are: - removal of the addition state after client hello - removal of all pre-rfc srp alert ids - sending a fatal alert when there is no srp extension but when the server wants SRP - removal of unnecessary code in the client.
2011-11-21bcmp doesn't exist on all platforms, replace with memcmpDr. Stephen Henson
2011-11-15Add TLS exporter.Ben Laurie
2011-08-04Backport GCM support from HEAD.Dr. Stephen Henson
2011-07-21Back-port TLS AEAD framework [from HEAD].Andy Polyakov
2011-05-31Don't round up partitioned premaster secret length if there is only oneDr. Stephen Henson
digest in use: this caused the PRF to fail for an odd premaster secret length.
2011-05-19add FIPS support to ssl: doesn't do anything on this branch yet as there is ↵Dr. Stephen Henson
no FIPS compilation support
2011-05-11Backport TLS v1.2 support from HEAD.Dr. Stephen Henson
This includes TLS v1.2 server and client support but at present client certificate support is not implemented.
2011-03-16Add SRP.Ben Laurie
2011-01-04Don't use decryption_failed alert for TLS v1.1 or later.Dr. Stephen Henson
2010-11-24use generalised mac API for SSL key generationDr. Stephen Henson
2010-11-14Only use explicit IV if cipher is in CBC mode.Dr. Stephen Henson
2010-07-18PR: 1830Dr. Stephen Henson
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson Support for RFC5705 key extractor.
2010-06-27no need for empty fragments with TLS 1.1 and later due to explicit IVDr. Stephen Henson
2010-06-27Backport TLS v1.1 support from HEAD, ssl/ changesDr. Stephen Henson
2010-06-15Fix warnings (From HEAD, original patch by Ben).Dr. Stephen Henson
2010-05-17PR: 2259Dr. Stephen Henson
Submitted By: Artem Chuprina <ran@cryptocom.ru> Check return values of HMAC in tls_P_hash and tls1_generate_key_block. Although the previous version could in theory crash that would only happen if a digest call failed. The standard software methods can never fail and only one ENGINE currently uses digests and it is not compiled in by default.
2009-04-19PR: 1751Dr. Stephen Henson
Submitted by: David Woodhouse <dwmw2@infradead.org> Approved by: steve@openssl.org Compatibility patches for Cisco VPN client DTLS.
2009-01-11Fix warnings properly this time ;-)Dr. Stephen Henson
2009-01-11Fix sign-compare warnings.Dr. Stephen Henson
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-29 00:17:44 +0000