| #
02a36fda |
| 01-Feb-2015 |
Matt Caswell |
Move more SSL3_RECORD oriented functions into ssl3_record.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
92ffa83d |
| 01-Feb-2015 |
Matt Caswell |
Encapsulate s->s3->wrec
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
258f8721 |
| 30-Jan-2015 |
Matt Caswell |
Encapsulate s->s3->rrec
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
d5d0a1cb |
| 05-Feb-2015 |
Matt Caswell |
Ensure last_write_sequence is saved in DTLS1.2
In DTLS, immediately prior to epoch change, the write_sequence is supposed
to be stored in s->d1->last_write_sequence. The write_sequence i
Ensure last_write_sequence is saved in DTLS1.2
In DTLS, immediately prior to epoch change, the write_sequence is supposed
to be stored in s->d1->last_write_sequence. The write_sequence is then reset
back to 00000000. In the event of retransmits of records from the previous
epoch, the last_write_sequence is restored. This commit fixes a bug in
DTLS1.2 where the write_sequence was being reset before last_write_sequence
was saved, and therefore retransmits are sent with incorrect sequence
numbers.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
69f68237 |
| 06-Mar-2015 |
Matt Caswell |
Fix missing return value checks
Ensure that all functions have their return values checked where
appropriate. This covers all functions defined and called from within
libssl.
Fix missing return value checks
Ensure that all functions have their return values checked where
appropriate. This covers all functions defined and called from within
libssl.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
668f6f08 |
| 12-Mar-2015 |
Matt Caswell |
Add sanity check to PRF
The function tls1_PRF counts the number of digests in use and partitions
security evenly between them. There always needs to be at least one digest
in use, ot
Add sanity check to PRF
The function tls1_PRF counts the number of digests in use and partitions
security evenly between them. There always needs to be at least one digest
in use, otherwise this is an internal error. Add a sanity check for this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
c9dd49a7 |
| 09-Mar-2015 |
Matt Caswell |
Cleanse buffers
Cleanse various intermediate buffers used by the PRF.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
eadf70d2 |
| 26-Feb-2015 |
Matt Caswell |
Fixed missing return value checks.
Added various missing return value checks in tls1_change_cipher_state.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
1d2932de |
| 12-Feb-2015 |
Eric Dequin |
Missing OPENSSL_free on error path.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
9e9858d1 |
| 06-Feb-2015 |
Rich Salz |
dead code cleanup: #if 0 in ssl
I left many "#if 0" lines, usually because I thought we would
probably want to revisit them later, or because they provided
some useful internal docum
dead code cleanup: #if 0 in ssl
I left many "#if 0" lines, usually because I thought we would
probably want to revisit them later, or because they provided
some useful internal documentation tips.
Reviewed-by: Andy Polyakov <appro@openssl.org>
show more ...
|
| #
3d47c1d3 |
| 03-Feb-2015 |
Dr. Stephen Henson |
Remove unused variables.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
0cfb0e75 |
| 23-Jan-2015 |
Dr. Stephen Henson |
Add extms support to master key generation.
Update master secret calculation to support extended master secret.
TLS 1.2 client authentication adds a complication because we need to
c
Add extms support to master key generation.
Update master secret calculation to support extended master secret.
TLS 1.2 client authentication adds a complication because we need to
cache the handshake messages. This is simpllified however because
the point at which the handshake hashes are calculated for extended
master secret is identical to that required for TLS 1.2 client
authentication (immediately after client key exchange which is also
immediately before certificate verify).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
| #
48fbcbac |
| 23-Jan-2015 |
Dr. Stephen Henson |
Utility function to retrieve handshake hashes.
Retrieve handshake hashes in a separate function. This tidies the existing
code and will be used for extended master secret generation.
Utility function to retrieve handshake hashes.
Retrieve handshake hashes in a separate function. This tidies the existing
code and will be used for extended master secret generation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
| #
68fd6dce |
| 28-Jan-2015 |
Rich Salz |
Remove support for opaque-prf
An expired IETF Internet-Draft (seven years old) that nobody
implements, and probably just as good as NSA DRBG work.
Reviewed-by: Richard Levitte <
Remove support for opaque-prf
An expired IETF Internet-Draft (seven years old) that nobody
implements, and probably just as good as NSA DRBG work.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_0_2, master-post-auto-reformat |
|
| #
0f113f3e |
| 22-Jan-2015 |
Matt Caswell |
Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Revision tags: OpenSSL_1_0_2-post-auto-reformat, OpenSSL_0_9_8-post-auto-reformat, OpenSSL_0_9_8-pre-auto-reformat, OpenSSL_1_0_0-post-auto-reformat, OpenSSL_1_0_0-pre-auto-reformat, OpenSSL_1_0_1-post-auto-reformat, OpenSSL_1_0_1-pre-auto-reformat |
|
| #
68d39f3c |
| 21-Jan-2015 |
Matt Caswell |
Move more comments that confuse indent
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
| #
b853717f |
| 21-Jan-2015 |
Matt Caswell |
Fix strange formatting by indent
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
| #
e636e2ac |
| 19-Jan-2015 |
Matt Caswell |
Fix source where indent will not be able to cope
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Revision tags: master-post-reformat, OpenSSL_0_9_8-pre-reformat, OpenSSL_0_9_8ze, OpenSSL_1_0_0-pre-reformat, OpenSSL_1_0_0q, OpenSSL_1_0_1-pre-reformat, OpenSSL_1_0_1l, master-pre-reformat, OpenSSL_1_0_2-pre-reformat, OpenSSL_0_9_8zd, OpenSSL_1_0_0p, OpenSSL_1_0_1k, OpenSSL_0_9_8-post-reformat |
|
| #
3a83462d |
| 05-Jan-2015 |
Matt Caswell |
Further comment amendments to preserve formatting prior to source reformat
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
| #
6dec5e1c |
| 16-Dec-2014 |
Richard Levitte |
Clear warnings/errors within TLS_DEBUG code sections
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
| #
3ddb2914 |
| 16-Dec-2014 |
Richard Levitte |
Clear warnings/errors within KSSL_DEBUG code sections
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Revision tags: OpenSSL-fips-2_0_9 |
|
| #
00b4ee76 |
| 18-Oct-2014 |
Dr. Stephen Henson |
Remove some unnecessary OPENSSL_FIPS references
FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS
capable.
Reviewed-by: Tim Hudson <tjh@openss
Remove some unnecessary OPENSSL_FIPS references
FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS
capable.
Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
| #
45f55f6a |
| 30-Nov-2014 |
Kurt Roeckx |
Remove SSLv2 support
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Revision tags: OpenSSL_1_0_1j, OpenSSL_1_0_0o, OpenSSL_0_9_8zc |
|
| #
cf6da053 |
| 15-Oct-2014 |
Bodo Moeller |
Support TLS_FALLBACK_SCSV.
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Revision tags: OpenSSL_1_0_2-beta3, OpenSSL_0_9_8zb, OpenSSL_1_0_0n, OpenSSL_1_0_1i, OpenSSL_1_0_2-beta2, OpenSSL-fips-2_0_8 |
|
| #
e67ddd19 |
| 01-Jul-2014 |
Rich Salz |
RT 1528; misleading debug print, "pre-master" should be "master key"
|
