#
02a36fda |
| 01-Feb-2015 |
Matt Caswell |
Move more SSL3_RECORD oriented functions into ssl3_record.c Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
92ffa83d |
| 01-Feb-2015 |
Matt Caswell |
Encapsulate s->s3->wrec Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
258f8721 |
| 30-Jan-2015 |
Matt Caswell |
Encapsulate s->s3->rrec Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
d5d0a1cb |
| 05-Feb-2015 |
Matt Caswell |
Ensure last_write_sequence is saved in DTLS1.2 In DTLS, immediately prior to epoch change, the write_sequence is supposed to be stored in s->d1->last_write_sequence. The write_sequence i
Ensure last_write_sequence is saved in DTLS1.2 In DTLS, immediately prior to epoch change, the write_sequence is supposed to be stored in s->d1->last_write_sequence. The write_sequence is then reset back to 00000000. In the event of retransmits of records from the previous epoch, the last_write_sequence is restored. This commit fixes a bug in DTLS1.2 where the write_sequence was being reset before last_write_sequence was saved, and therefore retransmits are sent with incorrect sequence numbers. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
69f68237 |
| 06-Mar-2015 |
Matt Caswell |
Fix missing return value checks Ensure that all functions have their return values checked where appropriate. This covers all functions defined and called from within libssl.
Fix missing return value checks Ensure that all functions have their return values checked where appropriate. This covers all functions defined and called from within libssl. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
668f6f08 |
| 12-Mar-2015 |
Matt Caswell |
Add sanity check to PRF The function tls1_PRF counts the number of digests in use and partitions security evenly between them. There always needs to be at least one digest in use, ot
Add sanity check to PRF The function tls1_PRF counts the number of digests in use and partitions security evenly between them. There always needs to be at least one digest in use, otherwise this is an internal error. Add a sanity check for this. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
c9dd49a7 |
| 09-Mar-2015 |
Matt Caswell |
Cleanse buffers Cleanse various intermediate buffers used by the PRF. Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
eadf70d2 |
| 26-Feb-2015 |
Matt Caswell |
Fixed missing return value checks. Added various missing return value checks in tls1_change_cipher_state. Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
1d2932de |
| 12-Feb-2015 |
Eric Dequin |
Missing OPENSSL_free on error path. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
9e9858d1 |
| 06-Feb-2015 |
Rich Salz |
dead code cleanup: #if 0 in ssl I left many "#if 0" lines, usually because I thought we would probably want to revisit them later, or because they provided some useful internal docum
dead code cleanup: #if 0 in ssl I left many "#if 0" lines, usually because I thought we would probably want to revisit them later, or because they provided some useful internal documentation tips. Reviewed-by: Andy Polyakov <appro@openssl.org>
show more ...
|
#
3d47c1d3 |
| 03-Feb-2015 |
Dr. Stephen Henson |
Remove unused variables. Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
0cfb0e75 |
| 23-Jan-2015 |
Dr. Stephen Henson |
Add extms support to master key generation. Update master secret calculation to support extended master secret. TLS 1.2 client authentication adds a complication because we need to c
Add extms support to master key generation. Update master secret calculation to support extended master secret. TLS 1.2 client authentication adds a complication because we need to cache the handshake messages. This is simpllified however because the point at which the handshake hashes are calculated for extended master secret is identical to that required for TLS 1.2 client authentication (immediately after client key exchange which is also immediately before certificate verify). Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
48fbcbac |
| 23-Jan-2015 |
Dr. Stephen Henson |
Utility function to retrieve handshake hashes. Retrieve handshake hashes in a separate function. This tidies the existing code and will be used for extended master secret generation.
Utility function to retrieve handshake hashes. Retrieve handshake hashes in a separate function. This tidies the existing code and will be used for extended master secret generation. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
68fd6dce |
| 28-Jan-2015 |
Rich Salz |
Remove support for opaque-prf An expired IETF Internet-Draft (seven years old) that nobody implements, and probably just as good as NSA DRBG work. Reviewed-by: Richard Levitte <
Remove support for opaque-prf An expired IETF Internet-Draft (seven years old) that nobody implements, and probably just as good as NSA DRBG work. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_2, master-post-auto-reformat |
|
#
0f113f3e |
| 22-Jan-2015 |
Matt Caswell |
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
|
Revision tags: OpenSSL_1_0_2-post-auto-reformat, OpenSSL_0_9_8-post-auto-reformat, OpenSSL_0_9_8-pre-auto-reformat, OpenSSL_1_0_0-post-auto-reformat, OpenSSL_1_0_0-pre-auto-reformat, OpenSSL_1_0_1-post-auto-reformat, OpenSSL_1_0_1-pre-auto-reformat |
|
#
68d39f3c |
| 21-Jan-2015 |
Matt Caswell |
Move more comments that confuse indent Reviewed-by: Tim Hudson <tjh@openssl.org>
|
#
b853717f |
| 21-Jan-2015 |
Matt Caswell |
Fix strange formatting by indent Reviewed-by: Tim Hudson <tjh@openssl.org>
|
#
e636e2ac |
| 19-Jan-2015 |
Matt Caswell |
Fix source where indent will not be able to cope Reviewed-by: Tim Hudson <tjh@openssl.org>
|
Revision tags: master-post-reformat, OpenSSL_0_9_8-pre-reformat, OpenSSL_0_9_8ze, OpenSSL_1_0_0-pre-reformat, OpenSSL_1_0_0q, OpenSSL_1_0_1-pre-reformat, OpenSSL_1_0_1l, master-pre-reformat, OpenSSL_1_0_2-pre-reformat, OpenSSL_0_9_8zd, OpenSSL_1_0_0p, OpenSSL_1_0_1k, OpenSSL_0_9_8-post-reformat |
|
#
3a83462d |
| 05-Jan-2015 |
Matt Caswell |
Further comment amendments to preserve formatting prior to source reformat Reviewed-by: Tim Hudson <tjh@openssl.org>
|
#
6dec5e1c |
| 16-Dec-2014 |
Richard Levitte |
Clear warnings/errors within TLS_DEBUG code sections Reviewed-by: Tim Hudson <tjh@openssl.org>
|
#
3ddb2914 |
| 16-Dec-2014 |
Richard Levitte |
Clear warnings/errors within KSSL_DEBUG code sections Reviewed-by: Tim Hudson <tjh@openssl.org>
|
Revision tags: OpenSSL-fips-2_0_9 |
|
#
00b4ee76 |
| 18-Oct-2014 |
Dr. Stephen Henson |
Remove some unnecessary OPENSSL_FIPS references FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS capable. Reviewed-by: Tim Hudson <tjh@openss
Remove some unnecessary OPENSSL_FIPS references FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS capable. Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
#
45f55f6a |
| 30-Nov-2014 |
Kurt Roeckx |
Remove SSLv2 support The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: Richard Levitte <levitte@openssl.org>
|
Revision tags: OpenSSL_1_0_1j, OpenSSL_1_0_0o, OpenSSL_0_9_8zc |
|
#
cf6da053 |
| 15-Oct-2014 |
Bodo Moeller |
Support TLS_FALLBACK_SCSV. Reviewed-by: Stephen Henson <steve@openssl.org>
|
Revision tags: OpenSSL_1_0_2-beta3, OpenSSL_0_9_8zb, OpenSSL_1_0_0n, OpenSSL_1_0_1i, OpenSSL_1_0_2-beta2, OpenSSL-fips-2_0_8 |
|
#
e67ddd19 |
| 01-Jul-2014 |
Rich Salz |
RT 1528; misleading debug print, "pre-master" should be "master key"
|