summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src/ssl/s3_enc.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Merge the remnants of s3_enc.c into t1_enc.c.jsing2015-09-111-265/+0
| | | | ok beck@
* Nuke ssl3_alert_code().jsing2015-09-111-72/+1
| | | | ok "flensing knife"
* Nuke ssl3_cert_verify_mac() and ssl3_handshake_mac().jsing2015-09-111-82/+1
| | | | | | We also no longer need the ssl3_pad_1 and ssl3_pad_2 arrays... ok "flensing knife"
* Nuke ssl3_final_finish_mac().jsing2015-09-111-16/+1
| | | | ok "flensing knife"
* Nuke ssl3_change_cipher_state().jsing2015-09-111-109/+1
| | | | ok "flensing knife"
* Nuke ssl3_generate_master_secret().jsing2015-09-111-33/+1
| | | | ok "flensing knife"
* Nuke ssl3_setup_key_block() and ssl3_generate_key_block().jsing2015-09-111-118/+1
| | | | ok "flensing knife"
* Nuke n_ssl3_mac().jsing2015-09-111-99/+1
| | | | ok "flensing knife"
* Nuke ssl3_enc().jsing2015-09-111-72/+1
| | | | ok "flensing knife"
* Correct spelling of OPENSSL_cleanse.jsing2015-09-101-3/+3
| | | | ok miod@
* Allow *_free() functions in libssl to handle NULL input.doug2015-07-191-1/+4
| | | | | | This mimics free()'s behavior which makes error handling simpler. ok bcook@ miod@
* Keep alerts sorted by alert code.jsing2015-06-171-4/+5
|
* Reluctantly add server-side support for TLS_FALLBACK_SCSV.jsing2015-02-221-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | This allows for clients that willingly choose to perform a downgrade and attempt to establish a second connection at a lower protocol after the previous attempt unexpectedly failed, to be notified and have the second connection aborted, if the server does in fact support a higher protocol. TLS has perfectly good version negotiation and client-side fallback is dangerous. Despite this, in order to maintain maximum compatability with broken web servers, most mainstream browsers implement this. Furthermore, TLS_FALLBACK_SCSV only works if both the client and server support it and there is effectively no way to tell if this is the case, unless you control both ends. Unfortunately, various auditors and vulnerability scanners (including certain online assessment websites) consider the presence of a not yet standardised feature to be important for security, even if the clients do not perform client-side downgrade or the server only supports current TLS protocols. Diff is loosely based on OpenSSL with some inspiration from BoringSSL. Discussed with beck@ and miod@. ok bcook@
* Add error handling for EVP_DigestInit_ex().doug2014-12-151-10/+18
| | | | | | | | | | | | | A few EVP_DigestInit_ex() calls were left alone since reporting an error would change the public API. Changed internal ssl3_cbc_digest_record() to return a value due to the above change. It will also now set md_out_size=0 on failure. This is based on part of BoringSSL's commit to fix malloc crashes: https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364 ok miod@
* ssl3_init_finished_mac() calls BIO_new() which can fail since it in turnjsing2014-12-101-2/+7
| | | | | | | | calls malloc(). Instead of silently continuing on failure, check the return value of BIO_new() and propagate failure back to the caller for appropriate handling. ok bcook@
* Sort and group includes.jsing2014-11-161-1/+3
|
* Typical malloc() with size multiplication to reallocarray().doug2014-10-181-4/+4
| | | | ok deraadt@
* Oops, revert changes commited by mistake. The previous commit was supposedmiod2014-08-071-3/+3
| | | | to only apply to s23_srvr.c.
* When you expect a function to return a particular value, don't put a commentmiod2014-08-071-3/+3
| | | | | | | | | | | saying that you expect it to return that value and compare it against zero because it is supposedly faster, for this leads to bugs (especially given the high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in this library). Instead, compare for the exact value it ought to return upon success. ok deraadt@
* decompress libssl. ok beck jsingtedu2014-07-101-47/+1
|
* tedu the SSL export cipher handling - since we do not have enabled exportjsing2014-07-091-46/+3
| | | | | | ciphers we no longer need the flags or code to support it. ok beck@ miod@
* Missinc calloc() return value check; ok deraadt@miod2014-06-181-1/+5
|
* Rename ssl3_record_sequence_update() to ssl3_record_sequence_increment(),jsing2014-06-151-3/+4
| | | | | | | so that it reflects what it is actually doing. Use this function in a number of places that still have the hand rolled version. ok beck@ miod@
* Overhaul the keyblock handling in ssl3_change_cipher_state(). Usejsing2014-06-131-32/+45
| | | | | meaningful variable names with use with pointer arithmitic rather than complex array indexing.
* Correctly calculate the key block length when used with export ciphers.jsing2014-06-131-17/+24
| | | | While here, use meaningful variable names and simplify the calculation.
* Use meaningful variable names, rather than i, j, k and cl.jsing2014-06-131-23/+27
|
* Do not bother trying to work out of we can reuse a cipher context - justjsing2014-06-131-22/+12
| | | | | throw it away and create a new one. This simplifies the code and also allows ASR to do its thing.
* Separate the comression handling from the cipher/message digest handling injsing2014-06-131-43/+47
| | | | ssl3_change_cipher_state().
* The export_key/export_iv variables are only used in the is_export case.jsing2014-06-131-7/+10
| | | | Also use c rather than &c[0].
* Rename a bunch of variables in ssl3_change_cipher_state() for readability.jsing2014-06-131-38/+40
| | | | This also brings it inline with tls1_change_cipher_state_cipher().
* Use SSL3_SEQUENCE_SIZE and if we're going to preincrement we may as welljsing2014-06-131-4/+3
| | | | do it properly.
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Stop setting the EVP_MD_CTX_FLAG_NON_FIPS_ALLOW - it has been ignored sincejsing2014-06-111-3/+0
| | | | | | OpenSSL 1.0.0. ok miod@ (a little while back)
* Check return value of EVP_MD_CTX_copy_ex() in ssl3_handshake_mac()logan2014-06-101-1/+3
| | | | | | | | to avoid potential null pointer dereference. Based on david ramos work. OK from miod@ and jsing@
* Remove pointless casts and use c instead of &c[0], since it is the samejsing2014-06-101-9/+3
| | | | | | thing for an unsigned char array. ok deraadt@
* More KNF.jsing2014-06-101-19/+18
|
* Avoid potential NULL pointer function calls in n_ssl3_mac() by checkingjsing2014-06-101-2/+4
| | | | | | | | | | the return value of EVP_MD_CTX_copy_ex(). If the copy fails early then EVP_DigestUpdate() will invoke md_ctx.update(), which will be a NULL function pointer. Analysis and patch from David Ramos. ok deraadt@
* Multiple fixes for ssl3_digest_cached_records() - if EVP_MD_CTX_create()jsing2014-06-101-8/+12
| | | | | | | | | fails, the NULL check will add an error but it does not abort. This will result in EVP_DigestInit_ex() being called with a NULL context. Also ensure that we check the return values from EVP_DigestInit_ex() and EVP_DigestUpdate(). ok deraadt@ miod@
* Ensure ssl3_final_finish_mac() returns failure if either the MD5 or SHA1jsing2014-06-101-5/+10
| | | | | | | | | handshake MAC calculation fails. Currently, the result from both ssl3_handshake_mac() calls is added together. This means that unless both MD5 and SHA1 fail, a positive value will be returned to the caller, indicating success rather than failure. ok deraadt@ miod@ sthen@
* More KNF.jsing2014-06-091-11/+11
|
* Add a define for the SSLv3 sequence size and use it, rather than sprinklingjsing2014-06-081-2/+2
| | | | | | magic numbers around. ok deraadt@
* ssl3_free_digest_list() has its own NULL check.jsing2014-06-071-3/+3
|
* BIO_free has an implicit NULL check, so do not bother checking for NULLjsing2014-06-071-2/+1
| | | | before calling it.
* Add missing NULL checks for calls to ssl_replace_hash(). This functionjsing2014-05-291-2/+6
| | | | | | | calls EVP_MD_CTX_create(), which will return NULL if it fails to allocate memory. ok miod@
* EVP_MD_CTX_create() calls malloc and can return NULL. However, only one ofjsing2014-05-281-0/+4
| | | | | | | the calls in libssl actually checks the return value before using it. Add NULL checks for the remaining three calls. ok miod@
* More KNF.jsing2014-05-271-1/+2
|
* The ssl_ciper_get_evp() function is currently overloaded to also return thejsing2014-05-251-6/+9
| | | | | | | | | | | compression associated with the SSL session. Based on one of Adam Langley's chromium diffs, factor out the compression handling code into a separate ssl_cipher_get_comp() function. Rewrite the compression handling code to avoid pointless duplication and so that failures are actually returned to and detectable by the caller. ok miod@
* more malloc/realloc/calloc cleanups; ok beck kettenisderaadt2014-04-211-8/+8
|
* Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.guenther2014-04-201-2/+0
| | | | | | | APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl. ok tedu@
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-7/+7
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.