| Age | Commit message (Collapse) | Author |
|---|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
the new files s3_msg.c and s1_msg.c respectively.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Ensure that all functions have their return values checked where
appropriate. This covers all functions defined and called from within
libssl.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
feature only applies on 64 bit x86 architecture platforms that support AES
NI instructions. A defect in the implementation of "multiblock" can cause
OpenSSL's internal write buffer to become incorrectly set to NULL when
using non-blocking IO. Typically, when the user application is using a
socket BIO for writing, this will only result in a failed connection.
However if some other BIO is used then it is likely that a segmentation
fault will be triggered, thus enabling a potential DoS attack.
CVE-2015-0290
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
This patch uses warning/fatal constants instead of numbers with comments for
warning/alerts in d1_pkt.c and s3_pkt.c
RT#3725
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
I left many "#if 0" lines, usually because I thought we would
probably want to revisit them later, or because they provided
some useful internal documentation tips.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
A few minor cleanups to remove pre-processor "#if 1" stuff.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
TLS and TLS1 are no longer optional.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
is ignored for DTLS.
RT#3657
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
This should be a one off operation (subsequent invokation of the
script should not move them)
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
separate reads performed - one for the header and one for the body of the
handshake record.
CVE-2014-3571
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
indent will not alter them when reformatting comments
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
failure.
PR#1767
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Use existing error code SSL_R_RECORD_TOO_SMALL for too many empty records.
For ease of backporting the patch to release branches.
Reviewed-by: Bodo Moeller <bodo@openssl.org>
|
|
Use SSL3_AL_FATAL instead of the literal constant "2"
Every bit of cleanup helps.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
|
|
|
|
PR#3174
|
|
|
|
|
|
<rainer.jung@kippdata.de>
|
|
Only accept change cipher spec when it is expected instead of at any
time. This prevents premature setting of session keys before the master
secret is determined which an attacker could use as a MITM attack.
Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
and providing the initial fix this patch is based on.
(cherry picked from commit bc8923b1ec9c467755cd86f7848c50ee8812e441)
|
|
Return a fatal error if an attempt is made to use a zero length
master secret.
(cherry picked from commit 006cd7083f76ed5cb0d9a914857e9231ef1bc317)
|
|
|
|
buffer. PR#3320
|
|
|
|
|
|
|
|
|
|
This allows to process multiple fragmets of maximum fragment size,
as opposite to chopping maximum-sized fragments to multiple smaller
ones. This approach relies on dynamic allocation of larger buffers,
which we trade for performance improvement, for several *times* in
some situations.
|
|
If application has more data than maximum fragment, hold to buffer
for whole write, as opposite to per-fragment strategy.
|
|
When sending an invalid version number alert don't change the
version number to the client version if a session is already
established.
Thanks to Marek Majkowski for additional analysis of this issue.
PR#3191
|
|
Partial mitigation of PR#3200
(cherry picked from commit 0294b2be5f4c11e60620c0018674ff0e17b14238)
|
|
|
|
Experimental support for encrypt then mac from
draft-gutmann-tls-encrypt-then-mac-02.txt
To enable it set the appropriate extension number (0x10 for the test server)
using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10
For non-compliant peers (i.e. just about everything) this should have no
effect.
|
|
|
|
in order to prevent ssl3_get_record from never returning.
Reported by "oftc_must_be_destroyed" and George Kadianakis.
|
|
Use the enc_flags field to determine whether we should use explicit IV,
signature algorithms or SHA256 default PRF instead of hard coding which
versions support each requirement.
|
|
|
|
Revert is appropriate because binary compatibility is not an issue
in 1.1.
|
