summaryrefslogtreecommitdiffstats
path: root/ssl/d1_pkt.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Moved s3_pkt.c, s23_pkt.c and d1_pkt.c into the record layer.Matt Caswell2015-03-261-1312/+0
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Split out non record layer functions out of s3_pkt.c and d1_pkt.c intoMatt Caswell2015-03-261-84/+0
| | | | | | the new files s3_msg.c and s1_msg.c respectively. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Move SSL3_RECORD oriented functions into ssl3_record.cMatt Caswell2015-03-261-365/+6
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Encapsulate s->s3->wrecMatt Caswell2015-03-261-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Encapsulate s->s3->rrecMatt Caswell2015-03-261-9/+11
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Encapsulate access to s->s3->wbufMatt Caswell2015-03-261-2/+3
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Encapsulate SSL3_BUFFER and all access to s->s3->rbuf.Matt Caswell2015-03-261-9/+17
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Resolve swallowed returns codesMatt Caswell2015-03-251-2/+1
| | | | | | | | | | The recent updates to libssl to enforce stricter return code checking, left a small number of instances behind where return codes were being swallowed (typically because the function they were being called from was declared as void). This commit fixes those instances to handle the return codes more appropriately. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix missing return value checksMatt Caswell2015-03-231-2/+6
| | | | | | | | Ensure that all functions have their return values checked where appropriate. This covers all functions defined and called from within libssl. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Harmonize return values in dtls1_buffer_recordEmilia Kasper2015-03-101-1/+1
| | | | | | | | Ensure all malloc failures return -1. Reported by Adam Langley (Google). Reviewed-by: Matt Caswell <matt@openssl.org>
* Use constants not numbersKurt Cancemi2015-03-051-2/+2
| | | | | | | | | This patch uses warning/fatal constants instead of numbers with comments for warning/alerts in d1_pkt.c and s3_pkt.c RT#3725 Reviewed-by: Rich Salz <rsalz@openssl.org>
* dead code cleanup: #if 0 in sslRich Salz2015-02-061-173/+0
| | | | | | | | I left many "#if 0" lines, usually because I thought we would probably want to revisit them later, or because they provided some useful internal documentation tips. Reviewed-by: Andy Polyakov <appro@openssl.org>
* OPENSSL_NO_XXX cleanup: NO_TLS, NO_TLS1Rich Salz2015-01-271-2/+0
| | | | | | TLS and TLS1 are no longer optional. Reviewed-by: Richard Levitte <levitte@openssl.org>
* More comment realignmentmaster-post-reformatMatt Caswell2015-01-221-11/+11
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Re-align some comments after running the reformat script.Matt Caswell2015-01-221-14/+14
| | | | | | | This should be a one off operation (subsequent invokation of the script should not move them) Reviewed-by: Tim Hudson <tjh@openssl.org>
* Run util/openssl-format-source -v -c .Matt Caswell2015-01-221-1629/+1607
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Move more comments that confuse indentMatt Caswell2015-01-221-1/+2
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* indent has problems with comments that are on the right hand side of a line.Matt Caswell2015-01-221-2/+2
| | | | | | | Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Yet more commentsMatt Caswell2015-01-221-2/+4
| | | | | | | | | | | | | | | | | | Conflicts: crypto/dsa/dsa_asn1.c crypto/pem/pem_all.c fips/dh/dh_gen.c fips/dh/fips_dh_check.c fips/dh/fips_dh_gen.c ssl/ssl_ciph.c Conflicts: ssl/d1_clnt.c Conflicts: ssl/s2_pkt.c Reviewed-by: Tim Hudson <tjh@openssl.org>
* Further comment changes for reformat (master)Matt Caswell2015-01-221-2/+4
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* A memory leak can occur in dtls1_buffer_record if either of the calls toMatt Caswell2015-01-081-9/+21
| | | | | | | | | | | | | | | | | | | | | ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a malloc failure, whilst the latter will fail if attempting to add a duplicate record to the queue. This should never happen because duplicate records should be detected and dropped before any attempt to add them to the queue. Unfortunately records that arrive that are for the next epoch are not being recorded correctly, and therefore replays are not being detected. Additionally, these "should not happen" failures that can occur in dtls1_buffer_record are not being treated as fatal and therefore an attacker could exploit this by sending repeated replay records for the next epoch, eventually causing a DoS through memory exhaustion. Thanks to Chris Mueller for reporting this issue and providing initial analysis and a patch. Further analysis and the final patch was performed by Matt Caswell from the OpenSSL development team. CVE-2015-0206 Reviewed-by: Dr Stephen Henson <steve@openssl.org>
* Follow on from CVE-2014-3571. This fixes the code that was the original sourceMatt Caswell2015-01-081-1/+2
| | | | | | | | of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane. Reviewed-by: Dr Stephen Henson <steve@openssl.org>
* Fix crash in dtls1_get_record whilst in the listen state where you get twoDr. Stephen Henson2015-01-081-2/+0
| | | | | | | | | separate reads performed - one for the header and one for the body of the handshake record. CVE-2014-3571 Reviewed-by: Matt Caswell <matt@openssl.org>
* mark all block comments that need format preserving so thatTim Hudson2014-12-301-5/+10
| | | | | | | indent will not alter them when reformatting comments Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Add checks to the return value of EVP_Cipher to prevent silent encryption ↵Matt Caswell2014-11-271-1/+1
| | | | | | | | failure. PR#1767 Reviewed-by: Richard Levitte <levitte@openssl.org>
* RT3023: Redundant logical expressionsHans Wennborg2014-08-151-2/+1
| | | | | | Remove some redundant logical expressions Reviewed-by: Emilia Kasper <emilia@silkandcyanide.net>
* Added SSLErr call for internal error in dtls1_buffer_recordMatt Caswell2014-06-011-0/+1
|
* Delays the queue insertion until after the ssl3_setup_buffers() call due to ↵David Ramos2014-06-011-9/+9
| | | | use-after-free bug. PR#3362
* DTLS version usage fixes.Dr. Stephen Henson2013-09-171-3/+1
| | | | | | | | Make DTLS behave like TLS when negotiating version: record layer has DTLS 1.0, message version is 1.2. Tolerate different version numbers if version hasn't been negotiated yet.
* DTLS message_sequence number wrong in rehandshake ServerHelloMichael Tuexen2013-08-131-0/+1
| | | | | | | | | | This fix ensures that * A HelloRequest is retransmitted if not responded by a ClientHello * The HelloRequest "consumes" the sequence number 0. The subsequent ServerHello uses the sequence number 1. * The client also expects the sequence number of the ServerHello to be 1 if a HelloRequest was received earlier. This patch fixes the RFC violation.
* DTLS handshake fix.Michael Tuexen2013-08-081-0/+6
| | | | | | Reported by: Prashant Jaikumar <rmstar@gmail.com> Fix handling of application data received before a handshake.
* Dual DTLS version methods.Dr. Stephen Henson2013-04-091-3/+16
| | | | | | | | Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and pick the highest version the peer supports during negotiation. As with SSL/TLS options can change this behaviour specifically SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
* Enable TLS 1.2 ciphers in DTLS 1.2.Dr. Stephen Henson2013-03-281-22/+24
| | | | | Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in DTLS 1.2 mode too.
* DTLS trace support.Dr. Stephen Henson2013-03-111-0/+6
| | | | | | | Add DTLS record header parsing, different client hello format and add HelloVerifyRequest message type. Add code to d1_pkt.c to send message headers to the message callback.
* Fix error codes.Dr. Stephen Henson2013-02-261-1/+1
|
* ssl/*: revert "remove SSL_RECORD->orig_len" and merge "fix IV".Andy Polyakov2013-02-081-6/+6
| | | | | Revert is appropriate because binary compatibility is not an issue in 1.1.
* ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.Andy Polyakov2013-02-061-6/+6
| | | | | | Kludge alert. This is arranged by passing padding length in unused bits of SSL3_RECORD->type, so that orig_len can be reconstructed. (cherry picked from commit 8bfd4c659f180a6ce34f21c0e62956b362067fba)
* Update DTLS code to match CBC decoding in TLS.Ben Laurie2013-02-061-36/+50
| | | | | | This change updates the DTLS code to match the constant-time CBC behaviour in the TLS. (cherry picked from commit 9f27de170d1b7bef3d46d41382dc4dafde8b3900)
* Don't crash when processing a zero-length, TLS >= 1.1 record.Ben Laurie2013-02-061-0/+1
| | | | | | | | The previous CBC patch was bugged in that there was a path through enc() in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left at the previous value which could suggest that the packet was a sufficient length when it wasn't. (cherry picked from commit 6cb19b7681f600b2f165e4adc57547b097b475fd)
* Add and use a constant-time memcmp.Ben Laurie2013-02-061-1/+1
| | | | | | | | This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix. (cherry picked from commit 2ee798880a246d648ecddadc5b91367bee4a5d98)
* PR: 2756Dr. Stephen Henson2012-03-091-9/+3
| | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS timeout handling.
* Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.Dr. Stephen Henson2012-01-181-10/+7
| | | | | | Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050)
* Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen ↵Dr. Stephen Henson2012-01-051-10/+16
| | | | | | | | | <tuexen@fh-muenster.de> Reviewed by: steve Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and Kenny Paterson.
* PR: 2658Dr. Stephen Henson2011-12-311-0/+13
| | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Support for TLS/DTLS heartbeats.
* PR: 2535Dr. Stephen Henson2011-12-251-15/+108
| | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Add SCTP support for DTLS (RFC 6083).
* PR: 2573Dr. Stephen Henson2011-09-011-9/+11
| | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS buffering and decryption bug.
* Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failedDr. Stephen Henson2011-01-041-1/+2
| | | | alert.
* PR: 1833Dr. Stephen Henson2010-08-261-0/+2
| | | | | | Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Support for abbreviated handshakes when renegotiating.
* Fix warnings.Ben Laurie2010-06-121-5/+0
|
* PR: 2229Dr. Stephen Henson2010-04-141-16/+11
| | | | | | Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Don't drop DTLS connection if mac or decryption failed.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 11:16:54 +0100