summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_both.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove support for DTLS_BAD_VER. We do not support non-standard andjsing2015-09-101-13/+5
| | | | | | | incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years. ok bcook@ miod@
* Allow *_free() functions in libssl to handle NULL input.doug2015-07-191-1/+3
| | | | | | This mimics free()'s behavior which makes error handling simpler. ok bcook@ miod@
* Convert dtls1_get_message_header to CBS and change to int.doug2015-07-181-12/+32
| | | | | | | Changed return value from void to int. It should never return an error given that the input length is not checked yet. ok miod@
* Jettison DTLS over SCTP.jsing2015-02-091-16/+1
| | | | | | | | OpenBSD does not have SCTP support and it sees little use in the wild. OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this is a code removal only and symbols should remain unchanged. ok beck@ miod@ tedu@
* Provide functions for starting, finishing and writing SSL handshakejsing2014-12-141-1/+3
| | | | | | | | | | | | | | | messages. This will allow for removal of repeated/duplicated code. Additionally, DTLS was written by wholesale copying of the SSL/TLS code, with some DTLS specifics being added to the duplicated code. Since these SSL handshake message functions know how to handle both SSL/TLS and DTLS, upon conversion the duplicate versions will become identical (or close to), at which point the DTLS versions can be removed and the SSL/TLS versions used for both protocols. Partially based on similar changes in OpenSSL. ok miod@
* Sort and group includes.jsing2014-11-161-3/+5
|
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-181-2/+1
| | | | | | | | | | | | | | | arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
* Fix CVE-2014-3507, avoid allocating and then leaking a fresh fragmentguenther2014-08-081-2/+7
| | | | | | | | | structure when a zero-length fragment is received. Based on https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74 diff by miod@, ok guenther@ bcook@ deraadt@
* Fix CVE-2014-3506, DTLS handshake message size checks. Fromguenther2014-08-071-16/+22
| | | | | | | https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636 with comment/whitespace style tweaks ok bcook@ miod@
* Oops, revert changes commited by mistake. The previous commit was supposedmiod2014-08-071-2/+3
| | | | to only apply to s23_srvr.c.
* When you expect a function to return a particular value, don't put a commentmiod2014-08-071-3/+2
| | | | | | | | | | | saying that you expect it to return that value and compare it against zero because it is supposedly faster, for this leads to bugs (especially given the high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in this library). Instead, compare for the exact value it ought to return upon success. ok deraadt@
* decompress libssl. ok beck jsingtedu2014-07-101-6/+1
|
* KNF comments, reflowing and moving out of the middle of argument lists inguenther2014-07-101-45/+84
| | | | | | places ok jsing@
* Memory leak in error path of the day, from clang via dhill@bitrig;miod2014-07-021-2/+3
| | | | ok dhill@bitrig
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Do not recurse when a 'Hello Request' message is received while gettingjsing2014-06-051-1/+2
| | | | | | | | | DTLS fragments. A stream of 'Hello Request' messages will result in infinite recursion, eventually crashing the DTLS client or server. Fixes CVE-2014-0221, from OpenSSL. Reported to OpenSSL by Imre Rad.
* Avoid a buffer overflow that can be triggered by sending specially craftedjsing2014-06-051-1/+7
| | | | | | | | | | DTLS fragments. Fix for CVE-2014-0195, from OpenSSL. Reported to OpenSSL by Juri Aedla. ok deraadt@ beck@
* BUF_MEM_grow_clean() takes a size_t as the size argument. Remove false commentsmiod2014-05-311-1/+1
| | | | | | | mentioning it's an int, bogus (int) casts and bounds checks against INT_MAX (BUF_MEM_grow_clean has its own integer bounds checks). ok deraadt@
* remove some #if 0 code. we don't need any more reminders that we're usingtedu2014-05-301-49/+0
| | | | a not quite appropriate data structure. ok jsing
* There is no point in checking if a pointer is non-NULL before calling free,jsing2014-05-281-6/+3
| | | | | | | | since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
* Stop pulling pqueue.h into ssl_locl.h since only a small part of libssljsing2014-05-221-0/+2
| | | | | | | | | | actually needs it. Instead, just include it in the files where it is actually necessary. Also remove standard includes from pqueue.h so that they are not available as a side effect. Just add the two includes that are needed to pqueue.c. ok miod@
* In dtls1_reassemble_fragment() and dtls1_process_out_of_seq_message(), in casemiod2014-05-181-7/+3
| | | | | | | | of error, make sure we do not free pitem which is still linked into the pqueue. In the same vain, only free `frag' if we allocated it in this function. Help and ok beck@
* Avoid a potential null pointer dereference by checking that we actuallyjsing2014-04-301-0/+2
| | | | | | managed to allocate a fragment, before trying to memcpy data into it. ok miod@
* More KNF.jsing2014-04-241-92/+122
|
* more malloc/realloc/calloc cleanups; ok beck kettenisderaadt2014-04-211-3/+3
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-12/+12
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* fix a few bugs observed on http://www.viva64.com/en/b/0250/tedu2014-04-161-1/+0
| | | | ok krw miod
* correct cases of code occuring directly after goto/break/returnjsg2014-04-151-1/+1
| | | | ok miod@ guenther@
* make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miodtedu2014-04-141-153/+0
|
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-141-565/+501
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* Flense a variety of windows support stuff, and a strange gettimeofday function.beck2014-04-131-7/+0
| | | | ok deraadt@
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-4/+4
|
* cherrypick fix for CVE-2014-0160 "heartbleed" vulnerability fromdjm2014-04-071-8/+18
| | | | OpenSSL git; ok sthen@
* SECURITY fixes backported from openssl-1.0.1f. ok mikeb@jca2014-02-271-0/+7
| | | | | | | | | | | | CVE-2013-4353 NULL pointer dereference with crafted Next Protocol Negotiation record in TLS handshake. Upstream: 197e0ea CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client. Upstream: ca98926, 0294b2b CVE-2013-6450 Fix DTLS retransmission from previous session. Upstream: 3462896
* import OpenSSL-1.0.1cdjm2012-10-131-3/+175
|
* OpenSSL 1.0.0f: import upstream sourcedjm2012-01-051-7/+16
|
* import OpenSSL 1.0.0edjm2011-11-031-18/+10
|
* import OpenSSL-1.0.0adjm2010-10-011-201/+426
|
* import of OpenSSL 0.9.8hdjm2008-09-061-0/+1193
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 14:51:54 +0000