| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
longer SSLv3 code.
ok beck@
|
|
|
|
|
|
| |
fixed version) client/server code.
ok beck@
|
|
|
|
| |
set and cleared via existing functions.
|
|
|
|
| |
Discussed with beck@
|
|
|
|
|
| |
so these should not be diddled with directly
ok jsing@
|
|
|
|
| |
ok jsing@
|
|
|
|
| |
ok jsing@
|
|
|
|
|
|
| |
known to be used by ports.
ok beck@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
up and restructure.
This also adds CBB based variants of the ssl3_handshake_msg_{start,finish}
functions - for the time being these use a CBB to build the messages, then
copy back into the init_buf.
ok doug@
|
|
|
|
|
|
|
| |
ssl3_handshake_msg_hdr_len() function. Use this to correct several places
that have magic numbers with header lengths hardcoded as '4'.
ok beck@
|
|
|
|
|
|
| |
ssl3_ prefix.
ok beck@
|
|
|
|
| |
ok beck@
|
| |
|
|
|
|
|
|
| |
ssl3_handshake_msg_start()/ssl3_handshake_msg_finish().
ok beck@
|
|
|
|
|
|
| |
This was a hack to work around problems on IE 6 with SSLv3.
ok miod@ bcook@
|
|
|
|
| |
reluctant ok miod@
|
|
|
|
|
|
|
|
| |
Unlike the other conversions, this only partially converts the function
for now. This is the second to last function which still uses the n2l3
macro. That macro is deprecated since we're using CBS.
ok miod@ jsing@
|
|
|
|
| |
ok miod@ jsing@
|
|
|
|
|
|
|
|
|
| |
Another relic due to the old US crypto policy.
From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and
95275599399e277e71d064790a1f828a99fc661a.
ok jsing@ miod@
|
|
|
|
|
|
| |
in four different places.
ok doug@ guenther@
|
|
|
|
|
|
|
|
| |
Remove support for conditional payload alignment, since we would never
want to turn it off. Also, consistently use size_t for calculating the
alignment.
ok miod@
|
| |
|
|
|
|
|
|
|
| |
mazes in libssl. NPN is being replaced by ALPN, however it is still going
to be around for a while yet.
ok miod@
|
|
|
|
|
|
|
|
| |
calls malloc(). Instead of silently continuing on failure, check the return
value of BIO_new() and propagate failure back to the caller for appropriate
handling.
ok bcook@
|
|
|
|
|
|
|
| |
the two ciphersuites that use it. GOST94 public/private keys have been
long obsoleted and libcrypto does not have support for them anyway.
Discussed with Dmitry Eremin-Solenikov.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
arc4random provides high quality pseudo-random numbers, hence there is no
need to differentiate between "strong" and "pseudo". Furthermore, the
arc4random_buf() function is guaranteed to succeed, which avoids the need
to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and
RAND_pseudo_bytes() calls were missing return value checks and these
functions can fail for a number of reasons (at least in OpenSSL -
thankfully they were converted to wrappers around arc4random_buf() some
time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
|
|
|
|
|
| |
ssl3_send_finished(). While this previously checked against a zero return
value (which could occur on failure), we may as well test against the
expected length, since we already know what that is.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
end up with a value of zero, primarily since ssl3_take_mac() fails to check
the return value from the final_finish_mac() call. This would then mean that
an SSL finished message with a zero-byte payload would successfully match
against the calculated finish MAC.
Avoid this by checking the length of peer_finish_md_len and the SSL
finished message payload, against the known length already stored in
the SSL3_ENC_METHOD finish_mac_length field (making use of a previously
unused field).
ok miod@ (a little while back)
|
|
|
|
| |
to only apply to s23_srvr.c.
|
|
|
|
|
|
|
|
|
|
|
| |
saying that you expect it to return that value and compare it against zero
because it is supposedly faster, for this leads to bugs (especially given the
high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in this
library).
Instead, compare for the exact value it ought to return upon success.
ok deraadt@
|
| |
|
|
|
|
|
|
| |
libc interfaces over libcrypto interfaces. for now we also prefer
timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable.
ok beck deraadt matthew miod
|
| |
|
|
|
|
|
|
|
| |
mentioning it's an int, bogus (int) casts and bounds checks against INT_MAX
(BUF_MEM_grow_clean has its own integer bounds checks).
ok deraadt@
|
|
|
|
|
|
| |
OPENSSL_NO_EC.
ok tedu@
|
|
|
|
|
|
| |
SSL_USE_TLS1_2_CIPHERS.
Largely based on OpenSSL head.
|
|
|
|
|
|
|
|
| |
since free already does this for us. Also remove some pointless NULL
assignments, where the result from malloc(3) is immediately assigned to the
same variable.
ok miod@
|
| |
|
|
|
|
|
|
|
|
| |
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
|
|
|
|
| |
a better malloc. ok beck deraadt
|
|
|
|
|
| |
readable. This pass is whitespace only and can readily be verified using
tr and md5.
|
|
|
|
| |
ok deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2013-4353 NULL pointer dereference with crafted Next Protocol
Negotiation record in TLS handshake.
Upstream: 197e0ea
CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client.
Upstream: ca98926, 0294b2b
CVE-2013-6450 Fix DTLS retransmission from previous session.
Upstream: 3462896
|
|
|
|
|
| |
from the openssl git (changes between openssl 1.0.1c and 1.0.1d).
ok djm@
|
| |
|
| |
|
| |
|