summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_both.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Rename s3_{both,clnt,pkt_srvr}.c to have an ssl_ prefix since they are nojsing2017-01-261-748/+0
| | | | | | longer SSLv3 code. ok beck@
* Merge the client/server version negotiation into the existing (currentlyjsing2017-01-261-6/+12
| | | | | | fixed version) client/server code. ok beck@
* Move options and mode from SSL_CTX and SSL to internal, since these can bejsing2017-01-231-3/+3
| | | | set and cleared via existing functions.
* Split most of SSL_METHOD out into an internal variant, which is opaque.jsing2017-01-231-12/+12
| | | | Discussed with beck@
* send state and rstate from ssl_st into internal. There are accessorsbeck2017-01-231-8/+8
| | | | | so these should not be diddled with directly ok jsing@
* Move a large part of ssl_st into internal, so we can see what squeals.beck2017-01-231-43/+43
| | | | ok jsing@
* move the callbacks from ssl_st to internalbeck2017-01-231-10/+10
| | | | ok jsing@
* Move most of the SSL3_STATE fields to internal - the ones that remain arejsing2017-01-221-32/+32
| | | | | | known to be used by ports. ok beck@
* Remove now unused c2l, c2ln, l2c, n2l, l2cn and n2l3 macros.jsing2016-12-301-2/+1
|
* Convert certificate handshake message generation to CBB, with some cleanjsing2016-12-061-45/+45
| | | | | | | | | | up and restructure. This also adds CBB based variants of the ssl3_handshake_msg_{start,finish} functions - for the time being these use a CBB to build the messages, then copy back into the init_buf. ok doug@
* Move handshake message header length determination into a separatejsing2015-09-121-6/+7
| | | | | | | ssl3_handshake_msg_hdr_len() function. Use this to correct several places that have magic numbers with header lengths hardcoded as '4'. ok beck@
* Rename functions that moved to t1_enc.c, with a tls1_ prefix instead of ajsing2015-09-111-3/+3
| | | | | | ssl3_ prefix. ok beck@
* Shuffle the code in ssl3_send_finished() to make it more logical/readable.jsing2015-09-111-9/+7
| | | | ok beck@
* style(9), fix comments, wrap long lines and tweak whitespace.jsing2015-09-111-31/+59
|
* Convert dtls1_send_finished() and ssl3_send_finished() tojsing2015-09-111-10/+5
| | | | | | ssl3_handshake_msg_start()/ssl3_handshake_msg_finish(). ok beck@
* Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER workaround.doug2015-07-181-5/+1
| | | | | | This was a hack to work around problems on IE 6 with SSLv3. ok miod@ bcook@
* test for n<0 before use in CBS_init - mostly to shut up coverity.beck2015-07-151-2/+8
| | | | reluctant ok miod@
* Partially convert ssl3_get_message to CBS.doug2015-07-141-6/+15
| | | | | | | | Unlike the other conversions, this only partially converts the function for now. This is the second to last function which still uses the n2l3 macro. That macro is deprecated since we're using CBS. ok miod@ jsing@
* Convert ssl3_get_finished to CBS.doug2015-07-141-6/+9
| | | | ok miod@ jsing@
* Remove Microsoft Server Gated Crypto.doug2015-06-181-15/+1
| | | | | | | | | Another relic due to the old US crypto policy. From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and 95275599399e277e71d064790a1f828a99fc661a. ok jsing@ miod@
* Factor out the init_buf initialisation code, rather than duplicating itjsing2015-03-271-3/+22
| | | | | | in four different places. ok doug@ guenther@
* unconditionally align SSL payloadsbcook2014-12-141-9/+5
| | | | | | | | Remove support for conditional payload alignment, since we would never want to turn it off. Also, consistently use size_t for calculating the alignment. ok miod@
* Remove trailing whitespace.jsing2014-12-141-9/+9
|
* unifdef OPENSSL_NO_NEXTPROTONEG, which is one of the last standing #ifndefjsing2014-12-141-10/+1
| | | | | | | mazes in libssl. NPN is being replaced by ALPN, however it is still going to be around for a while yet. ok miod@
* ssl3_init_finished_mac() calls BIO_new() which can fail since it in turnjsing2014-12-101-2/+6
| | | | | | | | calls malloc(). Instead of silently continuing on failure, check the return value of BIO_new() and propagate failure back to the caller for appropriate handling. ok bcook@
* Remove support for GOST R 34.10-94 signature authentication, along withjsing2014-12-101-4/+1
| | | | | | | the two ciphersuites that use it. GOST94 public/private keys have been long obsoleted and libcrypto does not have support for them anyway. Discussed with Dmitry Eremin-Solenikov.
* Sort and group includes.jsing2014-11-161-3/+5
|
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-181-2/+1
| | | | | | | | | | | | | | | arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
* Also check the result from final_finish_mac() against finish_mac_length injsing2014-09-221-19/+17
| | | | | | ssl3_send_finished(). While this previously checked against a zero return value (which could occur on failure), we may as well test against the expected length, since we already know what that is.
* It is possible (although unlikely in practice) for peer_finish_md_len tojsing2014-09-221-13/+11
| | | | | | | | | | | | | | end up with a value of zero, primarily since ssl3_take_mac() fails to check the return value from the final_finish_mac() call. This would then mean that an SSL finished message with a zero-byte payload would successfully match against the calculated finish MAC. Avoid this by checking the length of peer_finish_md_len and the SSL finished message payload, against the known length already stored in the SSL3_ENC_METHOD finish_mac_length field (making use of a previously unused field). ok miod@ (a little while back)
* Oops, revert changes commited by mistake. The previous commit was supposedmiod2014-08-071-9/+12
| | | | to only apply to s23_srvr.c.
* When you expect a function to return a particular value, don't put a commentmiod2014-08-071-12/+9
| | | | | | | | | | | saying that you expect it to return that value and compare it against zero because it is supposedly faster, for this leads to bugs (especially given the high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in this library). Instead, compare for the exact value it ought to return upon success. ok deraadt@
* decompress libssl. ok beck jsingtedu2014-07-101-10/+1
|
* convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoringtedu2014-06-191-2/+2
| | | | | | libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* BUF_MEM_grow_clean() takes a size_t as the size argument. Remove false commentsmiod2014-05-311-8/+2
| | | | | | | mentioning it's an int, bogus (int) casts and bounds checks against INT_MAX (BUF_MEM_grow_clean has its own integer bounds checks). ok deraadt@
* ECDH and ECDSA will not work overly well if there is no EC, so unifdefjsing2014-05-311-2/+0
| | | | | | OPENSSL_NO_EC. ok tedu@
* Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS andjsing2014-05-301-2/+2
| | | | | | SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
* There is no point in checking if a pointer is non-NULL before calling free,jsing2014-05-281-8/+4
| | | | | | | | since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
* Fix indentation, adding braces and combining a nested if to reduce depthguenther2014-04-201-12/+14
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-4/+4
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* TANSTAAFL - delete the buf freelist code. if you need a better malloc, gettedu2014-04-161-74/+4
| | | | a better malloc. ok beck deraadt
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-141-354/+314
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* Flense a variety of windows support stuff, and a strange gettimeofday function.beck2014-04-131-7/+0
| | | | ok deraadt@
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-6/+9
|
* SECURITY fixes backported from openssl-1.0.1f. ok mikeb@jca2014-02-271-0/+7
| | | | | | | | | | | | CVE-2013-4353 NULL pointer dereference with crafted Next Protocol Negotiation record in TLS handshake. Upstream: 197e0ea CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client. Upstream: ca98926, 0294b2b CVE-2013-6450 Fix DTLS retransmission from previous session. Upstream: 3462896
* cherry pick bugfixes for http://www.openssl.org/news/secadv_20130205.txtmarkus2013-02-141-1/+1
| | | | | from the openssl git (changes between openssl 1.0.1c and 1.0.1d). ok djm@
* resolve conflictsdjm2012-10-131-3/+33
|
* resolve conflicts, fix local changesdjm2010-10-011-62/+253
|
* resolve conflictsdjm2008-09-061-27/+14
|