summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_clnt.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* This commit was manufactured by cvs2git to create tag 'OPENBSD_5_8_BASE'.OPENBSD_5_8_BASEcvs2svn2015-08-021-2669/+0
|
* Add linker warnings in case SSLv3_{,client,server}_method are referenced.miod2015-07-291-1/+7
| | | | | | | Use of this symbols proves the existence of a code path willingly using SSLv3, even with OPENSSL_NO_SSL3 being defined, which hints that it needs fixing. Discussed with the LibreSSL cabal during c2k15; ok deraadt@
* Convert ssl3_get_certificate_request to CBS.doug2015-07-191-31/+33
| | | | ok miod@
* check n before cbs_init, coverity - ID 125063beck2015-07-151-3/+9
| | | | ok bcook@ miod@
* test for n<0 before use in CBS_init - mostly to shut up coverity.beck2015-07-151-5/+16
| | | | reluctant ok miod@
* Flense out dead code, we don't do ecdhe_clnt_cert.beck2015-07-151-98/+40
| | | | | coverity ID's 21691 21698 ok miod@, "Fry it" jsing@
* Convert ssl3_get_cert_status to CBS.doug2015-07-141-17/+26
| | | | ok miod@ jsing@
* Convert ssl3_get_server_certificate to CBS.doug2015-07-141-17/+18
| | | | ok miod@
* Stop using BUF_memdup() within the LibreSSL code base - it is correctlyjsing2015-06-241-3/+3
| | | | | | spelt malloc+memcpy, which is what is used in all except two places. ok deraadt@ doug@
* Convert ssl3_get_new_session_ticket to CBS.doug2015-06-201-24/+24
| | | | tweak + ok miod@ jsing@
* Remove ancient SSL_OP_NETSCAPE_CA_DN_BUG from SSLeay days.doug2015-06-151-18/+6
| | | | | | | This commit matches the OpenSSL removal in commit 3c33c6f6b10864355553961e638514a6d1bb00f6. ok deraadt@
* Nuke the OPENSSL_MAX_TLS1_2_CIPHER_LENGTH hack - this has to be enabled atjsing2015-03-311-11/+1
| | | | | | | compile time, which we do not do and are unlikely to ever do. Additionally, there are two runtime configurable alternatives that exist. ok bcook@ doug@
* Factor out the init_buf initialisation code, rather than duplicating itjsing2015-03-271-19/+6
| | | | | | in four different places. ok doug@ guenther@
* delay EVP_MD_CTX_init so we don't forget to clean it up.tedu2015-03-111-3/+4
| | | | spotted by miod. ok miod.
* Reject DH keys sent by a server if they are considered too small; inspiredmiod2015-03-081-1/+12
| | | | | by a similar BoringSSL change, but raising the limit to 1024 bits. ok jsing@ markus@ guenther@ deraadt@
* Clean up the {get,put}_cipher_by_char() implementations. Also usejsing2015-02-071-7/+5
| | | | | | | ssl3_get_cipher_by_value() in other parts of the code where it simplifies things. ok doug@
* Add additional checks to ssl3_send_client_key_exchange() that ensuresjsing2015-02-061-18/+25
| | | | | | | | ephemeral keys exist for SSL_kDHE and SSL_kECDHE. This would have prevented CVE-2014-3572. ok doug@
* Bring back the horrible API that is get_cipher_by_char/put_cipher_by_char.jsing2015-02-061-1/+3
| | | | | | | | This API was intended to be an internal only, however like many things in OpenSSL, it is exposed externally and parts of the software ecosystem are now using it since there is no real alternative within the public API. ok doug@, tedu@ and reluctantly miod@
* Ensure that a ServerKeyExchange message is received if the selected cipherjsing2015-01-231-5/+18
| | | | | | | | | | | | | | suite uses ephemeral keys. This avoids an issue where an ECHDE cipher suite can effectively be downgraded to ECDH, if the server omits the ServerKeyExchange message and has provided a certificate with an ECC public key. Issue reported to OpenSSL by Karthikeyan Bhargavan. Based on OpenSSL. Fixes CVE-2014-3572. ok beck@
* Add error handling for EVP_DigestInit_ex().doug2014-12-151-4/+8
| | | | | | | | | | | | | A few EVP_DigestInit_ex() calls were left alone since reporting an error would change the public API. Changed internal ssl3_cbc_digest_record() to return a value due to the above change. It will also now set md_out_size=0 on failure. This is based on part of BoringSSL's commit to fix malloc crashes: https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364 ok miod@
* Convert all of the straight forward client handshake handling code to usejsing2014-12-141-53/+43
| | | | | | the new handshake functions. ok miod@
* Remove trailing whitespace.jsing2014-12-141-2/+2
|
* unifdef OPENSSL_NO_NEXTPROTONEG, which is one of the last standing #ifndefjsing2014-12-141-9/+1
| | | | | | | mazes in libssl. NPN is being replaced by ALPN, however it is still going to be around for a while yet. ok miod@
* ssl3_init_finished_mac() calls BIO_new() which can fail since it in turnjsing2014-12-101-2/+5
| | | | | | | | calls malloc(). Instead of silently continuing on failure, check the return value of BIO_new() and propagate failure back to the caller for appropriate handling. ok bcook@
* Remove support for GOST R 34.10-94 signature authentication, along withjsing2014-12-101-3/+1
| | | | | | | the two ciphersuites that use it. GOST94 public/private keys have been long obsoleted and libcrypto does not have support for them anyway. Discussed with Dmitry Eremin-Solenikov.
* Remove client handling of RSA in ServerKeyExchange messages, along withjsing2014-12-061-81/+14
| | | | | | | | | the associated peer_rsa_tmp goop. This was only needed for export cipher handling and intentional RFC violations. The export cipher suites have already been removed and previous cleanup means that we will never send ServerKeyExchange messages from the server side for RSA.
* Ensure that sess_cert is not NULL at the start ofjsing2014-11-271-25/+9
| | | | | | | ssl3_send_client_key_exchange(), rather than checking it in the key exchange algorithm specific code. ok beck@ miod@
* Fix a memory leak with pkey in client key exchangedoug2014-11-191-1/+2
| | | | | | Based on boringssl commit: 1df112448b41c3568477f3fcd3b8fc820ce80066 ok miod@ jsing@
* Update the GOST code in libssl, as contributed by Dmitry Eremin-Solenikov.miod2014-11-181-20/+51
| | | | | This causes a libssl major version bump as this affects the layout of some internal-but-unfortunately-made-visible structs.
* Sort and group includes.jsing2014-11-161-4/+7
|
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-181-7/+4
| | | | | | | | | | | | | | | arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
* Check that the specified curve is one of the client preferences.jsing2014-09-271-4/+20
| | | | | | Based on OpenSSL. ok miod@
* remove obfuscating parens. man operator is your friend.tedu2014-09-191-6/+6
|
* Remove SSL_kDHr, SSL_kDHd and SSL_aDH. No supported ciphersuites use them,jsing2014-09-071-16/+3
| | | | | | nor do we plan on supporting them. ok guenther@
* Replace the remaining ssl3_get_cipher_by_char() calls with n2s() andjsing2014-08-231-7/+15
| | | | | | ssl3_get_cipher_by_id(). ok bcook@
* Currently, ssl3_put_char_by_bytes(NULL, NULL) is just a long handed wayjsing2014-08-111-2/+2
| | | | | | | | of writing "2". Add a define for the SSL3_CIPHER_VALUE_SIZE (rather than using a less-readable hardcoded constant everywhere) and replace the ssl3_put_char_by_bytes(NULL, NULL) calls with it. ok bcook@ miod@
* Since we no longer need to support SSLv2-style cipher lists, startjsing2014-08-101-7/+5
| | | | | | | | | | unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros. Prompted by similar changes in boringssl. ok guenther.
* merge CVE-2014-3510; Fix DTLS anonymous EC(DH) denial of servicederaadt2014-08-071-1/+9
| | | | | https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049 ok bcook
* Missing bounds check in ssl3_get_certificate_request(), was not spotted inmiod2014-07-171-1/+6
| | | | 1.78; reported by Ilja Van Sprundel.
* The correct name for EDH is DHE, likewise EECDH should be ECDHE.jsing2014-07-121-6/+6
| | | | | | Based on changes to OpenSSL trunk. ok beck@ miod@
* remove double brackets. fixes build with clang.jsg2014-07-121-2/+2
| | | | ok jsing@
* Remove extra parenthesis.jsing2014-07-121-2/+2
|
* need_cert is now always true, so remove the variable and associatedjsing2014-07-121-33/+21
| | | | | | conditionals. ok miod@
* Remove remnants from PSK, KRB5 and SRP.jsing2014-07-121-18/+7
| | | | ok beck@ miod@
* As reported by David Ramos, most consumer of ssl_get_message() perform latemiod2014-07-111-11/+74
| | | | | | | | | | | | | | | | | | bounds check, after reading the 2-, 3- or 4-byte size of the next chunk to process. But the size fields themselves are not checked for being entirely contained in the buffer. Since reading past your bounds is bad practice, and may not possible if you are using a secure memory allocator, we need to add the necessary bounds check, at the expense of some readability. As a bonus, a wrong size GOST session key will now trigger an error instead of a printf to stderr and it being handled as if it had the correct size. Creating this diff made my eyes bleed (in the real sense); reviewing it made guenther@'s and beck@'s eyes bleed too (in the literal sense). ok guenther@ beck@
* If the application uses tls_session_secret_cb for session resumption, setmiod2014-07-111-2/+3
| | | | the CCS_OK flag. From OpenSSL trunk.
* Accept CCS again after `finished' has been sent by the client; at this pointmiod2014-07-111-5/+6
| | | | | | | keys have been correctly set up so it is ok to accept CCS from the server. Without renegotiation can sometimes fail. OpenSSL PR #3400 via OpenSSL trunk.
* Remove the PSK code. We don't need to drag around thisbeck2014-07-111-136/+1
| | | | | baggage. ok miod@ jsing@
* decompress libssl. ok beck jsingtedu2014-07-101-70/+2
|
* tedu the SSL export cipher handling - since we do not have enabled exportjsing2014-07-091-31/+1
| | | | | | ciphers we no longer need the flags or code to support it. ok beck@ miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 08:20:12 +0000