summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_clnt.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Convert ssl3_send_client_kex_ecdhe() to CBB. Also check the return value ofjsing2016-12-131-34/+35
| | | | | | the EC_POINT_point2oct() calls. Feedback from and ok doug@
* Convert ssl3_send_client_kex_dhe() to CBB.jsing2016-12-071-14/+23
| | | | ok doug@
* Convert ssl3_send_client_kex_rsa() to CBB.jsing2016-12-061-14/+36
| | | | ok doug@
* Convert certificate handshake message generation to CBB, with some cleanjsing2016-12-061-9/+22
| | | | | | | | | | up and restructure. This also adds CBB based variants of the ssl3_handshake_msg_{start,finish} functions - for the time being these use a CBB to build the messages, then copy back into the init_buf. ok doug@
* Convert ssl_cipher_list_to_bytes() to CBB, changing the function to returnjsing2016-12-041-7/+10
| | | | | | | the number of bytes written via an explicit *outlen argument and retaining the return value to indicate success or failure. ok doug@
* Cleanup some of ssl3_send_client_kex_rsa() - tmp_buf is really thejsing2016-12-041-10/+12
| | | | | | | | premaster secret, so name it accordingly. Also, remove bogus assignment of master_key_length - the correct value is assigned when the master_key is set. ok beck@ doug@
* Address a potential leak in ssl3_get_server_kex_ecdhe() - if we allocatejsing2016-12-031-3/+4
| | | | | | | ngroup and the following EC_KEY_set_group() fails, ngroup will not be freed. Avoid this by freeing on return. ok millert@
* Avoid signed vs unsigned warnings from clang by adding two casts,jsing2016-12-031-2/+2
| | | | | | slightly rewriting some code and changing the type of an array. ok bcook@ doug@
* remove unused variablebcook2016-11-061-6/+3
|
* Convert ssl3_get_server_kex_ecdhe() to CBS, simplifying tls1_check_curve()jsing2016-11-051-42/+33
| | | | | | | in the process. This also fixes a long standing bug where tls1_ec_curve_id2nid() is called with only one byte of the curve ID. ok beck@ miod@
* Rename ssl3_get_key_exchange() to ssl3_get_server_key_exchange(), sincejsing2016-11-041-3/+3
| | | | | | that's what it really is. ok miod@
* Tidy up the usage of peer_ecdh_tmp, following the fixed ECDH removal.jsing2016-11-041-13/+5
| | | | ok beck@
* Convert ssl3_get_server_kex_dhe() to CBS.jsing2016-11-041-42/+19
| | | | ok beck@
* Split ssl3_get_key_exchange() into separate functions for DHE/ECDHE.jsing2016-11-031-205/+256
| | | | ok beck@ (who was struggling to keep lunch down while reviewing the diff)
* Remove support for fixed ECDH cipher suites - these is not widely supportedjsing2016-10-191-14/+5
| | | | | | | | | and more importantly they do not provide PFS (if you want to use ECDH, use ECDHE instead). With input from guenther@. ok deraadt@ guenther@
* Merge a memleak fix from BoringSSL 6b6e0b2:mmcc2016-03-271-1/+3
| | | | | | https://boringssl.googlesource.com/boringssl/+/6b6e0b20893e2be0e68af605a60ffa2cbb0ffa64%5E!/#F0 ok millert@, beck@
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-111-7/+4
| | | | ok doug@
* s/ssl3_client_kex/ssl3_send_client_kex/ for consistency with the caller.jsing2015-10-021-9/+11
|
* Stop generating private keys in a network buffer.jsing2015-09-131-29/+29
| | | | | | | | | | The current client key exchange code generates DH and ECDH keys into the same buffer that we use to send data to the network - stop doing this and malloc() a new buffer, which we explicit_bzero() and free() on return. This also benefits from ASLR and means that the keys are no longer generated in a well known location. ok beck@
* Use ECDH_size() instead of rolling our own.jsing2015-09-131-6/+5
| | | | ok beck@
* Split ssl3_send_client_key_exchange() (387 lines of code) into fivejsing2015-09-121-327/+351
| | | | | | | | | functions. The original was written as a huge if/else if chain - split out the handling for each key exchange type. This allows us to reduce two levels of indentation, make the code far more readable and have single return paths so that we can simplify clean up. ok beck@
* explicit_bzero() the GOST premaster secret.jsing2015-09-121-2/+7
| | | | ok miod@
* Remove most of the SSLv3 version checks and a few TLS v1.0.doug2015-09-121-39/+21
| | | | | | | We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and DTLS1_BAD_VER support was removed. "reads ok" miod@
* Use explicit_bzero() instead of memset() when clearing private keys.jsing2015-09-121-3/+4
| | | | ok bcook@ beck@ miod@
* Pull variable assignment out from function call, fix indentation and setjsing2015-09-121-8/+7
| | | | state after calling ssl3_handshake_msg_finish().
* style(9) and whitespace cleanups.jsing2015-09-121-29/+25
|
* Rename functions that moved to t1_enc.c, with a tls1_ prefix instead of ajsing2015-09-111-7/+7
| | | | | | ssl3_ prefix. ok beck@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-101-2/+2
| | | | ok miod@
* Replace dtls1_client_hello() with ssl3_client_hello() - both are basicallyjsing2015-09-021-5/+22
| | | | | | | | | | | the same code, with two slight differences for DTLS handling. Also, make use of send_cookie to determine if the client random needs to be preserved, rather than testing if it is zeroed (hopefully your random number generator never returned all zeros, since the existing code would break). Inspired by BoringSSL. ok doug@
* Remove the ssl_prepare_{client,server}hello_tlsext() functions, which arejsing2015-09-011-6/+1
| | | | | | now nothing more than noops. ok bcook@ doug@
* Remove SSLv3 method data structs and unlink s3_meth.c from the build.doug2015-08-291-40/+1
| | | | ok jsing@
* Remove SSLv3 support from LibreSSL.doug2015-08-271-15/+1
| | | | | | | | | | This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support. Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@. ok jsing@, beck@
* Add linker warnings in case SSLv3_{,client,server}_method are referenced.miod2015-07-291-1/+7
| | | | | | | Use of this symbols proves the existence of a code path willingly using SSLv3, even with OPENSSL_NO_SSL3 being defined, which hints that it needs fixing. Discussed with the LibreSSL cabal during c2k15; ok deraadt@
* Convert ssl3_get_certificate_request to CBS.doug2015-07-191-31/+33
| | | | ok miod@
* check n before cbs_init, coverity - ID 125063beck2015-07-151-3/+9
| | | | ok bcook@ miod@
* test for n<0 before use in CBS_init - mostly to shut up coverity.beck2015-07-151-5/+16
| | | | reluctant ok miod@
* Flense out dead code, we don't do ecdhe_clnt_cert.beck2015-07-151-98/+40
| | | | | coverity ID's 21691 21698 ok miod@, "Fry it" jsing@
* Convert ssl3_get_cert_status to CBS.doug2015-07-141-17/+26
| | | | ok miod@ jsing@
* Convert ssl3_get_server_certificate to CBS.doug2015-07-141-17/+18
| | | | ok miod@
* Stop using BUF_memdup() within the LibreSSL code base - it is correctlyjsing2015-06-241-3/+3
| | | | | | spelt malloc+memcpy, which is what is used in all except two places. ok deraadt@ doug@
* Convert ssl3_get_new_session_ticket to CBS.doug2015-06-201-24/+24
| | | | tweak + ok miod@ jsing@
* Remove ancient SSL_OP_NETSCAPE_CA_DN_BUG from SSLeay days.doug2015-06-151-18/+6
| | | | | | | This commit matches the OpenSSL removal in commit 3c33c6f6b10864355553961e638514a6d1bb00f6. ok deraadt@
* Nuke the OPENSSL_MAX_TLS1_2_CIPHER_LENGTH hack - this has to be enabled atjsing2015-03-311-11/+1
| | | | | | | compile time, which we do not do and are unlikely to ever do. Additionally, there are two runtime configurable alternatives that exist. ok bcook@ doug@
* Factor out the init_buf initialisation code, rather than duplicating itjsing2015-03-271-19/+6
| | | | | | in four different places. ok doug@ guenther@
* delay EVP_MD_CTX_init so we don't forget to clean it up.tedu2015-03-111-3/+4
| | | | spotted by miod. ok miod.
* Reject DH keys sent by a server if they are considered too small; inspiredmiod2015-03-081-1/+12
| | | | | by a similar BoringSSL change, but raising the limit to 1024 bits. ok jsing@ markus@ guenther@ deraadt@
* Clean up the {get,put}_cipher_by_char() implementations. Also usejsing2015-02-071-7/+5
| | | | | | | ssl3_get_cipher_by_value() in other parts of the code where it simplifies things. ok doug@
* Add additional checks to ssl3_send_client_key_exchange() that ensuresjsing2015-02-061-18/+25
| | | | | | | | ephemeral keys exist for SSL_kDHE and SSL_kECDHE. This would have prevented CVE-2014-3572. ok doug@
* Bring back the horrible API that is get_cipher_by_char/put_cipher_by_char.jsing2015-02-061-1/+3
| | | | | | | | This API was intended to be an internal only, however like many things in OpenSSL, it is exposed externally and parts of the software ecosystem are now using it since there is no real alternative within the public API. ok doug@, tedu@ and reluctantly miod@
* Ensure that a ServerKeyExchange message is received if the selected cipherjsing2015-01-231-5/+18
| | | | | | | | | | | | | | suite uses ephemeral keys. This avoids an issue where an ECHDE cipher suite can effectively be downgraded to ECDH, if the server omits the ServerKeyExchange message and has provided a certificate with an ECC public key. Issue reported to OpenSSL by Karthikeyan Bhargavan. Based on OpenSSL. Fixes CVE-2014-3572. ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-09-01 10:49:20 +0000