| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
ok miod@ jsing@
|
| |
|
|
|
|
| |
This was a hack to work around problems on IE 6 with SSLv3.
ok miod@ bcook@
|
| |
|
|
|
|
|
|
| |
Remove support for conditional payload alignment, since we would never
want to turn it off. Also, consistently use size_t for calculating the
alignment.
ok miod@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
arc4random provides high quality pseudo-random numbers, hence there is no
need to differentiate between "strong" and "pseudo". Furthermore, the
arc4random_buf() function is guaranteed to succeed, which avoids the need
to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and
RAND_pseudo_bytes() calls were missing return value checks and these
functions can fail for a number of reasons (at least in OpenSSL -
thankfully they were converted to wrappers around arc4random_buf() some
time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
| |
|
|
| |
ok beck@ miod@
|
| | |
|
| |
|
|
|
|
| |
libc interfaces over libcrypto interfaces. for now we also prefer
timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable.
ok beck deraadt matthew miod
|
| |
|
|
|
|
|
|
|
| |
Read and write contexts are also added to the SSL_CTX, along with
supporting code.
Based on Adam Langley's chromium diffs.
Rides the recent SSL library bump.
|
| | |
|
| |
|
|
|
|
|
|
| |
Just kidding!
unifdef OPENSSL_NO_TLS since we will never want to actually do that.
ok deraadt@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
secret. This is an additional safeguard against early ChangeCipherSpec
handling.
From OpenSSL.
ok deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this an early ChangeCipherSpec message would result in session
keys being generated, along with the Finished hash for the handshake,
using an empty master secret.
For a detailed analysis see:
https://www.imperialviolet.org/2014/06/05/earlyccs.html
This is a fix for CVE-2014-0224, from OpenSSL.
This issue was reported to OpenSSL by KIKUCHI Masashi. Unfortunately the
recent OpenSSL commit was the first we were made aware of the issue.
ok deraadt@ sthen@
|
| |
|
|
| |
a not quite appropriate data structure. ok jsing
|
| |
|
|
|
|
| |
SSL_USE_TLS1_2_CIPHERS.
Largely based on OpenSSL head.
|
| |
|
|
| |
(with an XXX comment, though) in d1_pkt.c in 2005.
|
| |
|
|
|
|
|
| |
this is sporadic, hacked up and can easily be put back in an improved form
should we ever need it.
ok miod@
|
| |
|
|
| |
ok miod@ tedu@
|
| |
|
|
|
|
|
|
| |
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
a small signed one to it.. Some people on OpenSSL's list
noticed - http://marc.info/?l=openssl-dev&m=139809485525663&w=2
This should fix that, and make sure we don't try to write out insane
amounts of stuff.
ok miod@ tedu@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
do_ssl3_write() is recursive. and not in the simple, obvious way, but in
the sneaky called through ssl3_dispatch_alert way. (alert level: fuchsia)
this then has a decent chance of releasing the buffer that we thought we
were going to use. check for this happening, and if the buffer has gone
missing, put another one back in place.
the direct recursive call is safe because it won't call ssl3_write_pending
which is the function that actually does do the writing and releasing.
as reported by David Ramos to openssl-dev:
http://marc.info/?l=openssl-dev&m=139809493725682&w=2
ok beck
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
the #define for compat, but document that it's a no-op now. Also, neuter
the -legacy_renegotiation option to "openssl s_{client,server}"
ok beck@
|
| | |
|
| |
|
|
|
|
|
|
| |
USE_SOCKETS is unrelated to using sockets, but just pulls in .h files. It
makes every file buy a kitchen sink, because 11 files forgot to.
EXIT() is really exit(), a gentle surprise
but... OPENSSL_EXIT() is really just return(), because noone compiles the
openssl command non-monolithic anymore
|
| |
|
|
|
| |
where the return value is ignored changing to (void) snprintf.
ok deraadt@
|
| | |
|
| |
|
|
|
| |
readable. This pass is whitespace only and can readily be verified using
tr and md5.
|
| |
|
|
| |
ok miod@, deraadt@
|
| | |
|
| |
|
|
|
|
| |
issue. Apply that version. Maybe someday upstream will wake up and then
we can have the same code.
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
|
| |
|
|
| |
ok benno deraadt
|
| |
|
|
|
|
|
|
|
|
|
|
| |
CVE-2013-4353 NULL pointer dereference with crafted Next Protocol
Negotiation record in TLS handshake.
Upstream: 197e0ea
CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client.
Upstream: ca98926, 0294b2b
CVE-2013-6450 Fix DTLS retransmission from previous session.
Upstream: 3462896
|
| |
|
|
|
| |
from the openssl git (changes between openssl 1.0.1c and 1.0.1d).
ok djm@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
"In TLS connections, certain incorrectly formatted records can cause an OpenSSL
client or server to crash due to a read attempt at NULL."
http://openssl.org/news/secadv_20100324.txt
ok deraadt@ djm@ sthen@
|
| |
|
|
| |
openssl 0.9.8l; crank minor version; ok djm@ deraadt@; initially from jsg@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
see http://www.openssl.org/news/secadv_20040317.txt
|
| |
|
|
|
|
|
|
| |
In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
via timing by performing a MAC computation even if incorrrect
block cipher padding has been found. This is a countermeasure
against active attacks where the attacker has to distinguish
between bad padding and a MAC verification error. (CAN-2003-0078)
|
