summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_pkt.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Rename s3_{both,clnt,pkt_srvr}.c to have an ssl_ prefix since they are nojsing2017-01-261-1446/+0
| | | | | | longer SSLv3 code. ok beck@
* Merge the client/server version negotiation into the existing (currentlyjsing2017-01-261-2/+9
| | | | | | fixed version) client/server code. ok beck@
* Provide ssl3_packet_read() and ssl3_packet_extend() functions that improvejsing2017-01-251-14/+44
| | | | | | | the awkward API provided by ssl3_read_n(). Call these when we need to read or extend a packet. ok beck@
* Move options and mode from SSL_CTX and SSL to internal, since these can bejsing2017-01-231-8/+8
| | | | set and cleared via existing functions.
* Split most of SSL_METHOD out into an internal variant, which is opaque.jsing2017-01-231-13/+13
| | | | Discussed with beck@
* send state and rstate from ssl_st into internal. There are accessorsbeck2017-01-231-19/+19
| | | | | so these should not be diddled with directly ok jsing@
* move back read_hash and enc_read_ctx into ssl_st. wpa_supplicant andbeck2017-01-231-8/+8
| | | | other perversions touches them sickly and unnaturally.
* Move a large part of ssl_st into internal, so we can see what squeals.beck2017-01-231-61/+61
| | | | ok jsing@
* move the callbacks from ssl_st to internalbeck2017-01-231-25/+25
| | | | ok jsing@
* Move callback function pointers and argument pointers from SSL_CTX tojsing2017-01-231-5/+5
| | | | | | internal. ok beck@
* Move most of the SSL3_STATE fields to internal - the ones that remain arejsing2017-01-221-74/+74
| | | | | | known to be used by ports. ok beck@
* Use defines instead of magic numbers and comments.jsing2016-11-171-5/+3
|
* In ssl3_read_bytes(), do not process more than three consecutive TLSjsing2016-11-031-4/+24
| | | | | | | | records, otherwise a peer can potentially cause us to loop indefinately. Return with an SSL_ERROR_WANT_READ instead, so that the caller can choose when they want to handle further processing for this connection. ok beck@ miod@
* zero the read buffer after copying data to user so it doesn't linger.tedu2016-07-101-1/+2
| | | | ok beck
* Remove most of the SSLv3 version checks and a few TLS v1.0.doug2015-09-121-6/+1
| | | | | | | We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and DTLS1_BAD_VER support was removed. "reads ok" miod@
* Convert ssl3_get_record to CBS.doug2015-07-241-22/+29
| | | | ok miod@ jsing@
* Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER workaround.doug2015-07-181-17/+4
| | | | | | This was a hack to work around problems on IE 6 with SSLv3. ok miod@ bcook@
* unconditionally align SSL payloadsbcook2014-12-141-15/+11
| | | | | | | | Remove support for conditional payload alignment, since we would never want to turn it off. Also, consistently use size_t for calculating the alignment. ok miod@
* Remove trailing whitespace.jsing2014-12-141-9/+9
|
* Sort and group includes.jsing2014-11-161-3/+5
|
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-181-2/+1
| | | | | | | | | | | | | | | arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
* Remove remnants from PSK, KRB5 and SRP.jsing2014-07-121-5/+1
| | | | ok beck@ miod@
* decompress libssl. ok beck jsingtedu2014-07-101-66/+3
|
* convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoringtedu2014-06-191-2/+2
| | | | | | libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
* Add an SSL_AEAD_CTX to enable the use of EVP_AEAD with an SSL cipher.jsing2014-06-131-1/+4
| | | | | | | | | Read and write contexts are also added to the SSL_CTX, along with supporting code. Based on Adam Langley's chromium diffs. Rides the recent SSL library bump.
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Disable TLS support...jsing2014-06-111-2/+0
| | | | | | | | Just kidding! unifdef OPENSSL_NO_TLS since we will never want to actually do that. ok deraadt@
* More KNF.jsing2014-06-111-56/+91
|
* Ensure that we do not process a ChangeCipherSpec with an empty masterjsing2014-06-051-1/+1
| | | | | | | | | secret. This is an additional safeguard against early ChangeCipherSpec handling. From OpenSSL. ok deraadt@
* Be selective as to when ChangeCipherSpec messages will be accepted.jsing2014-06-051-0/+8
| | | | | | | | | | | | | | | | | Without this an early ChangeCipherSpec message would result in session keys being generated, along with the Finished hash for the handshake, using an empty master secret. For a detailed analysis see: https://www.imperialviolet.org/2014/06/05/earlyccs.html This is a fix for CVE-2014-0224, from OpenSSL. This issue was reported to OpenSSL by KIKUCHI Masashi. Unfortunately the recent OpenSSL commit was the first we were made aware of the issue. ok deraadt@ sthen@
* remove some #if 0 code. we don't need any more reminders that we're usingtedu2014-05-301-4/+0
| | | | a not quite appropriate data structure. ok jsing
* Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS andjsing2014-05-301-15/+13
| | | | | | SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
* Remove redundant test introduced in s3_pkt.c on 20001225, which got cargo-cultedmiod2014-05-271-2/+2
| | | | (with an XXX comment, though) in d1_pkt.c in 2005.
* Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much ofjsing2014-05-251-5/+0
| | | | | | | this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
* Constrain bytes read/written to positive values.beck2014-04-291-0/+10
| | | | ok miod@ tedu@
* Replace all use of ERR_add_error_data with ERR_asprintf_error_data.beck2014-04-261-4/+2
| | | | | | | | This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
* rearrange a bit of code/commentstedu2014-04-241-67/+89
|
* A fantastic way to make a large unsigned number is to assignbeck2014-04-241-0/+2
| | | | | | | | | a small signed one to it.. Some people on OpenSSL's list noticed - http://marc.info/?l=openssl-dev&m=139809485525663&w=2 This should fix that, and make sure we don't try to write out insane amounts of stuff. ok miod@ tedu@
* on today's episode of things you didn't want to learn:tedu2014-04-241-0/+4
| | | | | | | | | | | | | do_ssl3_write() is recursive. and not in the simple, obvious way, but in the sneaky called through ssl3_dispatch_alert way. (alert level: fuchsia) this then has a decent chance of releasing the buffer that we thought we were going to use. check for this happening, and if the buffer has gone missing, put another one back in place. the direct recursive call is safe because it won't call ssl3_write_pending which is the function that actually does do the writing and releasing. as reported by David Ramos to openssl-dev: http://marc.info/?l=openssl-dev&m=139809493725682&w=2 ok beck
* release buffers fix was lost in merge. put it back.tedu2014-04-191-1/+2
|
* More KNF and style consistency tweaksguenther2014-04-191-2/+2
|
* Finish zapping SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION usage; only keepguenther2014-04-181-2/+1
| | | | | | | the #define for compat, but document that it's a no-op now. Also, neuter the -legacy_renegotiation option to "openssl s_{client,server}" ok beck@
* whack a bunch of disabled code. ok beck lteotedu2014-04-171-14/+0
|
* Mostly gut e_os.h:deraadt2014-04-171-1/+0
| | | | | | | | USE_SOCKETS is unrelated to using sockets, but just pulls in .h files. It makes every file buy a kitchen sink, because 11 files forgot to. EXIT() is really exit(), a gentle surprise but... OPENSSL_EXIT() is really just return(), because noone compiles the openssl command non-monolithic anymore
* Part 1 of eliminating BIO_snprintf(). This fixes mechanical conversionsbeck2014-04-151-1/+1
| | | | | where the return value is ignored changing to (void) snprintf. ok deraadt@
* make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miodtedu2014-04-141-13/+0
|
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-141-661/+562
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* Do not include "e_os.h" anymore. Simply pull in the necessary headers.mpi2014-04-131-2/+2
| | | | ok miod@, deraadt@
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-5/+6
|
* Piotr Sikora pointed me at a more refined diff for the buffer releasetedu2014-04-101-0/+2
| | | | | | issue. Apply that version. Maybe someday upstream will wake up and then we can have the same code. https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 23:04:36 +0000