summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_srvr.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* tedu the SSL export cipher handling - since we do not have enabled exportjsing2014-07-091-27/+6
| | | | | | ciphers we no longer need the flags or code to support it. ok beck@ miod@
* fix the identical leak in three different files.tedu2014-06-301-2/+3
| | | | reported by Brent Cook, original diff by logan
* convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoringtedu2014-06-191-2/+2
| | | | | | libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
* In ssl3_send_newsession_ticket(), fix a memory leak in an error path.miod2014-06-181-2/+4
|
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Stop setting the EVP_MD_CTX_FLAG_NON_FIPS_ALLOW - it has been ignored sincejsing2014-06-111-2/+0
| | | | | | OpenSSL 1.0.0. ok miod@ (a little while back)
* c-file-style hints, begone; ok beckderaadt2014-06-111-1/+1
|
* http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162e ↵deraadt2014-06-071-4/+1
| | | | | | | | | | | | | | | | | | | c30718b5e7480add42598158 Don't know the full story, but it looks like a "can't do random perfectly, so do it god awful" problem was found in 2013, and replaced with "only do it badly if a flag is set". New flags (SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old scheme of "use time_t for first 4 bytes of the random buffer". Nothing uses these flags [ecosystem scan by sthen] Fully discourage use of these flags in the future by removing support & definition of them. The buflen < 4 check is also interesting, because no entropy would be returned. No callers passed such small buffers. ok miod sthen
* The DH_free, EC_KEY_free, EVP_PKEY_free and RSA_free functions all havejsing2014-06-071-11/+6
| | | | | implicit NULL checks, so there is no point ensuring that the pointer is non-NULL before calling them.
* Be selective as to when ChangeCipherSpec messages will be accepted.jsing2014-06-051-2/+5
| | | | | | | | | | | | | | | | | Without this an early ChangeCipherSpec message would result in session keys being generated, along with the Finished hash for the handshake, using an empty master secret. For a detailed analysis see: https://www.imperialviolet.org/2014/06/05/earlyccs.html This is a fix for CVE-2014-0224, from OpenSSL. This issue was reported to OpenSSL by KIKUCHI Masashi. Unfortunately the recent OpenSSL commit was the first we were made aware of the issue. ok deraadt@ sthen@
* without overthinking it, replace a few memcmp calls with CRYPTO_memcmptedu2014-06-041-1/+1
| | | | where it is feasible to do so. better safe than sorry.
* More manual OPENSSL_NO_EC and OPENSSL_NO_TLSEXT cleanup.jsing2014-05-311-4/+4
|
* TLS would not be entirely functional without extensions, so unifdefjsing2014-05-311-27/+0
| | | | | | OPENSSL_NO_TLSEXT. ok tedu@
* Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS andjsing2014-05-301-19/+13
| | | | | | SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
* the comment says RAND_pseudo_bytes should be RAND_bytes. make it so.tedu2014-05-291-6/+1
| | | | ok deraadt
* unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.tedu2014-05-291-30/+0
| | | | ok deraadt jsing
* There is no point in checking if a pointer is non-NULL before calling free,jsing2014-05-281-6/+3
| | | | | | | | since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
* Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much ofjsing2014-05-251-19/+0
| | | | | | | this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
* DeIMPLEMENT libssl. Expand the IMPLEMENT_* macros since it is far morejsing2014-05-241-4/+38
| | | | | | | | readable and one less layer of abstraction. Use C99 initialisers for clarity, grepability and to protect from future field reordering/removal. ok miod@ (tedu@ also thought it was a wonderful idea, beck@ also agreed, but ran away squealing since it reminded him of the VOP layer...)
* Stop including kssl_lcl.h and nuke it from orbit - it is a no-op now.jsing2014-05-221-1/+0
| | | | ok beck@ miod@
* In ssl3_send_certificate_request(), when adding the extra payload ifmiod2014-05-181-1/+6
| | | | | | | NETSCAPE_HANG_BUG is defined, make sure we BUF_MEM_grow() the buffer to accomodate for the payload size. Issue reported by David Ramos; ok beck@
* Remove SRP and Kerberos support from libssl. These are complex protocolstedu2014-05-051-317/+0
| | | | | all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
* More KNF, things that couldn't be verified with md5(1), and some whitespacemcbride2014-04-241-74/+92
| | | | I missed on the first go around.
* Make libssl and libcrypto compile with -Werrorbeck2014-04-231-1/+1
| | | | ok miod@
* more malloc/realloc/calloc cleanups; ok beck kettenisderaadt2014-04-211-2/+1
|
* More KNF and style consistency tweaksguenther2014-04-191-4/+3
|
* whack a bunch of disabled code. ok beck lteotedu2014-04-171-18/+0
|
* always build in RSA and DSA. ok deraadt miodtedu2014-04-171-16/+0
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-12/+12
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* add back SRP. i was being too greedy.tedu2014-04-161-0/+122
|
* Thanks to the knobs in http://tools.ietf.org/html/rfc5746, we have a knobbeck2014-04-161-3/+1
| | | | | | to say "allow this connection to negotiate insecurely". de-fang the code that respects this option to ignore it. ok miod@
* disentangle SRP code from TLStedu2014-04-161-122/+0
|
* strncpy(d, s, strlen(s)) is a special kind of stupid. even when it's right,tedu2014-04-161-8/+9
| | | | | it looks wrong. replace with auditable code and eliminate many strlen calls to improve efficiency. (wait, did somebody say FASTER?) ok beck
* KNFmcbride2014-04-161-361/+619
|
* make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miodtedu2014-04-141-11/+0
|
* So the OpenSSL codebase does "get the time, add it as a random seed"deraadt2014-04-141-2/+1
| | | | | | | in a bunch of places inside the TLS engine, to try to keep entropy high. I wonder if their moto is "If you can't solve a problem, at least try to do it badly". ok miod
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-141-1892/+1597
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* Do not include "e_os.h" anymore. Simply pull in the necessary headers.mpi2014-04-131-1/+1
| | | | ok miod@, deraadt@
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-16/+23
|
* resolve conflictsdjm2012-10-131-86/+460
|
* OpenSSL 1.0.0f: mergedjm2012-01-051-0/+11
|
* openssl-1.0.0e: resolve conflictsdjm2011-11-031-10/+26
|
* Security fix for CVE-2010-4180 as mentioned in ↵jasper2010-12-151-0/+5
| | | | | | | | | | | http://www.openssl.org/news/secadv_20101202.txt. where clients could modify the stored session cache ciphersuite and in some cases even downgrade the suite to weaker ones. This code is not enabled by default. ok djm@
* resolve conflicts, fix local changesdjm2010-10-011-268/+595
|
* pull Ben Lauries blind prefix injection fix for CVE-2009-3555 frommarkus2009-11-101-0/+8
| | | | openssl 0.9.8l; crank minor version; ok djm@ deraadt@; initially from jsg@
* resolve conflictsdjm2009-01-091-14/+20
|
* update to openssl-0.9.8i; tested by several, especially krw@djm2009-01-051-3/+5
|
* resolve conflictsdjm2008-09-061-91/+846
|
* resolve conflictsdjm2006-06-271-2/+2
|
* resolve conflictsdjm2005-04-291-6/+11
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-26 09:35:13 +0000