summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_srvr.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* The correct name for EDH is DHE, likewise EECDH should be ECDHE.jsing2014-07-121-9/+9
| | | | | | Based on changes to OpenSSL trunk. ok beck@ miod@
* Remove remnants from PSK, KRB5 and SRP.jsing2014-07-121-40/+16
| | | | ok beck@ miod@
* Place comments in a block above the if statement, rather than attemptingjsing2014-07-121-29/+31
| | | | | to interleave them within the conditions. Also fix wrapping and indentation.
* As reported by David Ramos, most consumer of ssl_get_message() perform latemiod2014-07-111-41/+65
| | | | | | | | | | | | | | | | | | bounds check, after reading the 2-, 3- or 4-byte size of the next chunk to process. But the size fields themselves are not checked for being entirely contained in the buffer. Since reading past your bounds is bad practice, and may not possible if you are using a secure memory allocator, we need to add the necessary bounds check, at the expense of some readability. As a bonus, a wrong size GOST session key will now trigger an error instead of a printf to stderr and it being handled as if it had the correct size. Creating this diff made my eyes bleed (in the real sense); reviewing it made guenther@'s and beck@'s eyes bleed too (in the literal sense). ok guenther@ beck@
* In ssl3_get_cert_verify(), allow for larger messages to accomodate keysmiod2014-07-111-3/+2
| | | | | larger than 4096-bit RSA which the most paranoid of us are using; OpenSSL PR #319 via OpenSSL trunk.
* In ssl3_get_client_key_exchange() parsing a GOST session key, invoke themiod2014-07-111-13/+8
| | | | | regular ASN.1 parser rather than trying to handroll one and potentially misbehave; OpenSSL PR #3335 via OpenSSL trunk.
* Remove the PSK code. We don't need to drag around thisbeck2014-07-111-108/+1
| | | | | baggage. ok miod@ jsing@
* remove unused variable from ssl3_get_client_hellobcook2014-07-101-3/+2
| | | | ok tedu@ miod@
* decompress libssl. ok beck jsingtedu2014-07-101-96/+1
|
* KNF comments, reflowing and moving out of the middle of argument lists inguenther2014-07-101-32/+41
| | | | | | places ok jsing@
* tedu the SSL export cipher handling - since we do not have enabled exportjsing2014-07-091-27/+6
| | | | | | ciphers we no longer need the flags or code to support it. ok beck@ miod@
* fix the identical leak in three different files.tedu2014-06-301-2/+3
| | | | reported by Brent Cook, original diff by logan
* convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoringtedu2014-06-191-2/+2
| | | | | | libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
* In ssl3_send_newsession_ticket(), fix a memory leak in an error path.miod2014-06-181-2/+4
|
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Stop setting the EVP_MD_CTX_FLAG_NON_FIPS_ALLOW - it has been ignored sincejsing2014-06-111-2/+0
| | | | | | OpenSSL 1.0.0. ok miod@ (a little while back)
* c-file-style hints, begone; ok beckderaadt2014-06-111-1/+1
|
* http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162e ↵deraadt2014-06-071-4/+1
| | | | | | | | | | | | | | | | | | | c30718b5e7480add42598158 Don't know the full story, but it looks like a "can't do random perfectly, so do it god awful" problem was found in 2013, and replaced with "only do it badly if a flag is set". New flags (SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old scheme of "use time_t for first 4 bytes of the random buffer". Nothing uses these flags [ecosystem scan by sthen] Fully discourage use of these flags in the future by removing support & definition of them. The buflen < 4 check is also interesting, because no entropy would be returned. No callers passed such small buffers. ok miod sthen
* The DH_free, EC_KEY_free, EVP_PKEY_free and RSA_free functions all havejsing2014-06-071-11/+6
| | | | | implicit NULL checks, so there is no point ensuring that the pointer is non-NULL before calling them.
* Be selective as to when ChangeCipherSpec messages will be accepted.jsing2014-06-051-2/+5
| | | | | | | | | | | | | | | | | Without this an early ChangeCipherSpec message would result in session keys being generated, along with the Finished hash for the handshake, using an empty master secret. For a detailed analysis see: https://www.imperialviolet.org/2014/06/05/earlyccs.html This is a fix for CVE-2014-0224, from OpenSSL. This issue was reported to OpenSSL by KIKUCHI Masashi. Unfortunately the recent OpenSSL commit was the first we were made aware of the issue. ok deraadt@ sthen@
* without overthinking it, replace a few memcmp calls with CRYPTO_memcmptedu2014-06-041-1/+1
| | | | where it is feasible to do so. better safe than sorry.
* More manual OPENSSL_NO_EC and OPENSSL_NO_TLSEXT cleanup.jsing2014-05-311-4/+4
|
* TLS would not be entirely functional without extensions, so unifdefjsing2014-05-311-27/+0
| | | | | | OPENSSL_NO_TLSEXT. ok tedu@
* Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS andjsing2014-05-301-19/+13
| | | | | | SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
* the comment says RAND_pseudo_bytes should be RAND_bytes. make it so.tedu2014-05-291-6/+1
| | | | ok deraadt
* unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.tedu2014-05-291-30/+0
| | | | ok deraadt jsing
* There is no point in checking if a pointer is non-NULL before calling free,jsing2014-05-281-6/+3
| | | | | | | | since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
* Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much ofjsing2014-05-251-19/+0
| | | | | | | this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
* DeIMPLEMENT libssl. Expand the IMPLEMENT_* macros since it is far morejsing2014-05-241-4/+38
| | | | | | | | readable and one less layer of abstraction. Use C99 initialisers for clarity, grepability and to protect from future field reordering/removal. ok miod@ (tedu@ also thought it was a wonderful idea, beck@ also agreed, but ran away squealing since it reminded him of the VOP layer...)
* Stop including kssl_lcl.h and nuke it from orbit - it is a no-op now.jsing2014-05-221-1/+0
| | | | ok beck@ miod@
* In ssl3_send_certificate_request(), when adding the extra payload ifmiod2014-05-181-1/+6
| | | | | | | NETSCAPE_HANG_BUG is defined, make sure we BUF_MEM_grow() the buffer to accomodate for the payload size. Issue reported by David Ramos; ok beck@
* Remove SRP and Kerberos support from libssl. These are complex protocolstedu2014-05-051-317/+0
| | | | | all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
* More KNF, things that couldn't be verified with md5(1), and some whitespacemcbride2014-04-241-74/+92
| | | | I missed on the first go around.
* Make libssl and libcrypto compile with -Werrorbeck2014-04-231-1/+1
| | | | ok miod@
* more malloc/realloc/calloc cleanups; ok beck kettenisderaadt2014-04-211-2/+1
|
* More KNF and style consistency tweaksguenther2014-04-191-4/+3
|
* whack a bunch of disabled code. ok beck lteotedu2014-04-171-18/+0
|
* always build in RSA and DSA. ok deraadt miodtedu2014-04-171-16/+0
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-12/+12
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* add back SRP. i was being too greedy.tedu2014-04-161-0/+122
|
* Thanks to the knobs in http://tools.ietf.org/html/rfc5746, we have a knobbeck2014-04-161-3/+1
| | | | | | to say "allow this connection to negotiate insecurely". de-fang the code that respects this option to ignore it. ok miod@
* disentangle SRP code from TLStedu2014-04-161-122/+0
|
* strncpy(d, s, strlen(s)) is a special kind of stupid. even when it's right,tedu2014-04-161-8/+9
| | | | | it looks wrong. replace with auditable code and eliminate many strlen calls to improve efficiency. (wait, did somebody say FASTER?) ok beck
* KNFmcbride2014-04-161-361/+619
|
* make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miodtedu2014-04-141-11/+0
|
* So the OpenSSL codebase does "get the time, add it as a random seed"deraadt2014-04-141-2/+1
| | | | | | | in a bunch of places inside the TLS engine, to try to keep entropy high. I wonder if their moto is "If you can't solve a problem, at least try to do it badly". ok miod
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-141-1892/+1597
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* Do not include "e_os.h" anymore. Simply pull in the necessary headers.mpi2014-04-131-1/+1
| | | | ok miod@, deraadt@
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-16/+23
|
* resolve conflictsdjm2012-10-131-86/+460
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-11 17:54:27 +0000