| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
and more importantly they do not provide PFS (if you want to use ECDH, use
ECDHE instead).
With input from guenther@.
ok deraadt@ guenther@
|
| |
|
|
|
|
|
|
|
|
|
| |
Flip pointer comparison logic to avoid beyond-end-of-buffer pointers
to make it less likely a compiler will decide to screw you.
Based on parts of openssl commits
6f35f6deb5ca7daebe289f86477e061ce3ee5f46 and
89c2720298f875ac80777da2da88a64859775898
ok jsing@
|
| |
|
|
|
|
|
| |
14 years ago these were changed in OpenSSL to be the same
as the _ex functions. We use the _ex functions only internally
to ensure it is obvious the ctx must be cleared.
ok bcook@
|
| |
|
|
| |
ok doug@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok beck@
|
| |
|
|
|
|
|
|
| |
then decrement it and call a callback on exit from the function. As such,
these functions should not return in the middle, otherwise in_handshake is
never decremented and the callback never called.
ok beck@ "with many sighs" miod@
|
| |
|
|
|
|
|
| |
We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and
DTLS1_BAD_VER support was removed.
"reads ok" miod@
|
| |
|
|
|
|
|
| |
ssl3_handshake_msg_hdr_len() function. Use this to correct several places
that have magic numbers with header lengths hardcoded as '4'.
ok beck@
|
| |
|
|
| |
ok beck@
|
| |
|
|
|
|
| |
ssl3_ prefix.
ok beck@
|
| |
|
|
|
|
|
| |
incomplete implementations just so that we can interoperate with products
from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
| |
|
|
| |
ok miod@
|
| |
|
|
|
|
| |
now nothing more than noops.
ok bcook@ doug@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
|
| |
This is the first wave of SSLv3 removal which removes the main SSLv3
functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@,
sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
| |
|
|
|
|
|
| |
Use of this symbols proves the existence of a code path willingly using SSLv3,
even with OPENSSL_NO_SSL3 being defined, which hints that it needs fixing.
Discussed with the LibreSSL cabal during c2k15; ok deraadt@
|
| |
|
|
|
|
|
|
| |
This is a 17 year old workaround from SSLeay 0.9.0b. It was for
clients that send RSA client key exchange in TLS using SSLv3 format
(no length prefix).
ok jsing@
|
| |
|
|
| |
ok miod@ jsing@
|
| |
|
|
| |
tweak + ok miod@ jsing@
|
| |
|
|
|
|
|
|
|
| |
Another relic due to the old US crypto policy.
From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and
95275599399e277e71d064790a1f828a99fc661a.
ok jsing@ miod@
|
| |
|
|
| |
ok miod@ jsing@
|
| |
|
|
|
|
|
| |
This commit matches the OpenSSL removal in commit
3c33c6f6b10864355553961e638514a6d1bb00f6.
ok deraadt@
|
| |
|
|
|
| |
This was imported into OpenSSL from SSLeay. It was recently deleted
in OpenSSL commit 7a4dadc3a6a487db92619622b820eb4f7be512c9
|
| |
|
|
| |
This is a hack for an old version of SSLeay which predates OpenSSL.
|
| |
|
|
| |
ok doug@
|
| |
|
|
|
|
|
|
|
|
| |
ability to pass or not pass a STACK_OF(SSL_CIPHER) *, which is then either
zeroed or if NULL a new one is allocated, always allocate one and return it
directly.
Inspired by simliar changes in BoringSSL.
ok beck@ doug@
|
| |
|
|
|
|
| |
in four different places.
ok doug@ guenther@
|
| |
|
|
|
|
|
|
|
|
| |
certificates without requiring a CertificateVerify message.
From OpenSSL commit:
https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3
Thanks to Karthikeyan Bhargavan for reporting this.
ok miod@
|
| |
|
|
|
|
| |
message handling routines.
ok miod@
|
| |
|
|
|
|
|
| |
If you're still using a buggy version of Netscape from 2000, for HTTPS with
client certificates, it is probably a good time to find a new browser.
"kill it softly... with napalm and kisses" miod@
|
| |
|
|
|
|
|
|
| |
This API was intended to be an internal only, however like many things in
OpenSSL, it is exposed externally and parts of the software ecosystem are
now using it since there is no real alternative within the public API.
ok doug@, tedu@ and reluctantly miod@
|
| |
|
|
|
|
|
| |
afterwards. openssl has a more complicated fix, but it's less intrusive
for now to simply hoist the expensive part (fake key generation) up without
sweating a branch or two.
ok bcook jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A few EVP_DigestInit_ex() calls were left alone since reporting an
error would change the public API.
Changed internal ssl3_cbc_digest_record() to return a value due to the above
change. It will also now set md_out_size=0 on failure.
This is based on part of BoringSSL's commit to fix malloc crashes:
https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364
ok miod@
|
| |
|
|
|
|
|
| |
mazes in libssl. NPN is being replaced by ALPN, however it is still going
to be around for a while yet.
ok miod@
|
| |
|
|
|
|
|
|
| |
calls malloc(). Instead of silently continuing on failure, check the return
value of BIO_new() and propagate failure back to the caller for appropriate
handling.
ok bcook@
|
| |
|
|
|
|
|
| |
the two ciphersuites that use it. GOST94 public/private keys have been
long obsoleted and libcrypto does not have support for them anyway.
Discussed with Dmitry Eremin-Solenikov.
|
| |
|
|
|
| |
This causes a libssl major version bump as this affects the layout of some
internal-but-unfortunately-made-visible structs.
|
| | |
|
| |
|
|
|
|
|
| |
This allows an SSL server to enable DHE ciphers with a single setting,
which results in an DH key being generated based on the server key length.
Partly based on OpenSSL.
|
| |
|
|
|
|
|
|
|
| |
The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively
a standards violation) and for RSA sign-only, should only be possible if
you are using an export cipher and have an RSA private key that is more
than 512 bits in size (however we no longer support export ciphers).
ok bcook@ miod@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
arc4random provides high quality pseudo-random numbers, hence there is no
need to differentiate between "strong" and "pseudo". Furthermore, the
arc4random_buf() function is guaranteed to succeed, which avoids the need
to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and
RAND_pseudo_bytes() calls were missing return value checks and these
functions can fail for a number of reasons (at least in OpenSSL -
thankfully they were converted to wrappers around arc4random_buf() some
time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
| |
|
|
|
|
|
|
|
|
| |
This allows an SSL server to enable ECDHE ciphers with a single setting,
which results in an EC key being generated using the first preference
shared curve.
Based on OpenSSL with inspiration from boringssl.
ok miod@
|
| |
|
|
| |
ok miod@
|
| | |
|
| |
|
|
|
|
| |
nor do we plan on supporting them.
ok guenther@
|
| |
|
|
|
|
|
| |
ssl3_cipher_get_value() helper function, which returns the cipher suite
value for the given cipher.
ok miod@
|
| |
|
|
|
| |
ssl3_get_cert_verify().
ok guenther@ jsing@
|
| |
|
|
|
|
|
|
|
|
| |
unravelling the maze of function pointers and callbacks by directly
calling ssl3_{get,put}_cipher_by_char() and removing the
ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
for the key (expressed in RSA key bits, which makes *no sense* for ECDH) as
their second argument, not zero.
(jsing@ notes that the RSA callback is only invoked for 'export' ciphers,
which have been removed from LibreSSL, and for the SSL_OP_EPHEMERAL_RSA
option, which is makes the application non-compliant. More fuel for the
tedu fire...)
jasper@ noted the breakage and bisected it down to the diff that broke this
ok jsing@ miod@
|
