summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* This commit was manufactured by cvs2git to create tag 'OPENBSD_5_8_BASE'.OPENBSD_5_8_BASEcvs2svn2015-08-021-3125/+0
|
* Allow *_free() functions in libssl to handle NULL input.doug2015-07-191-1/+4
| | | | | | This mimics free()'s behavior which makes error handling simpler. ok bcook@ miod@
* Convert ssl_bytes_to_cipher_list to CBS.doug2015-06-281-8/+18
| | | | | | | Link in the new 'unit' regress and expand the invalid tests to include some that would fail before the CBS conversion. input + ok miod@ jsing@
* Clean up the ssl_bytes_to_cipher_list() API - rather than having thejsing2015-04-151-15/+9
| | | | | | | | | | ability to pass or not pass a STACK_OF(SSL_CIPHER) *, which is then either zeroed or if NULL a new one is allocated, always allocate one and return it directly. Inspired by simliar changes in BoringSSL. ok beck@ doug@
* BUF_MEM_free() has its own explicit NULL check.jsing2015-03-271-9/+6
|
* Reluctantly add server-side support for TLS_FALLBACK_SCSV.jsing2015-02-221-4/+58
| | | | | | | | | | | | | | | | | | | | | | | | | | This allows for clients that willingly choose to perform a downgrade and attempt to establish a second connection at a lower protocol after the previous attempt unexpectedly failed, to be notified and have the second connection aborted, if the server does in fact support a higher protocol. TLS has perfectly good version negotiation and client-side fallback is dangerous. Despite this, in order to maintain maximum compatability with broken web servers, most mainstream browsers implement this. Furthermore, TLS_FALLBACK_SCSV only works if both the client and server support it and there is effectively no way to tell if this is the case, unless you control both ends. Unfortunately, various auditors and vulnerability scanners (including certain online assessment websites) consider the presence of a not yet standardised feature to be important for security, even if the clients do not perform client-side downgrade or the server only supports current TLS protocols. Diff is loosely based on OpenSSL with some inspiration from BoringSSL. Discussed with beck@ and miod@. ok bcook@
* There is not much point constructing an SSL_CIPHER, then callingjsing2015-02-221-7/+3
| | | | | ssl3_cipher_get_value() to get the cipher suite value that we just put in the struct - use the cipher suite value directly.
* Remove IMPLEMENT_STACK_OF noops.jsing2015-02-221-2/+1
|
* Enable building with -DOPENSSL_NO_DEPRECATED.doug2015-02-111-1/+2
| | | | | | | | | | | | | | | If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@
* Return NULL when there are no shared ciphers.doug2015-02-091-4/+6
| | | | | | | | | | | | | | | | | OpenSSL added this change to avoid an out-of-bounds write since they're accessing p[-1]. We initialize buf and use strrchr() so we aren't subject to the same OOB write. However, we should return NULL rather than an empty string when there are no shared ciphers. Also, KNF a particularly bad section above here that miod noticed. Based on OpenSSL commits: 4ee356686f72ff849f6f3d58562224ace732b1a6 308505b838e4e3ce8485bb30f5b26e2766dc7f8b ok miod@
* Clean up the {get,put}_cipher_by_char() implementations. Also usejsing2015-02-071-6/+3
| | | | | | | ssl3_get_cipher_by_value() in other parts of the code where it simplifies things. ok doug@
* Support CA verification in chroot'ed processes without direct filereyk2015-01-221-1/+7
| | | | | | | | | | access to the certificates. SSL_CTX_load_verify_mem() is a frontend to the new X509_STORE_load_mem() function that allows to load the CA chain from a memory buffer that is holding the PEM-encoded files. This function allows to handle the verification in privsep'ed code. Adopted for LibreSSL based on older code from relayd (by pyr@ and myself) With feedback and OK bluhm@
* Add error handling for EVP_DigestInit_ex().doug2014-12-151-3/+7
| | | | | | | | | | | | | A few EVP_DigestInit_ex() calls were left alone since reporting an error would change the public API. Changed internal ssl3_cbc_digest_record() to return a value due to the above change. It will also now set md_out_size=0 on failure. This is based on part of BoringSSL's commit to fix malloc crashes: https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364 ok miod@
* unifdef OPENSSL_NO_NEXTPROTONEG, which is one of the last standing #ifndefjsing2014-12-141-9/+1
| | | | | | | mazes in libssl. NPN is being replaced by ALPN, however it is still going to be around for a while yet. ok miod@
* Remove support for GOST R 34.10-94 signature authentication, along withjsing2014-12-101-8/+1
| | | | | | | the two ciphersuites that use it. GOST94 public/private keys have been long obsoleted and libcrypto does not have support for them anyway. Discussed with Dmitry Eremin-Solenikov.
* Add support for ALPN.jsing2014-12-101-1/+85
| | | | | | Based on OpenSSL and BoringSSL. ok bcook@
* Sort and group includes.jsing2014-11-161-4/+7
|
* Add support for automatic DH ephemeral keys.jsing2014-10-311-2/+51
| | | | | | | This allows an SSL server to enable DHE ciphers with a single setting, which results in an DH key being generated based on the server key length. Partly based on OpenSSL.
* Remove support for ephemeral/temporary RSA private keys.jsing2014-10-311-4/+3
| | | | | | | | | The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively a standards violation) and for RSA sign-only, should only be possible if you are using an export cipher and have an RSA private key that is more than 512 bits in size (however we no longer support export ciphers). ok bcook@ miod@
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-181-6/+5
| | | | | | | | | | | | | | | arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
* Disable SSLv3 by default.jsing2014-10-151-1/+4
| | | | | | | | | | | | | | SSLv3 has been long known to have weaknesses and the POODLE attack has once again shown that it is effectively broken/insecure. As such, it is time to stop enabling a protocol was deprecated almost 15 years ago. If an application really wants to provide backwards compatibility, at the cost of security, for now SSL_CTX_clear_option(ctx, SSL_OP_NO_SSLv3) can be used to re-enable it on a per-application basis. General agreement from many. ok miod@
* Add support for automatic ephemeral EC keys.jsing2014-10-031-2/+3
| | | | | | | | | | This allows an SSL server to enable ECDHE ciphers with a single setting, which results in an EC key being generated using the first preference shared curve. Based on OpenSSL with inspiration from boringssl. ok miod@
* Remove SSL_kDHr, SSL_kDHd and SSL_aDH. No supported ciphersuites use them,jsing2014-09-071-16/+2
| | | | | | nor do we plan on supporting them. ok guenther@
* Replace the remaining uses of ssl3_put_cipher_by_char() with s2n and ajsing2014-08-241-3/+4
| | | | | | | ssl3_cipher_get_value() helper function, which returns the cipher suite value for the given cipher. ok miod@
* Replace the remaining ssl3_get_cipher_by_char() calls with n2s() andjsing2014-08-231-8/+11
| | | | | | ssl3_get_cipher_by_id(). ok bcook@
* Check the return value of sk_SSL_CIPHER_new_null(), since it allocatesjsing2014-08-111-5/+7
| | | | | | memory and can return NULL. ok miod@
* Currently, ssl3_put_char_by_bytes(NULL, NULL) is just a long handed wayjsing2014-08-111-10/+8
| | | | | | | | of writing "2". Add a define for the SSL3_CIPHER_VALUE_SIZE (rather than using a less-readable hardcoded constant everywhere) and replace the ssl3_put_char_by_bytes(NULL, NULL) calls with it. ok bcook@ miod@
* Since we no longer need to support SSLv2-style cipher lists, startjsing2014-08-101-11/+9
| | | | | | | | | | unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros. Prompted by similar changes in boringssl. ok guenther.
* The correct name for EDH is DHE, likewise EECDH should be ECDHE.jsing2014-07-121-5/+5
| | | | | | Based on changes to OpenSSL trunk. ok beck@ miod@
* Provide ssl_version_string() function, which uses one of those modern Cjsing2014-07-121-11/+23
| | | | | | | | constructs (a switch statement) and returns the appropriate string defined by SSL_TXT_* for the given version, including support for DTLSv1 and DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print(). ok beck@
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-121-11/+6
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Remove remnants from PSK, KRB5 and SRP.jsing2014-07-121-4/+1
| | | | ok beck@ miod@
* Remove the PSK code. We don't need to drag around thisbeck2014-07-111-115/+1
| | | | | baggage. ok miod@ jsing@
* Remove more compression tendrils.jsing2014-07-101-6/+2
| | | | ok tedu@
* decompress libssl. ok beck jsingtedu2014-07-101-29/+1
|
* remove unused ecc_pkey_size.bcook2014-07-101-4/+2
| | | | ok jsing@ miod@
* tedu the SSL export cipher handling - since we do not have enabled exportjsing2014-07-091-66/+5
| | | | | | ciphers we no longer need the flags or code to support it. ok beck@ miod@
* convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoringtedu2014-06-191-2/+2
| | | | | | libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
* ssl_session_cmp is not a sort function, can use CRYPTO_memcmp here too.tedu2014-06-171-2/+4
|
* Add an SSL_AEAD_CTX to enable the use of EVP_AEAD with an SSL cipher.jsing2014-06-131-1/+12
| | | | | | | | | Read and write contexts are also added to the SSL_CTX, along with supporting code. Based on Adam Langley's chromium diffs. Rides the recent SSL library bump.
* Remove support for the `opaque PRF input' extension, which draft has expiredmiod2014-06-131-2/+1
| | | | | | | | 7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
* tags as requested by miod and teduderaadt2014-06-121-0/+1
|
* More KNF.jsing2014-06-071-6/+4
|
* Some KNF and fix the vairable spelling.jsing2014-05-311-23/+16
|
* More manual OPENSSL_NO_EC and OPENSSL_NO_TLSEXT cleanup.jsing2014-05-311-1/+1
|
* unifdef -UDOXYGEN and manually remove the few doxygen comments that are notjsing2014-05-311-31/+0
| | | | | | wrapped in #ifdef DOXYGEN... Requested by miod@
* ECDH and ECDSA will not work overly well if there is no EC, so unifdefjsing2014-05-311-4/+0
| | | | | | OPENSSL_NO_EC. ok tedu@
* TLS would not be entirely functional without extensions, so unifdefjsing2014-05-311-10/+0
| | | | | | OPENSSL_NO_TLSEXT. ok tedu@
* remove some #if 0 code. we don't need any more reminders that we're usingtedu2014-05-301-38/+1
| | | | a not quite appropriate data structure. ok jsing
* Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS andjsing2014-05-301-3/+1
| | | | | | SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 08:20:16 +0000