| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
While this is not strictly correct (since the presence of SSL3_CC_READ does
not guarantee the absence of SSL3_CC_WRITE), in practice only one of these
flags is set at a time and there is existing logic which already relies on
this behaviour.
|
| |
|
|
| |
this is the only place where these variables are used.
|
| | |
|
| |
|
|
|
|
| |
code. Additionally, these need to be cleaned in the export case.
Based on Adam Langley's chromium patches.
|
| |
|
|
|
|
|
|
|
|
|
| |
Rather than doing a complex dance to figure out if we should reuse the
cipher context and clean it later on, just free it and allocate a new one.
This simplifies the code path, especially in the write case where special
handling is required for DTLS.
Also, calling EVP_CIPHER_CTX_init() for a newly created cipher context is
unnecessary, since EVP_CIPHER_CTX_new() already does this (not to mention
that it was already missing from the write case).
|
| | |
|
| |
|
|
|
|
|
|
|
| |
meaningful variable names with pointer arithmitic, rather than n, i, j
and p with array indexing.
Based on Adam Langley's chromium diffs.
ok miod@
|
| |
|
|
|
|
|
|
|
|
| |
results in the key block length calculation also being correct. Rename a
number of variables so that their purpose becomes clear and simplify some
of the code.
Inspired by Adam Langley's chromium diffs.
ok miod@
|
| |
|
|
|
|
|
|
|
| |
single variable with a descriptive name, instead of two poorly named
variables.
Largely based on Adam Langley's chromium patches.
ok miod@
|
| |
|
|
| |
a not quite appropriate data structure. ok jsing
|
| |
|
|
|
|
| |
SSL_USE_TLS1_2_CIPHERS.
Largely based on OpenSSL head.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
unchecked.
In the case of tls1_change_cipher_state(), it is fairly pointless to use
ssl_replace_hash(), since it does not initialise the hash and there is
special handling required in the DTLS write case. Instead, just inline
the part of ssl_replace_hash() that is needed and only
ssl_clear_hash_ctx() the write hash in the non-DTLS case.
Also add a detailed comment explaining why there needs to be specialised
handling for DTLS write context and where the contexts are actually freed.
ok miod@
|
| | |
|
| |
|
|
|
|
|
|
| |
from the cipher and message digest handling, allowing for upcoming changes.
Based on Adam Langley's chromium diffs.
ok miod@
|
| |
|
|
|
|
|
|
| |
since free already does this for us. Also remove some pointless NULL
assignments, where the result from malloc(3) is immediately assigned to the
same variable.
ok miod@
|
| |
|
|
|
|
|
| |
this is sporadic, hacked up and can easily be put back in an improved form
should we ever need it.
ok miod@
|
| |
|
|
|
|
|
|
|
|
|
| |
compression associated with the SSL session. Based on one of Adam Langley's
chromium diffs, factor out the compression handling code into a separate
ssl_cipher_get_comp() function.
Rewrite the compression handling code to avoid pointless duplication and so
that failures are actually returned to and detectable by the caller.
ok miod@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok beck@ miod@
|
| |
|
|
|
| |
http://marc.info/?l=openssl-dev&m=139779977532459&w=2
ok miod
|
| | |
|
| |
|
|
|
|
|
| |
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.
ok tedu@
|
| | |
|
| |
|
|
|
| |
still not sure what to make of mysteries like this:
for (i = 7; i >= 0; i--) { /* increment */
|
| |
|
|
|
|
|
|
| |
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
|
| |
|
|
|
| |
meets their needs, but dumping it in here only penalizes the rest of us.
ok miod
|
| |
|
|
|
| |
readable. This pass is whitespace only and can readily be verified using
tr and md5.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
CVE-2013-4353 NULL pointer dereference with crafted Next Protocol
Negotiation record in TLS handshake.
Upstream: 197e0ea
CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client.
Upstream: ca98926, 0294b2b
CVE-2013-6450 Fix DTLS retransmission from previous session.
Upstream: 3462896
|
| |
|
|
|
| |
from the openssl git (changes between openssl 1.0.1c and 1.0.1d).
ok djm@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Note that this is a maintenence release, API's appear *not* to have changed.
As such, I have only increased the minor number on these libraries
|
| | |
|
| | |
|
| |
|
|
|
|
| |
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
| | |
|
|
|
functionality for shared libs.
Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in this library.
Needs documentation and help from ports for easy upgrade to full
functionality where legally possible.
|
