| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
to only apply to s23_srvr.c.
|
| |
|
|
|
|
|
|
|
|
|
| |
saying that you expect it to return that value and compare it against zero
because it is supposedly faster, for this leads to bugs (especially given the
high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in this
library).
Instead, compare for the exact value it ought to return upon success.
ok deraadt@
|
| | |
|
| | |
|
| |
|
|
|
|
| |
ciphers we no longer need the flags or code to support it.
ok beck@ miod@
|
| |
|
|
|
| |
possible to hit for real.
ok miod@ jsing@
|
| |
|
|
|
|
| |
to avoid duplication. Also use fewer magic numbers.
ok miod@
|
| |
|
|
| |
correct record is already known, so avoid reassignment.
|
| | |
|
| |
|
|
|
|
|
| |
so that it reflects what it is actually doing. Use this function in a
number of places that still have the hand rolled version.
ok beck@ miod@
|
| | |
|
| |
|
|
| |
up in the wrong order when the code was refactored.
|
| |
|
|
| |
EVP_CIPH_FLAG_AEAD_CIPHER into the same if/else block.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
those that use EVP_AEAD instead ov EVP_CIPHER. This means being able to
change cipher state with an EVP_AEAD and being able to encrypt/decrypt
TLS using the EVP_AEAD. This has no change on existing
non-SSL_CIPHER_ALGORITHM2_AEAD ciphers.
Based on Adam Langley's chromium patches.
Rides the recent libssl bump.
Tested by sthen@
|
| |
|
|
|
|
|
|
| |
7 years ago and never made it into an RFC. That code wasn't compiled in
anyway unless one would define the actual on-the-wire extension id bytes;
crank libssl major.
With help and enlightenment from Brendan MacDonell.
|
| | |
|
| |
|
|
|
|
| |
OpenSSL 1.0.0.
ok miod@ (a little while back)
|
| |
|
|
|
|
|
|
|
| |
to avoid a possible NULL function call on ctx.final(). None of the callers
currently check the return value of calls to cert_verify_mac(), however
the function already returns 0 in another case and the MAC comparison will
later fail.
Issue reported by David Ramos.
|
| |
|
|
|
|
| |
magic numbers around.
ok deraadt@
|
| | |
|
| |
|
|
|
|
|
| |
switching cipher states using an EVP_CIPHER. This will facilitate the
addition of cipher state changes for EVP_AEAD. No functional change.
Based on Adam Langley's chromium patches.
|
| | |
|
| |
|
|
| |
Based on Adam Langley's chromium patches.
|
| |
|
|
|
|
|
| |
While this is not strictly correct (since the presence of SSL3_CC_READ does
not guarantee the absence of SSL3_CC_WRITE), in practice only one of these
flags is set at a time and there is existing logic which already relies on
this behaviour.
|
| |
|
|
| |
this is the only place where these variables are used.
|
| | |
|
| |
|
|
|
|
| |
code. Additionally, these need to be cleaned in the export case.
Based on Adam Langley's chromium patches.
|
| |
|
|
|
|
|
|
|
|
|
| |
Rather than doing a complex dance to figure out if we should reuse the
cipher context and clean it later on, just free it and allocate a new one.
This simplifies the code path, especially in the write case where special
handling is required for DTLS.
Also, calling EVP_CIPHER_CTX_init() for a newly created cipher context is
unnecessary, since EVP_CIPHER_CTX_new() already does this (not to mention
that it was already missing from the write case).
|
| | |
|
| |
|
|
|
|
|
|
|
| |
meaningful variable names with pointer arithmitic, rather than n, i, j
and p with array indexing.
Based on Adam Langley's chromium diffs.
ok miod@
|
| |
|
|
|
|
|
|
|
|
| |
results in the key block length calculation also being correct. Rename a
number of variables so that their purpose becomes clear and simplify some
of the code.
Inspired by Adam Langley's chromium diffs.
ok miod@
|
| |
|
|
|
|
|
|
|
| |
single variable with a descriptive name, instead of two poorly named
variables.
Largely based on Adam Langley's chromium patches.
ok miod@
|
| |
|
|
| |
a not quite appropriate data structure. ok jsing
|
| |
|
|
|
|
| |
SSL_USE_TLS1_2_CIPHERS.
Largely based on OpenSSL head.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
unchecked.
In the case of tls1_change_cipher_state(), it is fairly pointless to use
ssl_replace_hash(), since it does not initialise the hash and there is
special handling required in the DTLS write case. Instead, just inline
the part of ssl_replace_hash() that is needed and only
ssl_clear_hash_ctx() the write hash in the non-DTLS case.
Also add a detailed comment explaining why there needs to be specialised
handling for DTLS write context and where the contexts are actually freed.
ok miod@
|
| | |
|
| |
|
|
|
|
|
|
| |
from the cipher and message digest handling, allowing for upcoming changes.
Based on Adam Langley's chromium diffs.
ok miod@
|
| |
|
|
|
|
|
|
| |
since free already does this for us. Also remove some pointless NULL
assignments, where the result from malloc(3) is immediately assigned to the
same variable.
ok miod@
|
| |
|
|
|
|
|
| |
this is sporadic, hacked up and can easily be put back in an improved form
should we ever need it.
ok miod@
|
| |
|
|
|
|
|
|
|
|
|
| |
compression associated with the SSL session. Based on one of Adam Langley's
chromium diffs, factor out the compression handling code into a separate
ssl_cipher_get_comp() function.
Rewrite the compression handling code to avoid pointless duplication and so
that failures are actually returned to and detectable by the caller.
ok miod@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok beck@ miod@
|
| |
|
|
|
| |
http://marc.info/?l=openssl-dev&m=139779977532459&w=2
ok miod
|
| | |
|
| |
|
|
|
|
|
| |
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.
ok tedu@
|
| | |
|
| |
|
|
|
| |
still not sure what to make of mysteries like this:
for (i = 7; i >= 0; i--) { /* increment */
|
| |
|
|
|
|
|
|
| |
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
|
| |
|
|
|
| |
meets their needs, but dumping it in here only penalizes the rest of us.
ok miod
|
| |
|
|
|
| |
readable. This pass is whitespace only and can readily be verified using
tr and md5.
|
