| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
ok inoguchi@
|
| |
|
|
|
|
|
|
|
| |
There are three versions of the DTLS header writing code, which primarily
differ by the fragment offset and fragment length values that differ.
Rework dtls1_write_message_header() such that it can be used in all three
cases and convert it to CBB in the process.
ok inoguchi@ tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The original code did a crazy encode/malloc/encode/decode/modify/encode
dance, in order to encode a session in the form needed to encrypt then add
to a session ticket. By modifying the encoding functions slightly, we can
do this entire dance as a single encode.
Inspired by similar changes in BoringSSL.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
i2d_SSL_SESSION. Also rework the example code so that it is clearer and
uses more appropriate names.
Input from and ok schwarze@, tb@
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
Accordingly, add some error checking to SSL_copy_session_id(),
BIO_ssl_copy_session_id(), and SSL_dup().
Prompted by OpenSSL commit 17dd65e6e1f
Tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
| |
This code has been rotting since 2006.
ok bcook@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The original implementation is rather crazy and means that we effectively
have two lots of code that parse a ClientHello and two lots of code that
parse TLS extensions. Partially simplify this by passing a CBS containing
the extension block through to the session handling functions, removing the
need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
| |
Parse up until the extensions (if any), then proceed with processing,
rather than gradually parsing while processing. This makes the code
cleaner, requires messages to be valid before processing and makes way
for upcoming changes.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
| |
Now that all handshake messages are created using CBB, remove the non-CBB
ssl3_handshake_msg_start()/ssl3_handshake_msg_finish() functions. Rename
the CBB variants by dropping the _cbb suffix.
ok bcook@ inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
The CBB conversion resulted in the ticket encryption being handled
incorrectly, resulting in only the last block being used. Fix this and
restore the previous behaviour.
Issue found by inoguchi@ and sebastia@.
ok inoguchi@ and tb@
|
| |
|
|
|
|
|
|
|
|
| |
Now that all callers of tls12_get_sigandhash() have been converted to CBB,
collapse tls12_get_sigandhash() and tls12_get_sigandhash_cbb() into a
single function. Rename it to tls12_gethashandsig() to be representative
of the actual order of the sigalgs parameters, and perform some other
clean up.
ok inoguchi@ tb@
|
| |
|
|
|
|
| |
This removes a memorable BUF_MEM_grow() and associated comment.
ok inoguchi@ tb@
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
| |
ok inoguchi@ tb@
|
| | |
|
| |
|
|
| |
ok bcook@ beck@ tb@
|
| |
|
|
|
|
| |
Everything can go through the EVP_Verify* code path.
ok inoguchi@ tb@
|
| |
|
|
|
|
| |
Everything can go through the single EVP_Sign* code path.
ok inoguchi@ tb@
|
| |
|
|
|
|
| |
have been converted to CBS, pull it up a level.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
client KEX DHE processing, rather than reusing the buffer that is used
to send/receive handshake messages.
ok beck@ inoguchi@
|
| |
|
|
| |
ok beck@ inoguchi@
|
| |
|
|
|
|
|
| |
Also allocate a dedicated buffer to hold the shared secret, rather than
reusing init_buf.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
| |
These are insecure and should not be used - furthermore, we would should
not have been allowing their negotiation with TLSv1.2 (as noted by Robert
Merget, Juraj Somorovsky and Simon Friedberger). Removing these cipher
suites also fixes this issue.
ok beck@ inoguchi@
|
| |
|
|
|
|
|
|
|
| |
For pure ECDHE we do not need to construct a new key using the one that
was set up during the other half of the key exchange. Also, since we do not
support any form of ECDH the n == 0 case is not valid (per RFC 4492 section
5.7), so we can ditch this entirely.
ok inoguchi@ tb@
|
| |
|
|
| |
ok beck@ tb@
|
| |
|
|
| |
the missing goto. While here also remove a set of unnecessary parentheses.
|
| |
|
|
|
|
|
|
| |
Convert to CBS, use more appropriate variable names and improve validation.
Allocate a dedicated buffer to hold the decrypted result, rather than
decrypting into the handshake buffer (which is also used to send data).
ok beck@ inoguchi@ tb@
|
| |
|
|
|
|
|
|
| |
alert rather than an internal_error alert.
Issue found by Simon Friedberger, Robert Merget and Juraj Somorovsky.
ok beck@ inoguchi@
|
| |
|
|
| |
to return const. Update the documentation.
|
| |
|
|
|
|
| |
public API in libssl.
ok beck, jsing
|
| |
|
|
| |
ok schwarze@
|
| |
|
|
| |
show the public data type name "LHASH_OF(SSL_SESSION)" instead.
|
| |
|
|
|
| |
and avoid the internal, undocumented names "struct ssl_st *"
and "struct ssl_ctx_st *".
|
| |
|
|
|
| |
to some parameters and return values of some functions.
Update the documentation.
|
| |
|
|
| |
previous commit.
|
| |
|
|
|
|
|
|
| |
our libssl functions match theirs wrt const, except for BIO_f_ssl(3)
which will be fixed in a later step.
this went through a i386 bulk by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
OpenSSL commit 7c96dbcdab9 by Rich Salz.
This cleans up the caller side quite a bit and reduces the number of
lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net
shows that almost nothing checks the return value of ENGINE_finish().
While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'.
ok jsing, tested by & ok inoguchi
|
| |
|
|
|
| |
SSL_OP_TLS_ROLLBACK_BUG to no longer have any effect.
Update the manual page.
|
| |
|
|
|
|
|
| |
around the SSLv3/TLSv1.0 period... and buggy clients are buggy. This also
helps to clean up the RSA key exchange code.
ok "kill it with fire" beck@ tb@
|
| |
|
|
| |
collecting the information by inspecting the source code.
|
| |
|
|
|
|
|
| |
Now that everything goes through the same code path, we can remove a layer
of indirection and just call ssl3_{read,write,peek} directly.
ok beck@ inoguchi@
|
| |
|
|
|
|
|
| |
These flags enabled experimental behaviour in the write path, which nothing
uses. Removing this code greatly simplifies ssl3_write().
ok beck@ inoguchi@ sthen@ tb@
|
| |
|
|
|
|
|
|
| |
SSL_CTX_get_default_passwd_cb(3) and
SSL_CTX_get_default_passwd_cb_userdata(3).
Merge the documentation, tweaked by me;
from Christian Heimes <cheimes at redhat dot com>
via OpenSSL commit 0c452abc Mar 2 12:53:40 2016 +0100.
|
