summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Bring in an SSL_HANDSHAKE structure and commence the great shovellingbeck2017-05-0611-113/+119
| | | | ok jsing@, gcc@, regress@
* Provide SSL{,_CTX}_set_{min,max}_proto_version() functions.jsing2017-05-066-5/+115
| | | | | | Rides minor bump. ok beck@
* Bump minors for symbol addition in libcryptobeck2017-05-061-1/+1
| | | | ok jsing@
* Add missing $OpenBSD$ tags.jsing2017-05-064-2/+4
|
* Only enable -Werror on libcrypto/libssl/libtls if we are building withjsing2017-04-301-2/+3
| | | | | | | gcc4. This should avoid failed builds while transitioning compilers. While here also make the CFLAGS blocks consistent across makefiles. Discussed with deraadt@, ok beck@
* Switch back to freezero() and explicitly initialise data_len to zero. Thejsing2017-04-301-6/+3
| | | | | previous code was safe since data would always be NULL if data_len was uninitialised, however compilers cannot know this.
* Fix a bug caused by the return value being set early to signal successfuljsing2017-04-291-5/+5
| | | | | | | | | | | | | | | DTLS cookie validation. This can mask a later failure and result in a positive return value being returned from ssl3_get_client_hello(), when it should return a negative value to propagate the error. Ironically this was introduced in OpenSSL 2e9802b7a7b with the commit message "Fix DTLS cookie management bugs". Fix based on OpenSSL. Issue reported by Nicolas Bouliane <nbouliane at jive dot com>. ok beck@
* Revert previous - we still want to do this, but I forgot about the installerbeck2017-04-292-14/+6
| | | | | and want to avoid the wrath of theo when he arrives home in a couple of hours :)
* We now require you to have a working libpthreadbeck2017-04-291-1/+2
|
* Make it safe to call SSL_library_init more than once.beck2017-04-291-5/+12
| | | | | | We are basically admitting that pthread is everywhere, and we will be using it for other things too. ok jsing@
* backout previous, data_len is not always initializedotto2017-04-161-2/+5
|
* Use freezero(3) when cleaning up session tickets - not only does it requirejsing2017-04-141-6/+3
| | | | | less code, but there is also a potential performance gain since they can be larger allocations.
* Use freezero(3) to clean up the X25519 keys - simpler, cleaner code.jsing2017-04-141-6/+3
|
* Use freezero(3) in the CBB clean up path, since this could hold sensitivejsing2017-04-141-3/+2
| | | | information (such as master keys).
* Switch i2d_SSL_SESSION() back to freezero(3) now that the size constraintsjsing2017-04-141-5/+2
| | | | have been relaxed.
* Clean up server key exchange EC point handling. Encode the point directlyjsing2017-04-141-27/+15
| | | | | | | | into the CBB memory, rather than mallocing and memcpying, which also makes makes the code more consistent with the client. Add a missing check for the first EC_POINT_point2oct() call. ok beck@
* Revert ssl_asn1.c r1.50 - CBB and freezero(3) do not play nicely together.jsing2017-04-111-2/+5
| | | | | | Back this out while we investigate and implement a solution. Found the hard way by sthen@
* Use freezero() for the internal opaque structures, instead of the currentjsing2017-04-103-18/+9
| | | | explicit_bzero()/free(). Less code and potentially less overhead.
* Use freezero() for X25519 keys - same result with more readable code.jsing2017-04-101-7/+3
|
* freezero() the key block; simpler code and less of it.jsing2017-04-101-7/+3
|
* Use freezero() for i2d_SSL_SESSION() - one line of code instead of three.jsing2017-04-101-5/+2
| | | | | | In this case the memory allocated can also be significant, in which case freezero() will have less overhead than explicit_bzero() (munmap instead of touching all of the memory to write zeros).
* fix some .Xr errors that jmc@ found with mdoclint(1)schwarze2017-04-103-12/+13
|
* new manual page SSL_get_server_tmp_key(3)schwarze2017-04-103-2/+88
| | | | from Matt Caswell <matt@openssl.org>, OpenSSL commit 508fafd8
* Additional SSL_SESSION documentationschwarze2017-04-1011-16/+349
| | | | | from Matt Caswell <matt at openssl dot org>, OpenSSL commit b31db505. Improve crosslinking while here.
* for pure *_ctrl() wrapper macros, move the reference from ssl(3)schwarze2017-04-1014-49/+54
| | | | to SSL_CTX_ctrl(3) to make ssl(3) slightly more palatable
* new manual page SSL_CTX_set_tlsext_servername_callback(3) for SNI;schwarze2017-04-102-1/+126
| | | | | from <Jon dot Spillett at oracle dot com> via OpenSSL commit 8c55c461
* Convert various client key exchange functions to freezero(3). The memoryjsing2017-04-101-14/+5
| | | | | contents needs to be made inaccessible - this is simpler and less error prone than the current "if not NULL, explicit_bzero(); free()" dance.
* pasto; from <Jon dot Spillett at oracle dot com> via OpenSSL commit 3aaa1bd0schwarze2017-04-101-3/+3
|
* typo fix; from <Jon dot Spillett at oracle dot com>schwarze2017-04-101-5/+5
| | | | via OpenSSL commit 7bd27895
* tweak previous;jmc2017-03-291-3/+5
|
* Fix typo in function name;schwarze2017-03-281-4/+5
| | | | | from Markus Triska <triska at metalevel dot at> via OpenSSL commit 1f164c6f.
* After i wrote SSL_renegotiate(3) from scratch, OpenSSL alsoschwarze2017-03-281-12/+109
| | | | | | | documented the function. Merge the more detailed descriptions and the additional documentation of SSL_renegotiate_abbreviated(3) and SSL_renegotiate_pending(3). From Matt Caswell, OpenSSL commit 39820637.
* Update RFC reference for TLSEXT_TYPE_padding.jsing2017-03-251-5/+2
|
* Check tls1_PRF() return value in tls1_generate_master_secret().jsing2017-03-251-4/+4
|
* More cleanup for tls1_PRF()/tls1_P_hash() - change the argument order ofjsing2017-03-251-46/+50
| | | | | | | tls1_PRF() so that it matches tls1_P_hash(), use more explicit argument names and change lengths to size_t. ok inoguchi@
* Fewer magic numbers.jsing2017-03-181-3/+3
|
* t1_enc.cjsing2017-03-181-3/+2
|
* Currently tls1_PRF() requires that a temporary buffer be provided, thatjsing2017-03-181-50/+32
| | | | | | | | | | | | | | matches the size of the output buffer. This is used in the case where there are multiple hashes - tls_P_hash() is called with the temporary buffer and the result is then xored into the output buffer. Avoid this by simply using a local buffer in tls_P_hash() and then xoring the result into the output buffer. Overall this makes the code cleaner and simplifies all of the tls_PRF() callers. Similar to BoringSSL. ok inoguchi@
* Remove the handshake digests and related code, replacing remaining usesjsing2017-03-107-166/+45
| | | | | | | with the handshake hash. For now tls1_digest_cached_records() is retained to release the handshake buffer. ok beck@ inoguchi@
* Switch CBB to use recallocarray() - this ensures that we do not leakjsing2017-03-101-2/+2
| | | | | | secrets via realloc(). ok inoguchi@
* First pass at cleaning up the tls1_P_hash() function - remove a pointlessjsing2017-03-101-20/+19
| | | | | | | EVP_DigestSignInit() call and avoid the need for ctx_tmp by reordering the code slightly. ok inoguchi@
* Make tls1_PRF() non-static so it can be regress tested.jsing2017-03-101-2/+7
|
* Correctly handle TLS PRF with MD5+SHA1 - the secret has to be partitionedjsing2017-03-071-5/+26
| | | | | | and each hash processed separately. Tested by tb@
* Clean up and simplify the tls1_PRF() implementation now that we have ajsing2017-03-061-48/+19
| | | | | | single EVP MD for the PRF hash. ok beck@ inoguchi@
* Correctly convert an SSLv2 challenge into an SSLv3/TLS client random byjsing2017-03-051-9/+27
| | | | | | truncating or left zero padding. ok beck@ inoguchi@ sthen@
* Provide a rolling handshake hash that commences as soon as the cipherjsing2017-03-058-54/+193
| | | | | | | | | | suite has been selected, and convert the final finish MAC to use this handshake hash. This is a first step towards cleaning up the current handshake buffer/digest code. ok beck@ inoguchi@
* Convert various handshake message generation functions to CBB.jsing2017-03-054-56/+113
| | | | ok beck@ inoguchi@
* Drop the second argument of dtls1_set_message_header() and make it a voidjsing2017-03-043-13/+10
| | | | | function. Nothing makes use of the return value and the second argument was only used to produce the return value...
* Call ssl3_handshake_write() instead of ssl3_do_write() - this was missedjsing2017-03-041-2/+2
| | | | | | | | | | | when ssl3_send_client_certificate() was converted to the standard handshake functions in r1.150 of s3_clnt.c. This has no impact on TLS, however it causes the DTLS client to fail if the server sends a certificate request, since the TLS MAC is calculated on a non-populated DTLS header. Issue reported by umokk on github.
* Convert ssl3_{get,send}_server_key_exchange() to EVP_md5_sha1().jsing2017-03-013-44/+29
| | | | ok inoguchi@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 15:49:56 +0000