summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Check tls1_PRF() return value in tls1_generate_master_secret().jsing2017-03-251-4/+4
|
* More cleanup for tls1_PRF()/tls1_P_hash() - change the argument order ofjsing2017-03-251-46/+50
| | | | | | | tls1_PRF() so that it matches tls1_P_hash(), use more explicit argument names and change lengths to size_t. ok inoguchi@
* add a helper function to print all pools #ifdef MALLOC_STATSotto2017-03-241-1/+16
| | | | from David CARLIER
* document new recallocarray diagnostic; zap a few diagnostics that shouldotto2017-03-241-8/+9
| | | | never occur
* move recallocarray to malloc.c andotto2017-03-242-19/+207
| | | | | | | - use internal meta-data to do more consistency checking (especially with option C) - use cheap free if possible ok deraadt@
* Fewer magic numbers.jsing2017-03-181-3/+3
|
* t1_enc.cjsing2017-03-181-3/+2
|
* Currently tls1_PRF() requires that a temporary buffer be provided, thatjsing2017-03-181-50/+32
| | | | | | | | | | | | | | matches the size of the output buffer. This is used in the case where there are multiple hashes - tls_P_hash() is called with the temporary buffer and the result is then xored into the output buffer. Avoid this by simply using a local buffer in tls_P_hash() and then xoring the result into the output buffer. Overall this makes the code cleaner and simplifies all of the tls_PRF() callers. Similar to BoringSSL. ok inoguchi@
* remove unneccessary macro;jmc2017-03-171-2/+2
|
* Strengthen description of recallocarray(3) behaviour, hoping that readersderaadt2017-03-171-5/+10
| | | | | make the behaviour -> use case connection. help from jmc and jsing
* Convert BUF_MEM_grow() and BUF_MEM_grow_clean() to recallocarray(),jsing2017-03-161-13/+3
| | | | | | | | | | ensuring that the buffer contents are zeroed on allocation and not leaked when resizing. It is worth noting that BUF_MEM_grow_clean() already did this manually by avoiding realloc(). ok beck@ inoguchi@
* Use calloc() instead of malloc() followed by manually zeroing fields.jsing2017-03-161-6/+3
| | | | ok beck@ inoguchi@
* Remove the handshake digests and related code, replacing remaining usesjsing2017-03-107-166/+45
| | | | | | | with the handshake hash. For now tls1_digest_cached_records() is retained to release the handshake buffer. ok beck@ inoguchi@
* Switch CBB to use recallocarray() - this ensures that we do not leakjsing2017-03-101-2/+2
| | | | | | secrets via realloc(). ok inoguchi@
* First pass at cleaning up the tls1_P_hash() function - remove a pointlessjsing2017-03-101-20/+19
| | | | | | | EVP_DigestSignInit() call and avoid the need for ctx_tmp by reordering the code slightly. ok inoguchi@
* Make tls1_PRF() non-static so it can be regress tested.jsing2017-03-101-2/+7
|
* Correctly handle TLS PRF with MD5+SHA1 - the secret has to be partitionedjsing2017-03-071-5/+26
| | | | | | and each hash processed separately. Tested by tb@
* Some tweaks from jmc@ and describe better what recallocarray does;otto2017-03-071-7/+16
| | | | help and ok from tom@ and deraadt@
* Introducing recallocarray(3), a blend of calloc(3) and reallocarray(3)otto2017-03-063-7/+147
| | | | | with the added feature that released memory is cleared. Much input from various developers. ok deraadt@ tom@
* size is unsigned so using ==0 not <=0 when checking for buffer exhaustionmillert2017-03-061-4/+4
|
* Pull in a change from the bind 8 resolver that fixes a potentialmillert2017-03-061-10/+16
| | | | | crash when given a large hex number as part of the dotted quad. OK deraadt@ jsg@
* Clean up and simplify the tls1_PRF() implementation now that we have ajsing2017-03-061-48/+19
| | | | | | single EVP MD for the PRF hash. ok beck@ inoguchi@
* Correctly convert an SSLv2 challenge into an SSLv3/TLS client random byjsing2017-03-051-9/+27
| | | | | | truncating or left zero padding. ok beck@ inoguchi@ sthen@
* Provide a rolling handshake hash that commences as soon as the cipherjsing2017-03-058-54/+193
| | | | | | | | | | suite has been selected, and convert the final finish MAC to use this handshake hash. This is a first step towards cleaning up the current handshake buffer/digest code. ok beck@ inoguchi@
* Convert various handshake message generation functions to CBB.jsing2017-03-054-56/+113
| | | | ok beck@ inoguchi@
* Drop the second argument of dtls1_set_message_header() and make it a voidjsing2017-03-043-13/+10
| | | | | function. Nothing makes use of the return value and the second argument was only used to produce the return value...
* Call ssl3_handshake_write() instead of ssl3_do_write() - this was missedjsing2017-03-041-2/+2
| | | | | | | | | | | when ssl3_send_client_certificate() was converted to the standard handshake functions in r1.150 of s3_clnt.c. This has no impact on TLS, however it causes the DTLS client to fail if the server sends a certificate request, since the TLS MAC is calculated on a non-populated DTLS header. Issue reported by umokk on github.
* Ensure MD and key initialized before processing HMACinoguchi2017-03-031-4/+18
| | | | | | | | Ensure both MD and key have been initialized before processing HMAC. Releasing HMAC_CTX in error path of HMAC(). In regress test, added test 4,5,6 and cleaned up the code. ok jsing@
* fix error in Dt; from robert kleinjmc2017-03-021-3/+3
|
* Convert ssl3_{get,send}_server_key_exchange() to EVP_md5_sha1().jsing2017-03-013-44/+29
| | | | ok inoguchi@
* Include EVP_md5_sha1() via OpenSSL_add_all_digests().jsing2017-03-011-1/+2
|
* Bump minors due to symbol addition.jsing2017-02-283-3/+3
|
* Document EVP_md5_sha1().jsing2017-02-281-2/+11
|
* Add an EVP interface that provides concatenated MD5+SHA1 hashes, which arejsing2017-02-284-2/+88
| | | | | | | | | | used in various parts of TLS 1.0/1.1. This will allow for code simplification in libssl. The same interface exists in OpenSSL 1.1. ok beck@ deraadt@ inoguchi@ millert@
* Fix typo in issuingDistributionPoint description.jsing2017-02-281-1/+1
|
* Stop pretending that MD5 and SHA1 might not exist - rather than locatingjsing2017-02-284-20/+8
| | | | | | | "ssl3-md5" and "ssl-sha1", call the EVP_md5() and EVP_sha1() functions directly. ok beck@ inoguchi@
* Add support for RES_USE_DNSSECjca2017-02-271-5/+2
| | | | | | | | | | | | RES_USE_DNSSEC is implemented by setting the DNSSEC DO bit in outgoing queries. The resolver is then supposed to set the AD bit in the reply if it managed to validate the answer through DNSSEC. Useful when the application doesn't implement validation internally. This scheme assumes that the validating resolver is trusted and that the communication channel between the validating resolver and and the client is secure. ok eric@ gilles@
* Add the following root CAs, from SECOM Trust Systems / Security Communicationsthen2017-02-241-1/+126
| | | | | | | | of Japan, they are present in Mozilla's CA store. OK ajacoutot@ /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1 /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2 /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
* Remove STREEBOG 512 as a TLS MAC since there are currently no cipher suitesjsing2017-02-212-26/+6
| | | | | | that make use of it. ok bcook@ inoguchi@
* don;t end Nd with a full stop;jmc2017-02-211-3/+3
|
* Mark ERR_add_error_data and ERR_add_error_vdata as not for internal use,beck2017-02-205-14/+81
| | | | | and document ERR_asprintf_error_data as their replacement. ok jsing@, ingo@
* spelling fix;jmc2017-02-201-2/+2
|
* document tls_config_error(3) RETURN VALUES, improve what is saidschwarze2017-02-202-6/+59
| | | | | about tls_error(3), and warn about some traps; OK jmc@
* Add EDNS0 support.jca2017-02-181-4/+3
| | | | | | | EDNS allows for various DNS extensions, among which UDP DNS packets size bigger than 512 bytes. The default is still to not advertize anything. ok eric@
* Avoid dereferencing a pointer when reporting an error about the samejsing2017-02-151-2/+2
| | | | | | pointer being NULL. Found by jsg@ with cppcheck; also detected by Coverity.
* Add a NULL test to wrterror() to avoid a NULL deref when called from ajsg2017-02-151-2/+2
| | | | | | free() error path. ok otto@
* bump to 2.5.2bcook2017-02-141-3/+3
|
* malloc does not *need* to return page-aligned objects for size >=otto2017-02-121-5/+2
| | | | | a page. This is not required by any standard and other malloc implementation do not document (or implement) this. ok deraadt@
* DES keys are not 7 days long. ok jsing@dtucker2017-02-092-5/+5
|
* Revert previous; the implementation is incorrect since it assumes that thejsing2017-02-072-20/+7
| | | | | provided error code matches the error that is currently on the top of the error stack.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-05 11:24:29 +0000