summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Use SSL3_SEQUENCE_SIZE and if we're going to preincrement we may as welljsing2014-06-131-4/+3
| | | | do it properly.
* Add support for handling SSL_CIPHER_ALGORITHM2_AEAD ciphers, which arejsing2014-06-138-66/+498
| | | | | | | | | | | | | those that use EVP_AEAD instead ov EVP_CIPHER. This means being able to change cipher state with an EVP_AEAD and being able to encrypt/decrypt TLS using the EVP_AEAD. This has no change on existing non-SSL_CIPHER_ALGORITHM2_AEAD ciphers. Based on Adam Langley's chromium patches. Rides the recent libssl bump. Tested by sthen@
* Add an SSL_AEAD_CTX to enable the use of EVP_AEAD with an SSL cipher.jsing2014-06-138-8/+98
| | | | | | | | | Read and write contexts are also added to the SSL_CTX, along with supporting code. Based on Adam Langley's chromium diffs. Rides the recent SSL library bump.
* Remove support for the `opaque PRF input' extension, which draft has expiredmiod2014-06-1324-700/+29
| | | | | | | | 7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
* Add timingsafe_memcmp().matthew2014-06-136-38/+153
| | | | ok deraadt, jmc, tedu
* Add regress tests for timingsafe_bcmp and timingsafe_memcmp.matthew2014-06-133-2/+86
| | | | | timingsafe_memcmp tests are disabled for now, pending its addition to libc.
* Add regress test for explicit_bzero.matthew2014-06-123-2/+145
|
* replace atoi() calls with strtol(). Follow the idiomatic pattern in ourderaadt2014-06-126-80/+194
| | | | | | | | | manual page strictly. Return -2 if the strings are not strict numbers. The numbers remain in the range of "int". Range checking for these parameters is done later in the pkey_*_ctl() functions, or sometimes in functions much further downstream... but not always!!! ok millert miod mikeb
* tags as requested by miod and teduderaadt2014-06-121537-1373/+1553
|
* Disable the "switch to insertion sort" optimization to avoid quadraticmillert2014-06-121-13/+2
| | | | behavior for certain inputs. From NetBSD. OK tedu@
* Really remove the obsolete manpages left by earlier commitchrisz2014-06-112-0/+0
| | | | which just emptied the file but didn't remove it.
* Remove manpages about deprecated RFC2292 ancillary data convenience functions.chrisz2014-06-114-769/+4
| | | | | | They are obsoleted by the RFC3542 api. ok mpi@
* Stop setting the EVP_MD_CTX_FLAG_NON_FIPS_ALLOW - it has been ignored sincejsing2014-06-119-17/+0
| | | | | | OpenSSL 1.0.0. ok miod@ (a little while back)
* Tsk. Tsk. Someone forgot to compile test the other half.jsing2014-06-112-4/+4
|
* Disable TLS support...jsing2014-06-116-16/+0
| | | | | | | | Just kidding! unifdef OPENSSL_NO_TLS since we will never want to actually do that. ok deraadt@
* Provide support for non-funopen systems.deraadt2014-06-113-18/+62
| | | | ok beck
* More KNF.jsing2014-06-112-112/+182
|
* Fix memory leak: free s if calloc fails.logan2014-06-112-2/+6
| | | | | | (From Jonas Maebe) OK from beck@
* c-file-style hints, begone; ok beckderaadt2014-06-1194-94/+94
|
* Check return value of EVP_MD_CTX_copy_ex() in ssl3_handshake_mac()logan2014-06-101-1/+3
| | | | | | | | to avoid potential null pointer dereference. Based on david ramos work. OK from miod@ and jsing@
* stick with 16k buffers for a little while to avoid bufferbloat.tedu2014-06-101-2/+2
| | | | | atomicio writing out 64k in one direction will cause traffic in the other direction to stall until it's complete. discussion with deraadt
* increase buffer size to 64k, and actually use it. ok deraadttedu2014-06-101-3/+3
| | | | from John-Mark Gurney
* Abandon the auto-ENGINE /dev/crypto interface. VIA 3des cbc receivesderaadt2014-06-109-2738/+4
| | | | | | | | | | | | | collateral damage. The syncronous nature of this mechanism has hampered performance for symmetric crypto relative to brute-force cpu. The assymetric crypto support never really materialized in drivers. So abandon the complexity. ok tedu beck mikeb some disagrement from djm but if he wants to test /dev/crypto ciphers he should do it without this this gigantic API in the way
* KNF.jsing2014-06-1016-1512/+1512
|
* KNF.jsing2014-06-1022-870/+1032
|
* Remove pointless casts and use c instead of &c[0], since it is the samejsing2014-06-101-9/+3
| | | | | | thing for an unsigned char array. ok deraadt@
* In tls1_cert_verify_mac(), check the return value of EVP_MD_CTX_copy_ex()jsing2014-06-102-6/+10
| | | | | | | | | to avoid a possible NULL function call on ctx.final(). None of the callers currently check the return value of calls to cert_verify_mac(), however the function already returns 0 in another case and the MAC comparison will later fail. Issue reported by David Ramos.
* Use C99 initialisers for EVP_MD structs, for clarity, grepability and tojsing2014-06-1022-360/+532
| | | | | | protect from future field reordering/removal. No difference in generated assembly.
* More KNF.jsing2014-06-101-19/+18
|
* Avoid potential NULL pointer function calls in n_ssl3_mac() by checkingjsing2014-06-101-2/+4
| | | | | | | | | | the return value of EVP_MD_CTX_copy_ex(). If the copy fails early then EVP_DigestUpdate() will invoke md_ctx.update(), which will be a NULL function pointer. Analysis and patch from David Ramos. ok deraadt@
* Multiple fixes for ssl3_digest_cached_records() - if EVP_MD_CTX_create()jsing2014-06-101-8/+12
| | | | | | | | | fails, the NULL check will add an error but it does not abort. This will result in EVP_DigestInit_ex() being called with a NULL context. Also ensure that we check the return values from EVP_DigestInit_ex() and EVP_DigestUpdate(). ok deraadt@ miod@
* Ensure ssl3_final_finish_mac() returns failure if either the MD5 or SHA1jsing2014-06-101-5/+10
| | | | | | | | | handshake MAC calculation fails. Currently, the result from both ssl3_handshake_mac() calls is added together. This means that unless both MD5 and SHA1 fail, a positive value will be returned to the caller, indicating success rather than failure. ok deraadt@ miod@ sthen@
* mop up ifndef KERNEL goo; ok miodderaadt2014-06-1012-60/+12
|
* use memset instead of bzeroderaadt2014-06-092-4/+4
|
* do not include dso.h where it is not needed; ok miodderaadt2014-06-096-6/+0
|
* More KNF.jsing2014-06-091-11/+11
|
* Add an SSL_CIPHER_ALGORITHM2_AEAD flag that is used to mark a cipher asjsing2014-06-084-0/+114
| | | | | using EVP_AEAD. Also provide an EVP_AEAD-only equivalent of ssl_cipher_get_evp().
* Add a define for the SSLv3 sequence size and use it, rather than sprinklingjsing2014-06-087-14/+16
| | | | | | magic numbers around. ok deraadt@
* No, we will not be building with OPENSSL_NO_X509_VERIFY. Nuke it andjsing2014-06-082-28/+16
| | | | | | do some other clean up while here. ok deraadt@
* Clean up BIO_free() handling in bio_ssl.c - BIO_free() has its own NULLjsing2014-06-082-26/+32
| | | | | | | | check, so do not duplicate it here. Make the error handling consistent by always using 'goto err' rather than returning in certain cases. Also add a missing BIO_free(ssl) in BIO_new_ssl_connect(). ok deraadt@
* Be explicit with types. No binary change.jsing2014-06-082-6/+6
|
* Stop using DSO_global_lookup to reach getaddrinfo() and friendsderaadt2014-06-082-80/+6
| | | | discussed with tedu, ok jsing
* Factor out the part of tls1_change_cipher_state() that is specific tojsing2014-06-086-252/+310
| | | | | | | switching cipher states using an EVP_CIPHER. This will facilitate the addition of cipher state changes for EVP_AEAD. No functional change. Based on Adam Langley's chromium patches.
* Factor out the sequence number reset code to aid in upcoming changes.jsing2014-06-082-16/+20
|
* /* on some platforms time_t may be a float */deraadt2014-06-071-3/+3
| | | | | | | | In the past, time_t's type was underspecified. But a floating point type would not have worked in practice. Newer specifications effectively forbid it. While cleaning this up, get partly ready for Y2038. ok miod
* http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162e ↵deraadt2014-06-0714-86/+12
| | | | | | | | | | | | | | | | | | | c30718b5e7480add42598158 Don't know the full story, but it looks like a "can't do random perfectly, so do it god awful" problem was found in 2013, and replaced with "only do it badly if a flag is set". New flags (SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old scheme of "use time_t for first 4 bytes of the random buffer". Nothing uses these flags [ecosystem scan by sthen] Fully discourage use of these flags in the future by removing support & definition of them. The buflen < 4 check is also interesting, because no entropy would be returned. No callers passed such small buffers. ok miod sthen
* Add missing NULL check after calling EVP_PKEY_new_mac_key().jsing2014-06-072-0/+4
| | | | Based on Adam Langley's chromium patches.
* Use !is_read to imply SSL3_CC_WRITE.jsing2014-06-072-6/+4
| | | | | | | While this is not strictly correct (since the presence of SSL3_CC_READ does not guarantee the absence of SSL3_CC_WRITE), in practice only one of these flags is set at a time and there is existing logic which already relies on this behaviour.
* Move the export label initialisation into the export handling code, sincejsing2014-06-072-12/+22
| | | | this is the only place where these variables are used.
* Remove pointless casts - no binary change.jsing2014-06-072-4/+4
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-31 10:28:05 +0000