summaryrefslogtreecommitdiffstats
path: root/lib/libssl/s3_clnt.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Accept CCS again after `finished' has been sent by the client; at this pointmiod2014-07-111-5/+6
| | | | | | | keys have been correctly set up so it is ok to accept CCS from the server. Without renegotiation can sometimes fail. OpenSSL PR #3400 via OpenSSL trunk.
* Remove the PSK code. We don't need to drag around thisbeck2014-07-111-136/+1
| | | | | baggage. ok miod@ jsing@
* decompress libssl. ok beck jsingtedu2014-07-101-70/+2
|
* tedu the SSL export cipher handling - since we do not have enabled exportjsing2014-07-091-31/+1
| | | | | | ciphers we no longer need the flags or code to support it. ok beck@ miod@
* always compare memcmp against 0, for clarity.tedu2014-06-211-2/+2
|
* convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoringtedu2014-06-191-3/+3
| | | | | | libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Stop setting the EVP_MD_CTX_FLAG_NON_FIPS_ALLOW - it has been ignored sincejsing2014-06-111-2/+0
| | | | | | OpenSSL 1.0.0. ok miod@ (a little while back)
* http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162ec30718b5e7480add42598158deraadt2014-06-071-3/+1
| | | | | | | | | | | | | | | | | Don't know the full story, but it looks like a "can't do random perfectly, so do it god awful" problem was found in 2013, and replaced with "only do it badly if a flag is set". New flags (SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old scheme of "use time_t for first 4 bytes of the random buffer". Nothing uses these flags [ecosystem scan by sthen] Fully discourage use of these flags in the future by removing support & definition of them. The buflen < 4 check is also interesting, because no entropy would be returned. No callers passed such small buffers. ok miod sthen
* The DH_free, EC_KEY_free, EVP_PKEY_free and RSA_free functions all havejsing2014-06-071-13/+8
| | | | | implicit NULL checks, so there is no point ensuring that the pointer is non-NULL before calling them.
* Ensure that sess_cert is not NULL before trying to use it.jsing2014-06-051-0/+8
| | | | | | Fixes CVE-2014-3470, from OpenSSL. ok deraadt@
* ssl_sess_cert_new() can return NULL. Fix two cases where the return valuejsing2014-06-051-13/+12
| | | | | | | | | is unchecked, which would result in a later null pointer dereference. While here, RSA_free, DH_free and EC_KEY_free all have implicit NULL checks, so avoid repeating them here. ok beck@
* Be selective as to when ChangeCipherSpec messages will be accepted.jsing2014-06-051-1/+2
| | | | | | | | | | | | | | | | | Without this an early ChangeCipherSpec message would result in session keys being generated, along with the Finished hash for the handshake, using an empty master secret. For a detailed analysis see: https://www.imperialviolet.org/2014/06/05/earlyccs.html This is a fix for CVE-2014-0224, from OpenSSL. This issue was reported to OpenSSL by KIKUCHI Masashi. Unfortunately the recent OpenSSL commit was the first we were made aware of the issue. ok deraadt@ sthen@
* More KNF.jsing2014-06-051-49/+32
|
* without overthinking it, replace a few memcmp calls with CRYPTO_memcmptedu2014-06-041-2/+2
| | | | where it is feasible to do so. better safe than sorry.
* More manual OPENSSL_NO_EC and OPENSSL_NO_TLSEXT cleanup.jsing2014-05-311-4/+4
|
* TLS would not be entirely functional without extensions, so unifdefjsing2014-05-311-29/+0
| | | | | | OPENSSL_NO_TLSEXT. ok tedu@
* remove some #if 0 code. we don't need any more reminders that we're usingtedu2014-05-301-6/+0
| | | | a not quite appropriate data structure. ok jsing
* Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS andjsing2014-05-301-11/+8
| | | | | | SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
* no space before labeltedu2014-05-291-18/+18
|
* line up else bettertedu2014-05-291-5/+2
|
* unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.tedu2014-05-291-40/+0
| | | | ok deraadt jsing
* EVP_MD_CTX_create() calls malloc and can return NULL. However, only one ofjsing2014-05-281-0/+5
| | | | | | | the calls in libssl actually checks the return value before using it. Add NULL checks for the remaining three calls. ok miod@
* There is no point in checking if a pointer is non-NULL before calling free,jsing2014-05-281-18/+9
| | | | | | | | since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
* Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much ofjsing2014-05-251-8/+0
| | | | | | | this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
* DeIMPLEMENT libssl. Expand the IMPLEMENT_* macros since it is far morejsing2014-05-241-3/+38
| | | | | | | | readable and one less layer of abstraction. Use C99 initialisers for clarity, grepability and to protect from future field reordering/removal. ok miod@ (tedu@ also thought it was a wonderful idea, beck@ also agreed, but ran away squealing since it reminded him of the VOP layer...)
* Stop including kssl_lcl.h and nuke it from orbit - it is a no-op now.jsing2014-05-221-1/+0
| | | | ok beck@ miod@
* KSSL is dead... nuke KSSL_DEBUG from orbit.jsing2014-05-201-7/+0
| | | | ok beck@ miod@
* Remove SRP and Kerberos support from libssl. These are complex protocolstedu2014-05-051-258/+0
| | | | | all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
* Fix indentation.mcbride2014-04-241-211/+208
|
* Make it compile again.jsing2014-04-241-1/+1
|
* More KNF, things that couldn't be verified with md5(1), and some whitespacemcbride2014-04-241-45/+42
| | | | I missed on the first go around.
* KNFmcbride2014-04-241-636/+890
|
* remove redundant asign. from David Hilltedu2014-04-241-1/+0
|
* Unifdef -UPKCS1_CHECK and remove SSL_OP_PKCS1_CHECK_[12], this is leftovermiod2014-04-231-6/+0
| | | | | | | | ``debug'' code from a 15+ years old bugfix and the SSL_OP_PKCS1_CHECK_* constants have had a value of zero since ages. No production code should use them. ok beck@
* more malloc/realloc/calloc cleanups; ok beck kettenisderaadt2014-04-211-3/+1
|
* More KNF and style consistency tweaksguenther2014-04-191-4/+3
|
* whack a bunch of disabled code. ok beck lteotedu2014-04-171-17/+3
|
* no longer need to fool emacs indentation and other if (0) oddities.tedu2014-04-171-6/+2
|
* always build in RSA and DSA. ok deraadt miodtedu2014-04-171-51/+0
|
* quick pass at removing ability to disable sha256 and sha512. ok miodtedu2014-04-171-4/+0
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-11/+11
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* add back SRP. i was being too greedy.tedu2014-04-161-0/+106
|
* disentangle SRP code from TLStedu2014-04-161-106/+0
|
* remove FIPS mode support. people who require FIPS can buy something thattedu2014-04-151-3/+0
| | | | | meets their needs, but dumping it in here only penalizes the rest of us. ok miod
* make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miodtedu2014-04-141-11/+0
|
* So the OpenSSL codebase does "get the time, add it as a random seed"deraadt2014-04-141-2/+0
| | | | | | | in a bunch of places inside the TLS engine, to try to keep entropy high. I wonder if their moto is "If you can't solve a problem, at least try to do it badly". ok miod
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-141-1790/+1539
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* Do not include "e_os.h" anymore. Simply pull in the necessary headers.mpi2014-04-131-1/+1
| | | | ok miod@, deraadt@
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-5/+6
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.