summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src/ssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Use string literals in printf style calls so gcc's -Wformat works.doug2014-10-031-3/+3
| | | | ok tedu@, miod@
* Clean up EC cipher handling in ssl3_choose_cipher().jsing2014-09-303-145/+152
| | | | | | | | | | | The existing code reaches around into various internals of EC, which it should not know anything about. Replace this with a set of functions that that can correctly extract the necessary details and handle the comparisions. Based on a commit to OpenSSL, with some inspiration from boringssl. ok miod@
* Add a new API function SSL_CTX_use_certificate_chain() that allows toreyk2014-09-282-17/+50
| | | | | | | | | | | read the PEM-encoded certificate chain from memory instead of a file. This idea is derived from an older implementation in relayd that was needed to use the function with a privep'ed process in a chroot. Now it is time to get it into LibreSSL to make the API more privsep- friendly and to make it available for other programs and the ressl library. ok jsing@ miod@
* There is not much point checking ecdhp is not NULL... twice.jsing2014-09-272-14/+5
| | | | ok miod@
* Check that the specified curve is one of the client preferences.jsing2014-09-275-8/+70
| | | | | | Based on OpenSSL. ok miod@
* Now that we have a static version of the default EC formats, also use itjsing2014-09-261-47/+44
| | | | | | | | for the server hello. From OpenSSL. ok miod@
* Refactor and simplify the ECC extension handling. The existing codejsing2014-09-222-122/+98
| | | | | | | | | effectively built two "static" data structures - instead of doing this, just use static data structures to start with. From OpenSSL (part of a larger commit). ok miod@
* Also check the result from final_finish_mac() against finish_mac_length injsing2014-09-221-19/+17
| | | | | | ssl3_send_finished(). While this previously checked against a zero return value (which could occur on failure), we may as well test against the expected length, since we already know what that is.
* It is possible (although unlikely in practice) for peer_finish_md_len tojsing2014-09-221-13/+11
| | | | | | | | | | | | | | end up with a value of zero, primarily since ssl3_take_mac() fails to check the return value from the final_finish_mac() call. This would then mean that an SSL finished message with a zero-byte payload would successfully match against the calculated finish MAC. Avoid this by checking the length of peer_finish_md_len and the SSL finished message payload, against the known length already stored in the SSL3_ENC_METHOD finish_mac_length field (making use of a previously unused field). ok miod@ (a little while back)
* Move the TLS padding extension under an SSL_OP_TLSEXT_PADDING option, whichjsing2014-09-212-10/+18
| | | | | | | | | | | | | | | is off by default (instead of being enabled unconditionally). The TLS padding extension was added as a workaround for a bug in F5 SSL terminators, however appears to trigger bugs in IronPort SMTP appliances. Now the SSL client gets to choose which of these devices it wants to trigger bugs in... Ported from OpenSSL. Discussed with many. ok miod@
* Add CHACHA20 as a cipher symmetric encryption alias.jsing2014-09-191-1/+5
| | | | From Ming <gzchenym at 126.com>
* remove obfuscating parens. man operator is your friend.tedu2014-09-192-15/+15
|
* Remove SSL_kDHr, SSL_kDHd and SSL_aDH. No supported ciphersuites use them,jsing2014-09-078-91/+27
| | | | | | nor do we plan on supporting them. ok guenther@
* Replace the remaining uses of ssl3_put_cipher_by_char() with s2n and ajsing2014-08-245-29/+19
| | | | | | | ssl3_cipher_get_value() helper function, which returns the cipher suite value for the given cipher. ok miod@
* Remove non-standard GOST cipher suites (which are not compiled injsing2014-08-231-68/+1
| | | | | | currently). From Dmitry Eremin-Solenikov.
* Replace the remaining ssl3_get_cipher_by_char() calls with n2s() andjsing2014-08-234-40/+30
| | | | | | ssl3_get_cipher_by_id(). ok bcook@
* Check the return value of sk_SSL_CIPHER_new_null(), since it allocatesjsing2014-08-111-5/+7
| | | | | | memory and can return NULL. ok miod@
* Unchecked memory allocation and potential leak upon error inmiod2014-08-111-5/+12
| | | | | ssl3_get_cert_verify(). ok guenther@ jsing@
* Remove now-unused SSL2_STATE as well as ssl2-specific state machine values.miod2014-08-111-117/+1
| | | | ok guenther@ jsing@
* Currently, ssl3_put_char_by_bytes(NULL, NULL) is just a long handed wayjsing2014-08-113-13/+12
| | | | | | | | of writing "2". Add a define for the SSL3_CIPHER_VALUE_SIZE (rather than using a less-readable hardcoded constant everywhere) and replace the ssl3_put_char_by_bytes(NULL, NULL) calls with it. ok bcook@ miod@
* Provide a ssl3_get_cipher_by_id() function that allows ciphers to be lookedjsing2014-08-113-15/+18
| | | | | | | | up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char(). ok bcook@ miod@
* Tweak cipher list comments and add missing cipher value comments.jsing2014-08-101-5/+26
|
* Remove disabled (weakened export and non-ephemeral DH) cipher suites fromjsing2014-08-101-470/+5
| | | | | | | | the cipher list. This reduces code size, saves data segment space and prevents them from being turned back on at runtime by flipping a bit in memory. ok guenther@
* Since we no longer need to support SSLv2-style cipher lists, startjsing2014-08-1017-94/+35
| | | | | | | | | | unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros. Prompted by similar changes in boringssl. ok guenther.
* Fix CVE-2014-3507, avoid allocating and then leaking a fresh fragmentguenther2014-08-081-2/+7
| | | | | | | | | structure when a zero-length fragment is received. Based on https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74 diff by miod@, ok guenther@ bcook@ deraadt@
* Correct test reversed during merge of fix for CVE-2014-3509guenther2014-08-071-2/+2
| | | | | pointed out by Watson Ladd (watson (at) matasano.com) ok deraadt@
* Fix CVE-2014-3506, DTLS handshake message size checks. Fromguenther2014-08-071-16/+22
| | | | | | | https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636 with comment/whitespace style tweaks ok bcook@ miod@
* Oops, revert changes commited by mistake. The previous commit was supposedmiod2014-08-077-28/+31
| | | | to only apply to s23_srvr.c.
* When you expect a function to return a particular value, don't put a commentmiod2014-08-078-37/+31
| | | | | | | | | | | saying that you expect it to return that value and compare it against zero because it is supposedly faster, for this leads to bugs (especially given the high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in this library). Instead, compare for the exact value it ought to return upon success. ok deraadt@
* Fix CVE-2014-3511; TLS downgrade, verbatim diffderaadt2014-08-071-5/+27
| | | | | https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b ok guenther miod
* merge CVE-2014-3510; Fix DTLS anonymous EC(DH) denial of servicederaadt2014-08-071-1/+9
| | | | | https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049 ok bcook
* merge fix for CVE-2014-3509 -- basically a missing s->hit check; ok guentherderaadt2014-08-061-9/+13
|
* Prevent a possible use after free by mimicing the s3_srvr.c fixes contributed bymiod2014-08-061-4/+1
| | | | | | | Adam Langley close to three years ago, which were commited in https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e7928282d0148af5f28fa3437a625a2006af0214 ok jsing@
* The RSA, DH, and ECDH temporary key callbacks expect the number of keybitsguenther2014-07-283-9/+21
| | | | | | | | | | | | | for the key (expressed in RSA key bits, which makes *no sense* for ECDH) as their second argument, not zero. (jsing@ notes that the RSA callback is only invoked for 'export' ciphers, which have been removed from LibreSSL, and for the SSL_OP_EPHEMERAL_RSA option, which is makes the application non-compliant. More fuel for the tedu fire...) jasper@ noted the breakage and bisected it down to the diff that broke this ok jsing@ miod@
* avoid sys/param.h; Jonas Termansenderaadt2014-07-171-2/+2
|
* Missing bounds check in ssl3_get_certificate_request(), was not spotted inmiod2014-07-171-1/+6
| | | | 1.78; reported by Ilja Van Sprundel.
* Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext().miod2014-07-141-6/+6
| | | | From BoringSSL.
* Stop leaking internal library pointers in error messages.jsing2014-07-131-2/+2
| | | | Requested by miod@
* Explicitly initialise slen - this was not previously done due to a missingjsing2014-07-131-1/+2
| | | | M_ASN1_D2I_begin macro.
* Convert error handling to SSLerr and ERR_asprintf_error_data.jsing2014-07-131-59/+54
|
* Convert d2i_SSL_SESSION to ASN1 primitives, instead of the horrificjsing2014-07-131-26/+297
| | | | | | | asn1_mac.h macros. This still needs a lot of improvement, but immediately becomes readable. ok miod@ (sight unseen!)
* Remove license introduced with the PSK code, which has since been removed.jsing2014-07-131-27/+1
| | | | ok deraadt@
* Another compression remnant.jsing2014-07-131-2/+1
|
* Expand the tlsext_sigalg macros. The end result is about the same numberjsing2014-07-131-16/+19
| | | | | | of lines and much more readable. ok miod@
* Rewrite i2d_SSL_SESSION to use the ASN1 primitives, rather than using thejsing2014-07-131-75/+98
| | | | | | | | | | | horrific macros from asn1_mac.h. This is a classic example of using macros to obfuscate code, in an attempt to reduce the line count. The end result is so ridiculously convoluted that it is completely unreadable and it takes hours to deconstruct the macros and figure out what is actually going on behind the scenes. ok miod@
* The bell tolls for BUF_strdup - Start the migration to usingbeck2014-07-133-6/+7
| | | | | | intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
* KNF and some code cleaning.jsing2014-07-131-36/+46
|
* Another large dose of KNF.jsing2014-07-131-236/+407
|
* Apply a large dose of KNF.jsing2014-07-121-126/+202
|
* The correct name for EDH is DHE, likewise EECDH should be ECDHE.jsing2014-07-129-118/+118
| | | | | | Based on changes to OpenSSL trunk. ok beck@ miod@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.