| Age | Commit message (Collapse) | Author |
|---|
|
the Camellia ciphersuites for TLS 1.2 introduced in RFC 5932. From OpenSSL HEAD.
|
|
A few EVP_DigestInit_ex() calls were left alone since reporting an
error would change the public API.
Changed internal ssl3_cbc_digest_record() to return a value due to the above
change. It will also now set md_out_size=0 on failure.
This is based on part of BoringSSL's commit to fix malloc crashes:
https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364
ok miod@
|
|
Remove support for conditional payload alignment, since we would never
want to turn it off. Also, consistently use size_t for calculating the
alignment.
ok miod@
|
|
the new handshake functions.
ok miod@
|
|
messages. This will allow for removal of repeated/duplicated code.
Additionally, DTLS was written by wholesale copying of the SSL/TLS code,
with some DTLS specifics being added to the duplicated code. Since these
SSL handshake message functions know how to handle both SSL/TLS and DTLS,
upon conversion the duplicate versions will become identical (or close to),
at which point the DTLS versions can be removed and the SSL/TLS versions
used for both protocols.
Partially based on similar changes in OpenSSL.
ok miod@
|
|
|
|
mazes in libssl. NPN is being replaced by ALPN, however it is still going
to be around for a while yet.
ok miod@
|
|
enabled and I would hope that no one is using client certificates with DTLS
and Netscape, assuming it even supported it...
ok bcook@ miod@
|
|
calls malloc(). Instead of silently continuing on failure, check the return
value of BIO_new() and propagate failure back to the caller for appropriate
handling.
ok bcook@
|
|
the two ciphersuites that use it. GOST94 public/private keys have been
long obsoleted and libcrypto does not have support for them anyway.
Discussed with Dmitry Eremin-Solenikov.
|
|
|
|
Based on OpenSSL and BoringSSL.
ok bcook@
|
|
ok jsing@
|
|
Casting a pointer to an unsigned long discards bits on an LLP64 system.
ok deraadt@
|
|
void pointer is undefined and initialising an array with {} is a syntax
error.
Based on a diff from kinichiro inoguchi.
|
|
system. *blush*
|
|
generating code for 64-bit mips userland.
|
|
bn_div_words, bn_mul_add_words, bn_mul_words, bn_sqr_words, bn_sub_words)
on sgi, because the generated assembly code isn't R4000-safe.
|
|
|
|
only sometimes being available... and when it was available it was via
the crypto engine. GOST is now part of libcrypto proper.
Instead of trying to do EVP PKEY lookups via string literals and the
ASN1 interfaces, lookup the methods directly using the appropriate NID.
ok bcook@
|
|
|
|
If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the
object in an inconsistent state since the name is already freed.
This commit avoids changing the original name unless the *_add() call
will succeed.
Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0
ok miod@
|
|
|
|
|
|
the associated peer_rsa_tmp goop.
This was only needed for export cipher handling and intentional RFC
violations. The export cipher suites have already been removed and
previous cleanup means that we will never send ServerKeyExchange messages
from the server side for RSA.
|
|
storing and processing in wire encoded form.
Inspired by boringssl.
ok miod@
|
|
The EC curve handling code assumes this to be the case and will read one
byte off the end of the curve list during processing, in the case where it
is not.
ok miod@
|
|
the buffer. The later size check would catch this, however reading first
and checking later is less than ideal.
ok miod@
|
|
|
|
Several functions that need to be redefined for a Windows port are right
in the middle of other code that is relatively portable. This patch
isolates the functions that need Windows-specific implementations so
they can be built conditionally in the portable tree.
ok jsing@ deraadt@
|
|
ok jsing@ deraadt@
|
|
EC_POINT_point2oct so that later allocation does not overflow
with miod
|
|
ok miod
|
|
from OpenSSL HEAD via Thomas Jakobi.
|
|
|
|
found because the groff_mdoc(7) macros warn about it.
|
|
ssl3_send_client_key_exchange(), rather than checking it in the key
exchange algorithm specific code.
ok beck@ miod@
|
|
Reported by Felix Groebert of the Google Security Team.
ok beck@ miod@
|
|
crafted server response used in conjunction with an anonymous DH or
anonymous ECDH ciphersuite.
Fixes CVE-2014-3510, which is effectively a repeat of CVE-2014-3470 in
copied code.
Reported by Felix Groebert of the Google Security Team.
ok beck@ miod@
|
|
ok beck@ tedu@ miod@ guenther@ doug@ deraadt@
|
|
ok beck@ tedu@ miod@
|
|
Remove the remaining random casts on optval. Fixups for this can be handled by
the portability layer all in once place.
Remove remaining fake socklen_t unions, though beck@ points out that this also
removes support for socklen_t changing its length at runtime. RIP.
ok tedu@ beck@ miod@ deraadt@
|
|
ok beck@ miod@ tedu@ deraadt@
|
|
|
|
|
|
|
|
ok deraadt@
|
|
|
|
Based on boringssl commit: 1df112448b41c3568477f3fcd3b8fc820ce80066
ok miod@ jsing@
|
|
|
