Age | Commit message (Collapse) | Author |
|
longer SSLv3 code.
ok beck@
|
|
fixed version) client/server code.
ok beck@
|
|
the awkward API provided by ssl3_read_n(). Call these when we need to
read or extend a packet.
ok beck@
|
|
set and cleared via existing functions.
|
|
Discussed with beck@
|
|
so these should not be diddled with directly
ok jsing@
|
|
other perversions touches them sickly and unnaturally.
|
|
ok jsing@
|
|
ok jsing@
|
|
internal.
ok beck@
|
|
known to be used by ports.
ok beck@
|
|
|
|
records, otherwise a peer can potentially cause us to loop indefinately.
Return with an SSL_ERROR_WANT_READ instead, so that the caller can choose
when they want to handle further processing for this connection.
ok beck@ miod@
|
|
ok beck
|
|
We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and
DTLS1_BAD_VER support was removed.
"reads ok" miod@
|
|
ok miod@ jsing@
|
|
This was a hack to work around problems on IE 6 with SSLv3.
ok miod@ bcook@
|
|
Remove support for conditional payload alignment, since we would never
want to turn it off. Also, consistently use size_t for calculating the
alignment.
ok miod@
|
|
|
|
|
|
arc4random provides high quality pseudo-random numbers, hence there is no
need to differentiate between "strong" and "pseudo". Furthermore, the
arc4random_buf() function is guaranteed to succeed, which avoids the need
to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and
RAND_pseudo_bytes() calls were missing return value checks and these
functions can fail for a number of reasons (at least in OpenSSL -
thankfully they were converted to wrappers around arc4random_buf() some
time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
|
ok beck@ miod@
|
|
|
|
libc interfaces over libcrypto interfaces. for now we also prefer
timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable.
ok beck deraadt matthew miod
|
|
Read and write contexts are also added to the SSL_CTX, along with
supporting code.
Based on Adam Langley's chromium diffs.
Rides the recent SSL library bump.
|
|
|
|
Just kidding!
unifdef OPENSSL_NO_TLS since we will never want to actually do that.
ok deraadt@
|
|
|
|
secret. This is an additional safeguard against early ChangeCipherSpec
handling.
From OpenSSL.
ok deraadt@
|
|
Without this an early ChangeCipherSpec message would result in session
keys being generated, along with the Finished hash for the handshake,
using an empty master secret.
For a detailed analysis see:
https://www.imperialviolet.org/2014/06/05/earlyccs.html
This is a fix for CVE-2014-0224, from OpenSSL.
This issue was reported to OpenSSL by KIKUCHI Masashi. Unfortunately the
recent OpenSSL commit was the first we were made aware of the issue.
ok deraadt@ sthen@
|
|
a not quite appropriate data structure. ok jsing
|
|
SSL_USE_TLS1_2_CIPHERS.
Largely based on OpenSSL head.
|
|
(with an XXX comment, though) in d1_pkt.c in 2005.
|
|
this is sporadic, hacked up and can easily be put back in an improved form
should we ever need it.
ok miod@
|
|
ok miod@ tedu@
|
|
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@
|
|
|
|
a small signed one to it.. Some people on OpenSSL's list
noticed - http://marc.info/?l=openssl-dev&m=139809485525663&w=2
This should fix that, and make sure we don't try to write out insane
amounts of stuff.
ok miod@ tedu@
|
|
do_ssl3_write() is recursive. and not in the simple, obvious way, but in
the sneaky called through ssl3_dispatch_alert way. (alert level: fuchsia)
this then has a decent chance of releasing the buffer that we thought we
were going to use. check for this happening, and if the buffer has gone
missing, put another one back in place.
the direct recursive call is safe because it won't call ssl3_write_pending
which is the function that actually does do the writing and releasing.
as reported by David Ramos to openssl-dev:
http://marc.info/?l=openssl-dev&m=139809493725682&w=2
ok beck
|
|
|
|
|
|
the #define for compat, but document that it's a no-op now. Also, neuter
the -legacy_renegotiation option to "openssl s_{client,server}"
ok beck@
|
|
|
|
USE_SOCKETS is unrelated to using sockets, but just pulls in .h files. It
makes every file buy a kitchen sink, because 11 files forgot to.
EXIT() is really exit(), a gentle surprise
but... OPENSSL_EXIT() is really just return(), because noone compiles the
openssl command non-monolithic anymore
|
|
where the return value is ignored changing to (void) snprintf.
ok deraadt@
|
|
|
|
readable. This pass is whitespace only and can readily be verified using
tr and md5.
|
|
ok miod@, deraadt@
|
|
|
|
issue. Apply that version. Maybe someday upstream will wake up and then
we can have the same code.
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
|