summaryrefslogtreecommitdiff
path: root/lib/libssl/s3_pkt.c
AgeCommit message (Collapse)Author
2017-01-26Rename s3_{both,clnt,pkt_srvr}.c to have an ssl_ prefix since they are noJoel Sing
longer SSLv3 code. ok beck@
2017-01-26Merge the client/server version negotiation into the existing (currentlyJoel Sing
fixed version) client/server code. ok beck@
2017-01-25Provide ssl3_packet_read() and ssl3_packet_extend() functions that improveJoel Sing
the awkward API provided by ssl3_read_n(). Call these when we need to read or extend a packet. ok beck@
2017-01-23Move options and mode from SSL_CTX and SSL to internal, since these can beJoel Sing
set and cleared via existing functions.
2017-01-23Split most of SSL_METHOD out into an internal variant, which is opaque.Joel Sing
Discussed with beck@
2017-01-23send state and rstate from ssl_st into internal. There are accessorsBob Beck
so these should not be diddled with directly ok jsing@
2017-01-23move back read_hash and enc_read_ctx into ssl_st. wpa_supplicant andBob Beck
other perversions touches them sickly and unnaturally.
2017-01-23Move a large part of ssl_st into internal, so we can see what squeals.Bob Beck
ok jsing@
2017-01-23move the callbacks from ssl_st to internalBob Beck
ok jsing@
2017-01-23Move callback function pointers and argument pointers from SSL_CTX toJoel Sing
internal. ok beck@
2017-01-22Move most of the SSL3_STATE fields to internal - the ones that remain areJoel Sing
known to be used by ports. ok beck@
2016-11-17Use defines instead of magic numbers and comments.Joel Sing
2016-11-03In ssl3_read_bytes(), do not process more than three consecutive TLSJoel Sing
records, otherwise a peer can potentially cause us to loop indefinately. Return with an SSL_ERROR_WANT_READ instead, so that the caller can choose when they want to handle further processing for this connection. ok beck@ miod@
2016-07-10zero the read buffer after copying data to user so it doesn't linger.Ted Unangst
ok beck
2015-09-12Remove most of the SSLv3 version checks and a few TLS v1.0.Doug Hogan
We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and DTLS1_BAD_VER support was removed. "reads ok" miod@
2015-07-24Convert ssl3_get_record to CBS.Doug Hogan
ok miod@ jsing@
2015-07-18Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER workaround.Doug Hogan
This was a hack to work around problems on IE 6 with SSLv3. ok miod@ bcook@
2014-12-14unconditionally align SSL payloadsBrent Cook
Remove support for conditional payload alignment, since we would never want to turn it off. Also, consistently use size_t for calculating the alignment. ok miod@
2014-12-14Remove trailing whitespace.Joel Sing
2014-11-16Sort and group includes.Joel Sing
2014-10-18Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().Joel Sing
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
2014-07-12Remove remnants from PSK, KRB5 and SRP.Joel Sing
ok beck@ miod@
2014-07-10decompress libssl. ok beck jsingTed Unangst
2014-06-19convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoringTed Unangst
libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
2014-06-13Add an SSL_AEAD_CTX to enable the use of EVP_AEAD with an SSL cipher.Joel Sing
Read and write contexts are also added to the SSL_CTX, along with supporting code. Based on Adam Langley's chromium diffs. Rides the recent SSL library bump.
2014-06-12tags as requested by miod and teduTheo de Raadt
2014-06-11Disable TLS support...Joel Sing
Just kidding! unifdef OPENSSL_NO_TLS since we will never want to actually do that. ok deraadt@
2014-06-11More KNF.Joel Sing
2014-06-05Ensure that we do not process a ChangeCipherSpec with an empty masterJoel Sing
secret. This is an additional safeguard against early ChangeCipherSpec handling. From OpenSSL. ok deraadt@
2014-06-05Be selective as to when ChangeCipherSpec messages will be accepted.Joel Sing
Without this an early ChangeCipherSpec message would result in session keys being generated, along with the Finished hash for the handshake, using an empty master secret. For a detailed analysis see: https://www.imperialviolet.org/2014/06/05/earlyccs.html This is a fix for CVE-2014-0224, from OpenSSL. This issue was reported to OpenSSL by KIKUCHI Masashi. Unfortunately the recent OpenSSL commit was the first we were made aware of the issue. ok deraadt@ sthen@
2014-05-30remove some #if 0 code. we don't need any more reminders that we're usingTed Unangst
a not quite appropriate data structure. ok jsing
2014-05-30Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS andJoel Sing
SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
2014-05-27Remove redundant test introduced in s3_pkt.c on 20001225, which got cargo-cultedMiod Vallat
(with an XXX comment, though) in d1_pkt.c in 2005.
2014-05-25Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much ofJoel Sing
this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
2014-04-29Constrain bytes read/written to positive values.Bob Beck
ok miod@ tedu@
2014-04-26Replace all use of ERR_add_error_data with ERR_asprintf_error_data.Bob Beck
This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
2014-04-24rearrange a bit of code/commentsTed Unangst
2014-04-24A fantastic way to make a large unsigned number is to assignBob Beck
a small signed one to it.. Some people on OpenSSL's list noticed - http://marc.info/?l=openssl-dev&m=139809485525663&w=2 This should fix that, and make sure we don't try to write out insane amounts of stuff. ok miod@ tedu@
2014-04-24on today's episode of things you didn't want to learn:Ted Unangst
do_ssl3_write() is recursive. and not in the simple, obvious way, but in the sneaky called through ssl3_dispatch_alert way. (alert level: fuchsia) this then has a decent chance of releasing the buffer that we thought we were going to use. check for this happening, and if the buffer has gone missing, put another one back in place. the direct recursive call is safe because it won't call ssl3_write_pending which is the function that actually does do the writing and releasing. as reported by David Ramos to openssl-dev: http://marc.info/?l=openssl-dev&m=139809493725682&w=2 ok beck
2014-04-19release buffers fix was lost in merge. put it back.Ted Unangst
2014-04-19More KNF and style consistency tweaksPhilip Guenther
2014-04-18Finish zapping SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION usage; only keepPhilip Guenther
the #define for compat, but document that it's a no-op now. Also, neuter the -legacy_renegotiation option to "openssl s_{client,server}" ok beck@
2014-04-17whack a bunch of disabled code. ok beck lteoTed Unangst
2014-04-17Mostly gut e_os.h:Theo de Raadt
USE_SOCKETS is unrelated to using sockets, but just pulls in .h files. It makes every file buy a kitchen sink, because 11 files forgot to. EXIT() is really exit(), a gentle surprise but... OPENSSL_EXIT() is really just return(), because noone compiles the openssl command non-monolithic anymore
2014-04-15Part 1 of eliminating BIO_snprintf(). This fixes mechanical conversionsBob Beck
where the return value is ignored changing to (void) snprintf. ok deraadt@
2014-04-14make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miodTed Unangst
2014-04-14First pass at applying KNF to the OpenSSL code, which almost makes itJoel Sing
readable. This pass is whitespace only and can readily be verified using tr and md5.
2014-04-13Do not include "e_os.h" anymore. Simply pull in the necessary headers.Martin Pieuchot
ok miod@, deraadt@
2014-04-13Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.Miod Vallat
2014-04-10Piotr Sikora pointed me at a more refined diff for the buffer releaseTed Unangst
issue. Apply that version. Maybe someday upstream will wake up and then we can have the same code. https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest