![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / lib / libssl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.128 / (download) - annotate - [select for diffs], Sun Jul 2 20:16:47 2023 UTC (11 months, 1 week ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.127: +11 -11 lines
Diff to previous 1.127 (colored)
Simplify allocation checks Instead of attempting to allocate a few times and only then check all the returned pointers for NULL, allocate and check one after the othre. This is easier on the eyes and what we usually do. Prompted by a report by Ilya Shipitsin ok beck
Revision 1.127 / (download) - annotate - [select for diffs], Sat Nov 26 16:08:55 2022 UTC (18 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.126: +3 -3 lines
Diff to previous 1.126 (colored)
Make internal header file names consistent Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
Revision 1.126 / (download) - annotate - [select for diffs], Wed Nov 23 07:31:12 2022 UTC (18 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.125: +2 -2 lines
Diff to previous 1.125 (colored)
Reverse arguments in CBS_dup() We want to copy the tls_content_cbs() into the cbs, not the other way around CID 377013 ok jsing
Revision 1.125 / (download) - annotate - [select for diffs], Fri Nov 11 17:15:26 2022 UTC (18 months, 4 weeks ago) by jsing
Branch: MAIN
Changes since 1.124: +123 -67 lines
Diff to previous 1.124 (colored)
Convert the legacy TLS stack to tls_content. This converts the legacy TLS stack to tls_content - records are now opened into a tls_content structure, rather than being written back into the same buffer that the sealed record was read into. This will allow for further clean up of the legacy record layer. ok tb@
Revision 1.124 / (download) - annotate - [select for diffs], Sun Oct 2 16:36:41 2022 UTC (20 months, 1 week ago) by jsing
Branch: MAIN
Changes since 1.123: +51 -51 lines
Diff to previous 1.123 (colored)
Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL. These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL. Prompted by tb@
Revision 1.123 / (download) - annotate - [select for diffs], Sat Mar 26 15:05:53 2022 UTC (2 years, 2 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.122: +84 -94 lines
Diff to previous 1.122 (colored)
Clean up {dtls1,ssl3}_read_bytes()
Now that {dtls1,ssl3}_read_bytes() have been refactored, do a clean up
pass - this cleans up various parts of the code and reduces differences
between these two functions.
ok = 1; *(&(ok)) tb@
ok inoguchi@
Revision 1.122 / (download) - annotate - [select for diffs], Sat Mar 26 15:00:51 2022 UTC (2 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.121: +1 -32 lines
Diff to previous 1.121 (colored)
Remove the minimum record length checks from dtls1_read_bytes() The code that handles each record type already has appropriate length checks. Furthermore, the handling of application data here is likely incorrect and bypasses the normal state checks at the end of this function. ok inoguchi@ tb@
Revision 1.121 / (download) - annotate - [select for diffs], Fri Mar 18 18:00:54 2022 UTC (2 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.120: +140 -84 lines
Diff to previous 1.120 (colored)
Rewrite legacy DTLS unexpected handshake message handling. Rewrite the code that handles unexpected handshake messages in the legacy DTLS stack. Parse the DTLS message header up front, then process it based on the message type. Overall the code should be more strict and we should reject various invalid messages that would have previously been accepted. ok inoguchi@ tb@
Revision 1.120 / (download) - annotate - [select for diffs], Mon Mar 14 16:49:35 2022 UTC (2 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.119: +121 -101 lines
Diff to previous 1.119 (colored)
Factor out unexpected handshake message handling code in the legacy stack. The TLS record layer has to be able to handle unexpected handshake messages that result when it has been asked to read application data. The way that this is currently done in the legacy stack is a layering violation - the record layer knows about DTLS/TLS handshake messages, parsing them and then deciding what action to take. This is further complicated by the need to handle handshake message fragments. For now, factor this code out with minimal changes - since it is a layering violation we have to retain separate code for DTLS and TLS. ok beck@ inoguchi@ tb@
Revision 1.119 / (download) - annotate - [select for diffs], Sat Mar 12 12:53:03 2022 UTC (2 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.118: +4 -29 lines
Diff to previous 1.118 (colored)
Factor out change cipher spec handing code in the legacy stack. Factor out the code that handles the processing of a change cipher spec message that has been read in the legacy stack, deduplicating code in the DTLS stack. ok inoguchi@ tb@
Revision 1.118 / (download) - annotate - [select for diffs], Mon Feb 21 18:22:20 2022 UTC (2 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.117: +4 -33 lines
Diff to previous 1.117 (colored)
Factor out alert handing code in the legacy stack. Pull out the code that processes incoming alerts - a chunk of the complexity is due to the fact that in TLSv1.2 and earlier, alerts can be fragmented across multiple records or multiple alerts can be delivered in a single record. In DTLS there is no way that we can reassemble fragmented alerts (although the RFC is silent on this), however we could have multiple alerts in the same record. This change means that we will handle this situation more appropriately and if we encounter a fragmented alert we will now treat this as a decode error (instead of silently ignoring it). ok beck@ tb@
Revision 1.117 / (download) - annotate - [select for diffs], Sat Feb 5 14:54:10 2022 UTC (2 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.116: +42 -42 lines
Diff to previous 1.116 (colored)
Bye bye S3I. S3I has served us well, however now that libssl is fully opaque it is time to say goodbye. Aside from removing the calloc/free/memset, the rest is mechanical sed. ok inoguchi@ tb@
Revision 1.116 / (download) - annotate - [select for diffs], Tue Nov 9 18:40:21 2021 UTC (2 years, 7 months ago) by bcook
Branch: MAIN
Changes since 1.115: +2 -3 lines
Diff to previous 1.115 (colored)
Switch to <endian.h> from <machine/endian.h> for better portability. ok tb@
Revision 1.115 / (download) - annotate - [select for diffs], Mon Oct 25 10:14:48 2021 UTC (2 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.114: +15 -1 lines
Diff to previous 1.114 (colored)
Add record processing limit to DTLS code. This is effectively the same record processing limit that was previously added to the legacy TLS stack - without this a single session can be made to spin on a stream of alerts or other similar records. ok beck@ tb@
Revision 1.114 / (download) - annotate - [select for diffs], Mon Oct 25 10:09:28 2021 UTC (2 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.113: +7 -30 lines
Diff to previous 1.113 (colored)
Use ssl_force_want_read() in the DTLS code. Also mop up some mostly unhelpful comments while here. ok beck@ tb@
Revision 1.113 / (download) - annotate - [select for diffs], Sat Oct 23 13:36:03 2021 UTC (2 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.112: +18 -18 lines
Diff to previous 1.112 (colored)
Fold DTLS1_STATE_INTERNAL into DTLS1_STATE. Now that DTLS1_STATE is opaque, fold DTLS1_STATE_INTERNAL back into DTLS1_STATE and remove D1I() usage. ok tb@
Revision 1.112 / (download) - annotate - [select for diffs], Sat Sep 4 14:31:54 2021 UTC (2 years, 9 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.111: +8 -2 lines
Diff to previous 1.111 (colored)
Improve DTLS hello request handling code. Rather than manually checking multiple bytes, actually parse the DTLS handshake message header, then check the values against what we parsed. ok inoguchi@ tb@
Revision 1.111 / (download) - annotate - [select for diffs], Sat Sep 4 14:24:28 2021 UTC (2 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.110: +4 -2 lines
Diff to previous 1.110 (colored)
Change dtls1_get_message_header() to take a CBS. The callers know the actual length and can initialise a CBS correctly. ok inoguchi@ tb@
Revision 1.110 / (download) - annotate - [select for diffs], Sat Sep 4 14:15:52 2021 UTC (2 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.109: +7 -7 lines
Diff to previous 1.109 (colored)
Improve DTLS record header parsing. Rather than pulling out the epoch and then six bytes of sequence number, pull out SSL3_SEQUENCE_SIZE for the sequence number, then pull the epoch off the start of the sequence number. ok inoguchi@ tb@
Revision 1.109 / (download) - annotate - [select for diffs], Tue Aug 31 13:34:55 2021 UTC (2 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.108: +47 -115 lines
Diff to previous 1.108 (colored)
Defragment DTLS. In normal TLS, it is possible for record fragments to be sent that contain one byte of alert or handshake message payload. In this case we have to read and collate multiple message fragments before we can decide what to do with the record. However, in the case of DTLS, one record is effectively one packet and while it is possible to send handshake messages across multiple records/packets, the minimum payload is the DTLS handshake message header (plus one byte of data if the handshake message has a payload) - without this, there is insufficient information available to be able to reassemble the handshake message. Likewise, splitting an alert across multiple DTLS records simply does not work, as we have no way of knowing if we're collating the same alert or two different alerts that we lost half of each from (unfortunately, these details are not really specified in the DTLS RFC). This means that for DTLS we can expect to receive a full alert message (a whole two bytes) or a handshake record with at least the handshake message header (12 bytes). If we receive messages with less than these lengths we discard them and carry on (which is what the DTLS code already does). Remove all of the pointless fragment handling code from DTLS, while also fixing an issue where one case used rr->data instead of the handshake fragment. ok inoguchi@ tb@
Revision 1.108 / (download) - annotate - [select for diffs], Tue Aug 31 13:14:43 2021 UTC (2 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.107: +1 -6 lines
Diff to previous 1.107 (colored)
Remove a nonsensical s->version == TLS1_VERSION from DTLS code. ok inoguchi@ tb@ (as part of a larger diff)
Revision 1.107 / (download) - annotate - [select for diffs], Mon Aug 30 19:25:43 2021 UTC (2 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.106: +9 -22 lines
Diff to previous 1.106 (colored)
Clean up and simplify info and msg callbacks. The info and msg callbacks result in duplication - both for code that refers to the function pointers and for the call sites. Avoid this by providing typedefs for the function pointers and pulling the calling sequences into their own functions. ok inoguchi@ tb@
Revision 1.106 / (download) - annotate - [select for diffs], Mon Aug 30 19:12:25 2021 UTC (2 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.105: +13 -9 lines
Diff to previous 1.105 (colored)
Replace DTLS r_epoch with the read epoch from the TLSv1.2 record layer. ok inoguchi@ tb@
Revision 1.105 / (download) - annotate - [select for diffs], Sat Jul 31 09:31:04 2021 UTC (2 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.104: +3 -5 lines
Diff to previous 1.104 (colored)
We have defines for alert levels - use them instead of magic numbers.
Revision 1.104 / (download) - annotate - [select for diffs], Mon Jul 26 03:17:38 2021 UTC (2 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.103: +2 -38 lines
Diff to previous 1.103 (colored)
Dedup dtls1_dispatch_alert()/ssl3_dispatch_alert(). The code for dtls1_dispatch_alert() and ssl3_dispatch_alert() is largely identical - with a bit of reshuffling we can use ssl3_dispatch_alert() for both protocols and remove the ssl_dispatch_alert function pointer. ok inoguchi@ tb@
Revision 1.103 / (download) - annotate - [select for diffs], Wed Jul 21 08:42:14 2021 UTC (2 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.102: +19 -38 lines
Diff to previous 1.102 (colored)
Remove DTLS processed_rcds queue. When DTLS handshake records are received from the next epoch, we will potentially queue them on the unprocessed_rcds queue - this is usually a Finished message that has been received without the ChangeCipherSuite (CCS) message (which may have been dropped or reordered). After the epoch increments (due to the CCS being received), the current code processes all records on the unprocessed queue and immediate queues them on the processed queue, which dtls1_get_record() then pulls from. This form of processing only adds more complexity and another queue. Instead, once the epoch increments, pull a single record from the unprocessed queue and process it, allowing the contents to be consumed by the caller. We repeat this process until the unprocessed queue is empty, at which point we go back to consuming messages from the wire. ok inoguchi@ tb@
Revision 1.102 / (download) - annotate - [select for diffs], Wed Jul 21 07:51:12 2021 UTC (2 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.101: +11 -4 lines
Diff to previous 1.101 (colored)
Silently discard invalid DTLS records. Per RFC 6347 section 4.1.2.1, DTLS should silently discard invalid records, including those that have a bad MAC. When converting to the new record layer, we inadvertantly switched to standard TLS behaviour, where an invalid record is fatal. This restores the previous behaviour. Issue noted by inoguchi@ ok inoguchi@
Revision 1.101 / (download) - annotate - [select for diffs], Mon Jul 19 08:42:24 2021 UTC (2 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.100: +1 -5 lines
Diff to previous 1.100 (colored)
Mop up dtls1_get_ccs_header() and struct ccs_header_st. All this code does is read one byte from memory with an unknown length, potentially being a one byte overread... and then nothing is actually done with the value. ok tb@
Revision 1.100 / (download) - annotate - [select for diffs], Mon Jul 19 08:39:28 2021 UTC (2 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.99: +2 -3 lines
Diff to previous 1.99 (colored)
Inline DTLS1_CCS_HEADER_LENGTH rather than having a single use variable. ok tb@
Revision 1.99 / (download) - annotate - [select for diffs], Sat Jun 19 17:21:39 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.98: +3 -2 lines
Diff to previous 1.98 (colored)
Correctly handle epoch wrapping in dtls1_get_bitmap(). Due to a type bug that has been present in DTLS since the code was first committed in 2005, dtls1_get_bitmap() fails to handle next epoch correctly when the epoch is currently 0xffff (and wraps to zero). For various reasons unknown, the epoch field in the SSL3_RECORD_INTERNAL (formerly SSL3_RECORD) was added as unsigned long (even though the value is an unsigned 16 bit value on the wire, hence cannot exceed 0xffff), however was added to other code as unsigned short. Due to integer promotion, the r_epoch value is incremented by one to become 0x10000, before being cast to an unsigned long and compared to the value pulled from the DTLS record header (which is zero). Strangely 0x10000 != 0, meaning that we drop the DTLS record, instead of queueing it for the next epoch. Fix this issue by using more appropriate types and pulling up the calculation of the next epoch value for improved readability. ok inoguchi@ tb@
Revision 1.98 / (download) - annotate - [select for diffs], Tue Jun 15 19:09:03 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.97: +2 -9 lines
Diff to previous 1.97 (colored)
Mop up part of dtls1_dispatch_alert(). The original DTLS code had some strange alert handling code (basically one type of alert included extra data) - a few years later this was "fixed", however the rest of the code was left as is. This means that rather than sending the alert data from send_alert (like ssl3_dispatch_alert() does), we have a local buffer on the stack, which we memset, copy the send_alert bytes into, then send from. ok inoguchi@ tb@
Revision 1.97 / (download) - annotate - [select for diffs], Fri Jun 11 11:13:53 2021 UTC (3 years ago) by jsing
Branch: MAIN
Changes since 1.96: +4 -4 lines
Diff to previous 1.96 (colored)
Indent all labels with a single space. This ensures that diff reports the correct function prototype. Prompted by tb@
Revision 1.96 / (download) - annotate - [select for diffs], Sun May 16 13:56:30 2021 UTC (3 years ago) by jsing
Branch: MAIN
Changes since 1.95: +4 -4 lines
Diff to previous 1.95 (colored)
Move DTLS structs/definitions/prototypes to dtls_locl.h. Now that the DTLS structs are opaque, add a dtls_locl.h header and move internal-only structs from dtls1.h, along with prototypes from ssl_locl.h. Only pull this header in where DTLS code actually exists. ok inoguchi@ tb@
Revision 1.95 / (download) - annotate - [select for diffs], Wed May 5 19:52:00 2021 UTC (3 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.94: +1 -8 lines
Diff to previous 1.94 (colored)
Replace DTLS w_epoch with epoch from TLSv1.2 record layer. ok inoguchi@ tb@
Revision 1.94 / (download) - annotate - [select for diffs], Sun May 2 17:18:10 2021 UTC (3 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.93: +12 -14 lines
Diff to previous 1.93 (colored)
Clean up dtls1_reset_seq_numbers(). Rather than doing flag gymnastics, split dtls1_reset_seq_numbers() into separate read and write functions. Move the calls of these functions into tls1_change_cipher_state() so they directly follow the change of cipher state in the record layer, which avoids having to duplicate the calls in the client and server. ok inoguchi@ tb@
Revision 1.93 / (download) - annotate - [select for diffs], Sat Feb 20 14:14:16 2021 UTC (3 years, 3 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.92: +12 -12 lines
Diff to previous 1.92 (colored)
Rename f_err into fatal_err. discussed with jsing
Revision 1.92 / (download) - annotate - [select for diffs], Mon Feb 8 17:17:02 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.91: +3 -11 lines
Diff to previous 1.91 (colored)
Use dtls1_retrieve_buffered_record() to load buffered application data. Replace the current copy of dtls1_retrieve_buffered_record() with a call to it instead. ok tb@
Revision 1.91 / (download) - annotate - [select for diffs], Tue Jan 26 14:22:19 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.90: +1 -12 lines
Diff to previous 1.90 (colored)
Move sequence numbers into the new TLSv1.2 record layer. This allows for all of the DTLS sequence number save/restore code to be removed. ok inoguchi@ "whee!" tb@
Revision 1.90 / (download) - annotate - [select for diffs], Tue Jan 19 19:07:39 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.89: +2 -2 lines
Diff to previous 1.89 (colored)
Add code to handle change of cipher state in the new TLSv1.2 record layer. This provides the basic framework for handling change of cipher state in the new TLSv1.2 record layer, creating new record protection. In the DTLS case we retain the previous write record protection and can switch back to it when retransmitting. This will allow the record layer to start owning sequence numbers and encryption/decryption state. ok inoguchi@ tb@
Revision 1.89 / (download) - annotate - [select for diffs], Tue Jan 19 18:57:09 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.88: +5 -6 lines
Diff to previous 1.88 (colored)
Provide functions to determine if TLSv1.2 record protection is engaged. Call these functions from code that needs to know if we've changed cipher state and enabled record protection, rather than inconsistently checking various pointers from other places in the code base. This also fixes a minor bug where the wrong pointers are checked if we're operating with AEAD. ok inoguchi@ tb@
Revision 1.88 / (download) - annotate - [select for diffs], Wed Jan 13 18:38:34 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.87: +7 -10 lines
Diff to previous 1.87 (colored)
Clean up dtls1_reset_seq_numbers() Inline/remove some variables and use sizeof with the correct variables. ok inoguchi@ tb@
Revision 1.87 / (download) - annotate - [select for diffs], Wed Jan 13 18:32:00 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.86: +21 -19 lines
Diff to previous 1.86 (colored)
Clean up read sequence handling in DTLS. Pass the explicit DTLS read sequence number to dtls1_record_bitmap_update() and dtls1_record_replay_check(), rather than expecting it to be in S3I(s)->read_sequence. Also, store the read sequence number into S3I(s)->rrec.seq_num when we're processing the record header, rather than having dtls1_record_replay_check() be responsible for copying it. ok inoguchi@ tb@
Revision 1.86 / (download) - annotate - [select for diffs], Wed Jan 13 18:20:54 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.85: +1 -2 lines
Diff to previous 1.85 (colored)
Clean up sequence number handing in the new TLSv1.2 record layer. Handle protocol specific (DTLS vs TLS) sequence number differences in the open/seal record functions and propagate the sequence number through to the called functions. This means that DTLS specific knowledge is limited to two functions and also avoids building sequence numbers multiple times over. As a result, the DTLS explicit sequence number is now extracted from the record header and passed through for processing, which makes the read epoch handling redundant. ok inoguchi@ tb@
Revision 1.85 / (download) - annotate - [select for diffs], Sat Oct 3 17:35:16 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.84: +26 -116 lines
Diff to previous 1.84 (colored)
Reimplement the TLSv1.2 record handling for the read side. This is the next step in replacing the TLSv1.2 record layer. The existing record handling code does decryption and processing in place, which is not ideal for various reasons, however it is retained for now as other code depends on this behaviour. Additionally, CBC requires special handling to avoid timing oracles - for now the existing timing safe code is largely retained. ok beck@ inoguchi@ tb@
Revision 1.84 / (download) - annotate - [select for diffs], Sat Oct 3 17:11:28 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.83: +4 -10 lines
Diff to previous 1.83 (colored)
Make dtls1_copy_record() take a DTLS1_RECORD_DATA_INTERNAL *. This removes the need for extra variables and casts. ok inoguchi@ tb@
Revision 1.83 / (download) - annotate - [select for diffs], Sat Oct 3 17:10:09 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.82: +6 -16 lines
Diff to previous 1.82 (colored)
Inline two macros that are only used in one place each. This improves readability - while here also add a missing return value check (although it cannot currently fail). ok inoguchi@ tb@
Revision 1.82 / (download) - annotate - [select for diffs], Thu Sep 24 17:59:54 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.81: +3 -3 lines
Diff to previous 1.81 (colored)
Release read and write buffers using freezero().
Provide a ssl3_release_buffer() function that correctly frees a buffer
and call it from the appropriate locations. While here also change
ssl3_release_{read,write}_buffer() to void since they cannot fail and
no callers check the return value currently.
ok beck@ inoguchi@ tb@
Revision 1.81 / (download) - annotate - [select for diffs], Sun Aug 30 15:40:19 2020 UTC (3 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.80: +5 -85 lines
Diff to previous 1.80 (colored)
Start replacing the existing TLSv1.2 record layer. This takes the same design/approach used in TLSv1.3 and provides an opaque struct that is self contained and cannot reach back into other layers. For now this just implements/replaces the writing of records for DTLSv1/TLSv1.0/TLSv1.1/TLSv1.2. In doing so we stop copying the plaintext into the same buffer that is used to transmit to the wire. ok inoguchi@ tb@
Revision 1.80 / (download) - annotate - [select for diffs], Tue Aug 11 19:21:54 2020 UTC (3 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.79: +3 -3 lines
Diff to previous 1.79 (colored)
Increment the epoch in the same place for both read and write. ok inoguchi@ tb@
Revision 1.79 / (download) - annotate - [select for diffs], Tue Aug 11 19:13:35 2020 UTC (3 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.78: +4 -4 lines
Diff to previous 1.78 (colored)
Use 0 instead of 0x00 for memset() calls. ok inoguchi@ tb@
Revision 1.78 / (download) - annotate - [select for diffs], Sun Aug 9 16:02:58 2020 UTC (3 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.77: +43 -25 lines
Diff to previous 1.77 (colored)
Use CBB more correctly when writing SSL3/DTLS records. Previously we used CBB to build the record headers, but not the entire record. Use CBB_init_fixed() upfront, then build the record header and add space for the record content. However, in order to do this we need to determine the length of the record upfront. This simplifies the code, removes a number of manual bounds checks and makes way for further improvements. ok inoguchi@ tb@
Revision 1.77 / (download) - annotate - [select for diffs], Sun Aug 9 15:46:28 2020 UTC (3 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.76: +13 -8 lines
Diff to previous 1.76 (colored)
Make the explicit IV length handling in DTLS the same as SSL3/TLS. ok inoguchi@ tb@
Revision 1.76 / (download) - annotate - [select for diffs], Sun Aug 2 07:33:15 2020 UTC (3 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.75: +3 -3 lines
Diff to previous 1.75 (colored)
Check the return value of tls1_enc() in the write path. The write path can return a failure in the AEAD path and there is no reason not to check a return value. Spotted by tb@ during another review. ok tb@
Revision 1.75 / (download) - annotate - [select for diffs], Sat Aug 1 16:50:16 2020 UTC (3 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.74: +25 -48 lines
Diff to previous 1.74 (colored)
Clean up/simplify more of the dtls1/ssl3 record writing code: - Make the DTLS code much more consistent with the ssl3 code. - Avoid assigning wr->input and wr->length just so they can be used as arguments to memcpy(). - Remove the arc4random_buf() call for the explicit IV, since tls1_enc() already does this for us. ok tb@
Revision 1.74 / (download) - annotate - [select for diffs], Thu Jul 30 16:53:01 2020 UTC (3 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.73: +14 -19 lines
Diff to previous 1.73 (colored)
Clean up and simplify some of the SSL3/DTLS1 record writing code. This will allow for further changes to be made with less complexity and easier review. In particular, decide if we need an empty fragment early on and only do the alignment calculation once (rather than in two separate parts of the function. ok tb@ inoguchi@
Revision 1.73 / (download) - annotate - [select for diffs], Fri Mar 13 16:40:42 2020 UTC (4 years, 2 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.72: +4 -4 lines
Diff to previous 1.72 (colored)
Remove dtls1_enc(). Like much of the original DTLS code, dtls1_enc() is effectively a renamed copy of tls1_enc(). Since then tls1_enc() has been modified, however the non-AEAD code remains largely the same. As such, remove dtls1_enc() and instead call tls1_enc() from the DTLS code. The tls1_enc() AEAD code does not currently work correctly with DTLS, however this is a non-issue since we do not support AEAD cipher suites with DTLS currently. ok tb@
Revision 1.72 / (download) - annotate - [select for diffs], Thu Mar 12 17:09:02 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.71: +2 -3 lines
Diff to previous 1.71 (colored)
Stop overloading the record type for padding length. Currently the CBC related code stuffs the padding length in the upper bits of the type field... stop doing that and add a padding_length field to the record struct instead. ok inoguchi@ tb@
Revision 1.71 / (download) - annotate - [select for diffs], Thu Mar 12 17:01:53 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.70: +19 -20 lines
Diff to previous 1.70 (colored)
Use internal versions of SSL3_BUFFER, SSL3_RECORD and DTLS1_RECORD_DATA. SSL3_BUFFER, SSL3_RECORD and DTLS1_RECORD_DATA are currently still in public headers, even though their usage is internal. This moves to using _INTERNAL suffixed versions that are in internal headers, which then allows us to change them without any potential public API fallout. ok inoguchi@ tb@
Revision 1.70 / (download) - annotate - [select for diffs], Tue Mar 10 17:02:21 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.69: +4 -6 lines
Diff to previous 1.69 (colored)
Remove the enc function pointers. The enc function pointers do not serve any purpose these days - remove a layer of indirection and call dtls1_enc()/tls1_enc() directly. ok inoguchi@ tb@
Revision 1.69 / (download) - annotate - [select for diffs], Fri Feb 21 16:15:56 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.68: +27 -20 lines
Diff to previous 1.68 (colored)
Convert the DTLS header creation code to CBB. Also consolidate it into the one place, since there is no reason to write the epoch and sequence out later. ok inoguchi@ tb@
Revision 1.68 / (download) - annotate - [select for diffs], Fri Feb 21 16:13:16 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.67: +6 -17 lines
Diff to previous 1.67 (colored)
Remove some commented code, remove some pointless comments and move some comments to their correct places. ok inoguchi@ tb@
Revision 1.67 / (download) - annotate - [select for diffs], Fri Feb 21 16:06:26 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.66: +3 -4 lines
Diff to previous 1.66 (colored)
Remove prefix_len, since it is always zero. ok inoguchi@ tb@
Revision 1.66 / (download) - annotate - [select for diffs], Mon Dec 3 17:16:12 2018 UTC (5 years, 6 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.65: +7 -7 lines
Diff to previous 1.65 (colored)
Send SSL_AD_DECODE alerts in the case of a bad hello request or an invalid change cipher spec. Found due to dead assignment warnings by the Clang static analyzer. ok inoguchi (previous version), jsing
Revision 1.65 / (download) - annotate - [select for diffs], Wed Oct 24 18:04:50 2018 UTC (5 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.64: +18 -18 lines
Diff to previous 1.64 (colored)
Make more of libssl's record layer state internal. In January 2017, we changed large amounts of libssl's data structures to be non-visible/internal, however intentionally left things that the software ecosystem was needing to use. The four or so applications that reached into libssl for record layer related state now implement alternative code. As such, make these data structures internal. ok tb@
Revision 1.64 / (download) - annotate - [select for diffs], Fri Aug 24 19:35:05 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.63: +2 -21 lines
Diff to previous 1.63 (colored)
unifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE. This code has been rotting since 2006. ok bcook@ tb@
Revision 1.63 / (download) - annotate - [select for diffs], Sun May 7 04:22:24 2017 UTC (7 years, 1 month ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.62: +10 -10 lines
Diff to previous 1.62 (colored)
Move state from ssl->internal to the handshake structure. while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
Revision 1.62 / (download) - annotate - [select for diffs], Tue Feb 7 02:08:38 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.61: +21 -21 lines
Diff to previous 1.61 (colored)
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
Revision 1.61 / (download) - annotate - [select for diffs], Thu Jan 26 10:40:21 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.60: +21 -21 lines
Diff to previous 1.60 (colored)
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
Revision 1.60 / (download) - annotate - [select for diffs], Thu Jan 26 06:32:58 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.59: +3 -3 lines
Diff to previous 1.59 (colored)
Remove most of SSL3_ENC_METHOD - we can just inline the function calls and defines since they are the same everywhere. ok beck@
Revision 1.59 / (download) - annotate - [select for diffs], Wed Jan 25 06:13:02 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.58: +13 -20 lines
Diff to previous 1.58 (colored)
Provide ssl3_packet_read() and ssl3_packet_extend() functions that improve the awkward API provided by ssl3_read_n(). Call these when we need to read or extend a packet. ok beck@
Revision 1.58 / (download) - annotate - [select for diffs], Mon Jan 23 14:35:42 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.57: +4 -4 lines
Diff to previous 1.57 (colored)
Move options and mode from SSL_CTX and SSL to internal, since these can be set and cleared via existing functions.
Revision 1.57 / (download) - annotate - [select for diffs], Mon Jan 23 13:36:13 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.56: +5 -5 lines
Diff to previous 1.56 (colored)
Split most of SSL_METHOD out into an internal variant, which is opaque. Discussed with beck@
Revision 1.56 / (download) - annotate - [select for diffs], Mon Jan 23 08:48:44 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.55: +18 -18 lines
Diff to previous 1.55 (colored)
send state and rstate from ssl_st into internal. There are accessors so these should not be diddled with directly ok jsing@
Revision 1.55 / (download) - annotate - [select for diffs], Mon Jan 23 08:08:06 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.54: +8 -8 lines
Diff to previous 1.54 (colored)
move back read_hash and enc_read_ctx into ssl_st. wpa_supplicant and other perversions touches them sickly and unnaturally.
Revision 1.54 / (download) - annotate - [select for diffs], Mon Jan 23 06:45:30 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.53: +50 -50 lines
Diff to previous 1.53 (colored)
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
Revision 1.53 / (download) - annotate - [select for diffs], Mon Jan 23 04:55:26 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.52: +26 -26 lines
Diff to previous 1.52 (colored)
move the callbacks from ssl_st to internal ok jsing@
Revision 1.52 / (download) - annotate - [select for diffs], Mon Jan 23 04:15:28 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.51: +5 -5 lines
Diff to previous 1.51 (colored)
Move callback function pointers and argument pointers from SSL_CTX to internal. ok beck@
Revision 1.51 / (download) - annotate - [select for diffs], Sun Jan 22 09:02:07 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.50: +46 -46 lines
Diff to previous 1.50 (colored)
Move most of the SSL3_STATE fields to internal - the ones that remain are known to be used by ports. ok beck@
Revision 1.50 / (download) - annotate - [select for diffs], Sun Jan 22 07:16:39 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.49: +60 -60 lines
Diff to previous 1.49 (colored)
Move most of DTLS1_STATE to internal. ok jsing@
Revision 1.49 / (download) - annotate - [select for diffs], Fri Nov 4 18:00:12 2016 UTC (7 years, 7 months ago) by guenther
Branch: MAIN
Changes since 1.48: +5 -1 lines
Diff to previous 1.48 (colored)
Make do_dtls1_write() static to d1_pkt.c and delete declarations for three functions that were removed a while ago ok jsing@
Revision 1.48 / (download) - annotate - [select for diffs], Fri Sep 11 18:08:21 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored)
Rename functions that moved to t1_enc.c, with a tls1_ prefix instead of a ssl3_ prefix. ok beck@
Revision 1.47 / (download) - annotate - [select for diffs], Thu Sep 10 17:57:50 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.46: +1 -8 lines
Diff to previous 1.46 (colored)
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years. ok bcook@ miod@
Revision 1.46 / (download) - annotate - [select for diffs], Sun Jul 19 01:07:40 2015 UTC (8 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.45: +3 -2 lines
Diff to previous 1.45 (colored)
Assign p to CBS_data since it is used later. The p initialization was hiding this bug but Coverity 126279 saw it. ok miod@ bcook@ beck@
Revision 1.45 / (download) - annotate - [select for diffs], Sat Jul 18 23:00:23 2015 UTC (8 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.44: +3 -2 lines
Diff to previous 1.44 (colored)
Convert dtls1_get_message_header to CBS and change to int. Changed return value from void to int. It should never return an error given that the input length is not checked yet. ok miod@
Revision 1.44 / (download) - annotate - [select for diffs], Sat Jul 18 22:36:55 2015 UTC (8 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.43: +28 -21 lines
Diff to previous 1.43 (colored)
Convert dtls1_get_record to CBS. ok miod@, input + ok jsing@
Revision 1.43 / (download) - annotate - [select for diffs], Sat Jul 18 22:28:53 2015 UTC (8 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.42: +16 -40 lines
Diff to previous 1.42 (colored)
Remove repeated code in dtls1_get_record. The "if" is a bit ugly, but this does remove a lot of repetitive code. This will be converted to CBS later as well. ok miod@ jsing@ roughly ok with it after seeing the CBS version
Revision 1.42 / (download) - annotate - [select for diffs], Wed Jun 17 07:29:33 2015 UTC (8 years, 11 months ago) by doug
Branch: MAIN
Changes since 1.41: +16 -15 lines
Diff to previous 1.41 (colored)
KNF whitespace. ok miod@ jsing@
Revision 1.41 / (download) - annotate - [select for diffs], Sat Jun 13 08:38:10 2015 UTC (9 years ago) by doug
Branch: MAIN
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored)
Fix bad indenting in LibreSSL. jsg@ noticed that some of the lines in libssl and libcrypto are not indented properly. At a quick glance, it looks like it has a different control flow than it really does. I checked the history in our tree and in OpenSSL to make sure these were simple mistakes. ok miod@ jsing@
Revision 1.40 / (download) - annotate - [select for diffs], Mon Feb 9 10:53:28 2015 UTC (9 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.39: +1 -88 lines
Diff to previous 1.39 (colored)
Jettison DTLS over SCTP. OpenBSD does not have SCTP support and it sees little use in the wild. OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this is a code removal only and symbols should remain unchanged. ok beck@ miod@ tedu@
Revision 1.39 / (download) - annotate - [select for diffs], Wed Jan 21 00:15:50 2015 UTC (9 years, 4 months ago) by doug
Branch: MAIN
Changes since 1.38: +23 -9 lines
Diff to previous 1.38 (colored)
Fix DTLS memory leak (CVE-2015-0206). There were four bugs fixed by this patch: * dtls1_buffer_record() now frees rdata->rbuf.buf on error. Since s->s3->rbuf was memset, rdata->rbuf is the only pointer left which points to the old rbuf. On error, rdata is freed so there will not be any way of freeing this memory unless we do it here. * Changed the return code of dtls1_buffer_record() to differentiate between queue full (0) and error (-1). See below as this differs from upstream. * Handle errors if calls to dtls1_buffer_record() fail with -1. Previously, it did not check the return value. * Changed the way receipts are recorded. Previously, it was recorded when processed successfully (whether buffered or not) in dtls1_process_record(). Now, it records when it is handled in dtls1_get_record(): either when it is entered into the queue to buffer for the next epoch or when it is processed directly. Processing buffered records does not add a receipt because it needed one in order to get into the queue. The above bugs combined contributed to an eventual DoS through memory exhaustion. The memory leak came from dtls1_buffer_record()'s error handling. The error handling can be triggered by a duplicate record or malloc failure. It was possible to add duplicate records because they were not being dropped. The faulty receipts logic did not detect replays when dealing with records for the next epoch. Additionally, dtls1_buffer_record()'s return value was not checked so an attacker could send repeated replay records for the next epoch. Reported to OpenSSL by Chris Mueller. Patch based on OpenSSL commit 103b171d8fc282ef435f8de9afbf7782e312961f and BoringSSL commit 44e2709cd65fbd2172b9516c79e56f1875f60300. Our patch matches BoringSSL's commit. OpenSSL returns 0 when the queue is full or when malloc() or pitem_new() fails. They return -1 on error including !ssl3_setup_buffers() which is another failure to allocate memory. BoringSSL and LibreSSL changed the return code for dtls1_buffer_record() to be 1 on success, 0 when the queue is full and -1 on error. input + ok bcook@, jsing@
Revision 1.38 / (download) - annotate - [select for diffs], Sun Dec 14 15:30:50 2014 UTC (9 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.37: +15 -15 lines
Diff to previous 1.37 (colored)
Remove trailing whitespace.
Revision 1.37 / (download) - annotate - [select for diffs], Sun Nov 16 14:12:47 2014 UTC (9 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.36: +7 -4 lines
Diff to previous 1.36 (colored)
Sort and group includes.
Revision 1.36 / (download) - annotate - [select for diffs], Wed Oct 22 15:29:31 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.35: +2 -2 lines
Diff to previous 1.35 (colored)
Avoid a NULL pointer dereference that can be triggered by SSL3_RT_HANDSHAKE replays. Reported by Markus Stenberg <markus.stenberg at iki.fi> - thanks! ok deraadt@
Revision 1.35 / (download) - annotate - [select for diffs], Sat Oct 18 16:13:16 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.34: +2 -3 lines
Diff to previous 1.34 (colored)
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes(). arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
Revision 1.34 / (download) - annotate - [select for diffs], Thu Aug 7 20:02:23 2014 UTC (9 years, 10 months ago) by miod
Branch: MAIN
Changes since 1.33: +1 -3 lines
Diff to previous 1.33 (colored)
Oops, revert changes commited by mistake. The previous commit was supposed to only apply to s23_srvr.c.
Revision 1.33 / (download) - annotate - [select for diffs], Thu Aug 7 19:46:31 2014 UTC (9 years, 10 months ago) by miod
Branch: MAIN
Changes since 1.32: +4 -2 lines
Diff to previous 1.32 (colored)
When you expect a function to return a particular value, don't put a comment saying that you expect it to return that value and compare it against zero because it is supposedly faster, for this leads to bugs (especially given the high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in this library). Instead, compare for the exact value it ought to return upon success. ok deraadt@
Revision 1.32 / (download) - annotate - [select for diffs], Thu Jul 10 08:51:14 2014 UTC (9 years, 11 months ago) by tedu
Branch: MAIN
Changes since 1.31: +3 -25 lines
Diff to previous 1.31 (colored)
decompress libssl. ok beck jsing
Revision 1.31 / (download) - annotate - [select for diffs], Wed Jul 9 16:06:14 2014 UTC (9 years, 11 months ago) by miod
Branch: MAIN
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored)
Remove leading underscore from _BYTE_ORDER and _{LITTLE,BIG}_ENDIAN, to be
more friendly to systems where the underscore flavours may be defined as empty.
Found the hard way be bcook@; joint brainstrom with bcook beck and guenther
Revision 1.30 / (download) - annotate - [select for diffs], Thu Jun 19 21:29:51 2014 UTC (9 years, 11 months ago) by tedu
Branch: MAIN
Changes since 1.29: +2 -2 lines
Diff to previous 1.29 (colored)
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
Revision 1.29 / (download) - annotate - [select for diffs], Sun Jun 15 15:29:25 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)
Rename ssl3_record_sequence_update() to ssl3_record_sequence_increment(), so that it reflects what it is actually doing. Use this function in a number of places that still have the hand rolled version. ok beck@ miod@
Revision 1.28 / (download) - annotate - [select for diffs], Thu Jun 12 15:49:31 2014 UTC (10 years ago) by deraadt
Branch: MAIN
Changes since 1.27: +1 -1 lines
Diff to previous 1.27 (colored)
tags as requested by miod and tedu
Revision 1.27 / (download) - annotate - [select for diffs], Wed Jun 11 15:17:19 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.26: +0 -2 lines
Diff to previous 1.26 (colored)
Disable TLS support... Just kidding! unifdef OPENSSL_NO_TLS since we will never want to actually do that. ok deraadt@
Revision 1.26 / (download) - annotate - [select for diffs], Fri May 30 14:30:50 2014 UTC (10 years ago) by tedu
Branch: MAIN
Changes since 1.25: +0 -146 lines
Diff to previous 1.25 (colored)
remove some #if 0 code. we don't need any more reminders that we're using a not quite appropriate data structure. ok jsing
Revision 1.25 / (download) - annotate - [select for diffs], Fri May 30 05:27:32 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.24: +5 -39 lines
Diff to previous 1.24 (colored)
While working on another diff I ended up looking to see why on earth the DTLS code had a chunk that checked to see if the SSL version was *not* DTLS. Turns out that this is inside a big #if 0 block with a comment explaining why DTLS will never need this code... The DTLS code was clearly written by wholesale copying the SSLv3 code. Any code not applicable to DTLS was seemingly #if 0'd or commented out and left for others to find. d1_pkt.c is copied from s3_pkt.c and it has a do_dtls1_write() function that has the same function signature as do_ssl3_write(), except that the create_empty_fragement (yes, that is the spelling in ssl_locl.h) argument is unused for DTLS (although there is code that pretends to use it) since it uses explicit IV (as the comment notes). Instead of leaving this turd lying around, nuke the #if 0'd code (along with the check for *not* DTLS) and remove the pointless create_empty_fragment argument given the only two do_dtls1_write() calls specify zero. This kind of thing also makes you wonder how much actual peer review occurred before the code was initially committed... ok beck@
Revision 1.24 / (download) - annotate - [select for diffs], Wed May 28 13:03:24 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.23: +2 -4 lines
Diff to previous 1.23 (colored)
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
Revision 1.23 / (download) - annotate - [select for diffs], Tue May 27 18:51:24 2014 UTC (10 years ago) by miod
Branch: MAIN
Changes since 1.22: +2 -3 lines
Diff to previous 1.22 (colored)
Remove redundant test introduced in s3_pkt.c on 20001225, which got cargo-culted (with an XXX comment, though) in d1_pkt.c in 2005.
Revision 1.22 / (download) - annotate - [select for diffs], Mon May 26 17:06:21 2014 UTC (10 years ago) by miod
Branch: MAIN
Changes since 1.21: +12 -20 lines
Diff to previous 1.21 (colored)
Make sure all error paths in dtls1_buffer_record() invoke SSLErr by factoring error handling. ok jsing@
Revision 1.21 / (download) - annotate - [select for diffs], Sun May 25 16:23:10 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.20: +0 -5 lines
Diff to previous 1.20 (colored)
Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much of this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
Revision 1.20 / (download) - annotate - [select for diffs], Thu May 22 17:37:06 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.19: +2 -0 lines
Diff to previous 1.19 (colored)
Stop pulling pqueue.h into ssl_locl.h since only a small part of libssl actually needs it. Instead, just include it in the files where it is actually necessary. Also remove standard includes from pqueue.h so that they are not available as a side effect. Just add the two includes that are needed to pqueue.c. ok miod@
Revision 1.19 / (download) - annotate - [select for diffs], Sun May 18 16:08:37 2014 UTC (10 years ago) by miod
Branch: MAIN
Changes since 1.18: +7 -7 lines
Diff to previous 1.18 (colored)
Make sure ssl3_setup_buffers() does not return upon error with a freed pqueue still chained, by inserting it into the list only after all possible failure conditions have been avoided. Reported and fix proposed by David Ramos; ok beck@
Revision 1.18 / (download) - annotate - [select for diffs], Thu May 15 19:39:46 2014 UTC (10 years ago) by miod
Branch: MAIN
Changes since 1.17: +0 -1 lines
Diff to previous 1.17 (colored)
No longer make pqueue.h a public (and installed) header file. Replace its inclusion in <ssl/dtls1.h> by the benign `struct _pqueue; typedef struct _pqueue *pqueue;'. Note that said dtls1.h should probably be considered a private header as well... ok beck@
Revision 1.17 / (download) - annotate - [select for diffs], Sat Apr 26 18:56:38 2014 UTC (10 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.16: +2 -4 lines
Diff to previous 1.16 (colored)
Replace all use of ERR_add_error_data with ERR_asprintf_error_data. This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
Revision 1.16 / (download) - annotate - [select for diffs], Wed Apr 23 18:40:39 2014 UTC (10 years, 1 month ago) by miod
Branch: MAIN
Changes since 1.15: +2 -5 lines
Diff to previous 1.15 (colored)
Figure out endianness at compile-time, using _BYTE_ORDER from <machine/endian.h>, rather than writing 1 to a 32-bit variable and checking whether the first byte is nonzero. tweaks and ok matthew@; ok beck@ tedu@
Revision 1.15 / (download) - annotate - [select for diffs], Thu Apr 17 23:35:40 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.14: +0 -7 lines
Diff to previous 1.14 (colored)
whack a bunch of disabled code. ok beck lteo
Revision 1.14 / (download) - annotate - [select for diffs], Thu Apr 17 13:37:49 2014 UTC (10 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.13: +9 -9 lines
Diff to previous 1.13 (colored)
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
Revision 1.13 / (download) - annotate - [select for diffs], Mon Apr 14 18:53:14 2014 UTC (10 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.12: +1 -1 lines
Diff to previous 1.12 (colored)
Flense all use of BIO_snprintf from ssl source - use the real one instead, and allow for the normal posix mandated return values instead of the nonstandard one from BIO_snprintf. ok miod@
Revision 1.12 / (download) - annotate - [select for diffs], Mon Apr 14 18:45:55 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.11: +0 -12 lines
Diff to previous 1.11 (colored)
make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miod
Revision 1.11 / (download) - annotate - [select for diffs], Mon Apr 14 14:16:33 2014 UTC (10 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.10: +684 -771 lines
Diff to previous 1.10 (colored)
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
Revision 1.10 / (download) - annotate - [select for diffs], Sun Apr 13 21:11:19 2014 UTC (10 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.9: +0 -1 lines
Diff to previous 1.9 (colored)
Do not include "e_os.h" anymore. Simply pull in the necessary headers. ok miod@, deraadt@
Revision 1.9 / (download) - annotate - [select for diffs], Sun Apr 13 15:25:34 2014 UTC (10 years, 2 months ago) by miod
Branch: MAIN
Changes since 1.8: +9 -2 lines
Diff to previous 1.8 (colored)
Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.
Revision 1.1.1.7 / (download) - annotate - [select for diffs] (vendor branch), Sun Apr 13 15:16:36 2014 UTC (10 years, 2 months ago) by miod
Changes since 1.1.1.6: +62 -38 lines
Diff to previous 1.1.1.6 (colored)
Import OpenSSL 1.0.1g
Revision 1.8 / (download) - annotate - [select for diffs], Thu Feb 14 15:11:43 2013 UTC (11 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.7: +54 -37 lines
Diff to previous 1.7 (colored)
cherry pick bugfixes for http://www.openssl.org/news/secadv_20130205.txt from the openssl git (changes between openssl 1.0.1c and 1.0.1d). ok djm@
Revision 1.7 / (download) - annotate - [select for diffs], Sat Oct 13 21:25:14 2012 UTC (11 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.6: +133 -34 lines
Diff to previous 1.6 (colored)
resolve conflicts
Revision 1.1.1.6 / (download) - annotate - [select for diffs] (vendor branch), Sat Oct 13 21:23:49 2012 UTC (11 years, 7 months ago) by djm
Changes since 1.1.1.5: +133 -34 lines
Diff to previous 1.1.1.5 (colored)
import OpenSSL-1.0.1c
Revision 1.6 / (download) - annotate - [select for diffs], Thu Jan 5 23:01:39 2012 UTC (12 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.5: +16 -10 lines
Diff to previous 1.5 (colored)
OpenSSL 1.0.0f: merge
Revision 1.1.1.5 / (download) - annotate - [select for diffs] (vendor branch), Thu Jan 5 22:59:08 2012 UTC (12 years, 5 months ago) by djm
Changes since 1.1.1.4: +16 -10 lines
Diff to previous 1.1.1.4 (colored)
OpenSSL 1.0.0f: import upstream source
Revision 1.5 / (download) - annotate - [select for diffs], Thu Nov 3 02:34:33 2011 UTC (12 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.4: +10 -12 lines
Diff to previous 1.4 (colored)
openssl-1.0.0e: resolve conflicts
Revision 1.1.1.4 / (download) - annotate - [select for diffs] (vendor branch), Thu Nov 3 02:32:19 2011 UTC (12 years, 7 months ago) by djm
Changes since 1.1.1.3: +10 -12 lines
Diff to previous 1.1.1.3 (colored)
import OpenSSL 1.0.0e
Revision 1.4 / (download) - annotate - [select for diffs], Fri Oct 1 22:59:00 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.3: +262 -281 lines
Diff to previous 1.3 (colored)
resolve conflicts, fix local changes
Revision 1.1.1.3 / (download) - annotate - [select for diffs] (vendor branch), Fri Oct 1 22:54:16 2010 UTC (13 years, 8 months ago) by djm
Changes since 1.1.1.2: +262 -281 lines
Diff to previous 1.1.1.2 (colored)
import OpenSSL-1.0.0a
Revision 1.3 / (download) - annotate - [select for diffs], Fri Jan 9 12:15:52 2009 UTC (15 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.2: +1 -0 lines
Diff to previous 1.2 (colored)
resolve conflicts
Revision 1.1.1.2 / (download) - annotate - [select for diffs] (vendor branch), Fri Jan 9 12:14:06 2009 UTC (15 years, 5 months ago) by djm
Changes since 1.1.1.1: +18 -4 lines
Diff to previous 1.1.1.1 (colored)
import openssl-0.9.8j
Revision 1.2 / (download) - annotate - [select for diffs], Mon Jan 5 21:36:39 2009 UTC (15 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.1: +17 -4 lines
Diff to previous 1.1 (colored)
update to openssl-0.9.8i; tested by several, especially krw@
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sat Sep 6 12:15:51 2008 UTC (15 years, 9 months ago) by djm
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
import of OpenSSL 0.9.8h
Revision 1.1 / (download) - annotate - [select for diffs], Sat Sep 6 12:15:51 2008 UTC (15 years, 9 months ago) by djm
Branch: MAIN
Initial revision