![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / lib / libssl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.66 / (download) - annotate - [select for diffs], Tue Jul 11 17:02:47 2023 UTC (11 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.65: +2 -13 lines
Diff to previous 1.65 (colored)
Remove old workaround for F5 F5 is well-known for needing workaround (go read RFC 8446). In this particular case, it required implementation sending CHs larger than 255 bytes to 0x0300 otherwise their server would hang. This is the same hang that required the CH padding extension which broke other implementations. The CH padding extension was removed ~6 years ago, so hopefully this kludge will no longer needed either. ok jsing
Revision 1.65 / (download) - annotate - [select for diffs], Sat Nov 26 16:08:56 2022 UTC (18 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.64: +3 -3 lines
Diff to previous 1.64 (colored)
Make internal header file names consistent Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
Revision 1.64 / (download) - annotate - [select for diffs], Fri Nov 11 17:15:26 2022 UTC (18 months, 4 weeks ago) by jsing
Branch: MAIN
Changes since 1.63: +51 -67 lines
Diff to previous 1.63 (colored)
Convert the legacy TLS stack to tls_content. This converts the legacy TLS stack to tls_content - records are now opened into a tls_content structure, rather than being written back into the same buffer that the sealed record was read into. This will allow for further clean up of the legacy record layer. ok tb@
Revision 1.63 / (download) - annotate - [select for diffs], Thu Nov 10 18:06:37 2022 UTC (19 months ago) by jsing
Branch: MAIN
Changes since 1.62: +70 -40 lines
Diff to previous 1.62 (colored)
Use tls_buffer for alert and handshake fragments in the legacy stack. This avoids a bunch of pointer munging and a handrolled memmove. ok tb@
Revision 1.62 / (download) - annotate - [select for diffs], Fri Oct 21 15:48:14 2022 UTC (19 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.61: +5 -2 lines
Diff to previous 1.61 (colored)
Add extra NULL check after ssl3_setup_read_buffer() While ssl3_setup_read_buffer() success alone is enough to imply that the read bufer is non-NULL, several static analyzers fail to recognize that and throw fits about possible NULL accesses. CID 331010 Fix from and ok jsing
Revision 1.61 / (download) - annotate - [select for diffs], Sun Oct 2 16:36:41 2022 UTC (20 months, 1 week ago) by jsing
Branch: MAIN
Changes since 1.60: +76 -76 lines
Diff to previous 1.60 (colored)
Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL. These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL. Prompted by tb@
Revision 1.60 / (download) - annotate - [select for diffs], Sun Sep 11 13:51:25 2022 UTC (21 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.59: +7 -4 lines
Diff to previous 1.59 (colored)
Use CBS when procesing a CCS message in the legacy stack. ok tb@
Revision 1.59 / (download) - annotate - [select for diffs], Sat Sep 10 15:37:13 2022 UTC (21 months ago) by jsing
Branch: MAIN
Changes since 1.58: +10 -4 lines
Diff to previous 1.58 (colored)
Use CBS to parse TLS alerts in the legacy stack. ok tb@
Revision 1.58 / (download) - annotate - [select for diffs], Sat Mar 26 15:05:53 2022 UTC (2 years, 2 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.57: +83 -107 lines
Diff to previous 1.57 (colored)
Clean up {dtls1,ssl3}_read_bytes()
Now that {dtls1,ssl3}_read_bytes() have been refactored, do a clean up
pass - this cleans up various parts of the code and reduces differences
between these two functions.
ok = 1; *(&(ok)) tb@
ok inoguchi@
Revision 1.57 / (download) - annotate - [select for diffs], Thu Mar 17 17:28:08 2022 UTC (2 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.56: +113 -77 lines
Diff to previous 1.56 (colored)
Rewrite legacy TLS unexpected handshake message handling. Rewrite the code that handles unexpected handshake messages in the legacy TLS stack. Parse the TLS message header up front, then process it based on the message type. Overall the code should be more strict and we should reject various invalid messages that would have previously been accepted. I also reviewed steve's experimental code and fixed the bug that it contained. ok inoguchi@ tb@
Revision 1.56 / (download) - annotate - [select for diffs], Mon Mar 14 16:49:35 2022 UTC (2 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.55: +135 -128 lines
Diff to previous 1.55 (colored)
Factor out unexpected handshake message handling code in the legacy stack. The TLS record layer has to be able to handle unexpected handshake messages that result when it has been asked to read application data. The way that this is currently done in the legacy stack is a layering violation - the record layer knows about DTLS/TLS handshake messages, parsing them and then deciding what action to take. This is further complicated by the need to handle handshake message fragments. For now, factor this code out with minimal changes - since it is a layering violation we have to retain separate code for DTLS and TLS. ok beck@ inoguchi@ tb@
Revision 1.55 / (download) - annotate - [select for diffs], Sat Mar 12 12:53:03 2022 UTC (2 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.54: +67 -35 lines
Diff to previous 1.54 (colored)
Factor out change cipher spec handing code in the legacy stack. Factor out the code that handles the processing of a change cipher spec message that has been read in the legacy stack, deduplicating code in the DTLS stack. ok inoguchi@ tb@
Revision 1.54 / (download) - annotate - [select for diffs], Mon Feb 21 18:22:20 2022 UTC (2 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.53: +71 -51 lines
Diff to previous 1.53 (colored)
Factor out alert handing code in the legacy stack. Pull out the code that processes incoming alerts - a chunk of the complexity is due to the fact that in TLSv1.2 and earlier, alerts can be fragmented across multiple records or multiple alerts can be delivered in a single record. In DTLS there is no way that we can reassemble fragmented alerts (although the RFC is silent on this), however we could have multiple alerts in the same record. This change means that we will handle this situation more appropriately and if we encounter a fragmented alert we will now treat this as a decode error (instead of silently ignoring it). ok beck@ tb@
Revision 1.53 / (download) - annotate - [select for diffs], Sat Feb 5 14:54:10 2022 UTC (2 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.52: +102 -102 lines
Diff to previous 1.52 (colored)
Bye bye S3I. S3I has served us well, however now that libssl is fully opaque it is time to say goodbye. Aside from removing the calloc/free/memset, the rest is mechanical sed. ok inoguchi@ tb@
Revision 1.52 / (download) - annotate - [select for diffs], Mon Oct 25 10:14:48 2021 UTC (2 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.51: +3 -2 lines
Diff to previous 1.51 (colored)
Add record processing limit to DTLS code. This is effectively the same record processing limit that was previously added to the legacy TLS stack - without this a single session can be made to spin on a stream of alerts or other similar records. ok beck@ tb@
Revision 1.51 / (download) - annotate - [select for diffs], Mon Oct 25 10:09:28 2021 UTC (2 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.50: +5 -13 lines
Diff to previous 1.50 (colored)
Use ssl_force_want_read() in the DTLS code. Also mop up some mostly unhelpful comments while here. ok beck@ tb@
Revision 1.50 / (download) - annotate - [select for diffs], Mon Aug 30 19:25:43 2021 UTC (2 years, 9 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.49: +14 -35 lines
Diff to previous 1.49 (colored)
Clean up and simplify info and msg callbacks. The info and msg callbacks result in duplication - both for code that refers to the function pointers and for the call sites. Avoid this by providing typedefs for the function pointers and pulling the calling sequences into their own functions. ok inoguchi@ tb@
Revision 1.49 / (download) - annotate - [select for diffs], Sat Aug 28 15:20:58 2021 UTC (2 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.48: +32 -30 lines
Diff to previous 1.48 (colored)
Clean up and simplify ssl3_dispatch_alert() and ssl3_send_alert(). ok inoguchi@ tb@
Revision 1.48 / (download) - annotate - [select for diffs], Wed Aug 4 12:41:25 2021 UTC (2 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored)
SSL_CTX_remove_session() checks for a NULL session, avoid doing it twice. Noted by tb@ during review of a larger change.
Revision 1.47 / (download) - annotate - [select for diffs], Sat Jul 31 09:31:04 2021 UTC (2 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.46: +2 -2 lines
Diff to previous 1.46 (colored)
We have defines for alert levels - use them instead of magic numbers.
Revision 1.46 / (download) - annotate - [select for diffs], Mon Jul 26 03:17:38 2021 UTC (2 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.45: +16 -4 lines
Diff to previous 1.45 (colored)
Dedup dtls1_dispatch_alert()/ssl3_dispatch_alert(). The code for dtls1_dispatch_alert() and ssl3_dispatch_alert() is largely identical - with a bit of reshuffling we can use ssl3_dispatch_alert() for both protocols and remove the ssl_dispatch_alert function pointer. ok inoguchi@ tb@
Revision 1.45 / (download) - annotate - [select for diffs], Tue Jun 29 18:43:49 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.44: +11 -1 lines
Diff to previous 1.44 (colored)
Reject zero-length non-application data fragments in the legacy stack. Per RFC 5246 section 6.2.1, zero-length fragments are only permitted for application data - reject all others. Reported via GitHub issue #675. ok inoguchi@ tb@
Revision 1.44 / (download) - annotate - [select for diffs], Sun Jun 13 15:34:41 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.43: +1 -5 lines
Diff to previous 1.43 (colored)
Remove tls1_alert_code().
After running the preprocessor, this function becomes:
switch (code) {
case 0:
return (0);
case 10:
return (10);
case 20:
return (20);
...
}
Its intended purpose was to prevent SSLv3 alerts being sent from TLS code,
however now that we've removed "no_certificate" from LibreSSL's reach, it
no longer does anything useful.
ok tb@
Revision 1.43 / (download) - annotate - [select for diffs], Sun May 16 14:10:43 2021 UTC (3 years ago) by jsing
Branch: MAIN
Changes since 1.42: +2 -3 lines
Diff to previous 1.42 (colored)
Make local header inclusion consistent. Consistently include local headers in the same location, using the same grouping/sorting across all files.
Revision 1.42 / (download) - annotate - [select for diffs], Sun May 2 17:46:58 2021 UTC (3 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.41: +2 -9 lines
Diff to previous 1.41 (colored)
Clean up tls1_change_cipher_state(). Replace flag gymnastics at call sites with separate read and write, functions which call the common code. Condition on s->server instead of using SSL_ST_ACCEPT, for consistency and more readable code. ok inoguchi@ tb@
Revision 1.41 / (download) - annotate - [select for diffs], Sun Apr 25 13:15:22 2021 UTC (3 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.40: +12 -26 lines
Diff to previous 1.40 (colored)
Clean up derivation of finished/peer finished. Make this process more readable by having specific client/server functions, calling the correct one based on s->server. This allows to remove various SSL_ST_ACCEPT/SSL_ST_CONNECT checks, along with duplicate code. ok inoguchi@ tb@
Revision 1.40 / (download) - annotate - [select for diffs], Mon Mar 29 16:46:09 2021 UTC (3 years, 2 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.39: +3 -3 lines
Diff to previous 1.39 (colored)
Move finished and peer finished to the handshake struct. This moves the finish_md and peer_finish_md from the 'tmp' struct to the handshake struct, renaming to finished and peer_finished in the process. This also allows the remaining S3I(s) references to be removed from the TLSv1.3 client and server. ok inoguchi@ tb@
Revision 1.39 / (download) - annotate - [select for diffs], Wed Mar 24 18:44:00 2021 UTC (3 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.38: +3 -3 lines
Diff to previous 1.38 (colored)
Rename new_cipher to cipher. This is in the SSL_HANDSHAKE struct and is what we're currently negotiating, so there is really nothing more "new" about the cipher than there is the key block or other parts of the handshake data. ok inoguchi@ tb@
Revision 1.38 / (download) - annotate - [select for diffs], Wed Mar 24 18:40:03 2021 UTC (3 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)
Add SSL_HANDSHAKE_TLS12 for TLSv1.2 specific handshake data. Move TLSv1.2 specific components over from SSL_HANDSHAKE. ok inoguchi@ tb@
Revision 1.37 / (download) - annotate - [select for diffs], Wed Mar 10 18:27:02 2021 UTC (3 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.36: +4 -3 lines
Diff to previous 1.36 (colored)
Improve internal version handling. Add handshake fields for our minimum TLS version, our maximum TLS version and the TLS version negotiated during the handshake. Initialise our min/max versions at the start of the handshake and leave these unchanged. The negotiated TLS version is set in the client once we receive the ServerHello and in the server at the point we select the highest shared version. Provide an ssl_effective_version() function that returns the negotiated TLS version if known, otherwise our maximum TLS version - this is effectively what is stored in s->version currently. Convert most of the internal code to use one of these three version fields, which greatly simplifies code (especially in the TLS extension handling code). ok tb@
Revision 1.36 / (download) - annotate - [select for diffs], Sat Feb 20 14:14:16 2021 UTC (3 years, 3 months ago) by tb
Branch: MAIN
Changes since 1.35: +20 -20 lines
Diff to previous 1.35 (colored)
Rename f_err into fatal_err. discussed with jsing
Revision 1.35 / (download) - annotate - [select for diffs], Mon Feb 8 17:18:39 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.34: +5 -5 lines
Diff to previous 1.34 (colored)
Enforce read ahead with DTLS. DTLS is largely broken/useless without read ahead being enabled, so enforce it for DTLS. This behaviour matches both our documentation and OpenSSL. ok tb@
Revision 1.34 / (download) - annotate - [select for diffs], Tue Jan 19 18:57:09 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.33: +7 -7 lines
Diff to previous 1.33 (colored)
Provide functions to determine if TLSv1.2 record protection is engaged. Call these functions from code that needs to know if we've changed cipher state and enabled record protection, rather than inconsistently checking various pointers from other places in the code base. This also fixes a minor bug where the wrong pointers are checked if we're operating with AEAD. ok inoguchi@ tb@
Revision 1.33 / (download) - annotate - [select for diffs], Wed Oct 14 16:57:33 2020 UTC (3 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.32: +6 -6 lines
Diff to previous 1.32 (colored)
Replace SSL_IS_DTLS with SSL_is_dtls(). Garbage collect the now unused SSL_IS_DTLS macro. ok tb@
Revision 1.32 / (download) - annotate - [select for diffs], Sat Oct 3 17:35:16 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.31: +33 -133 lines
Diff to previous 1.31 (colored)
Reimplement the TLSv1.2 record handling for the read side. This is the next step in replacing the TLSv1.2 record layer. The existing record handling code does decryption and processing in place, which is not ideal for various reasons, however it is retained for now as other code depends on this behaviour. Additionally, CBC requires special handling to avoid timing oracles - for now the existing timing safe code is largely retained. ok beck@ inoguchi@ tb@
Revision 1.31 / (download) - annotate - [select for diffs], Sun Aug 30 15:40:20 2020 UTC (3 years, 9 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.30: +6 -97 lines
Diff to previous 1.30 (colored)
Start replacing the existing TLSv1.2 record layer. This takes the same design/approach used in TLSv1.3 and provides an opaque struct that is self contained and cannot reach back into other layers. For now this just implements/replaces the writing of records for DTLSv1/TLSv1.0/TLSv1.1/TLSv1.2. In doing so we stop copying the plaintext into the same buffer that is used to transmit to the wire. ok inoguchi@ tb@
Revision 1.30 / (download) - annotate - [select for diffs], Sun Aug 9 16:54:16 2020 UTC (3 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.29: +3 -4 lines
Diff to previous 1.29 (colored)
Fix some wrapping/indent.
Revision 1.29 / (download) - annotate - [select for diffs], Sun Aug 9 16:02:58 2020 UTC (3 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.28: +49 -41 lines
Diff to previous 1.28 (colored)
Use CBB more correctly when writing SSL3/DTLS records. Previously we used CBB to build the record headers, but not the entire record. Use CBB_init_fixed() upfront, then build the record header and add space for the record content. However, in order to do this we need to determine the length of the record upfront. This simplifies the code, removes a number of manual bounds checks and makes way for further improvements. ok inoguchi@ tb@
Revision 1.28 / (download) - annotate - [select for diffs], Sun Aug 2 07:33:15 2020 UTC (3 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.27: +3 -3 lines
Diff to previous 1.27 (colored)
Check the return value of tls1_enc() in the write path. The write path can return a failure in the AEAD path and there is no reason not to check a return value. Spotted by tb@ during another review. ok tb@
Revision 1.27 / (download) - annotate - [select for diffs], Sat Aug 1 16:50:16 2020 UTC (3 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.26: +9 -25 lines
Diff to previous 1.26 (colored)
Clean up/simplify more of the dtls1/ssl3 record writing code: - Make the DTLS code much more consistent with the ssl3 code. - Avoid assigning wr->input and wr->length just so they can be used as arguments to memcpy(). - Remove the arc4random_buf() call for the explicit IV, since tls1_enc() already does this for us. ok tb@
Revision 1.26 / (download) - annotate - [select for diffs], Sat Aug 1 16:38:17 2020 UTC (3 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.25: +15 -15 lines
Diff to previous 1.25 (colored)
Pull record version selection code up and pass it as an argument to ssl3_create_record(). ok tb@
Revision 1.25 / (download) - annotate - [select for diffs], Thu Jul 30 16:53:01 2020 UTC (3 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.24: +58 -57 lines
Diff to previous 1.24 (colored)
Clean up and simplify some of the SSL3/DTLS1 record writing code. This will allow for further changes to be made with less complexity and easier review. In particular, decide if we need an empty fragment early on and only do the alignment calculation once (rather than in two separate parts of the function. ok tb@ inoguchi@
Revision 1.24 / (download) - annotate - [select for diffs], Mon Mar 16 15:25:14 2020 UTC (4 years, 2 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)
Consistently spell 'unsigned' as 'unsigned int', as style(9) seems to prefer that. No binary change except in d1_srtp.c where the generated assembly differs only in line numbers (due to a wrapped long line) and in s3_cbc.c where there is no change in the generated assembly. ok inoguchi jsing
Revision 1.23 / (download) - annotate - [select for diffs], Thu Mar 12 17:09:02 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.22: +2 -3 lines
Diff to previous 1.22 (colored)
Stop overloading the record type for padding length. Currently the CBC related code stuffs the padding length in the upper bits of the type field... stop doing that and add a padding_length field to the record struct instead. ok inoguchi@ tb@
Revision 1.22 / (download) - annotate - [select for diffs], Thu Mar 12 17:01:53 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.21: +10 -10 lines
Diff to previous 1.21 (colored)
Use internal versions of SSL3_BUFFER, SSL3_RECORD and DTLS1_RECORD_DATA. SSL3_BUFFER, SSL3_RECORD and DTLS1_RECORD_DATA are currently still in public headers, even though their usage is internal. This moves to using _INTERNAL suffixed versions that are in internal headers, which then allows us to change them without any potential public API fallout. ok inoguchi@ tb@
Revision 1.21 / (download) - annotate - [select for diffs], Tue Mar 10 17:02:21 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.20: +4 -6 lines
Diff to previous 1.20 (colored)
Remove the enc function pointers. The enc function pointers do not serve any purpose these days - remove a layer of indirection and call dtls1_enc()/tls1_enc() directly. ok inoguchi@ tb@
Revision 1.20 / (download) - annotate - [select for diffs], Sun Feb 23 17:59:03 2020 UTC (4 years, 3 months ago) by tb
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
The decryption_failed alert must not be sent by compliant implementations. Use a bad_record_mac alert instead. Found with tlsfuzzer's ChaCha20 test. ok beck inoguchi jsing
Revision 1.19 / (download) - annotate - [select for diffs], Fri Feb 21 16:16:59 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.18: +28 -18 lines
Diff to previous 1.18 (colored)
Convert the SSL/TLS record creation code to CBB. ok inoguchi@ tb@
Revision 1.18 / (download) - annotate - [select for diffs], Fri Feb 21 16:06:00 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.17: +1 -3 lines
Diff to previous 1.17 (colored)
Remove now unused variable. ok inoguchi@ tb@
Revision 1.17 / (download) - annotate - [select for diffs], Wed Feb 19 18:22:54 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.16: +98 -97 lines
Diff to previous 1.16 (colored)
Refactor do_ssl3_write(). When empty fragments were added as a countermeasure against chosen plaintext attacks on CBC, it was done by adding a recursive call to do_ssl3_write(). This makes the code more complex and difficult to change. Split the record creation code into a separate ssl3_create_record() function, which do_ssl3_write() calls. In the case where an empty fragment is needed, ssl3_create_record() is simply called twice, removing the need for recursion. ok inoguchi@ tb@
Revision 1.16 / (download) - annotate - [select for diffs], Tue Mar 19 16:53:03 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
Revert TLS1_get{,_client}_version simplification because DTLS.
Revision 1.15 / (download) - annotate - [select for diffs], Sun Mar 17 15:16:39 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)
Partially clean up the TLS1_get_{,client}_version macros.
LibreSSL only supports TLSv1.0 and above, hence the checks the macros are
performing are useless. Simplify them to their effective code. Also place
both under #ifndef LIBRESSL_INTERNAL and use the variables directly in our
code, which improves readability.
ok tb@
Revision 1.14 / (download) - annotate - [select for diffs], Wed Oct 24 18:04:50 2018 UTC (5 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.13: +24 -24 lines
Diff to previous 1.13 (colored)
Make more of libssl's record layer state internal. In January 2017, we changed large amounts of libssl's data structures to be non-visible/internal, however intentionally left things that the software ecosystem was needing to use. The four or so applications that reached into libssl for record layer related state now implement alternative code. As such, make these data structures internal. ok tb@
Revision 1.13 / (download) - annotate - [select for diffs], Sat Sep 8 14:39:41 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.12: +3 -8 lines
Diff to previous 1.12 (colored)
Remove now unused code for EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE. ok inoguchi@ tb@
Revision 1.12 / (download) - annotate - [select for diffs], Sun May 7 04:22:24 2017 UTC (7 years, 1 month ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.11: +12 -12 lines
Diff to previous 1.11 (colored)
Move state from ssl->internal to the handshake structure. while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
Revision 1.11 / (download) - annotate - [select for diffs], Sat May 6 22:24:58 2017 UTC (7 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.10: +4 -4 lines
Diff to previous 1.10 (colored)
Bring in an SSL_HANDSHAKE structure and commence the great shovelling ok jsing@, gcc@, regress@
Revision 1.10 / (download) - annotate - [select for diffs], Tue Feb 7 02:08:38 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.9: +37 -37 lines
Diff to previous 1.9 (colored)
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
Revision 1.9 / (download) - annotate - [select for diffs], Tue Jan 31 15:35:46 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.8: +9 -1 lines
Diff to previous 1.8 (colored)
Provide an SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows client-initiated renegotiation. The current default behaviour remains unchanged. ok beck@ reyk@
Revision 1.8 / (download) - annotate - [select for diffs], Sun Jan 29 15:31:15 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.7: +9 -9 lines
Diff to previous 1.7 (colored)
Put comment back in the right place.
Revision 1.7 / (download) - annotate - [select for diffs], Thu Jan 26 12:16:13 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.6: +20 -39 lines
Diff to previous 1.6 (colored)
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
Revision 1.6 / (download) - annotate - [select for diffs], Thu Jan 26 10:40:21 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.5: +37 -37 lines
Diff to previous 1.5 (colored)
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
Revision 1.5 / (download) - annotate - [select for diffs], Thu Jan 26 08:19:43 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)
english is hard.
Revision 1.4 / (download) - annotate - [select for diffs], Thu Jan 26 07:20:57 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.3: +21 -4 lines
Diff to previous 1.3 (colored)
Limit the number of sequential empty records that we will process before yielding, and fail if we exceed a maximum. loosely based on what boring and openssl are doing ok jsing@
Revision 1.3 / (download) - annotate - [select for diffs], Thu Jan 26 06:39:08 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.2: +20 -18 lines
Diff to previous 1.2 (colored)
Refactor the code to generate a WANT_READ into a function, as we are using it more and more to avoid spins. ok jsing@
Revision 1.2 / (download) - annotate - [select for diffs], Thu Jan 26 06:32:58 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.1: +11 -11 lines
Diff to previous 1.1 (colored)
Remove most of SSL3_ENC_METHOD - we can just inline the function calls and defines since they are the same everywhere. ok beck@
Revision 1.1 / (download) - annotate - [select for diffs], Thu Jan 26 05:51:54 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Rename s3_{both,clnt,pkt_srvr}.c to have an ssl_ prefix since they are no
longer SSLv3 code.
ok beck@