| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
S3I has served us well, however now that libssl is fully opaque it is time
to say goodbye. Aside from removing the calloc/free/memset, the rest is
mechanical sed.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
Now that DTLS1_STATE is opaque, fold DTLS1_STATE_INTERNAL back into
DTLS1_STATE and remove D1I() usage.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function currently has a long return type that may be <= 0 on
error/retry (which is then cast to an int in order to return it up the
stack), or it returns the length of the handshake message (on success).
This obviously means that 0 can be returned for both success and failure,
which is the reason why a separate 'ok' argument has to exist.
Untangle this mess by changing the return value to an int that indicates
success (1) or error/retry (<= 0). The length never needs to actually be
returned as it is already stored in s->internal->init_num (which is where
the return value is read from anyway).
ok tb@
|
| |
|
|
|
|
| |
The callers know the actual length and can initialise a CBS correctly.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
| |
All this code does is read one byte from memory with an unknown length,
potentially being a one byte overread... and then nothing is actually done
with the value.
ok tb@
|
| |
|
|
|
|
|
| |
Now that SSL_METHOD is opaque and in internal headers, we can remove
SSL_METHOD_INTERNAL by merging it back into SSL_METHOD.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
Due to hysterical raisins there are three different types of defines for
alerts. SSL3_AD_* are from SSLv3, TLS1_AD_* are from TLSv1.0 onwards and
SSL_AD_* currently map to either an SSL3_AD_* or TLS1_AD_* define.
Currently, all three of these are used in various places - switch to using
just SSL_AD_* values internally, as a first step in cleaning this up.
ok tb@
|
| |
|
|
|
|
| |
Use SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER instead.
ok tb@
|
| |
|
|
|
|
| |
This ensures that diff reports the correct function prototype.
Prompted by tb@
|
| |
|
|
|
| |
Consistently include local headers in the same location, using the same
grouping/sorting across all files.
|
| |
|
|
|
|
|
|
| |
Now that the DTLS structs are opaque, add a dtls_locl.h header and move
internal-only structs from dtls1.h, along with prototypes from ssl_locl.h.
Only pull this header in where DTLS code actually exists.
ok inoguchi@ tb@
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
|
|
| |
TLSv1.2 handshake struct.
ok inoguchi@ tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
|
|
|
| |
This allows for all of the DTLS sequence number save/restore code to be
removed.
ok inoguchi@ "whee!" tb@
|
| |
|
|
|
|
|
|
|
|
| |
This provides the basic framework for handling change of cipher state in
the new TLSv1.2 record layer, creating new record protection. In the DTLS
case we retain the previous write record protection and can switch back to
it when retransmitting. This will allow the record layer to start owning
sequence numbers and encryption/decryption state.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
| |
Rather than manually calculating the maximum record layer overhead in the
DTLS code, have the record layer provide this information. This also makes
it work correctly with AEAD ciphersuites.
ok inoguchi@ tb@
|
| |
|
|
| |
ok jsing kn
|
| |
|
|
|
|
|
|
|
|
| |
When retransmitting a flight that includes a CCS, the record protection
from the previous epoch has to be used to send the messages up to and
including the CCS, with messages after the CCS using record protection
from the current epoch. The code that restores the record protection state
failed to work correctly with the new TLSv1.2 record layer.
ok tb@
|
| |
|
|
|
|
|
|
| |
This condition previously existed for DTLS BAD_VER, which has long been
removed. Furthermore, conditioning on DTLS1_VERSION means this is broken
for any newer DTLS version. While here roll up two assertions into one.
ok tb@
|
| |
|
|
|
|
|
|
| |
Currently dtls1_drain_fragments() has a incomplete handrolled version of
dtls1_hm_fragment_free(), which has the potential to leak memory. Replace
the handrolled free with a call to dtls1_hm_fragment_free().
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
Rather than using local variables and having to remember which things need
to be freed upon a failure at a certain point, simply allocate into the
hm_fragment struct and call dtls1_hm_fragment_free() on failure.
Also use calloc() to ensure memory is appropriately zeroed/initialised.
ok tb@
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
instead
From Pamela Mosiejczuk, many thanks!
OK phessler@ deraadt@
|
| |
|
|
|
|
|
| |
This provides a cleaner, simpler and more readable API, with code that uses
a BUF_MEM instead of a BIO.
ok beck@ ("hurry up") and tb@.
|
| |
|
|
|
|
|
|
|
|
| |
EVP_MD_CTX_create -> EVP_MD_CTX_new
EVP_MD_CTX_destroy -> EVP_MD_CTX_free
This should make the intent more obvious and reduce head scratching during
code reviews.
Raised by tb@
|
| |
|
|
|
|
|
| |
ssl3_pending() is used for all protocols and dtls1_shutdown() just calls
ssl3_shutdown(), so just call the appropriate function directly instead.
ok beck@ inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
| |
There are three versions of the DTLS header writing code, which primarily
differ by the fragment offset and fragment length values that differ.
Rework dtls1_write_message_header() such that it can be used in all three
cases and convert it to CBB in the process.
ok inoguchi@ tb@
|
| |
|
|
|
|
| |
which allows us to drop dtls1_send_change_cipher_spec() entirely.
ok inoguchi@
|
| |
|
|
|
|
|
| |
while we are at it, convert SSLerror to use a function
internally, so that we may later allocate the handshake
structure and check for it
ok jsing@
|
| |
|
|
|
| |
function. Nothing makes use of the return value and the second argument
was only used to produce the return value...
|
| |
|
|
|
|
|
|
|
| |
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
| |
|
|
| |
line wraps that resulted
|
| |
|
|
|
|
|
| |
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@
|
| |
|
|
| |
Discussed with beck@
|
| |
|
|
|
| |
so these should not be diddled with directly
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
| |
known to be used by ports.
ok beck@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
handshake functions, we can remove more copied code from DTLS.
|
| |
|
|
| |
ok doug@ bcook@
|
| |
|
|
|
|
| |
ssl3_ prefix.
ok beck@
|
| |
|
|
|
|
|
| |
both essentially the same (in fact DTLS benefits from improvements
previously made to the ssl3_send_finished() function).
ok beck@
|
| |
|
|
|
|
| |
ssl3_handshake_msg_start()/ssl3_handshake_msg_finish().
ok beck@
|
| |
|
|
|
|
|
| |
incomplete implementations just so that we can interoperate with products
from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
| |
|
|
|
|
| |
This mimics free()'s behavior which makes error handling simpler.
ok bcook@ miod@
|
| |
|
|
|
|
|
| |
Changed return value from void to int. It should never return an error
given that the input length is not checked yet.
ok miod@
|
| |
|
|
|
|
|
|
| |
OpenBSD does not have SCTP support and it sees little use in the wild.
OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this
is a code removal only and symbols should remain unchanged.
ok beck@ miod@ tedu@
|
