summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_both.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Support OPENSSL_NO_FILENAMEStb8 days1-2/+2
| | | | | | | | | | Some people are concerned that leaking a user name is a privacy issue. Allow disabling the __FILE__ and __LINE__ argument in the error stack to avoid this. This can be improved a bit in tree. From Viktor Szakats in https://github.com/libressl/portable/issues/761 ok bcook jsing
* spelling fixes; from paul tagliamontejmc2022-12-261-4/+4
| | | | ok tb
* Make internal header file names consistenttb2022-11-261-3/+3
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.jsing2022-10-021-67/+67
| | | | | | | | These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL. Prompted by tb@
* Bye bye S3I.jsing2022-02-051-8/+8
| | | | | | | | S3I has served us well, however now that libssl is fully opaque it is time to say goodbye. Aside from removing the calloc/free/memset, the rest is mechanical sed. ok inoguchi@ tb@
* Fold DTLS1_STATE_INTERNAL into DTLS1_STATE.jsing2021-10-231-50/+50
| | | | | | | Now that DTLS1_STATE is opaque, fold DTLS1_STATE_INTERNAL back into DTLS1_STATE and remove D1I() usage. ok tb@
* Untangle ssl3_get_message() return values.jsing2021-10-231-13/+9
| | | | | | | | | | | | | | | This function currently has a long return type that may be <= 0 on error/retry (which is then cast to an int in order to return it up the stack), or it returns the length of the handshake message (on success). This obviously means that 0 can be returned for both success and failure, which is the reason why a separate 'ok' argument has to exist. Untangle this mess by changing the return value to an int that indicates success (1) or error/retry (<= 0). The length never needs to actually be returned as it is already stored in s->internal->init_num (which is where the return value is read from anyway). ok tb@
* Change dtls1_get_message_header() to take a CBS.jsing2021-09-041-17/+15
| | | | | | The callers know the actual length and can initialise a CBS correctly. ok inoguchi@ tb@
* Mop up dtls1_get_ccs_header() and struct ccs_header_st.jsing2021-07-191-9/+1
| | | | | | | | All this code does is read one byte from memory with an unknown length, potentially being a one byte overread... and then nothing is actually done with the value. ok tb@
* Merge SSL_METHOD_INTERNAL into SSL_METHOD.jsing2021-07-011-7/+7
| | | | | | | Now that SSL_METHOD is opaque and in internal headers, we can remove SSL_METHOD_INTERNAL by merging it back into SSL_METHOD. ok tb@
* Only use SSL_AD_* internally.jsing2021-06-111-2/+2
| | | | | | | | | | | Due to hysterical raisins there are three different types of defines for alerts. SSL3_AD_* are from SSLv3, TLS1_AD_* are from TLSv1.0 onwards and SSL_AD_* currently map to either an SSL3_AD_* or TLS1_AD_* define. Currently, all three of these are used in various places - switch to using just SSL_AD_* values internally, as a first step in cleaning this up. ok tb@
* SSL3_AD_ILLEGAL_PARAMETER is not a valid SSLerror() reason code.jsing2021-06-111-2/+2
| | | | | | Use SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER instead. ok tb@
* Indent all labels with a single space.jsing2021-06-111-5/+5
| | | | | | This ensures that diff reports the correct function prototype. Prompted by tb@
* Make local header inclusion consistent.jsing2021-05-161-3/+2
| | | | | Consistently include local headers in the same location, using the same grouping/sorting across all files.
* Move DTLS structs/definitions/prototypes to dtls_locl.h.jsing2021-05-161-2/+3
| | | | | | | | Now that the DTLS structs are opaque, add a dtls_locl.h header and move internal-only structs from dtls1.h, along with prototypes from ssl_locl.h. Only pull this header in where DTLS code actually exists. ok inoguchi@ tb@
* Replace DTLS w_epoch with epoch from TLSv1.2 record layer.jsing2021-05-051-9/+8
| | | | ok inoguchi@ tb@
* Move reuse_message, message_type, message_size and cert_verify into thejsing2021-04-191-7/+7
| | | | | | TLSv1.2 handshake struct. ok inoguchi@ tb@
* Move handling of cipher/hash based cipher suites into the new record layer.jsing2021-02-271-10/+7
| | | | ok tb@
* Rename f_err into fatal_err.tb2021-02-201-8/+8
| | | | discussed with jsing
* Move sequence numbers into the new TLSv1.2 record layer.jsing2021-01-261-18/+1
| | | | | | | This allows for all of the DTLS sequence number save/restore code to be removed. ok inoguchi@ "whee!" tb@
* Add code to handle change of cipher state in the new TLSv1.2 record layer.jsing2021-01-191-6/+5
| | | | | | | | | | This provides the basic framework for handling change of cipher state in the new TLSv1.2 record layer, creating new record protection. In the DTLS case we retain the previous write record protection and can switch back to it when retransmitting. This will allow the record layer to start owning sequence numbers and encryption/decryption state. ok inoguchi@ tb@
* Provide record layer overhead for DTLS.jsing2021-01-191-15/+7
| | | | | | | | Rather than manually calculating the maximum record layer overhead in the DTLS code, have the record layer provide this information. This also makes it work correctly with AEAD ciphersuites. ok inoguchi@ tb@
* Mark bitmask_{start,end}_values[] and g_probable_mtu[] const.tb2020-12-051-4/+4
| | | | ok jsing kn
* Unbreak DTLS retransmissions for flights that include a CCS.jsing2020-10-151-7/+8
| | | | | | | | | | When retransmitting a flight that includes a CCS, the record protection from the previous epoch has to be used to send the messages up to and including the CCS, with messages after the CCS using record protection from the current epoch. The code that restores the record protection state failed to work correctly with the new TLSv1.2 record layer. ok tb@
* Fix an assert conditioned on DTLS1_VERSION.jsing2020-10-111-9/+4
| | | | | | | | This condition previously existed for DTLS BAD_VER, which has long been removed. Furthermore, conditioning on DTLS1_VERSION means this is broken for any newer DTLS version. While here roll up two assertions into one. ok tb@
* Call dtls1_hm_fragment_free() from dtls1_drain_fragments()jsing2020-09-261-3/+3
| | | | | | | | Currently dtls1_drain_fragments() has a incomplete handrolled version of dtls1_hm_fragment_free(), which has the potential to leak memory. Replace the handrolled free with a call to dtls1_hm_fragment_free(). ok inoguchi@ tb@
* Have dtls1_hm_fragment_new() call dtls1_hm_fragment_free() on failure.jsing2020-09-261-26/+17
| | | | | | | | | | Rather than using local variables and having to remember which things need to be freed upon a failure at a certain point, simply allocate into the hm_fragment struct and call dtls1_hm_fragment_free() on failure. Also use calloc() to ensure memory is appropriately zeroed/initialised. ok tb@
* Use 0 instead of 0x00 for memset() calls.jsing2020-08-111-4/+4
| | | | ok inoguchi@ tb@
* "non-existant" is one of those words that don't exist, so use "non-existent"phessler2019-02-101-2/+2
| | | | | | | instead From Pamela Mosiejczuk, many thanks! OK phessler@ deraadt@
* Clean up and simplify the handshake transcript code.jsing2018-11-081-3/+3
| | | | | | | This provides a cleaner, simpler and more readable API, with code that uses a BUF_MEM instead of a BIO. ok beck@ ("hurry up") and tb@.
* Use the newer/more sensible names for EVP_MD_CTX_* functions.jsing2018-09-051-2/+2
| | | | | | | | | | EVP_MD_CTX_create -> EVP_MD_CTX_new EVP_MD_CTX_destroy -> EVP_MD_CTX_free This should make the intent more obvious and reduce head scratching during code reviews. Raised by tb@
* Nuke ssl_pending/ssl_shutdown function pointers.jsing2018-08-301-10/+1
| | | | | | | ssl3_pending() is used for all protocols and dtls1_shutdown() just calls ssl3_shutdown(), so just call the appropriate function directly instead. ok beck@ inoguchi@ tb@
* Dedup DTLS header writing code and convert to CBB.jsing2018-08-271-25/+35
| | | | | | | | | There are three versions of the DTLS header writing code, which primarily differ by the fragment offset and fragment length values that differ. Rework dtls1_write_message_header() such that it can be used in all three cases and convert it to CBB in the process. ok inoguchi@ tb@
* Convert ssl3_send_change_cipher_spec() to use CBB and make it handle DTLS,jsing2017-10-081-39/+2
| | | | | | which allows us to drop dtls1_send_change_cipher_spec() entirely. ok inoguchi@
* Move state from ssl->internal to the handshake structure.beck2017-05-071-4/+4
| | | | | | | while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
* Drop the second argument of dtls1_set_message_header() and make it a voidjsing2017-03-041-6/+4
| | | | | function. Nothing makes use of the return value and the second argument was only used to produce the return value...
* Change SSLerror() back to taking two args, with the first one being an SSL *.beck2017-02-071-9/+9
| | | | | | | | | Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
* Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the uglybeck2017-01-261-15/+8
| | | | line wraps that resulted
* Send the error function codes to rot in the depths of hell where they belongbeck2017-01-261-9/+9
| | | | | | | We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
* Split most of SSL_METHOD out into an internal variant, which is opaque.jsing2017-01-231-7/+7
| | | | Discussed with beck@
* send state and rstate from ssl_st into internal. There are accessorsbeck2017-01-231-4/+4
| | | | | so these should not be diddled with directly ok jsing@
* Move a large part of ssl_st into internal, so we can see what squeals.beck2017-01-231-70/+70
| | | | ok jsing@
* move the callbacks from ssl_st to internalbeck2017-01-231-10/+10
| | | | ok jsing@
* Move most of the SSL3_STATE fields to internal - the ones that remain arejsing2017-01-221-18/+18
| | | | | | known to be used by ports. ok beck@
* Move most of DTLS1_STATE to internal.beck2017-01-221-58/+58
| | | | ok jsing@
* Now that ssl3_send_{client,server}_certificate() are using the commonjsing2016-12-061-75/+1
| | | | handshake functions, we can remove more copied code from DTLS.
* Make sure stdio functions don't end up in the library, from miod@beck2016-03-061-1/+7
| | | | ok doug@ bcook@
* Rename functions that moved to t1_enc.c, with a tls1_ prefix instead of ajsing2015-09-111-3/+3
| | | | | | ssl3_ prefix. ok beck@
* Replace dtls1_send_finished() with ssl3_send_finished() - they're nowjsing2015-09-111-42/+1
| | | | | | | both essentially the same (in fact DTLS benefits from improvements previously made to the ssl3_send_finished() function). ok beck@
* Convert dtls1_send_finished() and ssl3_send_finished() tojsing2015-09-111-12/+5
| | | | | | ssl3_handshake_msg_start()/ssl3_handshake_msg_finish(). ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 08:33:49 +0000