summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_clnt.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove the ssl_get_message function pointer from SSL_METHOD_INTERNAL.jsing2020-01-231-3/+2
| | | | | | | | | ssl_get_message is essentially a switch between ssl3_get_message and dtls1_get_message, both only used by the legacy stack. Instead, use SSL_IS_DTLS() in ssl3_get_message to call the DTLS function when necessary. ok beck@ inoguchi@ tb@
* Consolidate all of the SSL method structs/functions into a single file.jsing2018-11-051-44/+1
| | | | Discussed with tb@
* Nuke ssl_pending/ssl_shutdown function pointers.jsing2018-08-301-3/+1
| | | | | | | ssl3_pending() is used for all protocols and dtls1_shutdown() just calls ssl3_shutdown(), so just call the appropriate function directly instead. ok beck@ inoguchi@ tb@
* Remove function pointers for ssl_{read,write,peek}.jsing2018-04-071-4/+1
| | | | | | | Now that everything goes through the same code path, we can remove a layer of indirection and just call ssl3_{read,write,peek} directly. ok beck@ inoguchi@
* Merge dtls1_connect() into ssl3_connect(), removing a large amount ofjsing2017-10-101-434/+2
| | | | | | | | duplicated code. For now this is essentially adds a diff of the two functions with 'if (SSL_IS_DTLS(s))' - further clean up and improvement will follow. ok inoguchi@
* Reduce non-functional differences between dtls1_connect() andjsing2017-10-081-32/+38
| | | | ssl3_connect() - synchronise comments, whitespace, line wrapping, etc.
* Convert ssl3_send_change_cipher_spec() to use CBB and make it handle DTLS,jsing2017-10-081-2/+2
| | | | | | which allows us to drop dtls1_send_change_cipher_spec() entirely. ok inoguchi@
* Move state from ssl->internal to the handshake structure.beck2017-05-071-36/+36
| | | | | | | while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
* Bring in an SSL_HANDSHAKE structure and commence the great shovellingbeck2017-05-061-12/+12
| | | | ok jsing@, gcc@, regress@
* Change SSLerror() back to taking two args, with the first one being an SSL *.beck2017-02-071-4/+4
| | | | | | | | | Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
* Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the uglybeck2017-01-261-3/+2
| | | | line wraps that resulted
* Send the error function codes to rot in the depths of hell where they belongbeck2017-01-261-4/+4
| | | | | | | We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
* Remove most of SSL3_ENC_METHOD - we can just inline the function callsjsing2017-01-261-5/+5
| | | | | | and defines since they are the same everywhere. ok beck@
* Merge the client/server version negotiation into the existing (currentlyjsing2017-01-261-3/+2
| | | | | | fixed version) client/server code. ok beck@
* Split most of SSL_METHOD out into an internal variant, which is opaque.jsing2017-01-231-14/+18
| | | | Discussed with beck@
* Remove ssl_ctrl, ssl_ctx_ctrl, ssl_callback_ctrl and ssl_ctx_callback_ctrljsing2017-01-231-5/+1
| | | | | | | from SSL_METHOD, replacing usage with direct calls to the appropriate functions. ok beck@
* send state and rstate from ssl_st into internal. There are accessorsbeck2017-01-231-36/+36
| | | | | so these should not be diddled with directly ok jsing@
* Move a large part of ssl_st into internal, so we can see what squeals.beck2017-01-231-41/+41
| | | | ok jsing@
* move the callbacks from ssl_st to internalbeck2017-01-231-6/+6
| | | | ok jsing@
* Move callback function pointers and argument pointers from SSL_CTX tojsing2017-01-231-3/+3
| | | | | | internal. ok beck@
* Move the stats struct from SSL_CTX to internal.jsing2017-01-231-5/+5
| | | | ok beck@
* Move most of the SSL3_STATE fields to internal - the ones that remain arejsing2017-01-221-20/+20
| | | | | | known to be used by ports. ok beck@
* Move most of DTLS1_STATE to internal.beck2017-01-221-13/+13
| | | | ok jsing@
* Specify minimum and maximum protocol version for each method. This isjsing2017-01-211-1/+3
| | | | | | currently unused, but will be in the near future. ok beck@
* Now that ssl3_send_{client,server}_certificate() are using the commonjsing2016-12-061-67/+2
| | | | handshake functions, we can remove more copied code from DTLS.
* Rename ssl3_get_key_exchange() to ssl3_get_server_key_exchange(), sincejsing2016-11-041-2/+2
| | | | | | that's what it really is. ok miod@
* The *_method_data structures can be staticguenther2016-11-041-2/+2
| | | | ok jsing@
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-111-3/+2
| | | | ok doug@
* Remove most of the SSLv3 version checks and a few TLS v1.0.doug2015-09-121-11/+3
| | | | | | | We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and DTLS1_BAD_VER support was removed. "reads ok" miod@
* Uncopy and unpaste dtls1_send_client_verify() - thejsing2015-09-121-72/+2
| | | | | ssl3_send_client_verify() is different, but it correctly supports things like SIGALGS. Another 74 lines of code bites the dust.
* Uncopy and unpaste dtls1_send_client_key_exchange() - thejsing2015-09-121-267/+4
| | | | | | | | ssl3_send_client_key_exchange() is effectively identical, in fact it has a number of bug fixes and improvements that never got merged into the DTLS copy of the code. Flenses another 264 lines of code. ok beck@
* Rename functions that moved to t1_enc.c, with a tls1_ prefix instead of ajsing2015-09-111-3/+3
| | | | | | ssl3_ prefix. ok beck@
* Replace dtls1_send_finished() with ssl3_send_finished() - they're nowjsing2015-09-111-2/+2
| | | | | | | both essentially the same (in fact DTLS benefits from improvements previously made to the ssl3_send_finished() function). ok beck@
* Remove support for DTLS_BAD_VER. We do not support non-standard andjsing2015-09-101-4/+3
| | | | | | | incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years. ok bcook@ miod@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-101-2/+2
| | | | ok miod@
* Replace dtls1_client_hello() with ssl3_client_hello() - both are basicallyjsing2015-09-021-99/+6
| | | | | | | | | | | the same code, with two slight differences for DTLS handling. Also, make use of send_cookie to determine if the client random needs to be preserved, rather than testing if it is zeroed (hopefully your random number generator never returned all zeros, since the existing code would break). Inspired by BoringSSL. ok doug@
* Flense out dead code, we don't do ecdhe_clnt_cert.beck2015-07-151-89/+35
| | | | | coverity ID's 21691 21698 ok miod@, "Fry it" jsing@
* Convert dtls1_get_hello_verify to CBS.doug2015-07-141-17/+23
| | | | ok miod@ jsing@
* Fix bad indenting in LibreSSL.doug2015-06-131-2/+2
| | | | | | | | | jsg@ noticed that some of the lines in libssl and libcrypto are not indented properly. At a quick glance, it looks like it has a different control flow than it really does. I checked the history in our tree and in OpenSSL to make sure these were simple mistakes. ok miod@ jsing@
* Factor out the init_buf initialisation code, rather than duplicating itjsing2015-03-271-20/+6
| | | | | | in four different places. ok doug@ guenther@
* Jettison DTLS over SCTP.jsing2015-02-091-145/+1
| | | | | | | | OpenBSD does not have SCTP support and it sees little use in the wild. OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this is a code removal only and symbols should remain unchanged. ok beck@ miod@ tedu@
* Bring back the horrible API that is get_cipher_by_char/put_cipher_by_char.jsing2015-02-061-1/+3
| | | | | | | | This API was intended to be an internal only, however like many things in OpenSSL, it is exposed externally and parts of the software ecosystem are now using it since there is no real alternative within the public API. ok doug@, tedu@ and reluctantly miod@
* Convert all of the straight forward client handshake handling code to usejsing2014-12-141-52/+19
| | | | | | the new handshake functions. ok miod@
* ssl3_init_finished_mac() calls BIO_new() which can fail since it in turnjsing2014-12-101-2/+5
| | | | | | | | calls malloc(). Instead of silently continuing on failure, check the return value of BIO_new() and propagate failure back to the caller for appropriate handling. ok bcook@
* Remove client handling of RSA in ServerKeyExchange messages, along withjsing2014-12-061-14/+10
| | | | | | | | | the associated peer_rsa_tmp goop. This was only needed for export cipher handling and intentional RFC violations. The export cipher suites have already been removed and previous cleanup means that we will never send ServerKeyExchange messages from the server side for RSA.
* Avoid a NULL dereference in the DTLS client that can be triggered by ajsing2014-11-271-1/+9
| | | | | | | | | | | | crafted server response used in conjunction with an anonymous DH or anonymous ECDH ciphersuite. Fixes CVE-2014-3510, which is effectively a repeat of CVE-2014-3470 in copied code. Reported by Felix Groebert of the Google Security Team. ok beck@ miod@
* Sort and group includes.jsing2014-11-161-4/+6
|
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-181-5/+3
| | | | | | | | | | | | | | | arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
* Remove SSL_kDHr, SSL_kDHd and SSL_aDH. No supported ciphersuites use them,jsing2014-09-071-2/+2
| | | | | | nor do we plan on supporting them. ok guenther@
* Since we no longer need to support SSLv2-style cipher lists, startjsing2014-08-101-4/+2
| | | | | | | | | | unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros. Prompted by similar changes in boringssl. ok guenther.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 08:24:09 +0000