summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_lib.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use internal versions of SSL3_BUFFER, SSL3_RECORD and DTLS1_RECORD_DATA.jsing2020-03-121-5/+5
| | | | | | | | | SSL3_BUFFER, SSL3_RECORD and DTLS1_RECORD_DATA are currently still in public headers, even though their usage is internal. This moves to using _INTERNAL suffixed versions that are in internal headers, which then allows us to change them without any potential public API fallout. ok inoguchi@ tb@
* Remove the enc function pointers.jsing2020-03-101-2/+1
| | | | | | | The enc function pointers do not serve any purpose these days - remove a layer of indirection and call dtls1_enc()/tls1_enc() directly. ok inoguchi@ tb@
* Convert dtls1_build_sequence_number() to CBB.jsing2020-02-211-7/+15
| | | | ok inoguchi@ tb@
* Use freezero() for the internal opaque structures, instead of the currentjsing2017-04-101-6/+3
| | | | explicit_bzero()/free(). Less code and potentially less overhead.
* Change SSLerror() back to taking two args, with the first one being an SSL *.beck2017-02-071-2/+2
| | | | | | | | | Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
* Send the error function codes to rot in the depths of hell where they belongbeck2017-01-261-2/+2
| | | | | | | We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
* Remove most of SSL3_ENC_METHOD - we can just inline the function callsjsing2017-01-261-14/+1
| | | | | | and defines since they are the same everywhere. ok beck@
* Change the SSL_IS_DTLS() macro to check the version, rather than using ajsing2017-01-251-2/+2
| | | | | | | flag in the encryption methods. We can do this since there is currently only one DTLS version. This makes upcoming changes easier. ok beck@
* Split most of SSL_METHOD out into an internal variant, which is opaque.jsing2017-01-231-2/+2
| | | | Discussed with beck@
* Move most of DTLS1_STATE to internal.beck2017-01-221-42/+42
| | | | ok jsing@
* Convert publically visible structs to translucent structs.jsing2017-01-221-4/+17
| | | | | | | | | | | | | This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary. This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified. ok beck@
* Mark a couple local functions as staticguenther2016-11-041-2/+2
| | | | ok jsing@ beck@
* remove NULL checks for pqueue_free()mmcc2016-02-291-11/+6
| | | | ok doug@
* include <sys/time.h> for gettimeofday(2)bcook2015-10-071-1/+2
|
* Remove support for DTLS_BAD_VER. We do not support non-standard andjsing2015-09-101-5/+3
| | | | | | | incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years. ok bcook@ miod@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-101-2/+2
| | | | ok miod@
* Allow *_free() functions in libssl to handle NULL input.doug2015-07-191-1/+4
| | | | | | This mimics free()'s behavior which makes error handling simpler. ok bcook@ miod@
* Fix several crash causing defects from OpenSSL.tedu2015-03-191-1/+4
| | | | | | | | | | | | | These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt joint work with beck, doug, guenther, jsing, miod
* Jettison DTLS over SCTP.jsing2015-02-091-8/+1
| | | | | | | | OpenBSD does not have SCTP support and it sees little use in the wild. OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this is a code removal only and symbols should remain unchanged. ok beck@ miod@ tedu@
* Remove trailing whitespace.jsing2014-12-141-4/+4
|
* Sort and group includes.jsing2014-11-161-1/+2
|
* avoid sys/param.h; Jonas Termansenderaadt2014-07-171-2/+2
|
* In dtls1_clear_queues(), free buffered_add_data.q correctly, it's made ofmiod2014-07-111-4/+4
| | | | | | DTLS1_RECORD_DATA, not hm_fragment. OpenSSL PR #3286 via OpenSSL trunk.
* remove unused, private version strings except SSL_version_strbcook2014-07-091-2/+1
| | | | | | Also remove unused des_ver.h, which exports some of these strings, but is not installed. ok miod@ tedu@
* Pull the code that builds a DTLS sequence number out into its own functionjsing2014-06-211-1/+14
| | | | | | to avoid duplication. Also use fewer magic numbers. ok miod@
* Remove support for the `opaque PRF input' extension, which draft has expiredmiod2014-06-131-1/+3
| | | | | | | | 7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Fix memory leak: free s if calloc fails.logan2014-06-111-1/+3
| | | | | | (From Jonas Maebe) OK from beck@
* Make it substantially easier to identify protocol version requirementsjsing2014-05-291-0/+1
| | | | | | | | | | | | | | by adding an enc_flags field to the ssl3_enc_method, specifying four flags that are used with this field and providing macros for evaluating these conditions. Currently the version requirements are identified by continually checking the version number and other criteria. This change also adds separate SSL3_ENC_METHOD data for TLS v1.1 and v1.2, since they have different enc_flags from TLS v1. Based on changes in OpenSSL head. No objection from miod@
* There is no point in checking if a pointer is non-NULL before calling free,jsing2014-05-281-6/+2
| | | | | | | | since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
* repair some KNF missed by the script; ok jsingderaadt2014-05-261-6/+10
|
* Use C99 initialisers for SSL3_ENC_METHOD structs.jsing2014-05-241-12/+14
| | | | ok miod@
* Stop pulling pqueue.h into ssl_locl.h since only a small part of libssljsing2014-05-221-0/+2
| | | | | | | | | | actually needs it. Instead, just include it in the files where it is actually necessary. Also remove standard includes from pqueue.h so that they are not available as a side effect. Just add the two includes that are needed to pqueue.c. ok miod@
* gettimeofday() is portable enough and does not need a wrapperderaadt2014-04-201-9/+2
|
* calloc() rather than malloc+memsetderaadt2014-04-201-2/+2
|
* More KNF and style consistency tweaksguenther2014-04-191-2/+2
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-13/+13
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miodtedu2014-04-141-7/+0
|
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-141-184/+180
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* Revert previous. I don't known why cvs blame tells me I committed this,mpi2014-04-141-27/+292
| | | | | but after cross-checking with 1.0.1g sources, they are not coming from my change.
* Revert to 1.1 minus the VMS stuff, I accidentally committed this chunkmpi2014-04-141-292/+27
| | | | in my last change.
* Fix the gettimeofday function that I broke with my last commit.beck2014-04-131-6/+0
| | | | | noticed by mattheew and deraadt ok deraadt@
* Remove vms support stuff.beck2014-04-131-10/+0
| | | | ok deraadt@
* Do not include "e_os.h" anymore. Simply pull in the necessary headers.mpi2014-04-131-1/+5
| | | | ok miod@, deraadt@
* Import OpenSSL 1.0.1gmiod2014-04-131-0/+1
|
* import OpenSSL-1.0.1cdjm2012-10-131-11/+43
|
* OpenSSL 1.0.0f: import upstream sourcedjm2012-01-051-1/+8
|
* import OpenSSL 1.0.0edjm2011-11-031-8/+57
|
* import OpenSSL-1.0.0adjm2010-10-011-26/+209
|
* import openssl-0.9.8jdjm2009-01-091-0/+1
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 10:38:25 +0000