| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
With the guentherizer 9000
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
| |
|
|
|
|
|
|
| |
These are no longer necessary due to SSL_CTX and SSL now being fully
opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back
into SSL.
Prompted by tb@
|
| |
|
|
|
|
| |
CID 24838
comment and ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
SRTP_AEAD_AES_128_GCM/SRTP_AEAD_AES_256_GCM can be used as DTLS-SRTP
protection profiles - seen with an update of telephony/baresip i'm
working on.
adapted from openssl commit 43e5faa2539ae8aae6ef55be2239b9b1a77fea45
ok tb@ jsing@
|
| |
|
|
|
|
|
|
| |
Now that the DTLS structs are opaque, add a dtls_locl.h header and move
internal-only structs from dtls1.h, along with prototypes from ssl_locl.h.
Only pull this header in where DTLS code actually exists.
ok inoguchi@ tb@
|
| |
|
|
|
|
| |
Where a file references to OPENSSL_NO_* conditions, ensure that we
explicitly include <openssl/opensslconf.h> before any references, rather
than relying on another header to pull this in.
|
| |
|
|
|
|
|
|
| |
There is no reason (and there never was any) for profile_name to be
non-const, it was always just passed to strncmp(). Changing this
allows removing an ugly instance of casting away const.
ok guenther jsing
|
| |
|
|
| |
ok tb@ jsing@
|
| |
|
|
|
|
|
|
|
| |
to prefer that. No binary change except in d1_srtp.c where the
generated assembly differs only in line numbers (due to a wrapped
long line) and in s3_cbc.c where there is no change in the generated
assembly.
ok inoguchi jsing
|
| |
|
|
|
|
| |
setting it.
From Ben L <bobsayshilol () live ! co ! uk>.
|
| |
|
|
| |
input + ok beck@, jsing@
|
| |
|
|
|
|
|
|
|
| |
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
| |
|
|
| |
line wraps that resulted
|
| |
|
|
|
|
|
| |
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@
|
| | |
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
| |
known to be in use.
ok beck@
|
| |
|
|
|
|
|
| |
jsing@ noticed that during the CBS conversion, an extra CBS_len
comparison was introduced. It should be 0 after extracting MKI.
ok jsing@ bcook@ deraadt@
|
| |
|
|
| |
ok miod@ jsing@
|
| |
|
|
| |
reluctant ok miod@
|
| |
|
|
| |
ok miod@ jsing@
|
| | |
|
| |
|
|
|
|
| |
Reported by Felix Groebert of the Google Security Team.
ok beck@ miod@
|
| | |
|
| |
|
|
| |
From BoringSSL.
|
| | |
|
| |
|
|
|
|
| |
(Thanks to Brent Cook)
OK from tedu@
|
| | |
|
| |
|
|
| |
a not quite appropriate data structure. ok jsing
|
| | |
|
| |
|
|
|
| |
readable. This pass is whitespace only and can readily be verified using
tr and md5.
|
| | |
|
| |
|
