summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_srvr.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Change SSLerror() back to taking two args, with the first one being an SSL *.beck2017-02-071-6/+6
| | | | | | | | | Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
* Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the uglybeck2017-01-261-5/+3
| | | | line wraps that resulted
* Send the error function codes to rot in the depths of hell where they belongbeck2017-01-261-6/+6
| | | | | | | We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
* Remove most of SSL3_ENC_METHOD - we can just inline the function callsjsing2017-01-261-7/+7
| | | | | | and defines since they are the same everywhere. ok beck@
* Merge the client/server version negotiation into the existing (currentlyjsing2017-01-261-3/+2
| | | | | | fixed version) client/server code. ok beck@
* Split most of SSL_METHOD out into an internal variant, which is opaque.jsing2017-01-231-15/+19
| | | | Discussed with beck@
* Remove ssl_ctrl, ssl_ctx_ctrl, ssl_callback_ctrl and ssl_ctx_callback_ctrljsing2017-01-231-5/+1
| | | | | | | from SSL_METHOD, replacing usage with direct calls to the appropriate functions. ok beck@
* send state and rstate from ssl_st into internal. There are accessorsbeck2017-01-231-46/+46
| | | | | so these should not be diddled with directly ok jsing@
* Move a large part of ssl_st into internal, so we can see what squeals.beck2017-01-231-39/+39
| | | | ok jsing@
* move the callbacks from ssl_st to internalbeck2017-01-231-6/+6
| | | | ok jsing@
* Move callback function pointers and argument pointers from SSL_CTX tojsing2017-01-231-6/+6
| | | | | | internal. ok beck@
* Move the stats struct from SSL_CTX to internal.jsing2017-01-231-4/+4
| | | | ok beck@
* Move most of the SSL3_STATE fields to internal - the ones that remain arejsing2017-01-221-20/+20
| | | | | | known to be used by ports. ok beck@
* Move most of DTLS1_STATE to internal.beck2017-01-221-17/+17
| | | | ok jsing@
* Specify minimum and maximum protocol version for each method. This isjsing2017-01-211-1/+3
| | | | | | currently unused, but will be in the near future. ok beck@
* Now that ssl3_send_{client,server}_certificate() are using the commonjsing2016-12-061-29/+2
| | | | handshake functions, we can remove more copied code from DTLS.
* The *_method_data structures can be staticguenther2016-11-041-2/+2
| | | | ok jsing@
* The *_accept() functions increment in_handshake at the start of the function,jsing2015-09-131-3/+5
| | | | | | | | then decrement it and call a callback on exit from the function. As such, these functions should not return in the middle, otherwise in_handshake is never decremented and the callback never called. ok beck@ "with many sighs" miod@
* Fix function name.jsing2015-09-121-2/+2
|
* Sync handling of cached record digests with s3_srvr.c.jsing2015-09-121-1/+23
|
* Uncopy and unpaste dtls1_send_newsession_ticket() - another 111 lines ofjsing2015-09-121-109/+2
| | | | code deduped.
* Uncopy and unpaste dtls1_send_certificate_request() - removes another 80jsing2015-09-121-78/+2
| | | | lines of code, while gaining SIGALGs support.
* Uncopy and unpaste dtls1_send_server_key_exchange(). Removes another 329jsing2015-09-121-327/+2
| | | | lines of code, while gaining bug fixes and SIGALGs support.
* Uncopy and unpaste dtls1_send_server_done().jsing2015-09-121-16/+2
|
* Uncopy and unpaste dtls1_send_server_hello().jsing2015-09-121-66/+2
|
* Uncopy and unpaste dtls1_send_hello_request().jsing2015-09-121-16/+2
|
* Rename functions that moved to t1_enc.c, with a tls1_ prefix instead of ajsing2015-09-111-5/+5
| | | | | | ssl3_ prefix. ok beck@
* Replace dtls1_send_finished() with ssl3_send_finished() - they're nowjsing2015-09-111-2/+2
| | | | | | | both essentially the same (in fact DTLS benefits from improvements previously made to the ssl3_send_finished() function). ok beck@
* Remove support for DTLS_BAD_VER. We do not support non-standard andjsing2015-09-101-6/+4
| | | | | | | incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years. ok bcook@ miod@
* Remove Microsoft Server Gated Crypto.doug2015-06-181-16/+7
| | | | | | | | | Another relic due to the old US crypto policy. From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and 95275599399e277e71d064790a1f828a99fc661a. ok jsing@ miod@
* Change DTLS client cert request code to match TLS.doug2015-06-181-6/+6
| | | | | | | | DTLS currently doesn't check whether a client cert is expected. This change makes the logic in dtls1_accept() match that from ssl3_accept(). From OpenSSL commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65 input + ok jsing@ miod@
* Remove ancient SSL_OP_NETSCAPE_CA_DN_BUG from SSLeay days.doug2015-06-151-15/+5
| | | | | | | This commit matches the OpenSSL removal in commit 3c33c6f6b10864355553961e638514a6d1bb00f6. ok deraadt@
* Fix bad indenting in LibreSSL.doug2015-06-131-2/+2
| | | | | | | | | jsg@ noticed that some of the lines in libssl and libcrypto are not indented properly. At a quick glance, it looks like it has a different control flow than it really does. I checked the history in our tree and in OpenSSL to make sure these were simple mistakes. ok miod@ jsing@
* Fix return paths with missing EVP_CIPHER_CTX_cleanup() calls.jsg2015-05-151-1/+2
| | | | ok doug@
* Factor out the init_buf initialisation code, rather than duplicating itjsing2015-03-271-14/+4
| | | | | | in four different places. ok doug@ guenther@
* Jettison DTLS over SCTP.jsing2015-02-091-130/+1
| | | | | | | | OpenBSD does not have SCTP support and it sees little use in the wild. OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this is a code removal only and symbols should remain unchanged. ok beck@ miod@ tedu@
* Convert several of the server side handshake functions to the new handshakejsing2015-02-071-62/+29
| | | | | | message handling routines. ok miod@
* Bring back the horrible API that is get_cipher_by_char/put_cipher_by_char.jsing2015-02-061-1/+3
| | | | | | | | This API was intended to be an internal only, however like many things in OpenSSL, it is exposed externally and parts of the software ecosystem are now using it since there is no real alternative within the public API. ok doug@, tedu@ and reluctantly miod@
* Add error handling for EVP_DigestInit_ex().doug2014-12-151-3/+4
| | | | | | | | | | | | | A few EVP_DigestInit_ex() calls were left alone since reporting an error would change the public API. Changed internal ssl3_cbc_digest_record() to return a value due to the above change. It will also now set md_out_size=0 on failure. This is based on part of BoringSSL's commit to fix malloc crashes: https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364 ok miod@
* Remove trailing whitespace.jsing2014-12-141-16/+16
|
* unifdef NETSCAPE_HANG_BUG from the DTLS code. The code is not currentlyjsing2014-12-141-23/+1
| | | | | | | enabled and I would hope that no one is using client certificates with DTLS and Netscape, assuming it even supported it... ok bcook@ miod@
* ssl3_init_finished_mac() calls BIO_new() which can fail since it in turnjsing2014-12-101-5/+16
| | | | | | | | calls malloc(). Instead of silently continuing on failure, check the return value of BIO_new() and propagate failure back to the caller for appropriate handling. ok bcook@
* Sort and group includes.jsing2014-11-161-5/+7
|
* Remove support for ephemeral/temporary RSA private keys.jsing2014-10-311-50/+8
| | | | | | | | | The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively a standards violation) and for RSA sign-only, should only be possible if you are using an export cipher and have an RSA private key that is more than 512 bits in size (however we no longer support export ciphers). ok bcook@ miod@
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-181-5/+3
| | | | | | | | | | | | | | | arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
* There is not much point checking ecdhp is not NULL... twice.jsing2014-09-271-6/+2
| | | | ok miod@
* Remove SSL_kDHr, SSL_kDHd and SSL_aDH. No supported ciphersuites use them,jsing2014-09-071-3/+2
| | | | | | nor do we plan on supporting them. ok guenther@
* Replace the remaining uses of ssl3_put_cipher_by_char() with s2n and ajsing2014-08-241-4/+2
| | | | | | | ssl3_cipher_get_value() helper function, which returns the cipher suite value for the given cipher. ok miod@
* Since we no longer need to support SSLv2-style cipher lists, startjsing2014-08-101-3/+1
| | | | | | | | | | unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros. Prompted by similar changes in boringssl. ok guenther.
* Prevent a possible use after free by mimicing the s3_srvr.c fixes contributed bymiod2014-08-061-4/+1
| | | | | | | Adam Langley close to three years ago, which were commited in https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e7928282d0148af5f28fa3437a625a2006af0214 ok jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-08 18:30:16 +0000