summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* This commit was manufactured by cvs2git to create tag 'OPENBSD_5_8_BASE'.OPENBSD_5_8_BASEcvs2svn2015-08-021-2389/+0
|
* Add TLS_method, TLS_client_method and TLS_server_method.doug2015-07-191-1/+4
| | | | | | | | | | | | | | | | Use these instead of SSLv23_*method when you want to make sure TLS is used. By default, we disable SSLv3 but it's still possible for the user to re-enable it. TLS_*method does not allow SSLv3. Both BoringSSL and (next version of) OpenSSL have these methods. However, they have changed the implementation significantly. We will as well, but not right now. Riding the libssl major bump. ok miod@ bcook@
* Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER workaround.doug2015-07-181-3/+2
| | | | | | This was a hack to work around problems on IE 6 with SSLv3. ok miod@ bcook@
* Remove support for the SSL_OP_TLS_D5_BUG compat hack from SSLeay.doug2015-07-181-3/+2
| | | | | | | | This is a 17 year old workaround from SSLeay 0.9.0b. It was for clients that send RSA client key exchange in TLS using SSLv3 format (no length prefix). ok jsing@
* Remove compat hack that disabled ECDHE-ECDSA on OS X.doug2015-07-171-3/+2
| | | | | | | | | For a few old releases, ECDHE-ECDSA was broken on OS X. This option cannot differentiate between working and broken OS X so it disabled ECDHE-ECDSA support on all OS X >= 10.6. 10.8-10.8.3 were the faulty releases but these are no longer relevant. Tested on OS X 10.10 by jsing. ok jsing@
* Remove workaround for TLS padding bug from SSLeay days.doug2015-07-171-3/+2
| | | | | | | | | OpenSSL doesn't remember which clients were impacted and the functionality has been broken in their stable releases for 2 years. Based on OpenSSL commit a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5. ok jsing@
* Make SSL_OP_ALL readable.jsing2015-06-201-2/+9
| | | | ok deraadt@ doug@ millert@ miod@ sthen@
* Keep alerts sorted by alert code.jsing2015-06-171-2/+2
|
* Remove pointless comments.jsing2015-06-171-7/+3
|
* Cleanup SSL_OP_* compat flags in ssl.h.doug2015-06-171-31/+24
| | | | | | | | | | | | | | | | | | | | | These were recently removed and are now set to 0: SSL_OP_NETSCAPE_CA_DN_BUG SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG SSL_OP_SSLEAY_080_CLIENT_DH_BUG The code associated with these was deleted in the past at some point and these are also now 0: SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_EPHEMERAL_RSA SSL_OP_MICROSOFT_SESS_ID_BUG SSL_OP_NETSCAPE_CHALLENGE_BUG SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG The SSL_OP_ALL macro has been updated to reflect the removals. ok miod@ jsing@
* Reluctantly add server-side support for TLS_FALLBACK_SCSV.jsing2015-02-221-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | This allows for clients that willingly choose to perform a downgrade and attempt to establish a second connection at a lower protocol after the previous attempt unexpectedly failed, to be notified and have the second connection aborted, if the server does in fact support a higher protocol. TLS has perfectly good version negotiation and client-side fallback is dangerous. Despite this, in order to maintain maximum compatability with broken web servers, most mainstream browsers implement this. Furthermore, TLS_FALLBACK_SCSV only works if both the client and server support it and there is effectively no way to tell if this is the case, unless you control both ends. Unfortunately, various auditors and vulnerability scanners (including certain online assessment websites) consider the presence of a not yet standardised feature to be important for security, even if the clients do not perform client-side downgrade or the server only supports current TLS protocols. Diff is loosely based on OpenSSL with some inspiration from BoringSSL. Discussed with beck@ and miod@. ok bcook@
* unifdef -m -UOPENSSL_NO_NEXTPROTONEG - NPN is being replaced with ALPN,jsing2015-02-121-7/+1
| | | | | | however it is not likely to be removed any time soon. ok beck@ miod@
* Provide a SSL_CIPHER_get_by_value() function that allows a cipher to bejsing2015-02-071-1/+4
| | | | | | | | | | | | | | retrieved via its cipher suite value. A corresponding SSL_CIPHER_by_value() function returns the cipher suite value for a given SSL_CIPHER. These functions should mean that software does not need to resort to put_cipher_by_char()/get_cipher_by_char() in order to locate a cipher. Begrudgingly also provide a SSL_CIPHER_get_by_id() function that locates a cipher via the internal cipher identifier. Unfortunately these have already been leaked outside the library via SSL_CIPHER_by_id() and the various SSL3_CK_* and TLS1_CK_* defines in the ssl3.h/tls1.h headers. ok beck@ miod@
* Bring back the horrible API that is get_cipher_by_char/put_cipher_by_char.jsing2015-02-061-1/+3
| | | | | | | | This API was intended to be an internal only, however like many things in OpenSSL, it is exposed externally and parts of the software ecosystem are now using it since there is no real alternative within the public API. ok doug@, tedu@ and reluctantly miod@
* Rename SSL_CTX_use_certificate_chain() to SSL_CTX_use_certificate_chain_mem().reyk2015-02-061-2/+2
| | | | | As discussed with beck@ jsing@ and others OK beck@
* Add AEAD as a "MAC alias" so that it is possible to identify/select ciphersjsing2015-01-261-1/+2
| | | | | | | | that use AEAD instead of a MAC. This allows for TLSv1.2 AEAD ciphers (effectively the only ciphers that are still considered to be secure) to be selected using TLSv1.2+AEAD as a cipher string. ok bcook@ doug@ miod@
* Support CA verification in chroot'ed processes without direct filereyk2015-01-221-1/+2
| | | | | | | | | | access to the certificates. SSL_CTX_load_verify_mem() is a frontend to the new X509_STORE_load_mem() function that allows to load the CA chain from a memory buffer that is holding the PEM-encoded files. This function allows to handle the verification in privsep'ed code. Adopted for LibreSSL based on older code from relayd (by pyr@ and myself) With feedback and OK bluhm@
* Remove trailing whitespace.jsing2014-12-141-34/+34
|
* Add support for ALPN.jsing2014-12-101-2/+39
| | | | | | Based on OpenSSL and BoringSSL. ok bcook@
* add stdint.h to ssl.h.bcook2014-12-101-1/+3
| | | | ok jsing@
* Use appropriate internal types for EC curves and formats, rather thanjsing2014-12-061-5/+6
| | | | | | | | storing and processing in wire encoded form. Inspired by boringssl. ok miod@
* Update the GOST code in libssl, as contributed by Dmitry Eremin-Solenikov.miod2014-11-181-1/+3
| | | | | This causes a libssl major version bump as this affects the layout of some internal-but-unfortunately-made-visible structs.
* Sort and group includes.jsing2014-11-161-8/+9
|
* Remove now unused remnants from public structs.jsing2014-10-311-4/+1
|
* Add support for automatic DH ephemeral keys.jsing2014-10-311-1/+7
| | | | | | | This allows an SSL server to enable DHE ciphers with a single setting, which results in an DH key being generated based on the server key length. Partly based on OpenSSL.
* Add cipher aliases for DHE (the correct name for EDH) and ECDHE (thejsing2014-10-151-3/+5
| | | | | correct name for EECDH). The EDH and EECDH aliases remain for backwards compatibility.
* Add support for automatic ephemeral EC keys.jsing2014-10-031-1/+7
| | | | | | | | | | This allows an SSL server to enable ECDHE ciphers with a single setting, which results in an EC key being generated using the first preference shared curve. Based on OpenSSL with inspiration from boringssl. ok miod@
* Add a new API function SSL_CTX_use_certificate_chain() that allows toreyk2014-09-281-1/+2
| | | | | | | | | | | read the PEM-encoded certificate chain from memory instead of a file. This idea is derived from an older implementation in relayd that was needed to use the function with a privep'ed process in a chroot. Now it is time to get it into LibreSSL to make the API more privsep- friendly and to make it available for other programs and the ressl library. ok jsing@ miod@
* Check that the specified curve is one of the client preferences.jsing2014-09-271-1/+2
| | | | | | Based on OpenSSL. ok miod@
* Move the TLS padding extension under an SSL_OP_TLSEXT_PADDING option, whichjsing2014-09-211-2/+5
| | | | | | | | | | | | | | | is off by default (instead of being enabled unconditionally). The TLS padding extension was added as a workaround for a bug in F5 SSL terminators, however appears to trigger bugs in IronPort SMTP appliances. Now the SSL client gets to choose which of these devices it wants to trigger bugs in... Ported from OpenSSL. Discussed with many. ok miod@
* Since we no longer need to support SSLv2-style cipher lists, startjsing2014-08-101-1/+2
| | | | | | | | | | unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros. Prompted by similar changes in boringssl. ok guenther.
* Provide ssl_version_string() function, which uses one of those modern Cjsing2014-07-121-1/+3
| | | | | | | | constructs (a switch statement) and returns the appropriate string defined by SSL_TXT_* for the given version, including support for DTLSv1 and DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print(). ok beck@
* Remove the PSK code. We don't need to drag around thisbeck2014-07-111-44/+1
| | | | | baggage. ok miod@ jsing@
* Remove more compression tendrils.jsing2014-07-101-3/+1
| | | | ok tedu@
* Put back some parts of the public SSL API that should not have beenjsing2014-07-101-1/+8
| | | | completely decompressed.
* decompress libssl. ok beck jsingtedu2014-07-101-36/+1
|
* tedu the SSL export cipher handling - since we do not have enabled exportjsing2014-07-091-4/+1
| | | | | | ciphers we no longer need the flags or code to support it. ok beck@ miod@
* Add ChaCha20-Poly1305 based ciphersuites.jsing2014-06-131-1/+2
| | | | | | Based on Adam Langley's chromium patches. Tested by and ok sthen@
* Add support for handling SSL_CIPHER_ALGORITHM2_AEAD ciphers, which arejsing2014-06-131-2/+4
| | | | | | | | | | | | | those that use EVP_AEAD instead ov EVP_CIPHER. This means being able to change cipher state with an EVP_AEAD and being able to encrypt/decrypt TLS using the EVP_AEAD. This has no change on existing non-SSL_CIPHER_ALGORITHM2_AEAD ciphers. Based on Adam Langley's chromium patches. Rides the recent libssl bump. Tested by sthen@
* Add an SSL_AEAD_CTX to enable the use of EVP_AEAD with an SSL cipher.jsing2014-06-131-1/+11
| | | | | | | | | Read and write contexts are also added to the SSL_CTX, along with supporting code. Based on Adam Langley's chromium diffs. Rides the recent SSL library bump.
* Remove support for the `opaque PRF input' extension, which draft has expiredmiod2014-06-131-14/+1
| | | | | | | | 7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Factor out the part of tls1_change_cipher_state() that is specific tojsing2014-06-081-0/+1
| | | | | | | switching cipher states using an EVP_CIPHER. This will facilitate the addition of cipher state changes for EVP_AEAD. No functional change. Based on Adam Langley's chromium patches.
* http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162e ↵deraadt2014-06-071-6/+0
| | | | | | | | | | | | | | | | | | | c30718b5e7480add42598158 Don't know the full story, but it looks like a "can't do random perfectly, so do it god awful" problem was found in 2013, and replaced with "only do it badly if a flag is set". New flags (SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old scheme of "use time_t for first 4 bytes of the random buffer". Nothing uses these flags [ecosystem scan by sthen] Fully discourage use of these flags in the future by removing support & definition of them. The buflen < 4 check is also interesting, because no entropy would be returned. No callers passed such small buffers. ok miod sthen
* ECDH and ECDSA will not work overly well if there is no EC, so unifdefjsing2014-05-311-4/+0
| | | | | | OPENSSL_NO_EC. ok tedu@
* TLS would not be entirely functional without extensions, so unifdefjsing2014-05-311-12/+0
| | | | | | OPENSSL_NO_TLSEXT. ok tedu@
* remove some #if 0 code. we don't need any more reminders that we're usingtedu2014-05-301-10/+0
| | | | a not quite appropriate data structure. ok jsing
* Everything sane has stdio, and FILE *. we don't need ifdefs for this.beck2014-05-291-2/+0
| | | | ok to firebomb from tedu@
* remove back compat that was already disabled back in 1998.tedu2014-05-291-8/+0
| | | | from Alexander Schrijver
* Any sane platform has stdio. Stop pretending we will ever use a platformbeck2014-05-291-2/+0
| | | | | that does not. "fire bomb" tedu@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 19:58:13 +0000