summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_asn1.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use cipher suite values instead of IDs.jsing2024-07-221-11/+7
| | | | | | | | | | | | | | | | OpenSSL has had the concept of cipher IDs, which were a way of working around overlapping cipher suite values between SSLv2 and SSLv3. Given that we no longer have to deal with this issue, replace the use of IDs with cipher suite values. In particular, this means that we can stop mapping back and forth between the two, simplifying things considerably. While here, remove the 'valid' member of the SSL_CIPHER. The ssl3_ciphers[] table is no longer mutable, meaning that ciphers cannot be disabled at runtime (and we have `#if 0' if we want to do it at compile time). Clean up the comments and add/update RFC references for cipher suites. ok tb@
* Remove cipher from SSL_SESSION.jsing2024-07-201-9/+3
| | | | | | | | | | | | | | | | For a long time SSL_SESSION has had both a cipher ID and a pointer to an SSL_CIPHER (and not both are guaranteed to be populated). There is also a pointer to an SSL_CIPHER in the SSL_HANDSHAKE that denotes the cipher being used for this connection. Some code has been using the cipher from SSL_SESSION and some code has been using the cipher from SSL_HANDSHAKE. Remove cipher from SSL_SESSION and use the version in SSL_HANDSHAKE everywhere. If resuming from a session then we need to use the SSL_SESSION cipher ID to set the SSL_HANDSHAKE cipher. And we still need to ensure that we update the cipher ID in the SSL_SESSION whenever the SSL_HANDSHAKE cipher changes (this only occurs in a few places). ok tb@
* Hide all public symbols in libsslbeck2023-07-081-1/+3
| | | | | | With the guentherizer 9000 ok tb@
* Make internal header file names consistenttb2022-11-261-2/+2
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Simplify another CBS_write_bytes() call in d2i_SSL_SESSION()tb2022-06-071-5/+2
| | | | ok jsing
* Simplify various CBS_write_bytes() callstb2022-06-071-5/+2
| | | | | | | Now that session_id_length is a size_t, we can pass it directly to CBS_write_bytes() instead of using a temporary variable. ok jsing
* Simplify CBS_write_bytes() invocationtb2022-06-071-5/+2
| | | | | | | Now that master_key_length is a size_t, we no longer have to fiddle with data_len. We can rather pass a pointer to it to CBS_write_bytes(). ok jsing
* Use SSL3_CK_VALUE_MASK instead of hardcoded 0xffff and remove sometb2022-06-061-2/+2
| | | | | | SSLv2 remnants. ok jsing
* Rename 'peer' to 'peer_cert' in SSL_SESSION.jsing2022-01-111-6/+6
| | | | | | | The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful. ok inoguchi@ tb@
* Change tlsext_tick_lifetime_hint to uint32_t.jsing2021-10-231-6/+3
| | | | | | | | Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long to uint32_t (matching RFC4507), rather than continuing to work around an inappropriate type choice. ok tb@
* Make local header inclusion consistent.jsing2021-05-161-3/+2
| | | | | Consistently include local headers in the same location, using the same grouping/sorting across all files.
* whitespace nitstb2021-03-291-4/+4
|
* Simplify new session ticket encoding/generation.jsing2018-08-271-20/+49
| | | | | | | | | | | The original code did a crazy encode/malloc/encode/decode/modify/encode dance, in order to encode a session in the form needed to encrypt then add to a session ticket. By modifying the encoding functions slightly, we can do this entire dance as a single encode. Inspired by similar changes in BoringSSL. ok inoguchi@ tb@
* In i2d_SSL_SESSION(), on error call CBB_cleanup() with the correct CBB.jsing2018-03-201-2/+2
| | | | Spotted by Coverity, although reported as a different issue.
* Add missing $OpenBSD$ tags.jsing2017-05-061-2/+1
|
* Switch back to freezero() and explicitly initialise data_len to zero. Thejsing2017-04-301-6/+3
| | | | | previous code was safe since data would always be NULL if data_len was uninitialised, however compilers cannot know this.
* backout previous, data_len is not always initializedotto2017-04-161-2/+5
|
* Switch i2d_SSL_SESSION() back to freezero(3) now that the size constraintsjsing2017-04-141-5/+2
| | | | have been relaxed.
* Revert ssl_asn1.c r1.50 - CBB and freezero(3) do not play nicely together.jsing2017-04-111-2/+5
| | | | | | Back this out while we investigate and implement a solution. Found the hard way by sthen@
* Use freezero() for i2d_SSL_SESSION() - one line of code instead of three.jsing2017-04-101-5/+2
| | | | | | In this case the memory allocated can also be significant, in which case freezero() will have less overhead than explicit_bzero() (munmap instead of touching all of the memory to write zeros).
* Change SSLerror() back to taking two args, with the first one being an SSL *.beck2017-02-071-2/+2
| | | | | | | | | Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
* Send the error function codes to rot in the depths of hell where they belongbeck2017-01-261-2/+2
| | | | | | | We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
* Restore previous ASN.1 encoding for the peer certificate - this wasjsing2016-12-261-7/+5
| | | | | | | | unintentionally changed during the CBS/CBB rewrite. Issue reported by jeremy@ due to failing ruby tests. Analysis and near identical diff from Kazuki Yamaguchi <k at rhe.jp>.
* Restore previous behaviour of incrementing the pointer so that it pointsjsing2016-12-261-1/+2
| | | | | | at the end of the buffer. Issue identified by and diff from Kazuki Yamaguchi <k at rhe.jp>.
* Ensure that we zero memory used to hold the ASN.1 encoded session, sincejsing2016-12-071-1/+4
| | | | | | this contains the session master key. ok deraadt@ doug@
* Avoid signed vs unsigned warnings from clang by adding two casts,jsing2016-12-031-2/+2
| | | | | | slightly rewriting some code and changing the type of an array. ok bcook@ doug@
* One of the error paths would attempt to access not-yet-initialized locals.miod2016-11-051-2/+2
| | | | | | Simply return since there is nothing more to do. Spotted by coverity. ok jsing@ beck@
* Completely rewrite the session handling ASN.1 code using CBB and CBS. Thisjsing2016-11-041-616/+329
| | | | | | | addresses two 2038 related issues and also adds support for allocation in the i2d function, which will allow for simplification in the callers. ok beck@ miod@
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-111-5/+4
| | | | ok doug@
* Remove trailing whitespace.jsing2014-12-141-15/+15
|
* SSL: Fix memory leak in d2i_SSL_SESSION.bcook2014-10-201-1/+2
| | | | | | | | | | | | | | | | | | | | Modified version of patch from Dmitry Eremin-Solenikov. ==28360== 98 bytes in 2 blocks are definitely lost in loss record 7 of 7 ==28360== at 0x402AC54: realloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==28360== by 0x40E2D2C: ASN1_STRING_set (asn1_lib.c:393) ==28360== by 0x40EC22C: asn1_ex_c2i (tasn_dec.c:959) ==28360== by 0x40EC632: asn1_d2i_ex_primitive (tasn_dec.c:824) ==28360== by 0x40ED2E6: ASN1_item_ex_d2i (tasn_dec.c:230) ==28360== by 0x40ED421: ASN1_item_d2i (tasn_dec.c:133) ==28360== by 0x40F0335: d2i_ASN1_OCTET_STRING (tasn_typ.c:75) ==28360== by 0x405FD6D: d2i_SSL_SESSION (ssl_asn1.c:367) ==28360== by 0x405DD6E: ssl3_send_newsession_ticket (s3_srvr.c:2743) ==28360== by 0x405EA48: ssl3_accept (s3_srvr.c:665) ==28360== by 0x4067C34: SSL_accept (ssl_lib.c:922) ==28360== by 0x404E97B: ssl23_get_client_hello (s23_srvr.c:573) ok miod@ beck@
* Get rid of the last remaining BUF_strdup and BUF_strlcpy and friends, usebeck2014-10-161-2/+2
| | | | | intrinsic functions everywhere, and wrap these functions in an #ifndef LIBRESSL_INTERNAL to make sure we don't bring their use back.
* Stop leaking internal library pointers in error messages.jsing2014-07-131-2/+2
| | | | Requested by miod@
* Explicitly initialise slen - this was not previously done due to a missingjsing2014-07-131-1/+2
| | | | M_ASN1_D2I_begin macro.
* Convert error handling to SSLerr and ERR_asprintf_error_data.jsing2014-07-131-59/+54
|
* Convert d2i_SSL_SESSION to ASN1 primitives, instead of the horrificjsing2014-07-131-26/+297
| | | | | | | asn1_mac.h macros. This still needs a lot of improvement, but immediately becomes readable. ok miod@ (sight unseen!)
* Remove license introduced with the PSK code, which has since been removed.jsing2014-07-131-27/+1
| | | | ok deraadt@
* Another compression remnant.jsing2014-07-131-2/+1
|
* Rewrite i2d_SSL_SESSION to use the ASN1 primitives, rather than using thejsing2014-07-131-75/+98
| | | | | | | | | | | horrific macros from asn1_mac.h. This is a classic example of using macros to obfuscate code, in an attempt to reduce the line count. The end result is so ridiculously convoluted that it is completely unreadable and it takes hours to deconstruct the macros and figure out what is actually going on behind the scenes. ok miod@
* KNF and some code cleaning.jsing2014-07-131-36/+46
|
* Missing initialization for error line in error paths; from Coverity viamiod2014-07-111-1/+4
| | | | OpenSSL trunk.
* Remove the PSK code. We don't need to drag around thisbeck2014-07-111-53/+2
| | | | | baggage. ok miod@ jsing@
* decompress libssl. ok beck jsingtedu2014-07-101-31/+1
|
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* TLS would not be entirely functional without extensions, so unifdefjsing2014-05-311-16/+0
| | | | | | OPENSSL_NO_TLSEXT. ok tedu@
* Remove SRP and Kerberos support from libssl. These are complex protocolstedu2014-05-051-66/+0
| | | | | all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
* Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.guenther2014-04-201-21/+3
| | | | | | | APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl. ok tedu@
* More KNF and style consistency tweaksguenther2014-04-191-3/+2
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-15/+15
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* add back SRP. i was being too greedy.tedu2014-04-161-0/+33
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 10:22:17 +0000