summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_both.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use SSL3_HM_HEADER_LENGTH instead of the magic number 4.jsing2021-09-031-13/+14
| | | | ok beck@
* Clean up and simplify info and msg callbacks.jsing2021-08-301-14/+8
| | | | | | | | | The info and msg callbacks result in duplication - both for code that refers to the function pointers and for the call sites. Avoid this by providing typedefs for the function pointers and pulling the calling sequences into their own functions. ok inoguchi@ tb@
* Merge SSL_METHOD_INTERNAL into SSL_METHOD.jsing2021-07-011-3/+3
| | | | | | | Now that SSL_METHOD is opaque and in internal headers, we can remove SSL_METHOD_INTERNAL by merging it back into SSL_METHOD. ok tb@
* Indent all labels with a single space.jsing2021-06-111-5/+5
| | | | | | This ensures that diff reports the correct function prototype. Prompted by tb@
* Move DTLS structs/definitions/prototypes to dtls_locl.h.jsing2021-05-161-3/+3
| | | | | | | | Now that the DTLS structs are opaque, add a dtls_locl.h header and move internal-only structs from dtls1.h, along with prototypes from ssl_locl.h. Only pull this header in where DTLS code actually exists. ok inoguchi@ tb@
* Stop deriving peer finished twice for TLSv1.2.jsing2021-05-021-12/+1
| | | | | | | | We already derive the peer finished in ssl3_do_change_cipher_spec(), which DTLS relies on. In the case of TLS we've been doing it twice - once in ssl3_get_message() and once in ssl3_do_change_cipher_spec(). ok tb@
* Clean up derivation of finished/peer finished.jsing2021-04-251-52/+25
| | | | | | | | Make this process more readable by having specific client/server functions, calling the correct one based on s->server. This allows to remove various SSL_ST_ACCEPT/SSL_ST_CONNECT checks, along with duplicate code. ok inoguchi@ tb@
* Move reuse_message, message_type, message_size and cert_verify into thejsing2021-04-191-8/+8
| | | | | | TLSv1.2 handshake struct. ok inoguchi@ tb@
* Move finished and peer finished to the handshake struct.jsing2021-03-291-12/+12
| | | | | | | | | This moves the finish_md and peer_finish_md from the 'tmp' struct to the handshake struct, renaming to finished and peer_finished in the process. This also allows the remaining S3I(s) references to be removed from the TLSv1.3 client and server. ok inoguchi@ tb@
* Garbage collect s->internal->typetb2021-03-271-3/+3
| | | | | | | | | | | | | | | | | | | This variable is used in the legacy stack to decide whether we are a server or a client. That's what s->server is for... The new TLSv1.3 stack failed to set s->internal->type, which resulted in hilarious mishandling of previous_{client,server}_finished. Indeed, both client and server would first store the client's verify_data in previous_server_finished and later overwrite it with the server's verify_data. Consequently, renegotiation has been completely broken for more than a year. In fact, server side renegotiation was broken during the 6.5 release cycle. Clearly, no-one uses this. This commit fixes client side renegotiation and restores the previous behavior of SSL_get_client_CA_list(). Server side renegotiation will be fixed in a later commit. ok jsing
* Rename new_cipher to cipher.jsing2021-03-241-2/+2
| | | | | | | | This is in the SSL_HANDSHAKE struct and is what we're currently negotiating, so there is really nothing more "new" about the cipher than there is the key block or other parts of the handshake data. ok inoguchi@ tb@
* Rename f_err into fatal_err.tb2021-02-201-10/+10
| | | | discussed with jsing
* Move the read MAC key into the TLSv1.2 record layer.jsing2021-01-071-8/+1
| | | | ok inoguchi@ tb@
* Use legacy verifier when building auto chains.jsing2021-01-051-1/+3
| | | | | | | | | | | | | | | | | | The new verifier builds all chains, starting with the shortest possible path. It also does not currently return partial chains. Both of these things conflict with auto chain, where we want to build the longest possible chain (to include all intermediates, and probably the root unnecessarily), as well as using an incomplete chain when a trusted chain is not known. Depending on software configuration, we can end up building a chain consisting only of a leaf certificate, rather than a longer chain. This results in auto chain not including intermediates, which is undesireable. For now, switch auto chain building to use the legacy verifier. This should resolve the issues encountered by ajacoutot@ with sendmail. ok tb@
* Replace SSL_IS_DTLS with SSL_is_dtls().jsing2020-10-141-5/+5
| | | | | | Garbage collect the now unused SSL_IS_DTLS macro. ok tb@
* Simplify the cleanup of init_buf via a ssl3_release_init_buffer() function.jsing2020-09-241-1/+11
| | | | ok beck@ inoguchi@ tb@
* Release read and write buffers using freezero().jsing2020-09-241-11/+15
| | | | | | | | | Provide a ssl3_release_buffer() function that correctly frees a buffer and call it from the appropriate locations. While here also change ssl3_release_{read,write}_buffer() to void since they cannot fail and no callers check the return value currently. ok beck@ inoguchi@ tb@
* Replace SSL_PKEY_RSA_ENC/SSL_PKEY_RSA_SIGN with SSL_PKEY_RSA.jsing2020-05-191-2/+2
| | | | | | | | | | | | | | | | | Some time prior to SSLeay 0.8.1b, SSL_PKEY_RSA_SIGN got added with the intention of handling RSA sign only certificates... this incomplete code had the following comment: /* check to see if this is a signing only certificate */ /* EAY EAY EAY EAY */ And while the comment was removed in 2005, the incomplete RSA sign-only handling has remained ever since. Remove SSL_PKEY_RSA_SIGN and rename SSL_PKEY_RSA_ENC to SSL_PKEY_RSA. While here also remove the unused SSL_PKEY_DH_RSA. ok tb@
* Use calloc() rather than malloc() when allocating buffers.jsing2020-03-121-3/+3
| | | | | | This reduces the chance of accidently leaking stack memory. ok inoguchi@ tb@
* Remove the ssl_get_message function pointer from SSL_METHOD_INTERNAL.jsing2020-01-231-2/+5
| | | | | | | | | ssl_get_message is essentially a switch between ssl3_get_message and dtls1_get_message, both only used by the legacy stack. Instead, use SSL_IS_DTLS() in ssl3_get_message to call the DTLS function when necessary. ok beck@ inoguchi@ tb@
* Rework ssl3_output_cert_chain() to take a CERT_PKEY and consider chains.jsing2019-03-251-32/+28
| | | | | | | | | | We will now include the certificates in the chain in the certificate list, or use the existing extra_certs if present. Failing that we fall back to the automatic chain building if not disabled. This also simplifies the code significantly. ok beck@ tb@
* Clean up and simplify the handshake transcript code.jsing2018-11-081-3/+3
| | | | | | | This provides a cleaner, simpler and more readable API, with code that uses a BUF_MEM instead of a BIO. ok beck@ ("hurry up") and tb@.
* Make more of libssl's record layer state internal.jsing2018-10-241-12/+12
| | | | | | | | | | In January 2017, we changed large amounts of libssl's data structures to be non-visible/internal, however intentionally left things that the software ecosystem was needing to use. The four or so applications that reached into libssl for record layer related state now implement alternative code. As such, make these data structures internal. ok tb@
* Clean up handshake message start/finish functions.jsing2018-08-241-3/+3
| | | | | | | | Now that all handshake messages are created using CBB, remove the non-CBB ssl3_handshake_msg_start()/ssl3_handshake_msg_finish() functions. Rename the CBB variants by dropping the _cbb suffix. ok bcook@ inoguchi@ tb@
* Convert ssl3_send_change_cipher_spec() to use CBB and make it handle DTLS,jsing2017-10-081-6/+31
| | | | | | which allows us to drop dtls1_send_change_cipher_spec() entirely. ok inoguchi@
* Remove support for DSS/DSA, since we removed the cipher suites a whilejsing2017-08-121-3/+1
| | | | | | back. ok guenther@
* Move state from ssl->internal to the handshake structure.beck2017-05-071-8/+8
| | | | | | | while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
* Bring in an SSL_HANDSHAKE structure and commence the great shovellingbeck2017-05-061-2/+2
| | | | ok jsing@, gcc@, regress@
* Convert various handshake message generation functions to CBB.jsing2017-03-051-5/+16
| | | | ok beck@ inoguchi@
* Change SSLerror() back to taking two args, with the first one being an SSL *.beck2017-02-071-13/+13
| | | | | | | | | Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
* Avoid clearing the mac_packet flag in the wrong place.jsing2017-01-291-2/+1
| | | | | | | | In many cases we got away with this, however if a server sends multiple handshake messages in the same record only the first message would be added to the MAC. Should fix breakage reported by various people.
* Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the uglybeck2017-01-261-9/+5
| | | | line wraps that resulted
* Send the error function codes to rot in the depths of hell where they belongbeck2017-01-261-13/+13
| | | | | | | We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
* Remove most of SSL3_ENC_METHOD - we can just inline the function callsjsing2017-01-261-9/+9
| | | | | | and defines since they are the same everywhere. ok beck@
* Rename s3_{both,clnt,pkt_srvr}.c to have an ssl_ prefix since they are nojsing2017-01-261-0/+748
longer SSLv3 code. ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-07 17:32:04 +0000