summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_both.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove GOST and STREEBOG support from libssl.beck2024-02-031-4/+1
| | | | | | | | | | | | | | | | | | This version of GOST is old and not anywhere close to compliant with modern GOST standards. It is also very intrusive in libssl and makes a mess everywhere. Efforts to entice a suitably minded anyone to care about it have been unsuccessful. At this point it is probably best to remove this, and if someone ever showed up who truly needed a working version, it should be a clean implementation from scratch, and have it use something closer to the typical API in libcrypto so it would integrate less painfully here. This removes it from libssl in preparation for it's removal from libcrypto with a future major bump ok tb@
* Enable reading RSA-PSS certificatestb2023-07-071-1/+2
| | | | ok beck jsing
* Make internal header file names consistenttb2022-11-261-3/+3
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.jsing2022-10-021-42/+42
| | | | | | | | These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL. Prompted by tb@
* Move handshake message handling functions from ssl_both.c to client/server.jsing2022-10-011-147/+1
| | | | | | | | | | | | | | | Currently, ssl_both.c contains several functions that are used by both the legacy client and legacy server. This interwines the client and server, making it harder to make progressive changes. While it does deduplicate some code, it also ends up with code that is conditioned on s->server and forces the caller to pass in SSL3_ST_* values. Move these functions from ssl_both.c into ssl_clnt.c and ssl_srvr.c, renaming as appropriate and removing the s->server conditionals. Also move the client and server function prototypes from ssl_locl.h into the .c files, making them static in the process. ok tb@
* Bye bye S3I.jsing2022-02-051-43/+43
| | | | | | | | S3I has served us well, however now that libssl is fully opaque it is time to say goodbye. Aside from removing the calloc/free/memset, the rest is mechanical sed. ok inoguchi@ tb@
* Cleanup/simplify ssl_cert_type()jsing2022-02-031-23/+13
| | | | | | | | Remove the X509 argument as it is unused - this was passed so that ssl_cert_type() can get the public key from the X509 object if the EVP_PKEY argument is NULL, however this is never the case. ok tb@
* Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY.jsing2022-01-081-2/+2
| | | | | | | Nearly all structs in libssl start with an SSL_ suffix, rename CERT and CERT_PKEY for consistency. ok inoguchi@ tb@
* Stop reaching into EVP_PKEY in the rest of libssl.tb2021-11-261-2/+2
| | | | ok inoguchi jsing
* Fold DTLS1_STATE_INTERNAL into DTLS1_STATE.jsing2021-10-231-4/+4
| | | | | | | Now that DTLS1_STATE is opaque, fold DTLS1_STATE_INTERNAL back into DTLS1_STATE and remove D1I() usage. ok tb@
* Use X509_STORE_CTX_get0_chain() instead of grabbing the chain directlytb2021-10-231-2/+2
| | | | | | out of the X509_STORE_CTX. ok jsing
* Untangle ssl3_get_message() return values.jsing2021-10-231-19/+12
| | | | | | | | | | | | | | | This function currently has a long return type that may be <= 0 on error/retry (which is then cast to an int in order to return it up the stack), or it returns the length of the handshake message (on success). This obviously means that 0 can be returned for both success and failure, which is the reason why a separate 'ok' argument has to exist. Untangle this mess by changing the return value to an int that indicates success (1) or error/retry (<= 0). The length never needs to actually be returned as it is already stored in s->internal->init_num (which is where the return value is read from anyway). ok tb@
* Use SSL3_HM_HEADER_LENGTH instead of the magic number 4.jsing2021-09-031-13/+14
| | | | ok beck@
* Clean up and simplify info and msg callbacks.jsing2021-08-301-14/+8
| | | | | | | | | The info and msg callbacks result in duplication - both for code that refers to the function pointers and for the call sites. Avoid this by providing typedefs for the function pointers and pulling the calling sequences into their own functions. ok inoguchi@ tb@
* Merge SSL_METHOD_INTERNAL into SSL_METHOD.jsing2021-07-011-3/+3
| | | | | | | Now that SSL_METHOD is opaque and in internal headers, we can remove SSL_METHOD_INTERNAL by merging it back into SSL_METHOD. ok tb@
* Indent all labels with a single space.jsing2021-06-111-5/+5
| | | | | | This ensures that diff reports the correct function prototype. Prompted by tb@
* Move DTLS structs/definitions/prototypes to dtls_locl.h.jsing2021-05-161-3/+3
| | | | | | | | Now that the DTLS structs are opaque, add a dtls_locl.h header and move internal-only structs from dtls1.h, along with prototypes from ssl_locl.h. Only pull this header in where DTLS code actually exists. ok inoguchi@ tb@
* Stop deriving peer finished twice for TLSv1.2.jsing2021-05-021-12/+1
| | | | | | | | We already derive the peer finished in ssl3_do_change_cipher_spec(), which DTLS relies on. In the case of TLS we've been doing it twice - once in ssl3_get_message() and once in ssl3_do_change_cipher_spec(). ok tb@
* Clean up derivation of finished/peer finished.jsing2021-04-251-52/+25
| | | | | | | | Make this process more readable by having specific client/server functions, calling the correct one based on s->server. This allows to remove various SSL_ST_ACCEPT/SSL_ST_CONNECT checks, along with duplicate code. ok inoguchi@ tb@
* Move reuse_message, message_type, message_size and cert_verify into thejsing2021-04-191-8/+8
| | | | | | TLSv1.2 handshake struct. ok inoguchi@ tb@
* Move finished and peer finished to the handshake struct.jsing2021-03-291-12/+12
| | | | | | | | | This moves the finish_md and peer_finish_md from the 'tmp' struct to the handshake struct, renaming to finished and peer_finished in the process. This also allows the remaining S3I(s) references to be removed from the TLSv1.3 client and server. ok inoguchi@ tb@
* Garbage collect s->internal->typetb2021-03-271-3/+3
| | | | | | | | | | | | | | | | | | | This variable is used in the legacy stack to decide whether we are a server or a client. That's what s->server is for... The new TLSv1.3 stack failed to set s->internal->type, which resulted in hilarious mishandling of previous_{client,server}_finished. Indeed, both client and server would first store the client's verify_data in previous_server_finished and later overwrite it with the server's verify_data. Consequently, renegotiation has been completely broken for more than a year. In fact, server side renegotiation was broken during the 6.5 release cycle. Clearly, no-one uses this. This commit fixes client side renegotiation and restores the previous behavior of SSL_get_client_CA_list(). Server side renegotiation will be fixed in a later commit. ok jsing
* Rename new_cipher to cipher.jsing2021-03-241-2/+2
| | | | | | | | This is in the SSL_HANDSHAKE struct and is what we're currently negotiating, so there is really nothing more "new" about the cipher than there is the key block or other parts of the handshake data. ok inoguchi@ tb@
* Rename f_err into fatal_err.tb2021-02-201-10/+10
| | | | discussed with jsing
* Move the read MAC key into the TLSv1.2 record layer.jsing2021-01-071-8/+1
| | | | ok inoguchi@ tb@
* Use legacy verifier when building auto chains.jsing2021-01-051-1/+3
| | | | | | | | | | | | | | | | | | The new verifier builds all chains, starting with the shortest possible path. It also does not currently return partial chains. Both of these things conflict with auto chain, where we want to build the longest possible chain (to include all intermediates, and probably the root unnecessarily), as well as using an incomplete chain when a trusted chain is not known. Depending on software configuration, we can end up building a chain consisting only of a leaf certificate, rather than a longer chain. This results in auto chain not including intermediates, which is undesireable. For now, switch auto chain building to use the legacy verifier. This should resolve the issues encountered by ajacoutot@ with sendmail. ok tb@
* Replace SSL_IS_DTLS with SSL_is_dtls().jsing2020-10-141-5/+5
| | | | | | Garbage collect the now unused SSL_IS_DTLS macro. ok tb@
* Simplify the cleanup of init_buf via a ssl3_release_init_buffer() function.jsing2020-09-241-1/+11
| | | | ok beck@ inoguchi@ tb@
* Release read and write buffers using freezero().jsing2020-09-241-11/+15
| | | | | | | | | Provide a ssl3_release_buffer() function that correctly frees a buffer and call it from the appropriate locations. While here also change ssl3_release_{read,write}_buffer() to void since they cannot fail and no callers check the return value currently. ok beck@ inoguchi@ tb@
* Replace SSL_PKEY_RSA_ENC/SSL_PKEY_RSA_SIGN with SSL_PKEY_RSA.jsing2020-05-191-2/+2
| | | | | | | | | | | | | | | | | Some time prior to SSLeay 0.8.1b, SSL_PKEY_RSA_SIGN got added with the intention of handling RSA sign only certificates... this incomplete code had the following comment: /* check to see if this is a signing only certificate */ /* EAY EAY EAY EAY */ And while the comment was removed in 2005, the incomplete RSA sign-only handling has remained ever since. Remove SSL_PKEY_RSA_SIGN and rename SSL_PKEY_RSA_ENC to SSL_PKEY_RSA. While here also remove the unused SSL_PKEY_DH_RSA. ok tb@
* Use calloc() rather than malloc() when allocating buffers.jsing2020-03-121-3/+3
| | | | | | This reduces the chance of accidently leaking stack memory. ok inoguchi@ tb@
* Remove the ssl_get_message function pointer from SSL_METHOD_INTERNAL.jsing2020-01-231-2/+5
| | | | | | | | | ssl_get_message is essentially a switch between ssl3_get_message and dtls1_get_message, both only used by the legacy stack. Instead, use SSL_IS_DTLS() in ssl3_get_message to call the DTLS function when necessary. ok beck@ inoguchi@ tb@
* Rework ssl3_output_cert_chain() to take a CERT_PKEY and consider chains.jsing2019-03-251-32/+28
| | | | | | | | | | We will now include the certificates in the chain in the certificate list, or use the existing extra_certs if present. Failing that we fall back to the automatic chain building if not disabled. This also simplifies the code significantly. ok beck@ tb@
* Clean up and simplify the handshake transcript code.jsing2018-11-081-3/+3
| | | | | | | This provides a cleaner, simpler and more readable API, with code that uses a BUF_MEM instead of a BIO. ok beck@ ("hurry up") and tb@.
* Make more of libssl's record layer state internal.jsing2018-10-241-12/+12
| | | | | | | | | | In January 2017, we changed large amounts of libssl's data structures to be non-visible/internal, however intentionally left things that the software ecosystem was needing to use. The four or so applications that reached into libssl for record layer related state now implement alternative code. As such, make these data structures internal. ok tb@
* Clean up handshake message start/finish functions.jsing2018-08-241-3/+3
| | | | | | | | Now that all handshake messages are created using CBB, remove the non-CBB ssl3_handshake_msg_start()/ssl3_handshake_msg_finish() functions. Rename the CBB variants by dropping the _cbb suffix. ok bcook@ inoguchi@ tb@
* Convert ssl3_send_change_cipher_spec() to use CBB and make it handle DTLS,jsing2017-10-081-6/+31
| | | | | | which allows us to drop dtls1_send_change_cipher_spec() entirely. ok inoguchi@
* Remove support for DSS/DSA, since we removed the cipher suites a whilejsing2017-08-121-3/+1
| | | | | | back. ok guenther@
* Move state from ssl->internal to the handshake structure.beck2017-05-071-8/+8
| | | | | | | while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
* Bring in an SSL_HANDSHAKE structure and commence the great shovellingbeck2017-05-061-2/+2
| | | | ok jsing@, gcc@, regress@
* Convert various handshake message generation functions to CBB.jsing2017-03-051-5/+16
| | | | ok beck@ inoguchi@
* Change SSLerror() back to taking two args, with the first one being an SSL *.beck2017-02-071-13/+13
| | | | | | | | | Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
* Avoid clearing the mac_packet flag in the wrong place.jsing2017-01-291-2/+1
| | | | | | | | In many cases we got away with this, however if a server sends multiple handshake messages in the same record only the first message would be added to the MAC. Should fix breakage reported by various people.
* Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the uglybeck2017-01-261-9/+5
| | | | line wraps that resulted
* Send the error function codes to rot in the depths of hell where they belongbeck2017-01-261-13/+13
| | | | | | | We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
* Remove most of SSL3_ENC_METHOD - we can just inline the function callsjsing2017-01-261-9/+9
| | | | | | and defines since they are the same everywhere. ok beck@
* Rename s3_{both,clnt,pkt_srvr}.c to have an ssl_ prefix since they are nojsing2017-01-261-0/+748
longer SSLv3 code. ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 10:22:47 +0000