summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_clnt.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Move state from ssl->internal to the handshake structure.beck2017-05-071-53/+53
| | | | | | | while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
* Bring in an SSL_HANDSHAKE structure and commence the great shovellingbeck2017-05-061-17/+17
| | | | ok jsing@, gcc@, regress@
* Convert various client key exchange functions to freezero(3). The memoryjsing2017-04-101-14/+5
| | | | | contents needs to be made inaccessible - this is simpler and less error prone than the current "if not NULL, explicit_bzero(); free()" dance.
* Remove the handshake digests and related code, replacing remaining usesjsing2017-03-101-8/+14
| | | | | | | with the handshake hash. For now tls1_digest_cached_records() is retained to release the handshake buffer. ok beck@ inoguchi@
* Provide a rolling handshake hash that commences as soon as the cipherjsing2017-03-051-1/+4
| | | | | | | | | | suite has been selected, and convert the final finish MAC to use this handshake hash. This is a first step towards cleaning up the current handshake buffer/digest code. ok beck@ inoguchi@
* Convert various handshake message generation functions to CBB.jsing2017-03-051-14/+27
| | | | ok beck@ inoguchi@
* Call ssl3_handshake_write() instead of ssl3_do_write() - this was missedjsing2017-03-041-2/+2
| | | | | | | | | | | when ssl3_send_client_certificate() was converted to the standard handshake functions in r1.150 of s3_clnt.c. This has no impact on TLS, however it causes the DTLS client to fail if the server sends a certificate request, since the TLS MAC is calculated on a non-populated DTLS header. Issue reported by umokk on github.
* Convert ssl3_{get,send}_server_key_exchange() to EVP_md5_sha1().jsing2017-03-011-21/+12
| | | | ok inoguchi@
* Stop pretending that MD5 and SHA1 might not exist - rather than locatingjsing2017-02-281-3/+3
| | | | | | | "ssl3-md5" and "ssl-sha1", call the EVP_md5() and EVP_sha1() functions directly. ok beck@ inoguchi@
* Change SSLerror() back to taking two args, with the first one being an SSL *.beck2017-02-071-131/+131
| | | | | | | | | Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
* Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the uglybeck2017-01-261-191/+96
| | | | line wraps that resulted
* Send the error function codes to rot in the depths of hell where they belongbeck2017-01-261-131/+131
| | | | | | | We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
* Remove most of SSL3_ENC_METHOD - we can just inline the function callsjsing2017-01-261-12/+12
| | | | | | and defines since they are the same everywhere. ok beck@
* Rename s3_{both,clnt,pkt_srvr}.c to have an ssl_ prefix since they are nojsing2017-01-261-0/+2795
longer SSLv3 code. ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 07:54:22 +0000