summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_clnt.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Refactor a tangle in ssl3_send_client_verify() into one function for eachtb2018-11-291-118/+213
| | | | | | | | | | type, sigalgs/rsa/ec/gost. Move a few special dances for GOST where they belong now. This prompted a fix for a long-standing bug with GOST client certificate authentication where tls1_transcript_data() fails since the transcript was already freed before. Add a bit of missing error checking and leave some further cleanup for later. idea, guidance & ok jsing
* Fix DTLS transcript handling for HelloVerifyRequest.jsing2018-11-211-10/+5
| | | | | | | | | | | | | If DTLS sees a HelloVerifyRequest the transcript is reset - the previous tls1_init_finished_mac() function could be called multiple times and would discard any existing state. The replacement tls1_transcript_init() is more strict and fails if a transcript already exists. Provide an explicit tls1_transcript_reset() function and call it from the appropriate places. This also lets us make DTLS less of a special snowflake and call tls1_transcript_init() in the same place as used for TLS. ok beck@ tb@
* Revert previous - DTLSv1 uses MD5+SHA1 for RSA signature verification.jsing2018-11-191-5/+2
| | | | Discussed with beck@
* Fix DTLS, because DTLS still remains a special flower, allows regress to passbeck2018-11-171-2/+5
|
* revert previousbeck2018-11-161-5/+3
|
* Fix DTLS. Because the DTLS code is strange. I am really coming around tobeck2018-11-161-3/+5
| | | | joel's line of thinking about it
* Unbreak legacy ciphers for prior to 1.1 by setting having a legacybeck2018-11-161-2/+2
| | | | | sigalg for MD5_SHA1 and using it as the non sigalgs default ok jsing@
* Add check function to verify that pkey is usable with a sigalg.beck2018-11-111-2/+2
| | | | | Include check for appropriate RSA key size when used with PSS. ok tb@
* Add support for RSA PSS algorithims being used in sigalgs.beck2018-11-111-1/+14
| | | | | | lightly tested, but will need sanity checks and regress test changes before being added to any sigalgs list for real ok jsing@ tb@
* Convert signatures and verifcation to use the EVP_DigestXXX apibeck2018-11-111-24/+52
| | | | | | to allow for adding PSS, Nuke the now unneejded guard around the PSS algorithms in the sigalgs table ok jsing@ tb@
* Stop keeping track of sigalgs by guessing it from digest and pkey,beck2018-11-101-12/+12
| | | | | | just keep the sigalg around so we can remember what we actually decided to use. ok jsing@
* Ensure we free the handshake transcript upon session resumption.jsing2018-11-091-1/+4
| | | | | | Found the hard way by jmc@ ok tb@
* Ensure we only choose sigalgs from our prefernce list, not the whole listbeck2018-11-091-2/+3
| | | | ok jsing@
* Reimplement the sigalgs processing code into a new implementationbeck2018-11-091-18/+13
| | | | | that will be usable with TLS 1.3 with less eye bleed. ok jsing@ tb@
* Clean up and simplify the handshake transcript code.jsing2018-11-081-30/+16
| | | | | | | This provides a cleaner, simpler and more readable API, with code that uses a BUF_MEM instead of a BIO. ok beck@ ("hurry up") and tb@.
* Stop pretending that a cert member in a SSL and SSL_CTX can be NULL.jsing2018-11-081-3/+3
| | | | ok beck@ tb@
* Ensure the handshake transcript is cleaned up.jsing2018-11-081-2/+13
| | | | | | | | | Add a check at the completion of the client/server handshake to ensure that the handshake transcript has been freed. Fix the case where a server asks the client for a certificate, but it does not have one, resulting in the handshake transcript being left around post-handshake. ok bcook@ tb@
* Use the newer/more sensible names for EVP_MD_CTX_* functions.jsing2018-09-051-3/+3
| | | | | | | | | | EVP_MD_CTX_create -> EVP_MD_CTX_new EVP_MD_CTX_destroy -> EVP_MD_CTX_free This should make the intent more obvious and reduce head scratching during code reviews. Raised by tb@
* Clean up handshake message start/finish functions.jsing2018-08-241-9/+9
| | | | | | | | Now that all handshake messages are created using CBB, remove the non-CBB ssl3_handshake_msg_start()/ssl3_handshake_msg_finish() functions. Rename the CBB variants by dropping the _cbb suffix. ok bcook@ inoguchi@ tb@
* Rename and collapse tls12_get_sigandhash_cbb().jsing2018-08-191-2/+2
| | | | | | | | | | Now that all callers of tls12_get_sigandhash() have been converted to CBB, collapse tls12_get_sigandhash() and tls12_get_sigandhash_cbb() into a single function. Rename it to tls12_gethashandsig() to be representative of the actual order of the sigalgs parameters, and perform some other clean up. ok inoguchi@ tb@
* Convert ssl3_send_client_verify() to CBB.jsing2018-08-171-43/+50
| | | | ok inoguchi@ tb@
* Convert ssl3_get_server_key_exchange() to CBS.jsing2018-08-161-69/+55
| | | | ok inoguchi@ tb@
* Remove now unused variable, that got left behind from a previous change.jsing2018-08-141-3/+1
|
* Actually check the return values for EVP_Sign* and EVP_Verify*.jsing2018-08-141-8/+12
| | | | ok bcook@ beck@ tb@
* Simplify server key exchange signature verification.jsing2018-08-101-49/+18
| | | | | | Everything can go through the EVP_Verify* code path. ok inoguchi@ tb@
* Check the return value from DH_size() in ssl3_send_client_kex_dhe().jsing2018-06-031-4/+6
| | | | ok beck@ inoguchi@
* Fix a malloc() NULL check in ssl3_send_client_kex_ecdhe_ecp(), by addingjsing2018-05-131-2/+3
| | | | the missing goto. While here also remove a set of unnecessary parentheses.
* Nuke SSL3_FLAGS_DELAY_CLIENT_FINISHED and SSL3_FLAGS_POP_BUFFER.jsing2018-04-071-15/+2
| | | | | | | These flags enabled experimental behaviour in the write path, which nothing uses. Removing this code greatly simplifies ssl3_write(). ok beck@ inoguchi@ sthen@ tb@
* Complete the TLS extension rewrite on the client-side.jsing2018-02-081-10/+18
| | | | | | | | | | | The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down. This also deduplicates the tlsext_client_build() and tlsext_server_build() code. ok beck@
* Rename ssl3_client_hello() to ssl3_send_client_hello() for consistency.jsing2017-10-121-3/+3
|
* Convert ssl3_client_hello() to CBB.jsing2017-10-111-36/+45
| | | | | | | As part of this, change ssl_cipher_list_to_bytes() to take a CBB argument, rather than a pointer/length. Some additional clean up/renames while here. Based on a diff from doug@
* ((remove) (some) (unnecessary) (parentheses))jsing2017-10-101-4/+4
| | | | Part of a diff from doug@
* Merge dtls1_connect() into ssl3_connect(), removing a large amount ofjsing2017-10-101-21/+111
| | | | | | | | duplicated code. For now this is essentially adds a diff of the two functions with 'if (SSL_IS_DTLS(s))' - further clean up and improvement will follow. ok inoguchi@
* Fix some style/whitespace/indentation issues in ssl3_connect().jsing2017-10-081-10/+9
|
* Convert TLS signature algorithms extension handling to the new framework.jsing2017-08-121-4/+2
| | | | ok beck@ doug@
* Remove NPN support.jsing2017-08-121-53/+3
| | | | | | | | | | | | | NPN was never standardised and the last draft expired in October 2012. ALPN was standardised in July 2014 and has been supported in LibreSSL since December 2014. NPN has also been removed from Chromium in May 2016. TLS clients and servers that try to use/enable NPN will fail gracefully and fallback to the default protocol, since it will essentially appear that the otherside does not support NPN. At some point in the future we will actually remove the NPN related symbols entirely. ok bcook@ beck@ doug@
* Remove support for DSS/DSA, since we removed the cipher suites a whilejsing2017-08-121-19/+2
| | | | | | back. ok guenther@
* Move state from ssl->internal to the handshake structure.beck2017-05-071-53/+53
| | | | | | | while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
* Bring in an SSL_HANDSHAKE structure and commence the great shovellingbeck2017-05-061-17/+17
| | | | ok jsing@, gcc@, regress@
* Convert various client key exchange functions to freezero(3). The memoryjsing2017-04-101-14/+5
| | | | | contents needs to be made inaccessible - this is simpler and less error prone than the current "if not NULL, explicit_bzero(); free()" dance.
* Remove the handshake digests and related code, replacing remaining usesjsing2017-03-101-8/+14
| | | | | | | with the handshake hash. For now tls1_digest_cached_records() is retained to release the handshake buffer. ok beck@ inoguchi@
* Provide a rolling handshake hash that commences as soon as the cipherjsing2017-03-051-1/+4
| | | | | | | | | | suite has been selected, and convert the final finish MAC to use this handshake hash. This is a first step towards cleaning up the current handshake buffer/digest code. ok beck@ inoguchi@
* Convert various handshake message generation functions to CBB.jsing2017-03-051-14/+27
| | | | ok beck@ inoguchi@
* Call ssl3_handshake_write() instead of ssl3_do_write() - this was missedjsing2017-03-041-2/+2
| | | | | | | | | | | when ssl3_send_client_certificate() was converted to the standard handshake functions in r1.150 of s3_clnt.c. This has no impact on TLS, however it causes the DTLS client to fail if the server sends a certificate request, since the TLS MAC is calculated on a non-populated DTLS header. Issue reported by umokk on github.
* Convert ssl3_{get,send}_server_key_exchange() to EVP_md5_sha1().jsing2017-03-011-21/+12
| | | | ok inoguchi@
* Stop pretending that MD5 and SHA1 might not exist - rather than locatingjsing2017-02-281-3/+3
| | | | | | | "ssl3-md5" and "ssl-sha1", call the EVP_md5() and EVP_sha1() functions directly. ok beck@ inoguchi@
* Change SSLerror() back to taking two args, with the first one being an SSL *.beck2017-02-071-131/+131
| | | | | | | | | Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
* Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the uglybeck2017-01-261-191/+96
| | | | line wraps that resulted
* Send the error function codes to rot in the depths of hell where they belongbeck2017-01-261-131/+131
| | | | | | | We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
* Remove most of SSL3_ENC_METHOD - we can just inline the function callsjsing2017-01-261-12/+12
| | | | | | and defines since they are the same everywhere. ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-09 18:38:25 +0000