summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* s3 is never NULL since s2 (formerly used for SSLv2) does not exist, so there isbcook2019-05-151-19/+13
| | | | | | | no need to check for it. Fixes COV-165788, identified with help from Alex Bumstead. ok jsing@
* Strip out all of the pkey to sigalg and sigalg to pkey linkages.jsing2019-03-251-10/+4
| | | | | | These are no longer used now that we defer signature algorithm selection. ok beck@
* Defer sigalgs selection until the certificate is known.jsing2019-03-251-13/+2
| | | | | | | | | | | | | Previously the signature algorithm was selected when the TLS extension was parsed (or the client received a certificate request), however the actual certificate to be used is not known at this stage. This leads to various problems, including the selection of a signature algorithm that cannot be used with the certificate key size (as found by jeremy@ via ruby regress). Instead, store the signature algorithms list and only select a signature algorithm when we're ready to do signature generation. Joint work with beck@.
* Remove ssl_get_server_send_cert() which is now unused.jsing2019-03-251-12/+1
| | | | ok beck@ tb@
* Add a re-implementation of SSL_get1_supported_ciphers().tb2019-01-221-1/+35
| | | | | | | Part of OpenSSL 1.1 API (pre-licence-change). input schwarze ok jsing
* Provide SSL_get_client_ciphers().tb2019-01-221-1/+9
| | | | | | Part of OpenSSL 1.1 API, pre-licence change. ok jsing
* Move ssl_cipher_list_to_bytes() and ssl_bytes_to_cipher_list() totb2019-01-211-115/+1
| | | | | | | a more appropriately licenced file. jsing and doug have rewritten these functions (including the comments) over the past years. ok jsing
* Use ssl_cipher_is_permitted() in ssl_cipher_list_to_bytes().tb2019-01-211-9/+6
| | | | ok jsing
* Teach ssl_version_string() about TLS1_3_VERSION.jsing2019-01-211-1/+3
|
* Revert previous - DTLSv1 uses MD5+SHA1 for RSA signature verification.jsing2018-11-191-5/+2
| | | | Discussed with beck@
* Fix DTLS, because DTLS still remains a special flower, allows regress to passbeck2018-11-171-2/+5
|
* Fix wrong sizeof argument by using 'uint16_t *', with minor nit from tb@,mestre2018-11-141-2/+2
| | | | | | | | | | instead of 'uint16_t' Found with llvm's static analyzer, noticed that it was also already reported in Coverity CID 155890 and to ensure this was correct also inspected OpenSSL's equivalent code. OK tb@ and jsing@
* Add SSL_set1_host(), a thin wrapper around X509_VERIFY_PARAM_set1_host().tb2018-11-111-1/+7
| | | | | | | Used by unbound's DNS over TLS implementation to do server name verification. ok jsing
* Stop keeping track of sigalgs by guessing it from digest and pkey,beck2018-11-101-7/+29
| | | | | | just keep the sigalg around so we can remember what we actually decided to use. ok jsing@
* Stop pretending that a cert member in a SSL and SSL_CTX can be NULL.jsing2018-11-081-32/+9
| | | | ok beck@ tb@
* Add TLSv1.3 cipher suites (with appropriate guards).jsing2018-11-071-1/+6
| | | | ok beck@ tb@
* Use the newer/more sensible names for EVP_MD_CTX_* functions.jsing2018-09-051-3/+3
| | | | | | | | | | EVP_MD_CTX_create -> EVP_MD_CTX_new EVP_MD_CTX_destroy -> EVP_MD_CTX_free This should make the intent more obvious and reduce head scratching during code reviews. Raised by tb@
* Correctly clear the current cipher state, when changing cipher state.jsing2018-09-051-27/+25
| | | | | | | | | | | | | | | | | When a renegotiation results in a change of cipher suite, the renegotation would fail if it switched from AEAD to non-AEAD or vice versa. This is due to the fact that the previous EVP_AEAD or EVP_CIPHER state remained, resulting in incorrect logic that caused MAC failures. Rename ssl_clear_cipher_ctx() to ssl_clear_cipher_state() and split it into separate read/write components, then call these functions from the appropriate places when a ChangeCipherSpec message is being processed. Also, remove the separate ssl_clear_hash_ctx() calls and fold these into the ssl_clear_cipher_{read,write}_state() functions. Issue reported by Bernard Spil, who also tested this diff. ok tb@
* Nuke ssl_pending/ssl_shutdown function pointers.jsing2018-08-301-6/+6
| | | | | | | ssl3_pending() is used for all protocols and dtls1_shutdown() just calls ssl3_shutdown(), so just call the appropriate function directly instead. ok beck@ inoguchi@ tb@
* Let SSL_copy_session_id() return an int for error checking.tb2018-08-241-24/+25
| | | | | | | | | | Accordingly, add some error checking to SSL_copy_session_id(), BIO_ssl_copy_session_id(), and SSL_dup(). Prompted by OpenSSL commit 17dd65e6e1f Tested in a bulk build by sthen ok jsing
* OpenSSL started adding const to functions all over the place. Make alltb2018-04-251-2/+2
| | | | | | | | our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step. this went through a i386 bulk by sthen ok jsing
* make ENGINE_finish() succeed on NULL and simplify callers as intb2018-04-141-3/+2
| | | | | | | | | | | OpenSSL commit 7c96dbcdab9 by Rich Salz. This cleans up the caller side quite a bit and reduces the number of lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net shows that almost nothing checks the return value of ENGINE_finish(). While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'. ok jsing, tested by & ok inoguchi
* Remove function pointers for ssl_{read,write,peek}.jsing2018-04-071-4/+4
| | | | | | | Now that everything goes through the same code path, we can remove a layer of indirection and just call ssl3_{read,write,peek} directly. ok beck@ inoguchi@
* Bring in compatibility for OpenSSL 1.1 style init functions.beck2018-03-171-1/+6
| | | | | | | | | This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL ok jsing@, nits by tb@ and deraadt@
* Provide SSL_CTX_get_default_passwd_cb{,_userdata}()tb2018-03-171-1/+13
| | | | ok jsing
* Provide SSL_CTX_get_min_proto_version and SSL_CTX_get_max_proto_versionjca2018-03-151-1/+24
| | | | | | | | | We already provided the setters, so also provide the getters like OpenSSL does. Addition prompted by the use of those functions in recent openvpn releases. manpage diff from schwarze@ (thanks!) with input from jsing@, ok tb@ jsing@
* Provide SSL_is_server().jsing2018-02-221-1/+7
|
* Provide SSL_up_ref().jsing2018-02-221-1/+8
|
* Provide SSL_CTX_get_ciphers().jsing2018-02-221-1/+7
|
* Provide SSL_get_client_random() and SSL_get_server_random()jsing2018-02-171-2/+35
|
* Provide SSL_CTX_get0_certificate()jsing2018-02-171-1/+10
|
* Provide SSL_CTX_up_ref().jsing2018-02-141-1/+8
|
* Provide SSL_CTX_get0_param() and SSL_get0_param().jsing2018-02-141-1/+13
| | | | | Some applications that use X509_VERIFY_PARAM expect these to exist, since they're also part of the OpenSSL 1.0.2 API.
* Convert ssl3_client_hello() to CBB.jsing2017-10-111-27/+16
| | | | | | | As part of this, change ssl_cipher_list_to_bytes() to take a CBB argument, rather than a pointer/length. Some additional clean up/renames while here. Based on a diff from doug@
* Make ssl_bytes_to_cipher_list() take a CBS, rather than a pointer andjsing2017-10-101-24/+14
| | | | | length, since the caller has already been converted to CBS. A small amount of additional clean up whilst here.
* Bring back the NPN related symbols.jsing2017-08-301-1/+25
| | | | | | | | | | | Several pieces of software make use of these based on a conditional around OPENSSL_NPN_NEGOTIATED, rather than using the presence of the symbols, the non-existence of a OPENSSL_NO_NEXTPROTONEG define or even the existence of the TLS extension type. Unfortunately we cannot remove OPENSSL_NPN_NEGOTIATED since the API for ALPN was effectively botched and reuses two parts from the NPN implementation, rather than providing ALPN specific or generic versions.
* Completely remove NPN remnants.jsing2017-08-281-25/+1
| | | | Based on a diff from doug@, similar diff from inoguchi@
* Make SSL{,_CTX}_set_alpn_protos() do atomic updates and handle NULL.doug2017-08-131-10/+38
| | | | | | | | | | | Previously, the code would accept NULL and 0 length and try to malloc/memcpy it. On OpenBSD, malloc(0) does not return NULL. It could also fail in malloc and leave the old length. Also, add a note that this public API has backwards semantics of what you would expect where 0 is success and 1 is failure. input + ok jsing@ beck@
* Remove NPN support.jsing2017-08-121-69/+9
| | | | | | | | | | | | | NPN was never standardised and the last draft expired in October 2012. ALPN was standardised in July 2014 and has been supported in LibreSSL since December 2014. NPN has also been removed from Chromium in May 2016. TLS clients and servers that try to use/enable NPN will fail gracefully and fallback to the default protocol, since it will essentially appear that the otherside does not support NPN. At some point in the future we will actually remove the NPN related symbols entirely. ok bcook@ beck@ doug@
* Remove support for DSS/DSA, since we removed the cipher suites a whilejsing2017-08-121-13/+3
| | | | | | back. ok guenther@
* I don't think eay will ever fix this...jsing2017-08-111-2/+2
|
* style(9) in ssl_set_cert_masks().jsing2017-08-111-7/+7
|
* Clean up the EC key/curve configuration handling.jsing2017-08-101-7/+3
| | | | | | | | | | | | | | | | | | | | | | Over the years OpenSSL grew multiple ways of being able to specify EC keys (and/or curves) for use with ECDH and ECDHE key exchange. You could specify a static EC key (SSL{_CTX,}_set_tmp_ecdh()), use that as a curve and generate ephemeral keys (SSL_OP_SINGLE_ECDH_USE), provide the EC key via a callback that was provided with insufficient information (SSL{_CTX,}_set_tmp_ecdh_cb()) or enable automatic selection and generation of EC keys via SSL{_CTX,}_set_ecdh_auto(). This complexity leads to problems (like ECDHE not being enabled) and potential weird configuration (like being able to do ECDHE without the ephemeral part...). We no longer support ECDH and ECDHE can be disabled by removing ECDHE ciphers from the cipher list. As such, permanently enable automatic EC curve selection and generation, effectively disabling all of the configuration knobs. The only exception is the SSL{_CTX,}_set_tmp_ecdh() functions, which retain part of their previous behaviour by configuring the curve of the given EC key as the only curve being enabled. Everything else becomes a no-op. ok beck@ doug@
* Pull out the code that identifies if we have an ECC cipher in the cipherjsing2017-08-091-1/+42
| | | | | | | list or if we are negotiating an ECC cipher in the handshake. This dedups some of the existing code and will make the EC extension rewrites easier. ok doug@
* Move state from ssl->internal to the handshake structure.beck2017-05-071-8/+8
| | | | | | | while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
* Bring in an SSL_HANDSHAKE structure and commence the great shovellingbeck2017-05-061-6/+6
| | | | ok jsing@, gcc@, regress@
* Provide SSL{,_CTX}_set_{min,max}_proto_version() functions.jsing2017-05-061-1/+28
| | | | | | Rides minor bump. ok beck@
* Stop pretending that MD5 and SHA1 might not exist - rather than locatingjsing2017-02-281-10/+1
| | | | | | | "ssl3-md5" and "ssl-sha1", call the EVP_md5() and EVP_sha1() functions directly. ok beck@ inoguchi@
* Avoid dereferencing a pointer when reporting an error about the samejsing2017-02-151-2/+2
| | | | | | pointer being NULL. Found by jsg@ with cppcheck; also detected by Coverity.
* Change SSLerror() back to taking two args, with the first one being an SSL *.beck2017-02-071-49/+49
| | | | | | | | | Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 13:23:14 +0000