summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Rename dh_tmp to dhe_params.jsing2022-01-071-3/+4
| | | | | | | | Support for non-ephemeral DH was removed a long time ago - as such, the dh_tmp and dh_tmp_cb are used for DHE parameters. Rename them to reflect reality. ok inoguchi@ tb@
* Clean up and refactor server side DHE key exchange.jsing2021-12-041-38/+12
| | | | | | | | | | | | Provide ssl_kex_generate_dhe_params_auto() which handles DHE key generation based on parameters determined by the specified key bits. Convert the existing DHE auto parameter selection code into a function that just tells us how many key bits to use. Untangle and rework the server side DHE key exchange to use the ssl_kex_* functions. ok inoguchi@ tb@
* Fix a strange check in the auto DH codepathtb2021-11-141-3/+5
| | | | | | | | | | The code assumes that the server certificate has an RSA key and bases the calculation of the size of the ephemeral DH key on this assumption. So instead of checking whether we have any key by inspecting the dh part of the union, let's check that we actually have an RSA key. While here, make sure that its length is non-negative. ok jsing
* Replace <sys/limits.h> with <limits.h>bcook2021-11-081-2/+2
| | | | ok tb@
* libssl: stop reaching into the X509 struct and simplify some code bytb2021-10-311-18/+4
| | | | | | using X509_get_key_usage(). ok beck jsing
* Fold SSL_SESSION_INTERNAL back into SSL_SESSION.jsing2021-10-251-5/+5
| | | | ok beck@ tb@
* Add SSL_get0_verified_chain - needed by some new stuffbeck2021-10-231-1/+7
| | | | | | symbol will be exposed with tb@'s forthcoming bump ok tb@
* Add new OpenSSL API SSL_CTX_set_num_tickets and friends.beck2021-10-231-1/+30
| | | | | | | | | Since we don't support session tickets in LibreSSL at the moment these functions currently do not have any effect. Again, symbols will appear with tb@'s reptar sized bump.. ok tb@
* Unhandroll X509_up_ref()tb2021-10-231-2/+2
| | | | ok beck jsing
* Add new OpenSSL api SSL_write_ex, SSL_read_ex and SSL_peek_exbeck2021-10-231-1/+80
| | | | | | | | | | As these still meet the usual expectations for special, I will leave it up to ingo to decide to either document separately or in one man page like OpenSSL did. Will also need Symbols.list additions by tb@ when he starts the rapture ok tb@ jsing@
* Mop up enc_read_ctx and read_hash.jsing2021-10-231-15/+1
| | | | | | | These are no longer public, so we can mop them up along with the machinery needed to set/clear them. ok beck@ tb@
* Fold DTLS1_STATE_INTERNAL into DTLS1_STATE.jsing2021-10-231-2/+2
| | | | | | | Now that DTLS1_STATE is opaque, fold DTLS1_STATE_INTERNAL back into DTLS1_STATE and remove D1I() usage. ok tb@
* Add SSL_CTX_set_keylog_callback and SSL_CTX_get_keylog_callbackbeck2021-10-231-1/+13
| | | | | | | | Some things in ports care about calling these functions. Since we will not provide private key logging functionality they are documented as being for compatibility and that they don't do anything. ok tb@
* Prepare to provide SSL_CTX_get0_privatekey()tb2021-09-101-1/+10
| | | | ok beck
* Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubstb2021-09-081-1/+7
| | | | ok jsing
* Prepare to provide API stubs for PHAtb2021-09-081-1/+19
| | | | ok bcook jsing
* Prepare to provide SSL_set0_rbio()tb2021-09-081-1/+8
| | | | | | | This is needed for telephony/coturn and telephony/resiprocate to compile without opaque SSL. ok inoguchi jsing
* Refactor ssl_update_cache. This now matches the logic used for TLS 1.3beck2021-09-041-22/+106
| | | | | | | in Openssl 1.1.1 for when to call the session callbacks. I believe it to also generates a lot less eye bleed, confirmed by tb@ ok jsing@ tb@
* Clean up and simplify info and msg callbacks.jsing2021-08-301-7/+23
| | | | | | | | | The info and msg callbacks result in duplication - both for code that refers to the function pointers and for the call sites. Avoid this by providing typedefs for the function pointers and pulling the calling sequences into their own functions. ok inoguchi@ tb@
* Merge SSL_METHOD_INTERNAL into SSL_METHOD.jsing2021-07-011-31/+31
| | | | | | | Now that SSL_METHOD is opaque and in internal headers, we can remove SSL_METHOD_INTERNAL by merging it back into SSL_METHOD. ok tb@
* Provide the ability to set the initial DTLS epoch value.jsing2021-06-191-4/+4
| | | | | | This allows for regress to test edge cases for epoch handling. ok tb@
* Indent all labels with a single space.jsing2021-06-111-4/+4
| | | | | | This ensures that diff reports the correct function prototype. Prompted by tb@
* Make local header inclusion consistent.jsing2021-05-161-3/+2
| | | | | Consistently include local headers in the same location, using the same grouping/sorting across all files.
* Move DTLS structs/definitions/prototypes to dtls_locl.h.jsing2021-05-161-1/+2
| | | | | | | | Now that the DTLS structs are opaque, add a dtls_locl.h header and move internal-only structs from dtls1.h, along with prototypes from ssl_locl.h. Only pull this header in where DTLS code actually exists. ok inoguchi@ tb@
* Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*jsing2021-05-161-1/+2
| | | | | | Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
* Provide SSL_CTX_get_ssl_method(3)tb2021-05-101-1/+7
| | | | ok jsing
* Remove pointless assignment in SSL_get0_alpn_selected().jsing2021-03-291-4/+1
| | | | ok tb@
* Move finished and peer finished to the handshake struct.jsing2021-03-291-5/+5
| | | | | | | | | This moves the finish_md and peer_finish_md from the 'tmp' struct to the handshake struct, renaming to finished and peer_finished in the process. This also allows the remaining S3I(s) references to be removed from the TLSv1.3 client and server. ok inoguchi@ tb@
* Garbage collect s->internal->typetb2021-03-271-4/+1
| | | | | | | | | | | | | | | | | | | This variable is used in the legacy stack to decide whether we are a server or a client. That's what s->server is for... The new TLSv1.3 stack failed to set s->internal->type, which resulted in hilarious mishandling of previous_{client,server}_finished. Indeed, both client and server would first store the client's verify_data in previous_server_finished and later overwrite it with the server's verify_data. Consequently, renegotiation has been completely broken for more than a year. In fact, server side renegotiation was broken during the 6.5 release cycle. Clearly, no-one uses this. This commit fixes client side renegotiation and restores the previous behavior of SSL_get_client_CA_list(). Server side renegotiation will be fixed in a later commit. ok jsing
* Rename new_cipher to cipher.jsing2021-03-241-8/+8
| | | | | | | | This is in the SSL_HANDSHAKE struct and is what we're currently negotiating, so there is really nothing more "new" about the cipher than there is the key block or other parts of the handshake data. ok inoguchi@ tb@
* Fix misleading indentation in SSL_get_error()tb2021-03-021-2/+2
|
* Move handling of cipher/hash based cipher suites into the new record layer.jsing2021-02-271-11/+3
| | | | ok tb@
* Only use TLS versions internally (rather than both TLS and DTLS versions).jsing2021-02-251-11/+11
| | | | | | | | | | | | | | DTLS protocol version numbers are the 1's compliment of human readable TLS version numbers, which means that newer versions decrease in value and there is no direct mapping between TLS protocol version numbers and DTLS protocol version numbers. Rather than having to deal with this internally, only use TLS versions internally and map between DTLS and TLS protocol versions when necessary. Rename functions and variables to use 'tls_version' when they contain a TLS version (and never a DTLS version). ok tb@
* Rename f_err into fatal_err.tb2021-02-201-4/+4
| | | | discussed with jsing
* Return a min/max version of zero if set to zero.jsing2021-02-201-9/+17
| | | | | | | | | | OpenSSL's SSL{_CTX,}_get_{min,max}_proto_version() return a version of zero if the minimum or maximum has been set to zero (which means the minimum or maximum version supported by the method). Previously we returned the minimum or maximum version supported by the method, instead of zero. Match OpenSSL's behaviour by using shadow variables. Discussed with tb@
* Handle DTLS1_2_VERSION in various places.jsing2021-02-201-3/+5
| | | | ok tb@
* Remove bogus DTLS checks to disable ECC and OCSP.jsing2021-02-081-3/+1
| | | | | | | ECC and OCSP can be used with DTLS, so remove bogus checks that currently prevent it. These are long lasting remnants from the original OpenSSL code. ok tb@
* Move AEAD handling into the new TLSv1.2 record layer.jsing2021-01-281-13/+1
| | | | ok tb@
* zap a tabtb2021-01-261-2/+2
|
* Prepare to provide SSL_set_hostflags()tb2021-01-261-1/+7
| | | | | | | | Yet another one of these X509_VERIFY_PARAM reacharounds into libcrypto. Recently found in imapfilter, also used elsewhere. Will be made publicly visible with the next minor bump. ok jsing
* Move sequence numbers into the new TLSv1.2 record layer.jsing2021-01-261-5/+1
| | | | | | | This allows for all of the DTLS sequence number save/restore code to be removed. ok inoguchi@ "whee!" tb@
* Align SSL_get_shared_ciphers() with OpenSSLtb2021-01-091-10/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | SSL_get_shared_ciphers() has been quite broken forever (see BUGS). What's maybe even worse than those bugs is that it only ever returned the string representing the client's ciphers which happen to fit into buf. That's kind of odd, given its name. This commit brings it in line with OpenSSL's version which changed behavior almost three years ago. reviewed and stupid bug caught by schwarze ok beck inoguchi jsing commit a216df599a6076147c27acea6c976fb11f505b1a Author: Matt Caswell <matt@openssl.org> Date: Fri Apr 27 11:20:52 2018 +0100 Fix SSL_get_shared_ciphers() The function SSL_get_shared_ciphers() is supposed to return ciphers shared by the client and the server. However it only ever returned the client ciphers. Fixes #5317 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6113)
* Bring back *_client_method() structstb2020-12-011-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | The method unification broke an API promise of SSL_is_server(). According to the documentation, calling SSL_is_server() on SSL objects constructed from generic and server methods would result in 1 even before any call to SSL_set_accept_state(). This means the information needs to be available when SSL_new() is called, so must come from the method itself. Prior to the method unification, s->server would be set to 0 or 1 in SSL_new() depending on whether the accept method was undefined or not. Instead, introduce a flag to the internal structs to distinguish client methods from server and generic methods and copy that flag to s->server in SSL_new(). This problem was reported to otto due to breakage of DoH in net/dnsdist. The reason for this is that www/h2o relies on SSL_is_server() to decide whether to call SSL_accept() or SSL_connect(). Thus, the h2o server would end up responding to a ClientHello with another ClientHello, which results in a handshake failure. The bandaid applied to www/h2o can be removed once this fix has made it into snaps. No other breakage is known. This commit brings back only about half of the duplication removed in the method unification, so is preferable to a full revert. ok jsing
* Implement exporter for TLSv1.3.jsing2020-11-161-3/+12
| | | | | | | | | This implements the key material exporter for TLSv1.3, as defined in RFC8446 section 7.5. Issue reported by nmathewson on github. ok inoguchi@ tb@
* Replace SSL_IS_DTLS with SSL_is_dtls().jsing2020-10-141-3/+3
| | | | | | Garbage collect the now unused SSL_IS_DTLS macro. ok tb@
* Provide SSL_is_dtls().jsing2020-10-141-1/+7
| | | | | | | For now this is #ifdef LIBRESSL_INTERNAL and will be exposed during the next library bump. ok tb@
* Condense and simplify TLS methods.jsing2020-10-111-2/+2
| | | | | | | | | | | | | | | Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method. Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does. ok tb@
* Simplify the cleanup of init_buf via a ssl3_release_init_buffer() function.jsing2020-09-241-4/+3
| | | | ok beck@ inoguchi@ tb@
* Prepare to provide SSL_get0_peernametb2020-09-191-1/+7
| | | | | | | | | This is a convenience reacharound to libcrypto that trivially wraps X509_VERIFY_PARAM_get0_peername(). It is used by unbound 1.11.0 for better logging. As it's part of the API that landed with OpenSSL's DANE, more recent postfix snapshots use it as well. ok beck inoguchi jsing
* Prepare to provide stubbed out versions for reading/writing 0-RTT datatb2020-09-191-1/+29
| | | | | | | | | | | We do not support this feature but need to provide OpenSSL's API since software assumes it's available whenever TLS1_3_VERSION is available. These are minimal stubs that should have a decent chance to interact reasonably with software expecting the tricky upstream semantics, but this will have to be sorted out with runtime testing, so will likely have to be refined and revisited. ok beck jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 14:43:22 +0000