summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_locl.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* This commit was manufactured by cvs2git to create tag 'OPENBSD_5_8_BASE'.OPENBSD_5_8_BASEcvs2svn2015-08-021-875/+0
|
* Convert tls1_process_ticket to CBS.doug2015-07-241-3/+2
| | | | ok miod@ jsing@
* Fix symbol collision with libtls.doug2015-07-191-3/+3
| | | | | | Pointed out by guenther. ok guenther@
* Add TLS_method, TLS_client_method and TLS_server_method.doug2015-07-191-1/+3
| | | | | | | | | | | | | | | | Use these instead of SSLv23_*method when you want to make sure TLS is used. By default, we disable SSLv3 but it's still possible for the user to re-enable it. TLS_*method does not allow SSLv3. Both BoringSSL and (next version of) OpenSSL have these methods. However, they have changed the implementation significantly. We will as well, but not right now. Riding the libssl major bump. ok miod@ bcook@
* Convert dtls1_get_message_header to CBS and change to int.doug2015-07-181-2/+2
| | | | | | | Changed return value from void to int. It should never return an error given that the input length is not checked yet. ok miod@
* Convert ssl_parse_serverhello_use_srtp_ext to CBS.doug2015-07-171-2/+2
| | | | ok miod@ jsing@
* Convert ssl_parse_clienthello_use_srtp_ext to CBS.doug2015-07-141-2/+2
| | | | ok miod@ jsing@
* Convert ssl_bytes_to_cipher_list to CBS.doug2015-06-281-2/+2
| | | | | | | Link in the new 'unit' regress and expand the invalid tests to include some that would fail before the CBS conversion. input + ok miod@ jsing@
* Convert ssl_parse_serverhello_renegotiate_ext to CBS.doug2015-06-201-2/+2
| | | | ok miod@ jsing@
* Convert ssl_parse_clienthello_renegotiate_ext to CBS.doug2015-06-201-2/+2
| | | | ok miod@, tweak + ok jsing@
* Remove Microsoft Server Gated Crypto.doug2015-06-181-2/+1
| | | | | | | | | Another relic due to the old US crypto policy. From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and 95275599399e277e71d064790a1f828a99fc661a. ok jsing@ miod@
* Clean up the ssl_bytes_to_cipher_list() API - rather than having thejsing2015-04-151-2/+2
| | | | | | | | | | ability to pass or not pass a STACK_OF(SSL_CIPHER) *, which is then either zeroed or if NULL a new one is allocated, always allocate one and return it directly. Inspired by simliar changes in BoringSSL. ok beck@ doug@
* Factor out the init_buf initialisation code, rather than duplicating itjsing2015-03-271-1/+2
| | | | | | in four different places. ok doug@ guenther@
* Reluctantly add server-side support for TLS_FALLBACK_SCSV.jsing2015-02-221-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | This allows for clients that willingly choose to perform a downgrade and attempt to establish a second connection at a lower protocol after the previous attempt unexpectedly failed, to be notified and have the second connection aborted, if the server does in fact support a higher protocol. TLS has perfectly good version negotiation and client-side fallback is dangerous. Despite this, in order to maintain maximum compatability with broken web servers, most mainstream browsers implement this. Furthermore, TLS_FALLBACK_SCSV only works if both the client and server support it and there is effectively no way to tell if this is the case, unless you control both ends. Unfortunately, various auditors and vulnerability scanners (including certain online assessment websites) consider the presence of a not yet standardised feature to be important for security, even if the clients do not perform client-side downgrade or the server only supports current TLS protocols. Diff is loosely based on OpenSSL with some inspiration from BoringSSL. Discussed with beck@ and miod@. ok bcook@
* unifdef -m -UOPENSSL_NO_NEXTPROTONEG - NPN is being replaced with ALPN,jsing2015-02-121-5/+1
| | | | | | however it is not likely to be removed any time soon. ok beck@ miod@
* Provide a SSL_CIPHER_get_by_value() function that allows a cipher to bejsing2015-02-071-1/+2
| | | | | | | | | | | | | | retrieved via its cipher suite value. A corresponding SSL_CIPHER_by_value() function returns the cipher suite value for a given SSL_CIPHER. These functions should mean that software does not need to resort to put_cipher_by_char()/get_cipher_by_char() in order to locate a cipher. Begrudgingly also provide a SSL_CIPHER_get_by_id() function that locates a cipher via the internal cipher identifier. Unfortunately these have already been leaked outside the library via SSL_CIPHER_by_id() and the various SSL3_CK_* and TLS1_CK_* defines in the ssl3.h/tls1.h headers. ok beck@ miod@
* Bring back the horrible API that is get_cipher_by_char/put_cipher_by_char.jsing2015-02-061-1/+3
| | | | | | | | This API was intended to be an internal only, however like many things in OpenSSL, it is exposed externally and parts of the software ecosystem are now using it since there is no real alternative within the public API. ok doug@, tedu@ and reluctantly miod@
* Add error handling for EVP_DigestInit_ex().doug2014-12-151-2/+2
| | | | | | | | | | | | | A few EVP_DigestInit_ex() calls were left alone since reporting an error would change the public API. Changed internal ssl3_cbc_digest_record() to return a value due to the above change. It will also now set md_out_size=0 on failure. This is based on part of BoringSSL's commit to fix malloc crashes: https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364 ok miod@
* Convert all of the straight forward client handshake handling code to usejsing2014-12-141-1/+5
| | | | | | the new handshake functions. ok miod@
* Remove trailing whitespace.jsing2014-12-141-13/+13
|
* ssl3_init_finished_mac() calls BIO_new() which can fail since it in turnjsing2014-12-101-2/+2
| | | | | | | | calls malloc(). Instead of silently continuing on failure, check the return value of BIO_new() and propagate failure back to the caller for appropriate handling. ok bcook@
* Remove support for GOST R 34.10-94 signature authentication, along withjsing2014-12-101-5/+3
| | | | | | | the two ciphersuites that use it. GOST94 public/private keys have been long obsoleted and libcrypto does not have support for them anyway. Discussed with Dmitry Eremin-Solenikov.
* Remove client handling of RSA in ServerKeyExchange messages, along withjsing2014-12-061-2/+1
| | | | | | | | | the associated peer_rsa_tmp goop. This was only needed for export cipher handling and intentional RFC violations. The export cipher suites have already been removed and previous cleanup means that we will never send ServerKeyExchange messages from the server side for RSA.
* Use appropriate internal types for EC curves and formats, rather thanjsing2014-12-061-3/+3
| | | | | | | | storing and processing in wire encoded form. Inspired by boringssl. ok miod@
* Update the GOST code in libssl, as contributed by Dmitry Eremin-Solenikov.miod2014-11-181-2/+7
| | | | | This causes a libssl major version bump as this affects the layout of some internal-but-unfortunately-made-visible structs.
* Sort and group includes.jsing2014-11-161-6/+6
|
* Clean up more SSLv2 remnants.jsing2014-11-081-2/+1
|
* Remove remnants from RC2 and SEED - there are no longer any cipher suitesjsing2014-11-021-13/+11
| | | | | | | that use these algorithms (and SEED was removed from libcrypto some time ago). ok doug@
* Add support for automatic DH ephemeral keys.jsing2014-10-311-1/+3
| | | | | | | This allows an SSL server to enable DHE ciphers with a single setting, which results in an DH key being generated based on the server key length. Partly based on OpenSSL.
* Remove support for ephemeral/temporary RSA private keys.jsing2014-10-311-4/+1
| | | | | | | | | The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively a standards violation) and for RSA sign-only, should only be possible if you are using an export cipher and have an RSA private key that is more than 512 bits in size (however we no longer support export ciphers). ok bcook@ miod@
* Add support for automatic ephemeral EC keys.jsing2014-10-031-2/+6
| | | | | | | | | | This allows an SSL server to enable ECDHE ciphers with a single setting, which results in an EC key being generated using the first preference shared curve. Based on OpenSSL with inspiration from boringssl. ok miod@
* Clean up EC cipher handling in ssl3_choose_cipher().jsing2014-09-301-1/+4
| | | | | | | | | | | The existing code reaches around into various internals of EC, which it should not know anything about. Replace this with a set of functions that that can correctly extract the necessary details and handle the comparisions. Based on a commit to OpenSSL, with some inspiration from boringssl. ok miod@
* Check that the specified curve is one of the client preferences.jsing2014-09-271-1/+2
| | | | | | Based on OpenSSL. ok miod@
* Remove SSL_kDHr, SSL_kDHd and SSL_aDH. No supported ciphersuites use them,jsing2014-09-071-6/+3
| | | | | | nor do we plan on supporting them. ok guenther@
* Replace the remaining uses of ssl3_put_cipher_by_char() with s2n and ajsing2014-08-241-2/+3
| | | | | | | ssl3_cipher_get_value() helper function, which returns the cipher suite value for the given cipher. ok miod@
* Replace the remaining ssl3_get_cipher_by_char() calls with n2s() andjsing2014-08-231-2/+3
| | | | | | ssl3_get_cipher_by_id(). ok bcook@
* Provide a ssl3_get_cipher_by_id() function that allows ciphers to be lookedjsing2014-08-111-1/+2
| | | | | | | | up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char(). ok bcook@ miod@
* Since we no longer need to support SSLv2-style cipher lists, startjsing2014-08-101-8/+2
| | | | | | | | | | unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros. Prompted by similar changes in boringssl. ok guenther.
* The RSA, DH, and ECDH temporary key callbacks expect the number of keybitsguenther2014-07-281-1/+7
| | | | | | | | | | | | | for the key (expressed in RSA key bits, which makes *no sense* for ECDH) as their second argument, not zero. (jsing@ notes that the RSA callback is only invoked for 'export' ciphers, which have been removed from LibreSSL, and for the SSL_OP_EPHEMERAL_RSA option, which is makes the application non-compliant. More fuel for the tedu fire...) jasper@ noted the breakage and bisected it down to the diff that broke this ok jsing@ miod@
* The correct name for EDH is DHE, likewise EECDH should be ECDHE.jsing2014-07-121-4/+4
| | | | | | Based on changes to OpenSSL trunk. ok beck@ miod@
* Provide ssl_version_string() function, which uses one of those modern Cjsing2014-07-121-1/+2
| | | | | | | | constructs (a switch statement) and returns the appropriate string defined by SSL_TXT_* for the given version, including support for DTLSv1 and DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print(). ok beck@
* Remove remnants from PSK, KRB5 and SRP.jsing2014-07-121-7/+2
| | | | ok beck@ miod@
* No need to keep ssl23_foo() flavours mapping to ssl3_foo().miod2014-07-111-4/+1
| | | | ok tedu@
* Remove more compression related code.jsing2014-07-101-2/+1
|
* decompress libssl. ok beck jsingtedu2014-07-101-15/+1
|
* tedu the SSL export cipher handling - since we do not have enabled exportjsing2014-07-091-53/+2
| | | | | | ciphers we no longer need the flags or code to support it. ok beck@ miod@
* Remove SSL_FIPS.jsing2014-07-081-2/+1
| | | | ok deraadt@ miod@
* Nuke SSL_NOT_EXP since it does nothing.jsing2014-07-081-2/+1
| | | | ok deraadt@ miod@
* Pull the code that builds a DTLS sequence number out into its own functionjsing2014-06-211-2/+5
| | | | | | to avoid duplication. Also use fewer magic numbers. ok miod@
* Rename ssl3_record_sequence_update() to ssl3_record_sequence_increment(),jsing2014-06-151-5/+5
| | | | | | | so that it reflects what it is actually doing. Use this function in a number of places that still have the hand rolled version. ok beck@ miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 18:39:05 +0000