summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_locl.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Expand DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN macro.jsing2017-01-211-2/+2
| | | | No change in preprocessor output (ignoring whitespace and line numbers).
* Pull out, rework and dedup the code that determines the highest sharedjsing2017-01-031-1/+2
| | | | | | version. ok beck@ doug@
* Pull out (and largely rewrite) the code that determines the enabledjsing2016-12-301-1/+2
| | | | | | | | | | protocol version range. This also fixes a bug whereby if all protocols were disabled, the client would still use TLSv1.2 in the client hello, only to have if fail with unsupported version when it received and processed the server hello. ok doug@
* Remove now unused c2l, c2ln, l2c, n2l, l2cn and n2l3 macros.jsing2016-12-301-51/+1
|
* Add support for ECDHE with X25519.jsing2016-12-211-1/+2
| | | | | | Testing of an earlier revision by naddy@. ok beck@
* Convert ssl3_get_server_hello() to CBS.jsing2016-12-181-2/+2
| | | | ok doug@
* Now that ssl3_send_{client,server}_certificate() are using the commonjsing2016-12-061-5/+1
| | | | handshake functions, we can remove more copied code from DTLS.
* Convert certificate handshake message generation to CBB, with some cleanjsing2016-12-061-2/+7
| | | | | | | | | | up and restructure. This also adds CBB based variants of the ssl3_handshake_msg_{start,finish} functions - for the time being these use a CBB to build the messages, then copy back into the init_buf. ok doug@
* Convert ssl_cipher_list_to_bytes() to CBB, changing the function to returnjsing2016-12-041-2/+2
| | | | | | | the number of bytes written via an explicit *outlen argument and retaining the return value to indicate success or failure. ok doug@
* Remove unused SSLv3 from ssl3_cbc_record_digest_supported().jsing2016-11-061-2/+2
| | | | | | From Markus Uhlin <markus.uhlin at bredband dot net> ok beck@ bcooK@
* Convert ssl3_get_server_kex_ecdhe() to CBS, simplifying tls1_check_curve()jsing2016-11-051-4/+4
| | | | | | | in the process. This also fixes a long standing bug where tls1_ec_curve_id2nid() is called with only one byte of the curve ID. ok beck@ miod@
* Rename ssl3_get_key_exchange() to ssl3_get_server_key_exchange(), sincejsing2016-11-041-2/+2
| | | | | | that's what it really is. ok miod@
* Add an explict list of exported symbols with just the functionsguenther2016-11-041-1/+5
| | | | | | | declared in the public headers, and use __{BEGIN,END}_HIDDEN_DECLS in the internal headers to optimize internal functions ok jsing@
* Make do_dtls1_write() static to d1_pkt.c and delete declarations forguenther2016-11-041-7/+1
| | | | | | three functions that were removed a while ago ok jsing@
* Clean up the TLS handshake digest handling - this refactors some of thejsing2016-11-031-2/+2
| | | | | | | | | | | | | | | | | | | code for improved readability, however it also address two issues. The first of these is a hard-to-hit double free that will occur if EVP_DigestInit_ex() fails. To avoid this and to be more robust, ensure that tls1_digest_cached_records() either completes successfully and sets up all of the necessary digests, or it cleans up and frees everything that was allocated. The second issue is that EVP_DigestUpdate() can fail - detect and handle this in tls1_finish_mac() and change the return type to an int so that a failure can be propagated to the caller (the callers still need to be fixed to handle this, in a later diff). The double-free was reported by Matthew Dillon. ok beck@ doug@ miod@
* Remove support for fixed ECDH cipher suites - these is not widely supportedjsing2016-10-191-5/+1
| | | | | | | | | and more importantly they do not provide PFS (if you want to use ECDH, use ECDHE instead). With input from guenther@. ok deraadt@ guenther@
* Implement the IETF ChaCha20-Poly1305 cipher suites.jsing2016-04-281-2/+4
| | | | | | | | | Rename the existing ChaCha20-Poly1305 cipher suites with an "-OLD" suffix, effectively replaces the original Google implementation. We continue to support both the IETF and Google versions, however the existing names now refer to the ciphers from draft-ietf-tls-chacha20-poly1305-04. Feedback from doug@
* Uncopy and unpaste dtls1_send_newsession_ticket() - another 111 lines ofjsing2015-09-121-2/+1
| | | | code deduped.
* Move handshake message header length determination into a separatejsing2015-09-121-1/+2
| | | | | | | ssl3_handshake_msg_hdr_len() function. Use this to correct several places that have magic numbers with header lengths hardcoded as '4'. ok beck@
* Uncopy and unpaste dtls1_send_certificate_request() - removes another 80jsing2015-09-121-2/+1
| | | | lines of code, while gaining SIGALGs support.
* Uncopy and unpaste dtls1_send_server_key_exchange(). Removes another 329jsing2015-09-121-2/+1
| | | | lines of code, while gaining bug fixes and SIGALGs support.
* Uncopy and unpaste dtls1_send_server_done().jsing2015-09-121-2/+1
|
* Uncopy and unpaste dtls1_send_server_hello().jsing2015-09-121-2/+1
|
* Uncopy and unpaste dtls1_send_hello_request().jsing2015-09-121-2/+1
|
* Uncopy and unpaste dtls1_send_client_verify() - thejsing2015-09-121-2/+1
| | | | | ssl3_send_client_verify() is different, but it correctly supports things like SIGALGS. Another 74 lines of code bites the dust.
* Uncopy and unpaste dtls1_send_client_key_exchange() - thejsing2015-09-121-2/+1
| | | | | | | | ssl3_send_client_key_exchange() is effectively identical, in fact it has a number of bug fixes and improvements that never got merged into the DTLS copy of the code. Flenses another 264 lines of code. ok beck@
* Rename functions that moved to t1_enc.c, with a tls1_ prefix instead of ajsing2015-09-111-7/+7
| | | | | | ssl3_ prefix. ok beck@
* Nuke ssl_set_peer_cert_type().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl_bad_method().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl3_default_timeout().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl_replace_hash().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl3_cbc_remove_padding().jsing2015-09-111-3/+1
| | | | ok "flensing knife"
* Nuke ssl3_alert_code().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl3_cert_verify_mac() and ssl3_handshake_mac().jsing2015-09-111-2/+1
| | | | | | We also no longer need the ssl3_pad_1 and ssl3_pad_2 arrays... ok "flensing knife"
* Nuke ssl3_final_finish_mac().jsing2015-09-111-3/+1
| | | | ok "flensing knife"
* Nuke ssl3_change_cipher_state().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl3_generate_master_secret().jsing2015-09-111-3/+1
| | | | ok "flensing knife"
* Nuke ssl3_setup_key_block() and ssl3_generate_key_block().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke n_ssl3_mac().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl3_enc().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke SSLv3_enc_data.jsing2015-09-111-3/+2
| | | | ok "flensing knife"
* Replace dtls1_send_finished() with ssl3_send_finished() - they're nowjsing2015-09-111-2/+1
| | | | | | | both essentially the same (in fact DTLS benefits from improvements previously made to the ssl3_send_finished() function). ok beck@
* Replace dtls1_client_hello() with ssl3_client_hello() - both are basicallyjsing2015-09-021-2/+1
| | | | | | | | | | | the same code, with two slight differences for DTLS handling. Also, make use of send_cookie to determine if the client random needs to be preserved, rather than testing if it is zeroed (hopefully your random number generator never returned all zeros, since the existing code would break). Inspired by BoringSSL. ok doug@
* Remove the ssl_prepare_{client,server}hello_tlsext() functions, which arejsing2015-09-011-3/+1
| | | | | | now nothing more than noops. ok bcook@ doug@
* Now that SSLv3 is going away, TLS_* and SSLv23 are equivalent.doug2015-08-291-3/+1
| | | | | | Remove the TLS method data and tls_any_* functions. Point to SSLv23. ok jsing@
* Convert tls1_process_ticket to CBS.doug2015-07-241-3/+2
| | | | ok miod@ jsing@
* Fix symbol collision with libtls.doug2015-07-191-3/+3
| | | | | | Pointed out by guenther. ok guenther@
* Add TLS_method, TLS_client_method and TLS_server_method.doug2015-07-191-1/+3
| | | | | | | | | | | | | | | | Use these instead of SSLv23_*method when you want to make sure TLS is used. By default, we disable SSLv3 but it's still possible for the user to re-enable it. TLS_*method does not allow SSLv3. Both BoringSSL and (next version of) OpenSSL have these methods. However, they have changed the implementation significantly. We will as well, but not right now. Riding the libssl major bump. ok miod@ bcook@
* Convert dtls1_get_message_header to CBS and change to int.doug2015-07-181-2/+2
| | | | | | | Changed return value from void to int. It should never return an error given that the input length is not checked yet. ok miod@
* Convert ssl_parse_serverhello_use_srtp_ext to CBS.doug2015-07-171-2/+2
| | | | ok miod@ jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-27 08:28:00 +0000