summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_locl.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Uncopy and unpaste dtls1_send_server_key_exchange(). Removes another 329jsing2015-09-121-2/+1
| | | | lines of code, while gaining bug fixes and SIGALGs support.
* Uncopy and unpaste dtls1_send_server_done().jsing2015-09-121-2/+1
|
* Uncopy and unpaste dtls1_send_server_hello().jsing2015-09-121-2/+1
|
* Uncopy and unpaste dtls1_send_hello_request().jsing2015-09-121-2/+1
|
* Uncopy and unpaste dtls1_send_client_verify() - thejsing2015-09-121-2/+1
| | | | | ssl3_send_client_verify() is different, but it correctly supports things like SIGALGS. Another 74 lines of code bites the dust.
* Uncopy and unpaste dtls1_send_client_key_exchange() - thejsing2015-09-121-2/+1
| | | | | | | | ssl3_send_client_key_exchange() is effectively identical, in fact it has a number of bug fixes and improvements that never got merged into the DTLS copy of the code. Flenses another 264 lines of code. ok beck@
* Rename functions that moved to t1_enc.c, with a tls1_ prefix instead of ajsing2015-09-111-7/+7
| | | | | | ssl3_ prefix. ok beck@
* Nuke ssl_set_peer_cert_type().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl_bad_method().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl3_default_timeout().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl_replace_hash().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl3_cbc_remove_padding().jsing2015-09-111-3/+1
| | | | ok "flensing knife"
* Nuke ssl3_alert_code().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl3_cert_verify_mac() and ssl3_handshake_mac().jsing2015-09-111-2/+1
| | | | | | We also no longer need the ssl3_pad_1 and ssl3_pad_2 arrays... ok "flensing knife"
* Nuke ssl3_final_finish_mac().jsing2015-09-111-3/+1
| | | | ok "flensing knife"
* Nuke ssl3_change_cipher_state().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl3_generate_master_secret().jsing2015-09-111-3/+1
| | | | ok "flensing knife"
* Nuke ssl3_setup_key_block() and ssl3_generate_key_block().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke n_ssl3_mac().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl3_enc().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke SSLv3_enc_data.jsing2015-09-111-3/+2
| | | | ok "flensing knife"
* Replace dtls1_send_finished() with ssl3_send_finished() - they're nowjsing2015-09-111-2/+1
| | | | | | | both essentially the same (in fact DTLS benefits from improvements previously made to the ssl3_send_finished() function). ok beck@
* Replace dtls1_client_hello() with ssl3_client_hello() - both are basicallyjsing2015-09-021-2/+1
| | | | | | | | | | | the same code, with two slight differences for DTLS handling. Also, make use of send_cookie to determine if the client random needs to be preserved, rather than testing if it is zeroed (hopefully your random number generator never returned all zeros, since the existing code would break). Inspired by BoringSSL. ok doug@
* Remove the ssl_prepare_{client,server}hello_tlsext() functions, which arejsing2015-09-011-3/+1
| | | | | | now nothing more than noops. ok bcook@ doug@
* Now that SSLv3 is going away, TLS_* and SSLv23 are equivalent.doug2015-08-291-3/+1
| | | | | | Remove the TLS method data and tls_any_* functions. Point to SSLv23. ok jsing@
* Convert tls1_process_ticket to CBS.doug2015-07-241-3/+2
| | | | ok miod@ jsing@
* Fix symbol collision with libtls.doug2015-07-191-3/+3
| | | | | | Pointed out by guenther. ok guenther@
* Add TLS_method, TLS_client_method and TLS_server_method.doug2015-07-191-1/+3
| | | | | | | | | | | | | | | | Use these instead of SSLv23_*method when you want to make sure TLS is used. By default, we disable SSLv3 but it's still possible for the user to re-enable it. TLS_*method does not allow SSLv3. Both BoringSSL and (next version of) OpenSSL have these methods. However, they have changed the implementation significantly. We will as well, but not right now. Riding the libssl major bump. ok miod@ bcook@
* Convert dtls1_get_message_header to CBS and change to int.doug2015-07-181-2/+2
| | | | | | | Changed return value from void to int. It should never return an error given that the input length is not checked yet. ok miod@
* Convert ssl_parse_serverhello_use_srtp_ext to CBS.doug2015-07-171-2/+2
| | | | ok miod@ jsing@
* Convert ssl_parse_clienthello_use_srtp_ext to CBS.doug2015-07-141-2/+2
| | | | ok miod@ jsing@
* Convert ssl_bytes_to_cipher_list to CBS.doug2015-06-281-2/+2
| | | | | | | Link in the new 'unit' regress and expand the invalid tests to include some that would fail before the CBS conversion. input + ok miod@ jsing@
* Convert ssl_parse_serverhello_renegotiate_ext to CBS.doug2015-06-201-2/+2
| | | | ok miod@ jsing@
* Convert ssl_parse_clienthello_renegotiate_ext to CBS.doug2015-06-201-2/+2
| | | | ok miod@, tweak + ok jsing@
* Remove Microsoft Server Gated Crypto.doug2015-06-181-2/+1
| | | | | | | | | Another relic due to the old US crypto policy. From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and 95275599399e277e71d064790a1f828a99fc661a. ok jsing@ miod@
* Clean up the ssl_bytes_to_cipher_list() API - rather than having thejsing2015-04-151-2/+2
| | | | | | | | | | ability to pass or not pass a STACK_OF(SSL_CIPHER) *, which is then either zeroed or if NULL a new one is allocated, always allocate one and return it directly. Inspired by simliar changes in BoringSSL. ok beck@ doug@
* Factor out the init_buf initialisation code, rather than duplicating itjsing2015-03-271-1/+2
| | | | | | in four different places. ok doug@ guenther@
* Reluctantly add server-side support for TLS_FALLBACK_SCSV.jsing2015-02-221-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | This allows for clients that willingly choose to perform a downgrade and attempt to establish a second connection at a lower protocol after the previous attempt unexpectedly failed, to be notified and have the second connection aborted, if the server does in fact support a higher protocol. TLS has perfectly good version negotiation and client-side fallback is dangerous. Despite this, in order to maintain maximum compatability with broken web servers, most mainstream browsers implement this. Furthermore, TLS_FALLBACK_SCSV only works if both the client and server support it and there is effectively no way to tell if this is the case, unless you control both ends. Unfortunately, various auditors and vulnerability scanners (including certain online assessment websites) consider the presence of a not yet standardised feature to be important for security, even if the clients do not perform client-side downgrade or the server only supports current TLS protocols. Diff is loosely based on OpenSSL with some inspiration from BoringSSL. Discussed with beck@ and miod@. ok bcook@
* unifdef -m -UOPENSSL_NO_NEXTPROTONEG - NPN is being replaced with ALPN,jsing2015-02-121-5/+1
| | | | | | however it is not likely to be removed any time soon. ok beck@ miod@
* Provide a SSL_CIPHER_get_by_value() function that allows a cipher to bejsing2015-02-071-1/+2
| | | | | | | | | | | | | | retrieved via its cipher suite value. A corresponding SSL_CIPHER_by_value() function returns the cipher suite value for a given SSL_CIPHER. These functions should mean that software does not need to resort to put_cipher_by_char()/get_cipher_by_char() in order to locate a cipher. Begrudgingly also provide a SSL_CIPHER_get_by_id() function that locates a cipher via the internal cipher identifier. Unfortunately these have already been leaked outside the library via SSL_CIPHER_by_id() and the various SSL3_CK_* and TLS1_CK_* defines in the ssl3.h/tls1.h headers. ok beck@ miod@
* Bring back the horrible API that is get_cipher_by_char/put_cipher_by_char.jsing2015-02-061-1/+3
| | | | | | | | This API was intended to be an internal only, however like many things in OpenSSL, it is exposed externally and parts of the software ecosystem are now using it since there is no real alternative within the public API. ok doug@, tedu@ and reluctantly miod@
* Add error handling for EVP_DigestInit_ex().doug2014-12-151-2/+2
| | | | | | | | | | | | | A few EVP_DigestInit_ex() calls were left alone since reporting an error would change the public API. Changed internal ssl3_cbc_digest_record() to return a value due to the above change. It will also now set md_out_size=0 on failure. This is based on part of BoringSSL's commit to fix malloc crashes: https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364 ok miod@
* Convert all of the straight forward client handshake handling code to usejsing2014-12-141-1/+5
| | | | | | the new handshake functions. ok miod@
* Remove trailing whitespace.jsing2014-12-141-13/+13
|
* ssl3_init_finished_mac() calls BIO_new() which can fail since it in turnjsing2014-12-101-2/+2
| | | | | | | | calls malloc(). Instead of silently continuing on failure, check the return value of BIO_new() and propagate failure back to the caller for appropriate handling. ok bcook@
* Remove support for GOST R 34.10-94 signature authentication, along withjsing2014-12-101-5/+3
| | | | | | | the two ciphersuites that use it. GOST94 public/private keys have been long obsoleted and libcrypto does not have support for them anyway. Discussed with Dmitry Eremin-Solenikov.
* Remove client handling of RSA in ServerKeyExchange messages, along withjsing2014-12-061-2/+1
| | | | | | | | | the associated peer_rsa_tmp goop. This was only needed for export cipher handling and intentional RFC violations. The export cipher suites have already been removed and previous cleanup means that we will never send ServerKeyExchange messages from the server side for RSA.
* Use appropriate internal types for EC curves and formats, rather thanjsing2014-12-061-3/+3
| | | | | | | | storing and processing in wire encoded form. Inspired by boringssl. ok miod@
* Update the GOST code in libssl, as contributed by Dmitry Eremin-Solenikov.miod2014-11-181-2/+7
| | | | | This causes a libssl major version bump as this affects the layout of some internal-but-unfortunately-made-visible structs.
* Sort and group includes.jsing2014-11-161-6/+6
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-08 23:24:41 +0000