summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_locl.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* move the callbacks from ssl_st to internalbeck2017-01-231-1/+32
| | | | ok jsing@
* Move callback function pointers and argument pointers from SSL_CTX tojsing2017-01-231-1/+60
| | | | | | internal. ok beck@
* Move not_resumable and sess_cert from SSL_SESSION to internal.jsing2017-01-231-1/+9
| | | | ok beck@
* Move the stats struct from SSL_CTX to internal.jsing2017-01-231-2/+20
| | | | ok beck@
* Move most of the SSL3_STATE fields to internal - the ones that remain arejsing2017-01-221-2/+118
| | | | | | known to be used by ports. ok beck@
* Move most of DTLS1_STATE to internal.beck2017-01-221-1/+62
| | | | ok jsing@
* Move ALPN and NPN fields from SSL/SSL_CTX to internal.jsing2017-01-221-1/+55
| | | | ok beck@
* Move internal parts of ssl_session_st to internalbeck2017-01-221-2/+6
| | | | ok jsing@
* Move recently added min_version/max_version from SSL and SSL_CTX to theirjsing2017-01-221-3/+5
| | | | opaque structs.
* Convert publically visible structs to translucent structs.jsing2017-01-221-1/+21
| | | | | | | | | | | | | This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary. This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified. ok beck@
* Expand DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN macro.jsing2017-01-211-2/+2
| | | | No change in preprocessor output (ignoring whitespace and line numbers).
* Pull out, rework and dedup the code that determines the highest sharedjsing2017-01-031-1/+2
| | | | | | version. ok beck@ doug@
* Pull out (and largely rewrite) the code that determines the enabledjsing2016-12-301-1/+2
| | | | | | | | | | protocol version range. This also fixes a bug whereby if all protocols were disabled, the client would still use TLSv1.2 in the client hello, only to have if fail with unsupported version when it received and processed the server hello. ok doug@
* Remove now unused c2l, c2ln, l2c, n2l, l2cn and n2l3 macros.jsing2016-12-301-51/+1
|
* Add support for ECDHE with X25519.jsing2016-12-211-1/+2
| | | | | | Testing of an earlier revision by naddy@. ok beck@
* Convert ssl3_get_server_hello() to CBS.jsing2016-12-181-2/+2
| | | | ok doug@
* Now that ssl3_send_{client,server}_certificate() are using the commonjsing2016-12-061-5/+1
| | | | handshake functions, we can remove more copied code from DTLS.
* Convert certificate handshake message generation to CBB, with some cleanjsing2016-12-061-2/+7
| | | | | | | | | | up and restructure. This also adds CBB based variants of the ssl3_handshake_msg_{start,finish} functions - for the time being these use a CBB to build the messages, then copy back into the init_buf. ok doug@
* Convert ssl_cipher_list_to_bytes() to CBB, changing the function to returnjsing2016-12-041-2/+2
| | | | | | | the number of bytes written via an explicit *outlen argument and retaining the return value to indicate success or failure. ok doug@
* Remove unused SSLv3 from ssl3_cbc_record_digest_supported().jsing2016-11-061-2/+2
| | | | | | From Markus Uhlin <markus.uhlin at bredband dot net> ok beck@ bcooK@
* Convert ssl3_get_server_kex_ecdhe() to CBS, simplifying tls1_check_curve()jsing2016-11-051-4/+4
| | | | | | | in the process. This also fixes a long standing bug where tls1_ec_curve_id2nid() is called with only one byte of the curve ID. ok beck@ miod@
* Rename ssl3_get_key_exchange() to ssl3_get_server_key_exchange(), sincejsing2016-11-041-2/+2
| | | | | | that's what it really is. ok miod@
* Add an explict list of exported symbols with just the functionsguenther2016-11-041-1/+5
| | | | | | | declared in the public headers, and use __{BEGIN,END}_HIDDEN_DECLS in the internal headers to optimize internal functions ok jsing@
* Make do_dtls1_write() static to d1_pkt.c and delete declarations forguenther2016-11-041-7/+1
| | | | | | three functions that were removed a while ago ok jsing@
* Clean up the TLS handshake digest handling - this refactors some of thejsing2016-11-031-2/+2
| | | | | | | | | | | | | | | | | | | code for improved readability, however it also address two issues. The first of these is a hard-to-hit double free that will occur if EVP_DigestInit_ex() fails. To avoid this and to be more robust, ensure that tls1_digest_cached_records() either completes successfully and sets up all of the necessary digests, or it cleans up and frees everything that was allocated. The second issue is that EVP_DigestUpdate() can fail - detect and handle this in tls1_finish_mac() and change the return type to an int so that a failure can be propagated to the caller (the callers still need to be fixed to handle this, in a later diff). The double-free was reported by Matthew Dillon. ok beck@ doug@ miod@
* Remove support for fixed ECDH cipher suites - these is not widely supportedjsing2016-10-191-5/+1
| | | | | | | | | and more importantly they do not provide PFS (if you want to use ECDH, use ECDHE instead). With input from guenther@. ok deraadt@ guenther@
* Implement the IETF ChaCha20-Poly1305 cipher suites.jsing2016-04-281-2/+4
| | | | | | | | | Rename the existing ChaCha20-Poly1305 cipher suites with an "-OLD" suffix, effectively replaces the original Google implementation. We continue to support both the IETF and Google versions, however the existing names now refer to the ciphers from draft-ietf-tls-chacha20-poly1305-04. Feedback from doug@
* Uncopy and unpaste dtls1_send_newsession_ticket() - another 111 lines ofjsing2015-09-121-2/+1
| | | | code deduped.
* Move handshake message header length determination into a separatejsing2015-09-121-1/+2
| | | | | | | ssl3_handshake_msg_hdr_len() function. Use this to correct several places that have magic numbers with header lengths hardcoded as '4'. ok beck@
* Uncopy and unpaste dtls1_send_certificate_request() - removes another 80jsing2015-09-121-2/+1
| | | | lines of code, while gaining SIGALGs support.
* Uncopy and unpaste dtls1_send_server_key_exchange(). Removes another 329jsing2015-09-121-2/+1
| | | | lines of code, while gaining bug fixes and SIGALGs support.
* Uncopy and unpaste dtls1_send_server_done().jsing2015-09-121-2/+1
|
* Uncopy and unpaste dtls1_send_server_hello().jsing2015-09-121-2/+1
|
* Uncopy and unpaste dtls1_send_hello_request().jsing2015-09-121-2/+1
|
* Uncopy and unpaste dtls1_send_client_verify() - thejsing2015-09-121-2/+1
| | | | | ssl3_send_client_verify() is different, but it correctly supports things like SIGALGS. Another 74 lines of code bites the dust.
* Uncopy and unpaste dtls1_send_client_key_exchange() - thejsing2015-09-121-2/+1
| | | | | | | | ssl3_send_client_key_exchange() is effectively identical, in fact it has a number of bug fixes and improvements that never got merged into the DTLS copy of the code. Flenses another 264 lines of code. ok beck@
* Rename functions that moved to t1_enc.c, with a tls1_ prefix instead of ajsing2015-09-111-7/+7
| | | | | | ssl3_ prefix. ok beck@
* Nuke ssl_set_peer_cert_type().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl_bad_method().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl3_default_timeout().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl_replace_hash().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl3_cbc_remove_padding().jsing2015-09-111-3/+1
| | | | ok "flensing knife"
* Nuke ssl3_alert_code().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl3_cert_verify_mac() and ssl3_handshake_mac().jsing2015-09-111-2/+1
| | | | | | We also no longer need the ssl3_pad_1 and ssl3_pad_2 arrays... ok "flensing knife"
* Nuke ssl3_final_finish_mac().jsing2015-09-111-3/+1
| | | | ok "flensing knife"
* Nuke ssl3_change_cipher_state().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl3_generate_master_secret().jsing2015-09-111-3/+1
| | | | ok "flensing knife"
* Nuke ssl3_setup_key_block() and ssl3_generate_key_block().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke n_ssl3_mac().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
* Nuke ssl3_enc().jsing2015-09-111-2/+1
| | | | ok "flensing knife"
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-30 00:36:26 +0000