summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_locl.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Replace the remaining ssl3_get_cipher_by_char() calls with n2s() andjsing2014-08-231-2/+3
| | | | | | ssl3_get_cipher_by_id(). ok bcook@
* Provide a ssl3_get_cipher_by_id() function that allows ciphers to be lookedjsing2014-08-111-1/+2
| | | | | | | | up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char(). ok bcook@ miod@
* Since we no longer need to support SSLv2-style cipher lists, startjsing2014-08-101-8/+2
| | | | | | | | | | unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros. Prompted by similar changes in boringssl. ok guenther.
* The RSA, DH, and ECDH temporary key callbacks expect the number of keybitsguenther2014-07-281-1/+7
| | | | | | | | | | | | | for the key (expressed in RSA key bits, which makes *no sense* for ECDH) as their second argument, not zero. (jsing@ notes that the RSA callback is only invoked for 'export' ciphers, which have been removed from LibreSSL, and for the SSL_OP_EPHEMERAL_RSA option, which is makes the application non-compliant. More fuel for the tedu fire...) jasper@ noted the breakage and bisected it down to the diff that broke this ok jsing@ miod@
* The correct name for EDH is DHE, likewise EECDH should be ECDHE.jsing2014-07-121-4/+4
| | | | | | Based on changes to OpenSSL trunk. ok beck@ miod@
* Provide ssl_version_string() function, which uses one of those modern Cjsing2014-07-121-1/+2
| | | | | | | | constructs (a switch statement) and returns the appropriate string defined by SSL_TXT_* for the given version, including support for DTLSv1 and DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print(). ok beck@
* Remove remnants from PSK, KRB5 and SRP.jsing2014-07-121-7/+2
| | | | ok beck@ miod@
* No need to keep ssl23_foo() flavours mapping to ssl3_foo().miod2014-07-111-4/+1
| | | | ok tedu@
* Remove more compression related code.jsing2014-07-101-2/+1
|
* decompress libssl. ok beck jsingtedu2014-07-101-15/+1
|
* tedu the SSL export cipher handling - since we do not have enabled exportjsing2014-07-091-53/+2
| | | | | | ciphers we no longer need the flags or code to support it. ok beck@ miod@
* Remove SSL_FIPS.jsing2014-07-081-2/+1
| | | | ok deraadt@ miod@
* Nuke SSL_NOT_EXP since it does nothing.jsing2014-07-081-2/+1
| | | | ok deraadt@ miod@
* Pull the code that builds a DTLS sequence number out into its own functionjsing2014-06-211-2/+5
| | | | | | to avoid duplication. Also use fewer magic numbers. ok miod@
* Rename ssl3_record_sequence_update() to ssl3_record_sequence_increment(),jsing2014-06-151-5/+5
| | | | | | | so that it reflects what it is actually doing. Use this function in a number of places that still have the hand rolled version. ok beck@ miod@
* Add ChaCha20-Poly1305 based ciphersuites.jsing2014-06-131-1/+2
| | | | | | Based on Adam Langley's chromium patches. Tested by and ok sthen@
* Add an SSL_AEAD_CTX to enable the use of EVP_AEAD with an SSL cipher.jsing2014-06-131-1/+22
| | | | | | | | | Read and write contexts are also added to the SSL_CTX, along with supporting code. Based on Adam Langley's chromium diffs. Rides the recent SSL library bump.
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Add an SSL_CIPHER_ALGORITHM2_AEAD flag that is used to mark a cipher asjsing2014-06-081-0/+19
| | | | | using EVP_AEAD. Also provide an EVP_AEAD-only equivalent of ssl_cipher_get_evp().
* http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162e ↵deraadt2014-06-071-1/+0
| | | | | | | | | | | | | | | | | | | c30718b5e7480add42598158 Don't know the full story, but it looks like a "can't do random perfectly, so do it god awful" problem was found in 2013, and replaced with "only do it badly if a flag is set". New flags (SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old scheme of "use time_t for first 4 bytes of the random buffer". Nothing uses these flags [ecosystem scan by sthen] Fully discourage use of these flags in the future by removing support & definition of them. The buflen < 4 check is also interesting, because no entropy would be returned. No callers passed such small buffers. ok miod sthen
* ECDH and ECDSA will not work overly well if there is no EC, so unifdefjsing2014-05-311-4/+0
| | | | | | OPENSSL_NO_EC. ok tedu@
* TLS would not be entirely functional without extensions, so unifdefjsing2014-05-311-4/+0
| | | | | | OPENSSL_NO_TLSEXT. ok tedu@
* While working on another diff I ended up looking to see why on earth thejsing2014-05-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | DTLS code had a chunk that checked to see if the SSL version was *not* DTLS. Turns out that this is inside a big #if 0 block with a comment explaining why DTLS will never need this code... The DTLS code was clearly written by wholesale copying the SSLv3 code. Any code not applicable to DTLS was seemingly #if 0'd or commented out and left for others to find. d1_pkt.c is copied from s3_pkt.c and it has a do_dtls1_write() function that has the same function signature as do_ssl3_write(), except that the create_empty_fragement (yes, that is the spelling in ssl_locl.h) argument is unused for DTLS (although there is code that pretends to use it) since it uses explicit IV (as the comment notes). Instead of leaving this turd lying around, nuke the #if 0'd code (along with the check for *not* DTLS) and remove the pointless create_empty_fragment argument given the only two do_dtls1_write() calls specify zero. This kind of thing also makes you wonder how much actual peer review occurred before the code was initially committed... ok beck@
* we no longer care that these aren't used for ssl2tedu2014-05-291-2/+2
|
* unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.tedu2014-05-291-10/+0
| | | | ok deraadt jsing
* Make it substantially easier to identify protocol version requirementsjsing2014-05-291-2/+35
| | | | | | | | | | | | | | by adding an enc_flags field to the ssl3_enc_method, specifying four flags that are used with this field and providing macros for evaluating these conditions. Currently the version requirements are identified by continually checking the version number and other criteria. This change also adds separate SSL3_ENC_METHOD data for TLS v1.1 and v1.2, since they have different enc_flags from TLS v1. Based on changes in OpenSSL head. No objection from miod@
* Remove unused defines.miod2014-05-271-9/+0
|
* remove unused shit. from Alexander Schrijvertedu2014-05-251-13/+0
|
* The ssl_ciper_get_evp() function is currently overloaded to also return thejsing2014-05-251-2/+2
| | | | | | | | | | | compression associated with the SSL session. Based on one of Adam Langley's chromium diffs, factor out the compression handling code into a separate ssl_cipher_get_comp() function. Rewrite the compression handling code to avoid pointless duplication and so that failures are actually returned to and detectable by the caller. ok miod@
* DeIMPLEMENT libssl. Expand the IMPLEMENT_* macros since it is far morejsing2014-05-241-153/+2
| | | | | | | | readable and one less layer of abstraction. Use C99 initialisers for clarity, grepability and to protect from future field reordering/removal. ok miod@ (tedu@ also thought it was a wonderful idea, beck@ also agreed, but ran away squealing since it reminded him of the VOP layer...)
* There are two actual uses of e_os2.h in libssl - an OPENSSL_GLOBAL (anjsing2014-05-221-3/+1
| | | | | | | | | empty define) and an OPENSSL_EXTERN (which is defined as, well... extern). The use of OPENSSL_EXTERN is already inconsistent since the lines above and below just use plain old "extern". Expand the two uses of these macros and stop including e_os2.h in libssl. ok miod@
* Stop pulling pqueue.h into ssl_locl.h since only a small part of libssljsing2014-05-221-2/+0
| | | | | | | | | | actually needs it. Instead, just include it in the files where it is actually necessary. Also remove standard includes from pqueue.h so that they are not available as a side effect. Just add the two includes that are needed to pqueue.c. ok miod@
* No longer make pqueue.h a public (and installed) header file. Replace itsmiod2014-05-151-0/+2
| | | | | | | | | inclusion in <ssl/dtls1.h> by the benign `struct _pqueue; typedef struct _pqueue *pqueue;'. Note that said dtls1.h should probably be considered a private header as well... ok beck@
* Remove orphaned l2n6 and n2l6 macros.miod2014-04-271-14/+0
|
* Unifdef -U OPENSSL_BUILD_SHLIBCRYPTO, since all it causes under Unix is tomiod2014-04-271-5/+0
| | | | redefine OPENSSL_EXTERN from `extern' to `extern'.
* Unifdef -UPKCS1_CHECK and remove SSL_OP_PKCS1_CHECK_[12], this is leftovermiod2014-04-231-2/+0
| | | | | | | | ``debug'' code from a 15+ years old bugfix and the SSL_OP_PKCS1_CHECK_* constants have had a value of zero since ages. No production code should use them. ok beck@
* The internal ssl2_* functions and variables are goneguenther2014-04-191-30/+0
|
* always build in RSA and DSA. ok deraadt miodtedu2014-04-171-8/+0
|
* quick pass at removing ability to disable sha256 and sha512. ok miodtedu2014-04-171-4/+0
|
* TANSTAAFL - delete the buf freelist code. if you need a better malloc, gettedu2014-04-161-12/+0
| | | | a better malloc. ok beck deraadt
* Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap fromguenther2014-04-161-38/+1
| | | | | | | | | the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally. ok tedu@ beck@
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-151-134/+129
| | | | | | | readable. This pass is whitespace only and can readily be verified using tr and md5. There is still a huge amount of inconsistency within these headers.
* make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miodtedu2014-04-141-7/+0
|
* Cope with the removal of openssl/symhacks.hderaadt2014-04-131-1/+0
|
* Do not include "e_os.h" anymore. Simply pull in the necessary headers.mpi2014-04-131-2/+6
| | | | ok miod@, deraadt@
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-2/+5
|
* SECURITY fixes backported from openssl-1.0.1f. ok mikeb@jca2014-02-271-0/+2
| | | | | | | | | | | | CVE-2013-4353 NULL pointer dereference with crafted Next Protocol Negotiation record in TLS handshake. Upstream: 197e0ea CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client. Upstream: ca98926, 0294b2b CVE-2013-6450 Fix DTLS retransmission from previous session. Upstream: 3462896
* cherry pick bugfixes for http://www.openssl.org/news/secadv_20130205.txtmarkus2013-02-141-0/+38
| | | | | from the openssl git (changes between openssl 1.0.1c and 1.0.1d). ok djm@
* resolve conflictsdjm2012-10-131-10/+65
|
* OpenSSL 1.0.0f: mergedjm2012-01-051-0/+1
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 08:37:48 +0000