summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_sess.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* move the callbacks from ssl_st to internalbeck2017-01-231-7/+7
| | | | ok jsing@
* Move callback function pointers and argument pointers from SSL_CTX tojsing2017-01-231-22/+22
| | | | | | internal. ok beck@
* Move not_resumable and sess_cert from SSL_SESSION to internal.jsing2017-01-231-5/+5
| | | | ok beck@
* Move the stats struct from SSL_CTX to internal.jsing2017-01-231-6/+6
| | | | ok beck@
* Move internal parts of ssl_session_st to internalbeck2017-01-221-9/+9
| | | | ok jsing@
* Convert publically visible structs to translucent structs.jsing2017-01-221-4/+12
| | | | | | | | | | | | | This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary. This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified. ok beck@
* Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FNjsing2016-11-021-5/+11
| | | | macros. Only change in generated assembly is due to line numbering.
* Wrap some >80 char lines.jsing2016-11-021-9/+9
|
* Sort and group functions.jsing2016-09-041-12/+11
|
* Expand IMPLEMENT_PEM macros.jsing2016-09-041-2/+29
| | | | No change in generated assembly.
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-111-3/+2
| | | | ok doug@
* Remove support for DTLS_BAD_VER. We do not support non-standard andjsing2015-09-101-2/+1
| | | | | | | incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years. ok bcook@ miod@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-101-4/+4
| | | | ok miod@
* Remove SSLv3 support from LibreSSL.doug2015-08-271-2/+1
| | | | | | | | | | This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support. Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@. ok jsing@, beck@
* Remove duplicate check in libssl.doug2015-07-211-3/+1
| | | | | | | If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687. ok bcook@
* Remove trailing whitespace.jsing2014-12-141-8/+8
|
* Clean up more SSLv2 remnants.jsing2014-11-081-10/+9
|
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-181-4/+2
| | | | | | | | | | | | | | | arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
* Refactor and simplify the ECC extension handling. The existing codejsing2014-09-221-21/+1
| | | | | | | | | effectively built two "static" data structures - instead of doing this, just use static data structures to start with. From OpenSSL (part of a larger commit). ok miod@
* Provide a ssl3_get_cipher_by_id() function that allows ciphers to be lookedjsing2014-08-111-13/+2
| | | | | | | | up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char(). ok bcook@ miod@
* Since we no longer need to support SSLv2-style cipher lists, startjsing2014-08-101-3/+3
| | | | | | | | | | unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros. Prompted by similar changes in boringssl. ok guenther.
* The bell tolls for BUF_strdup - Start the migration to usingbeck2014-07-131-2/+2
| | | | | | intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
* Apply a large dose of KNF.jsing2014-07-121-126/+202
|
* Remove the PSK code. We don't need to drag around thisbeck2014-07-111-9/+1
| | | | | baggage. ok miod@ jsing@
* decompress libssl. ok beck jsingtedu2014-07-101-3/+2
|
* always compare memcmp against 0, for clarity.tedu2014-06-211-2/+2
|
* convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoringtedu2014-06-191-2/+2
| | | | | | libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* without overthinking it, replace a few memcmp calls with CRYPTO_memcmptedu2014-06-041-1/+1
| | | | where it is feasible to do so. better safe than sorry.
* ECDH and ECDSA will not work overly well if there is no EC, so unifdefjsing2014-05-311-6/+0
| | | | | | OPENSSL_NO_EC. ok tedu@
* TLS would not be entirely functional without extensions, so unifdefjsing2014-05-311-16/+0
| | | | | | OPENSSL_NO_TLSEXT. ok tedu@
* There is no point in checking if a pointer is non-NULL before calling free,jsing2014-05-281-21/+9
| | | | | | | | since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
* Remove SRP and Kerberos support from libssl. These are complex protocolstedu2014-05-051-16/+0
| | | | | all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
* whitespacetedu2014-04-231-2/+2
|
* more malloc/realloc/calloc cleanups; ok beck kettenisderaadt2014-04-211-3/+2
|
* Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.guenther2014-04-201-4/+6
| | | | | | | APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl. ok tedu@
* More KNF and style consistency tweaksguenther2014-04-191-12/+12
|
* kill REF_PRINT/REF_CHECK debugging framework noone would usederaadt2014-04-171-9/+0
| | | | ok miod
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-16/+16
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* add back SRP. i was being too greedy.tedu2014-04-161-0/+7
|
* disentangle SRP code from TLStedu2014-04-161-7/+0
|
* Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap fromguenther2014-04-161-27/+13
| | | | | | | | | the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally. ok tedu@ beck@
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-141-555/+539
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* resolve conflictsdjm2012-10-131-48/+112
|
* resolve conflicts, fix local changesdjm2010-10-011-32/+221
|
* update to openssl-0.9.8i; tested by several, especially krw@djm2009-01-051-0/+22
|
* resolve conflictsdjm2008-09-061-30/+159
|
* resolve conflictsdjm2006-06-271-2/+2
|
* resolve conflictsdjm2005-04-291-6/+7
|
* merge 0.9.7c; minor bugsfixes;markus2003-11-111-2/+2
| | | | | API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-16 15:33:57 +0000