summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_srvr.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Convert ssl3_get_client_kex_gost() to CBS.jsing2018-05-191-21/+23
| | | | ok beck@ tb@
* More clean up of the RSA key exchange code.jsing2018-05-131-24/+34
| | | | | | | | Convert to CBS, use more appropriate variable names and improve validation. Allocate a dedicated buffer to hold the decrypted result, rather than decrypting into the handshake buffer (which is also used to send data). ok beck@ inoguchi@ tb@
* Nuke SSL_OP_TLS_ROLLBACK_BUG - this is a workaround for buggy clients fromjsing2018-04-111-30/+15
| | | | | | | around the SSLv3/TLSv1.0 period... and buggy clients are buggy. This also helps to clean up the RSA key exchange code. ok "kill it with fire" beck@ tb@
* Initialize variables to avoid compiler warningsinoguchi2018-01-281-2/+2
| | | | ok jsing@
* Complete the TLS extension handling rewrite for the server-side.jsing2018-01-271-9/+10
| | | | | | | | | | | | | This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist. The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions). ok inoguchi@
* Fold dtls1_accept() into ssl_accept(), removing a lot of duplicated code.jsing2017-10-121-16/+137
| | | | With review/feedback from inoguchi@
* Fully convert ssl3_send_server_hello() to CBB.jsing2017-10-111-25/+17
| | | | Based on a diff from doug@
* Make ssl_bytes_to_cipher_list() take a CBS, rather than a pointer andjsing2017-10-101-2/+3
| | | | | length, since the caller has already been converted to CBS. A small amount of additional clean up whilst here.
* Fix some style/whitespace/indentation issues in ssl3_accept().jsing2017-10-081-25/+14
|
* Convert TLS signature algorithms extension handling to the new framework.jsing2017-08-121-4/+4
| | | | ok beck@ doug@
* Remove NPN support.jsing2017-08-121-98/+6
| | | | | | | | | | | | | NPN was never standardised and the last draft expired in October 2012. ALPN was standardised in July 2014 and has been supported in LibreSSL since December 2014. NPN has also been removed from Chromium in May 2016. TLS clients and servers that try to use/enable NPN will fail gracefully and fallback to the default protocol, since it will essentially appear that the otherside does not support NPN. At some point in the future we will actually remove the NPN related symbols entirely. ok bcook@ beck@ doug@
* Remove support for DSS/DSA, since we removed the cipher suites a whilejsing2017-08-121-12/+1
| | | | | | back. ok guenther@
* Convert ssl3_send_certificate_request() to CBB.jsing2017-08-111-45/+46
| | | | ok beck@ doug@
* Clean up the EC key/curve configuration handling.jsing2017-08-101-49/+27
| | | | | | | | | | | | | | | | | | | | | | Over the years OpenSSL grew multiple ways of being able to specify EC keys (and/or curves) for use with ECDH and ECDHE key exchange. You could specify a static EC key (SSL{_CTX,}_set_tmp_ecdh()), use that as a curve and generate ephemeral keys (SSL_OP_SINGLE_ECDH_USE), provide the EC key via a callback that was provided with insufficient information (SSL{_CTX,}_set_tmp_ecdh_cb()) or enable automatic selection and generation of EC keys via SSL{_CTX,}_set_ecdh_auto(). This complexity leads to problems (like ECDHE not being enabled) and potential weird configuration (like being able to do ECDHE without the ephemeral part...). We no longer support ECDH and ECDHE can be disabled by removing ECDHE ciphers from the cipher list. As such, permanently enable automatic EC curve selection and generation, effectively disabling all of the configuration knobs. The only exception is the SSL{_CTX,}_set_tmp_ecdh() functions, which retain part of their previous behaviour by configuring the curve of the given EC key as the only curve being enabled. Everything else becomes a no-op. ok beck@ doug@
* Move state from ssl->internal to the handshake structure.beck2017-05-071-59/+59
| | | | | | | while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
* Bring in an SSL_HANDSHAKE structure and commence the great shovellingbeck2017-05-061-24/+24
| | | | ok jsing@, gcc@, regress@
* Fix a bug caused by the return value being set early to signal successfuljsing2017-04-291-5/+5
| | | | | | | | | | | | | | | DTLS cookie validation. This can mask a later failure and result in a positive return value being returned from ssl3_get_client_hello(), when it should return a negative value to propagate the error. Ironically this was introduced in OpenSSL 2e9802b7a7b with the commit message "Fix DTLS cookie management bugs". Fix based on OpenSSL. Issue reported by Nicolas Bouliane <nbouliane at jive dot com>. ok beck@
* Use freezero(3) when cleaning up session tickets - not only does it requirejsing2017-04-141-6/+3
| | | | | less code, but there is also a potential performance gain since they can be larger allocations.
* Use freezero(3) to clean up the X25519 keys - simpler, cleaner code.jsing2017-04-141-6/+3
|
* Clean up server key exchange EC point handling. Encode the point directlyjsing2017-04-141-27/+15
| | | | | | | | into the CBB memory, rather than mallocing and memcpying, which also makes makes the code more consistent with the client. Add a missing check for the first EC_POINT_point2oct() call. ok beck@
* Remove the handshake digests and related code, replacing remaining usesjsing2017-03-101-24/+8
| | | | | | | with the handshake hash. For now tls1_digest_cached_records() is retained to release the handshake buffer. ok beck@ inoguchi@
* Provide a rolling handshake hash that commences as soon as the cipherjsing2017-03-051-1/+4
| | | | | | | | | | suite has been selected, and convert the final finish MAC to use this handshake hash. This is a first step towards cleaning up the current handshake buffer/digest code. ok beck@ inoguchi@
* Convert various handshake message generation functions to CBB.jsing2017-03-051-22/+48
| | | | ok beck@ inoguchi@
* Convert ssl3_{get,send}_server_key_exchange() to EVP_md5_sha1().jsing2017-03-011-22/+14
| | | | ok inoguchi@
* Stop pretending that MD5 and SHA1 might not exist - rather than locatingjsing2017-02-281-3/+3
| | | | | | | "ssl3-md5" and "ssl-sha1", call the EVP_md5() and EVP_sha1() functions directly. ok beck@ inoguchi@
* Change SSLerror() back to taking two args, with the first one being an SSL *.beck2017-02-071-106/+106
| | | | | | | | | Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
* Convert ssl3_get_client_hello() to CBS.jsing2017-01-261-76/+71
| | | | ok beck@
* Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the uglybeck2017-01-261-169/+85
| | | | line wraps that resulted
* Send the error function codes to rot in the depths of hell where they belongbeck2017-01-261-114/+106
| | | | | | | We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
* Remove most of SSL3_ENC_METHOD - we can just inline the function callsjsing2017-01-261-11/+11
| | | | | | and defines since they are the same everywhere. ok beck@
* Rename s3_{both,clnt,pkt_srvr}.c to have an ssl_ prefix since they are nojsing2017-01-261-0/+2923
longer SSLv3 code. ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 21:34:17 +0000