summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_txt.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use cipher suite values instead of IDs.jsing2024-07-221-4/+4
| | | | | | | | | | | | | | | | OpenSSL has had the concept of cipher IDs, which were a way of working around overlapping cipher suite values between SSLv2 and SSLv3. Given that we no longer have to deal with this issue, replace the use of IDs with cipher suite values. In particular, this means that we can stop mapping back and forth between the two, simplifying things considerably. While here, remove the 'valid' member of the SSL_CIPHER. The ssl3_ciphers[] table is no longer mutable, meaning that ciphers cannot be disabled at runtime (and we have `#if 0' if we want to do it at compile time). Clean up the comments and add/update RFC references for cipher suites. ok tb@
* Remove cipher from SSL_SESSION.jsing2024-07-201-4/+5
| | | | | | | | | | | | | | | | For a long time SSL_SESSION has had both a cipher ID and a pointer to an SSL_CIPHER (and not both are guaranteed to be populated). There is also a pointer to an SSL_CIPHER in the SSL_HANDSHAKE that denotes the cipher being used for this connection. Some code has been using the cipher from SSL_SESSION and some code has been using the cipher from SSL_HANDSHAKE. Remove cipher from SSL_SESSION and use the version in SSL_HANDSHAKE everywhere. If resuming from a session then we need to use the SSL_SESSION cipher ID to set the SSL_HANDSHAKE cipher. And we still need to ensure that we update the cipher ID in the SSL_SESSION whenever the SSL_HANDSHAKE cipher changes (this only occurs in a few places). ok tb@
* Hide all public symbols in libsslbeck2023-07-081-1/+3
| | | | | | With the guentherizer 9000 ok tb@
* Make internal header file names consistenttb2022-11-261-2/+2
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Change the loop index from an unsigned int to size_t now that alltb2022-06-071-2/+2
| | | | | | upper bounds are known to be size_t. ok jsing
* Drop an unnecessary casttb2022-06-071-2/+2
| | | | ok jsing
* Use SSL3_CK_VALUE_MASK instead of hardcoded 0xffff and remove sometb2022-06-061-10/+4
| | | | | | SSLv2 remnants. ok jsing
* Minor style cleanup in ssl_txt.ctb2022-06-061-23/+41
| | | | | | | Wrap long lines and fix a bug where the wrong struct member was checked for NULL. ok jsing
* Stop using BIO_s_file_inernal() in libssl.tb2021-11-291-2/+2
| | | | | | | | BIO_s_file_internal() should never have leaked out of libcrypto, but it did. As a first step of getting rid of it, stop using it internally. ok jsing
* Change tlsext_tick_lifetime_hint to uint32_t.jsing2021-10-231-2/+2
| | | | | | | | Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long to uint32_t (matching RFC4507), rather than continuing to work around an inappropriate type choice. ok tb@
* Indent all labels with a single space.jsing2021-06-111-2/+2
| | | | | | This ensures that diff reports the correct function prototype. Prompted by tb@
* Change SSLerror() back to taking two args, with the first one being an SSL *.beck2017-02-071-2/+2
| | | | | | | | | Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
* Send the error function codes to rot in the depths of hell where they belongbeck2017-01-261-2/+2
| | | | | | | We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
* Remove trailing whitespace.jsing2014-12-141-2/+2
|
* Sort and group includes.jsing2014-11-161-1/+3
|
* Provide ssl_version_string() function, which uses one of those modern Cjsing2014-07-121-15/+3
| | | | | | | | constructs (a switch statement) and returns the appropriate string defined by SSL_TXT_* for the given version, including support for DTLSv1 and DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print(). ok beck@
* Remove the PSK code. We don't need to drag around thisbeck2014-07-111-11/+1
| | | | | baggage. ok miod@ jsing@
* decompress libssl. ok beck jsingtedu2014-07-101-17/+1
|
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* TLS would not be entirely functional without extensions, so unifdefjsing2014-05-311-2/+0
| | | | | | OPENSSL_NO_TLSEXT. ok tedu@
* Everything sane has stdio, and FILE *. we don't need ifdefs for this.beck2014-05-291-2/+0
| | | | ok to firebomb from tedu@
* The ssl_ciper_get_evp() function is currently overloaded to also return thejsing2014-05-251-1/+3
| | | | | | | | | | | compression associated with the SSL session. Based on one of Adam Langley's chromium diffs, factor out the compression handling code into a separate ssl_cipher_get_comp() function. Rewrite the compression handling code to avoid pointless duplication and so that failures are actually returned to and detectable by the caller. ok miod@
* Remove SRP and Kerberos support from libssl. These are complex protocolstedu2014-05-051-19/+0
| | | | | all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
* KNF fixeslteo2014-04-251-64/+69
|
* Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.guenther2014-04-201-12/+2
| | | | | | | APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl. ok tedu@
* add back SRP. i was being too greedy.tedu2014-04-161-0/+6
|
* disentangle SRP code from TLStedu2014-04-161-6/+0
|
* Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap fromguenther2014-04-161-3/+1
| | | | | | | | | the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally. ok tedu@ beck@
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-141-104/+107
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* resolve conflictsdjm2012-10-131-0/+8
|
* resolve conflicts, fix local changesdjm2010-10-011-3/+40
|
* resolve conflictsdjm2008-09-061-2/+19
|
* resolve conflictsdjm2005-04-291-2/+2
|
* OpenSSL 0.9.7 stable 2002 05 08 mergebeck2002-05-151-1/+13
|
* openssl-engine-0.9.6 mergebeck2000-12-151-27/+25
|
* OpenSSL 0.9.5a mergebeck2000-04-151-1/+1
|
* OpenSSL 0.9.5 mergebeck2000-03-191-1/+6
| | | | | | *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
* OpenSSL 0.9.4 mergebeck1999-09-291-21/+40
|
* Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD buildryker1998-10-051-0/+152
functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 08:38:58 +0000