summaryrefslogtreecommitdiff
path: root/src/lib/libssl/t1_lib.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Change SSLerror() back to taking two args, with the first one being an SSL *.beck2017-02-071-13/+13
| | | | | | | | | Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
* Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the uglybeck2017-01-261-23/+12
| | | | line wraps that resulted
* Send the error function codes to rot in the depths of hell where they belongbeck2017-01-261-13/+13
| | | | | | | We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
* Remove most of SSL3_ENC_METHOD - we can just inline the function callsjsing2017-01-261-40/+1
| | | | | | and defines since they are the same everywhere. ok beck@
* sk_pop_free() checks for NULL so do not bother doing it from the callers.jsing2017-01-241-5/+3
|
* #if 0 the ecformats_list and eccurves_list - these are currently unused butjsing2017-01-241-2/+5
| | | | will be revisited at some point in the near future.
* Add support for setting the supported EC curves viajsing2017-01-241-13/+96
| | | | | | | | | | | | | SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names. This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself. Inspired by parts of BoringSSL and OpenSSL. ok beck@
* Correct bounds checks used when generating the EC curves extension.jsing2017-01-241-3/+3
| | | | ok beck@
* Fix typo in brainpool curve name within a comment.jsing2017-01-241-2/+2
|
* Move options and mode from SSL_CTX and SSL to internal, since these can bejsing2017-01-231-4/+5
| | | | set and cleared via existing functions.
* Split most of SSL_METHOD out into an internal variant, which is opaque.jsing2017-01-231-3/+3
| | | | Discussed with beck@
* send state and rstate from ssl_st into internal. There are accessorsbeck2017-01-231-2/+2
| | | | | so these should not be diddled with directly ok jsing@
* Move a large part of ssl_st into internal, so we can see what squeals.beck2017-01-231-70/+70
| | | | ok jsing@
* Move most of the fields in SSL_CTX to internal - the ones that remain arejsing2017-01-231-5/+6
| | | | | | known to be in use. ok beck@
* move the callbacks from ssl_st to internalbeck2017-01-231-15/+15
| | | | ok jsing@
* Move callback function pointers and argument pointers from SSL_CTX tojsing2017-01-231-16/+22
| | | | | | internal. ok beck@
* Move most of the SSL3_STATE fields to internal - the ones that remain arejsing2017-01-221-39/+39
| | | | | | known to be used by ports. ok beck@
* Move ALPN and NPN fields from SSL/SSL_CTX to internal.jsing2017-01-221-23/+29
| | | | ok beck@
* Move internal parts of ssl_session_st to internalbeck2017-01-221-24/+24
| | | | ok jsing@
* Add support for ECDHE with X25519.jsing2016-12-211-2/+6
| | | | | | Testing of an earlier revision by naddy@. ok beck@
* Convert ssl3_get_server_hello() to CBS.jsing2016-12-181-5/+4
| | | | ok doug@
* Convert ssl3_get_server_kex_ecdhe() to CBS, simplifying tls1_check_curve()jsing2016-11-051-16/+4
| | | | | | | in the process. This also fixes a long standing bug where tls1_ec_curve_id2nid() is called with only one byte of the curve ID. ok beck@ miod@
* Remove support for fixed ECDH cipher suites - these is not widely supportedjsing2016-10-191-6/+4
| | | | | | | | | and more importantly they do not provide PFS (if you want to use ECDH, use ECDHE instead). With input from guenther@. ok deraadt@ guenther@
* Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate()guenther2016-10-021-5/+11
| | | | | based on openssl commit a5184a6c89ff954261e73d1e8691ab73b9b4b2d4 ok bcook@
* Detect zero-length encrypted session data early, instead of when malloc(0)guenther2016-10-021-2/+2
| | | | | | | fails or the HMAC check fails. Noted independently by jsing@ and Kurt Cancemi (kurt (at) x64architecture.com) ok bcook@
* Avoid unbounded memory growth, which can be triggered by a clientjsing2016-09-221-9/+20
| | | | | | repeatedly renegotiating and sending OCSP Status Request TLS extensions. Fix based on OpenSSL.
* Improve ticket validity checking when tlsext_ticket_key_cb() callbackguenther2016-09-221-4/+25
| | | | | | | | | | | chooses a different HMAC algorithm. Avert memory leaks if the callback preps the HMAC in some way. Based on openssl commit 1bbe48ab149893a78bf99c8eb8895c928900a16f but retaining a pre-callback length check to guarantee the callback is provided the buffer that the API claims. ok bcook@ jsing@
* Be more strict when parsing TLS extensions.jsing2016-08-271-17/+37
| | | | | | Based on a diff from Kinichiro Inoguchi. ok beck@
* deprecate internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.beck2016-05-301-2/+2
| | | | | | | 14 years ago these were changed in OpenSSL to be the same as the _ex functions. We use the _ex functions only internally to ensure it is obvious the ctx must be cleared. ok bcook@
* http -> https for a few more IETF URLs in comments or man pagesmmcc2016-03-101-2/+2
|
* Remove most of the SSLv3 version checks and a few TLS v1.0.doug2015-09-121-11/+2
| | | | | | | We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and DTLS1_BAD_VER support was removed. "reads ok" miod@
* Remove the ssl_prepare_{client,server}hello_tlsext() functions, which arejsing2015-09-011-13/+1
| | | | | | now nothing more than noops. ok bcook@ doug@
* Properly handle missing TLS extensions in client hello as a non-failure.bcook2015-08-191-1/+3
| | | | | Noticed by @Ligushka from github. ok miod@, doug@
* Convert tls1_process_ticket to CBS.doug2015-07-241-28/+36
| | | | ok miod@ jsing@
* Convert tls1_process_sigalgs to CBS.doug2015-07-241-5/+14
| | | | ok miod@ jsing@
* Allow *_free() functions in libssl to handle NULL input.doug2015-07-191-1/+4
| | | | | | This mimics free()'s behavior which makes error handling simpler. ok bcook@ miod@
* Remove compat hack that disabled ECDHE-ECDSA on OS X.doug2015-07-171-85/+1
| | | | | | | | | For a few old releases, ECDHE-ECDSA was broken on OS X. This option cannot differentiate between working and broken OS X so it disabled ECDHE-ECDSA support on all OS X >= 10.6. 10.8-10.8.3 were the faulty releases but these are no longer relevant. Tested on OS X 10.10 by jsing. ok jsing@
* Convert tls1_alpn_handle_client_hello() to CBS.doug2015-06-191-20/+14
| | | | tweak + ok miod@ jsing@
* Convert ssl_next_proto_validate to CBS.doug2015-06-171-11/+12
| | | | ok miod@, tweak + ok jsing@
* Convert tls1_check_curve to CBS.doug2015-06-171-4/+10
| | | | ok miod@ jsing@
* Fix a minor information leak that was introduced in t1_lib.c r1.71, wherebyjsing2015-03-021-2/+2
| | | | | | | | | an additional 28 bytes of .rodata (or .data) is provided to the network. In most cases this is a non-issue since the memory content is already public. Issue found and reported by Felix Groebert of the Google Security Team. ok bcook@ beck@
* unifdef OPENSSL_NO_NEXTPROTONEG, which is one of the last standing #ifndefjsing2014-12-141-17/+1
| | | | | | | mazes in libssl. NPN is being replaced by ALPN, however it is still going to be around for a while yet. ok miod@
* Remove support for GOST R 34.10-94 signature authentication, along withjsing2014-12-101-4/+1
| | | | | | | the two ciphersuites that use it. GOST94 public/private keys have been long obsoleted and libcrypto does not have support for them anyway. Discussed with Dmitry Eremin-Solenikov.
* Add support for ALPN.jsing2014-12-101-3/+152
| | | | | | Based on OpenSSL and BoringSSL. ok bcook@
* Use appropriate internal types for EC curves and formats, rather thanjsing2014-12-061-103/+115
| | | | | | | | storing and processing in wire encoded form. Inspired by boringssl. ok miod@
* Ensure that the client specified EC curve list length is a multiple of two.jsing2014-12-061-2/+3
| | | | | | | | The EC curve handling code assumes this to be the case and will read one byte off the end of the curve list during processing, in the case where it is not. ok miod@
* Fix two cases where it is possible to read one or two bytes past the end ofjsing2014-12-061-3/+15
| | | | | | | the buffer. The later size check would catch this, however reading first and checking later is less than ideal. ok miod@
* Add brainpool curves to eccurves_default[], accidentally missing from 1.32;miod2014-12-021-2/+5
| | | | from OpenSSL HEAD via Thomas Jakobi.
* Update the GOST code in libssl, as contributed by Dmitry Eremin-Solenikov.miod2014-11-181-3/+36
| | | | | This causes a libssl major version bump as this affects the layout of some internal-but-unfortunately-made-visible structs.
* only call SRTP (whatever that is) functions when the connection type istedu2014-11-031-5/+5
| | | | DTLS (whatever that is) instead of for TLS too. ok jsing.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-08 18:04:23 +0000