summaryrefslogtreecommitdiff
path: root/src/lib/libssl/t1_lib.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Rewrite and move the last remnants of the ServerHello SNI handling intojsing2017-07-241-28/+2
| | | | | | | | tlsext_sni_serverhello_parse(). This also adds a check to ensure that if we have an existing session, the name matches what we specified via SNI. ok doug@
* Rewrite the TLS Renegotiation Indication extension handling using CBB/CBSjsing2017-07-241-58/+5
| | | | | | | | and the new extension framework. Feedback from doug@ ok inoguchi@
* Hook the TLS extension parsing framework into the serverhello parsing.jsing2017-07-231-1/+6
| | | | Missed in the original commit.
* Check the return value of CBB_init_fixed(), since it can fail.jsing2017-07-191-3/+5
|
* Start rewriting TLS extension handling.jsing2017-07-161-139/+34
| | | | | | | | | | | | | | | | Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code. Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process. Discussed with beck@ ok inoguchi@
* Move state from ssl->internal to the handshake structure.beck2017-05-071-2/+2
| | | | | | | while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
* Bring in an SSL_HANDSHAKE structure and commence the great shovellingbeck2017-05-061-7/+7
| | | | ok jsing@, gcc@, regress@
* Change SSLerror() back to taking two args, with the first one being an SSL *.beck2017-02-071-13/+13
| | | | | | | | | Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
* Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the uglybeck2017-01-261-23/+12
| | | | line wraps that resulted
* Send the error function codes to rot in the depths of hell where they belongbeck2017-01-261-13/+13
| | | | | | | We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
* Remove most of SSL3_ENC_METHOD - we can just inline the function callsjsing2017-01-261-40/+1
| | | | | | and defines since they are the same everywhere. ok beck@
* sk_pop_free() checks for NULL so do not bother doing it from the callers.jsing2017-01-241-5/+3
|
* #if 0 the ecformats_list and eccurves_list - these are currently unused butjsing2017-01-241-2/+5
| | | | will be revisited at some point in the near future.
* Add support for setting the supported EC curves viajsing2017-01-241-13/+96
| | | | | | | | | | | | | SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names. This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself. Inspired by parts of BoringSSL and OpenSSL. ok beck@
* Correct bounds checks used when generating the EC curves extension.jsing2017-01-241-3/+3
| | | | ok beck@
* Fix typo in brainpool curve name within a comment.jsing2017-01-241-2/+2
|
* Move options and mode from SSL_CTX and SSL to internal, since these can bejsing2017-01-231-4/+5
| | | | set and cleared via existing functions.
* Split most of SSL_METHOD out into an internal variant, which is opaque.jsing2017-01-231-3/+3
| | | | Discussed with beck@
* send state and rstate from ssl_st into internal. There are accessorsbeck2017-01-231-2/+2
| | | | | so these should not be diddled with directly ok jsing@
* Move a large part of ssl_st into internal, so we can see what squeals.beck2017-01-231-70/+70
| | | | ok jsing@
* Move most of the fields in SSL_CTX to internal - the ones that remain arejsing2017-01-231-5/+6
| | | | | | known to be in use. ok beck@
* move the callbacks from ssl_st to internalbeck2017-01-231-15/+15
| | | | ok jsing@
* Move callback function pointers and argument pointers from SSL_CTX tojsing2017-01-231-16/+22
| | | | | | internal. ok beck@
* Move most of the SSL3_STATE fields to internal - the ones that remain arejsing2017-01-221-39/+39
| | | | | | known to be used by ports. ok beck@
* Move ALPN and NPN fields from SSL/SSL_CTX to internal.jsing2017-01-221-23/+29
| | | | ok beck@
* Move internal parts of ssl_session_st to internalbeck2017-01-221-24/+24
| | | | ok jsing@
* Add support for ECDHE with X25519.jsing2016-12-211-2/+6
| | | | | | Testing of an earlier revision by naddy@. ok beck@
* Convert ssl3_get_server_hello() to CBS.jsing2016-12-181-5/+4
| | | | ok doug@
* Convert ssl3_get_server_kex_ecdhe() to CBS, simplifying tls1_check_curve()jsing2016-11-051-16/+4
| | | | | | | in the process. This also fixes a long standing bug where tls1_ec_curve_id2nid() is called with only one byte of the curve ID. ok beck@ miod@
* Remove support for fixed ECDH cipher suites - these is not widely supportedjsing2016-10-191-6/+4
| | | | | | | | | and more importantly they do not provide PFS (if you want to use ECDH, use ECDHE instead). With input from guenther@. ok deraadt@ guenther@
* Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate()guenther2016-10-021-5/+11
| | | | | based on openssl commit a5184a6c89ff954261e73d1e8691ab73b9b4b2d4 ok bcook@
* Detect zero-length encrypted session data early, instead of when malloc(0)guenther2016-10-021-2/+2
| | | | | | | fails or the HMAC check fails. Noted independently by jsing@ and Kurt Cancemi (kurt (at) x64architecture.com) ok bcook@
* Avoid unbounded memory growth, which can be triggered by a clientjsing2016-09-221-9/+20
| | | | | | repeatedly renegotiating and sending OCSP Status Request TLS extensions. Fix based on OpenSSL.
* Improve ticket validity checking when tlsext_ticket_key_cb() callbackguenther2016-09-221-4/+25
| | | | | | | | | | | chooses a different HMAC algorithm. Avert memory leaks if the callback preps the HMAC in some way. Based on openssl commit 1bbe48ab149893a78bf99c8eb8895c928900a16f but retaining a pre-callback length check to guarantee the callback is provided the buffer that the API claims. ok bcook@ jsing@
* Be more strict when parsing TLS extensions.jsing2016-08-271-17/+37
| | | | | | Based on a diff from Kinichiro Inoguchi. ok beck@
* deprecate internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.beck2016-05-301-2/+2
| | | | | | | 14 years ago these were changed in OpenSSL to be the same as the _ex functions. We use the _ex functions only internally to ensure it is obvious the ctx must be cleared. ok bcook@
* http -> https for a few more IETF URLs in comments or man pagesmmcc2016-03-101-2/+2
|
* Remove most of the SSLv3 version checks and a few TLS v1.0.doug2015-09-121-11/+2
| | | | | | | We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and DTLS1_BAD_VER support was removed. "reads ok" miod@
* Remove the ssl_prepare_{client,server}hello_tlsext() functions, which arejsing2015-09-011-13/+1
| | | | | | now nothing more than noops. ok bcook@ doug@
* Properly handle missing TLS extensions in client hello as a non-failure.bcook2015-08-191-1/+3
| | | | | Noticed by @Ligushka from github. ok miod@, doug@
* Convert tls1_process_ticket to CBS.doug2015-07-241-28/+36
| | | | ok miod@ jsing@
* Convert tls1_process_sigalgs to CBS.doug2015-07-241-5/+14
| | | | ok miod@ jsing@
* Allow *_free() functions in libssl to handle NULL input.doug2015-07-191-1/+4
| | | | | | This mimics free()'s behavior which makes error handling simpler. ok bcook@ miod@
* Remove compat hack that disabled ECDHE-ECDSA on OS X.doug2015-07-171-85/+1
| | | | | | | | | For a few old releases, ECDHE-ECDSA was broken on OS X. This option cannot differentiate between working and broken OS X so it disabled ECDHE-ECDSA support on all OS X >= 10.6. 10.8-10.8.3 were the faulty releases but these are no longer relevant. Tested on OS X 10.10 by jsing. ok jsing@
* Convert tls1_alpn_handle_client_hello() to CBS.doug2015-06-191-20/+14
| | | | tweak + ok miod@ jsing@
* Convert ssl_next_proto_validate to CBS.doug2015-06-171-11/+12
| | | | ok miod@, tweak + ok jsing@
* Convert tls1_check_curve to CBS.doug2015-06-171-4/+10
| | | | ok miod@ jsing@
* Fix a minor information leak that was introduced in t1_lib.c r1.71, wherebyjsing2015-03-021-2/+2
| | | | | | | | | an additional 28 bytes of .rodata (or .data) is provided to the network. In most cases this is a non-issue since the memory content is already public. Issue found and reported by Felix Groebert of the Google Security Team. ok bcook@ beck@
* unifdef OPENSSL_NO_NEXTPROTONEG, which is one of the last standing #ifndefjsing2014-12-141-17/+1
| | | | | | | mazes in libssl. NPN is being replaced by ALPN, however it is still going to be around for a while yet. ok miod@
* Remove support for GOST R 34.10-94 signature authentication, along withjsing2014-12-101-4/+1
| | | | | | | the two ciphersuites that use it. GOST94 public/private keys have been long obsoleted and libcrypto does not have support for them anyway. Discussed with Dmitry Eremin-Solenikov.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 07:45:12 +0000