summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Add support for setting the supported EC curves viajsing2017-01-247-26/+197
| | | | | | | | | | | | | SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names. This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself. Inspired by parts of BoringSSL and OpenSSL. ok beck@
* Correct bounds checks used when generating the EC curves extension.jsing2017-01-241-3/+3
| | | | ok beck@
* Fix typo in brainpool curve name within a comment.jsing2017-01-241-2/+2
|
* There is no point returning then breaking...jsing2017-01-241-2/+1
|
* unifdef OPENSSL_NO_BIO - we do not support this in any form.jsing2017-01-241-15/+1
| | | | ok beck@
* ssl_cert_free() checks for NULL itself.jsing2017-01-241-10/+5
|
* Remove a "free up if allocated" comment that exists before code that freesjsing2017-01-241-2/+1
| | | | | | things if they are allocated. ok captainobvious@
* sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same fromjsing2017-01-244-27/+16
| | | | the callers.
* ssl_sess_cert_free() checks for NULL, so do not bother doing it at thejsing2017-01-242-6/+8
| | | | call sites.
* There is no point in zeroing fields that exist within a struct that isjsing2017-01-241-3/+1
| | | | about to be explicit_bzero'd and freed.
* move default_passwd_cb and default_passwd_cb_userdata back intobeck2017-01-234-30/+35
| | | | | | | the ssl_ctx from internal - these are used directly by python and openvpn and a few other things - we have the set accessors but the get accessors were added in 1.1 and these roll their own caveat OPENSSL_VERSION chickenpluckery
* Move options and mode from SSL_CTX and SSL to internal, since these can bejsing2017-01-2312-66/+70
| | | | set and cleared via existing functions.
* Split most of SSL_METHOD out into an internal variant, which is opaque.jsing2017-01-2323-303/+378
| | | | Discussed with beck@
* Remove ssl_ctrl, ssl_ctx_ctrl, ssl_callback_ctrl and ssl_ctx_callback_ctrljsing2017-01-238-76/+14
| | | | | | | from SSL_METHOD, replacing usage with direct calls to the appropriate functions. ok beck@
* send state and rstate from ssl_st into internal. There are accessorsbeck2017-01-2316-295/+296
| | | | | so these should not be diddled with directly ok jsing@
* move back read_hash and enc_read_ctx into ssl_st. wpa_supplicant andbeck2017-01-238-52/+57
| | | | other perversions touches them sickly and unnaturally.
* Move a large part of ssl_st into internal, so we can see what squeals.beck2017-01-2322-888/+892
| | | | ok jsing@
* Move ex_data, next and prev from SSL_SESSION to internal.jsing2017-01-233-31/+32
| | | | ok beck@
* Move most of the fields in SSL_CTX to internal - the ones that remain arejsing2017-01-2311-202/+209
| | | | | | known to be in use. ok beck@
* move the callbacks from ssl_st to internalbeck2017-01-2319-230/+237
| | | | ok jsing@
* Move callback function pointers and argument pointers from SSL_CTX tojsing2017-01-2316-200/+210
| | | | | | internal. ok beck@
* Move not_resumable and sess_cert from SSL_SESSION to internal.jsing2017-01-237-47/+50
| | | | ok beck@
* Remove heartbeat related fields from the SSL_CTX, which are unusedjsing2017-01-231-9/+1
| | | | (thankfully).
* Move the stats struct from SSL_CTX to internal.jsing2017-01-2310-65/+64
| | | | ok beck@
* Move most of the SSL3_STATE fields to internal - the ones that remain arejsing2017-01-2218-681/+690
| | | | | | known to be used by ports. ok beck@
* Move most of DTLS1_STATE to internal.beck2017-01-2211-273/+272
| | | | ok jsing@
* Move ALPN and NPN fields from SSL/SSL_CTX to internal.jsing2017-01-227-125/+129
| | | | ok beck@
* Move internal parts of ssl_session_st to internalbeck2017-01-224-40/+40
| | | | ok jsing@
* Move recently added min_version/max_version from SSL and SSL_CTX to theirjsing2017-01-222-10/+6
| | | | opaque structs.
* Bump majors for libssl and libtls following the translucent struct change.jsing2017-01-221-1/+1
| | | | Further changes to the publically visible structs will ride this bump.
* Convert publically visible structs to translucent structs.jsing2017-01-228-29/+111
| | | | | | | | | | | | | This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary. This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified. ok beck@
* Clean up ssl3_new() - in particular, we do not need to zero fields thatjsing2017-01-221-11/+4
| | | | | | are within a struct that was just allocated via calloc. ok beck@
* There is no point in setting struct fields to zero, when you've alreadyjsing2017-01-221-5/+2
| | | | | | zeroed the entire struct via memset. ok beck@
* Specify minimum and maximum protocol version for each method. This isjsing2017-01-216-6/+36
| | | | | | currently unused, but will be in the near future. ok beck@
* Expand DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN macro.jsing2017-01-211-2/+2
| | | | No change in preprocessor output (ignoring whitespace and line numbers).
* Expand IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN macro.jsing2017-01-211-2/+16
| | | | No change in generated assembly.
* Pull out, rework and dedup the code that determines the highest sharedjsing2017-01-034-79/+62
| | | | | | version. ok beck@ doug@
* Add support for SSL_get_server_tmp_key().jsing2016-12-302-3/+74
| | | | ok doug@
* Pull out (and largely rewrite) the code that determines the enabledjsing2016-12-303-40/+54
| | | | | | | | | | protocol version range. This also fixes a bug whereby if all protocols were disabled, the client would still use TLSv1.2 in the client hello, only to have if fail with unsupported version when it received and processed the server hello. ok doug@
* Remove now unused c2l, c2ln, l2c, n2l, l2cn and n2l3 macros.jsing2016-12-302-53/+2
|
* Explicitly include openssl/opensslconf.h in headers that use OPENSSL_NO_*jsing2016-12-302-2/+4
| | | | defines - do not rely on another heading making those available for us.
* fix typo; from OpenSSLschwarze2016-12-291-4/+4
| | | | | | commit 67adf0a7c273a82901ce8705ae8d71ee2f1c959c Author: Markus Triska <triska@metalevel.at> Date: Sun Dec 25 19:58:38 2016 +0100
* Restore two frees that were unintentionally lost during recent refactoring.jsing2016-12-261-1/+4
|
* Restore previous ASN.1 encoding for the peer certificate - this wasjsing2016-12-261-7/+5
| | | | | | | | unintentionally changed during the CBS/CBB rewrite. Issue reported by jeremy@ due to failing ruby tests. Analysis and near identical diff from Kazuki Yamaguchi <k at rhe.jp>.
* Restore previous behaviour of incrementing the pointer so that it pointsjsing2016-12-261-1/+2
| | | | | | at the end of the buffer. Issue identified by and diff from Kazuki Yamaguchi <k at rhe.jp>.
* Pacify compiler warning about an unitialized variable which is obviouslyderaadt2016-12-211-3/+3
| | | | | not really being used. ok beck.
* Bump libcrypto/libssl/libtls majors due to libcrypto symbol removal andjsing2016-12-211-1/+1
| | | | changes to libssl non-opaque structs.
* Add minimum and maximum version fields to SSL, SSL_CTX and SSL_METHODjsing2016-12-211-1/+10
| | | | | | for future work. Discussed with beck@
* Add support for ECDHE with X25519.jsing2016-12-217-91/+316
| | | | | | Testing of an earlier revision by naddy@. ok beck@
* Convert ssl3_get_server_hello() to CBS.jsing2016-12-183-60/+67
| | | | ok doug@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 16:39:00 +0000