summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Provide SSL_is_server().jsing2018-02-223-2/+10
|
* Provide SSL_up_ref().jsing2018-02-223-3/+12
|
* Provide SSL_CTX_get_ciphers().jsing2018-02-223-2/+10
|
* Provide SSL_SESSION_up_ref().jsing2018-02-223-3/+12
|
* Crank lib{crypto,ssl,tls} minors after symbol addition.tb2018-02-201-1/+1
|
* Provide SSL_SESSION_get_protocol_version()tb2018-02-203-2/+10
| | | | ok jsing
* Merge new RETURN VALUES section; from Paul Yang viaschwarze2018-02-191-6/+35
| | | | OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800 tweaked by me.
* In ssl.h rev. 1.139 2018/02/17 15:19:43 and rev. 1.140 2018/02/17 15:32:20,schwarze2018-02-182-1/+148
| | | | | | jsing@ provided SSL_get_client_random(3), SSL_get_server_random(3), and SSL_SESSION_get_master_key(3). Import the documentation from OpenSSL, with some tweaks.
* In ssl.h rev. 1.138 2018/02/17 15:13:12, jsing@ providedschwarze2018-02-182-1/+48
| | | | | SSL_CTX_get0_certificate(3). It is public in OpenSSL, too, but OpenSSL has no documentation, so write some from scratch.
* In tls1.h rev. 1.32 2018/02/17 15:08:21, jsing@ providedschwarze2018-02-181-7/+29
| | | | | | | | SSL_CTX_get_tlsext_status_cb(3) and SSL_CTX_get_tlsext_status_arg(3). Merge the documentation, mostly from Remi Gacogne <rgacogne-github at coredump dot fr> via OpenSSL commit fddfc0af Aug 6 12:54:29 2016 +0200 plus the RETURN VALUES part by me.
* Bump minor due to symbol addition.tb2018-02-181-1/+1
|
* Bump libcrypto/libssl/libtls minors due to symbol additions.tb2018-02-181-1/+1
|
* Bump libcrypto/libssl/libtls minors due to symbol additions.jsing2018-02-171-1/+1
|
* Provide SSL_SESSION_get_master_key()jsing2018-02-173-2/+22
|
* Provide SSL_get_client_random() and SSL_get_server_random()jsing2018-02-173-3/+41
|
* Provide SSL_CTX_get0_certificate()jsing2018-02-173-2/+13
|
* Provide SSL_CTX_get_tlsext_status_cb() and SSL_CTX_get_tlsext_status_arg().jsing2018-02-173-4/+24
|
* In ssl.h rev. 1.136 2018/02/14 17:08:44, jsing@ providedschwarze2018-02-141-15/+32
| | | | | | SSL_CTX_up_ref(3). Merge the related documentation from OpenSSL, but tweak the wording to be less confusing and simplify the RETURN VALUES section.
* In ssl.h rev. 1.135 2018/02/14 16:16:10, jsing@ providedschwarze2018-02-141-4/+42
| | | | | SSL_CTX_get0_param(3) and SSL_get0_param(3). Merge the related documentation from OpenSSL, with small tweaks.
* Bump lib{crypto,ssl,tls} minors due to symbol additions.jsing2018-02-141-1/+1
|
* Provide SSL_CTX_up_ref().jsing2018-02-143-2/+11
|
* Provide SSL_CTX_get0_param() and SSL_get0_param().jsing2018-02-143-5/+20
| | | | | Some applications that use X509_VERIFY_PARAM expect these to exist, since they're also part of the OpenSSL 1.0.2 API.
* Bump lib{crypto,ssl,tls} minors due to symbol addition.jsing2018-02-101-1/+1
|
* Complete the TLS extension rewrite on the client-side.jsing2018-02-084-156/+93
| | | | | | | | | | | The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down. This also deduplicates the tlsext_client_build() and tlsext_server_build() code. ok beck@
* Initialize variables to avoid compiler warningsinoguchi2018-01-281-2/+2
| | | | ok jsing@
* Complete the TLS extension handling rewrite for the server-side.jsing2018-01-275-98/+86
| | | | | | | | | | | | | This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist. The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions). ok inoguchi@
* Clarify the comment re the F5 EC curves extension bug.jsing2018-01-271-5/+6
| | | | Also reference the knowledge base article instead of a discussion thread.
* Convert ssl3_put_cipher_by_char() to CBB.jsing2018-01-271-9/+26
| | | | | | | While here make the CBS usage in ssl3_get_cipher_by_char() more consistent with other code. ok inoguchi@
* Correct TLS extensions handling when no extensions are present.jsing2017-11-281-1/+13
| | | | | | | | If no TLS extensions are present in a client hello or server hello, omit the entire extensions block, rather than including it with a length of zero. ok beck@ inoguchi@
* Add CBB_discard_child(), which allows for a child CBB to be discarded.jsing2017-11-282-2/+22
| | | | Based on BoringSSL.
* Rename ssl3_client_hello() to ssl3_send_client_hello() for consistency.jsing2017-10-122-5/+5
|
* Fold dtls1_accept() into ssl_accept(), removing a lot of duplicated code.jsing2017-10-124-556/+143
| | | | With review/feedback from inoguchi@
* Drop prototypes for ssl23_*() functions, which no longer exist.jsing2017-10-121-11/+1
|
* Convert ssl3_client_hello() to CBB.jsing2017-10-114-93/+64
| | | | | | | As part of this, change ssl_cipher_list_to_bytes() to take a CBB argument, rather than a pointer/length. Some additional clean up/renames while here. Based on a diff from doug@
* Fully convert ssl3_send_server_hello() to CBB.jsing2017-10-113-53/+19
| | | | Based on a diff from doug@
* Make ssl_bytes_to_cipher_list() take a CBS, rather than a pointer andjsing2017-10-103-29/+19
| | | | | length, since the caller has already been converted to CBS. A small amount of additional clean up whilst here.
* ((remove) (some) (unnecessary) (parentheses))jsing2017-10-101-4/+4
| | | | Part of a diff from doug@
* Merge dtls1_connect() into ssl3_connect(), removing a large amount ofjsing2017-10-104-459/+117
| | | | | | | | duplicated code. For now this is essentially adds a diff of the two functions with 'if (SSL_IS_DTLS(s))' - further clean up and improvement will follow. ok inoguchi@
* Reduce non-functional differences between dtls1_accept() andjsing2017-10-081-34/+42
| | | | ssl3_accept() - synchronise comments, whitespace, line wrapping, etc.
* Reduce non-functional differences between dtls1_connect() andjsing2017-10-081-32/+38
| | | | ssl3_connect() - synchronise comments, whitespace, line wrapping, etc.
* Fix some style/whitespace/indentation issues in ssl3_accept().jsing2017-10-081-25/+14
|
* Fix some style/whitespace/indentation issues in ssl3_connect().jsing2017-10-081-10/+9
|
* Convert ssl3_send_change_cipher_spec() to use CBB and make it handle DTLS,jsing2017-10-086-57/+52
| | | | | | which allows us to drop dtls1_send_change_cipher_spec() entirely. ok inoguchi@
* Annotate some API-side memory leaks for future resolution.jsing2017-09-251-1/+3
|
* Fix various issues in the OCSP extension parsing code:jsing2017-09-251-20/+14
| | | | | | | | | | | | | | | | | | - When parsing the OCSP extension we can have multiple responder IDs - pull these out correctly. - Stop using CBS_stow() - it's unnecessary since we just need access to the data and length (which we can get via CBS_data() and CBS_len()). - Use a temporary pointer when calling d2i_*() functions, since it will increment the pointer by the number of bytes it consumed when decoding. The original code incorrectly passes the pointer allocated via CBS_stow() (using malloc()) to a d2i_*() function and then calls free() on the now incremented pointer, most likely resulting in a crash. This issue was reported by Robert Swiecki who found the issue using honggfuzz. ok beck@
* When building the OCSP extension, only add the length prefixed extensionsjsing2017-09-251-6/+6
| | | | | | | after we finish building the responder ID list. Otherwise adding to the responder ID list fails. ok beck@
* Move the full extension building into tlsext_{client,server}hello_build(),jsing2017-08-302-47/+26
| | | | | | leaving ssl_add_{client,server}hello_tlsext() as pointer to CBB wrappers. ok doug@
* Bump libssl/libtls minors due to symbol (re)addition.jsing2017-08-301-1/+1
|
* Bring back the NPN related symbols.jsing2017-08-303-3/+36
| | | | | | | | | | | Several pieces of software make use of these based on a conditional around OPENSSL_NPN_NEGOTIATED, rather than using the presence of the symbols, the non-existence of a OPENSSL_NO_NEXTPROTONEG define or even the existence of the TLS extension type. Unfortunately we cannot remove OPENSSL_NPN_NEGOTIATED since the API for ALPN was effectively botched and reuses two parts from the NPN implementation, rather than providing ALPN specific or generic versions.
* When OCSP status type is unknown, ignore the extension.doug2017-08-291-1/+6
| | | | | | | This needs to skip past the CBS data or it will be treated as a decode error even though it returns 1. ok jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 07:32:08 +0000