summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* knfbeck2017-01-261-6/+11
|
* Convert ssl3_get_client_hello() to CBS.jsing2017-01-261-76/+71
| | | | ok beck@
* Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the uglybeck2017-01-2618-653/+335
| | | | line wraps that resulted
* Send the error function codes to rot in the depths of hell where they belongbeck2017-01-2624-798/+572
| | | | | | | We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
* Merge the single two line function from ssl_err2.c into ssl_err.c.jsing2017-01-263-76/+12
| | | | ok beck@
* english is hard.beck2017-01-261-2/+2
|
* Limit the number of sequential empty records that we will processbeck2017-01-264-7/+30
| | | | | | before yielding, and fail if we exceed a maximum. loosely based on what boring and openssl are doing ok jsing@
* Refactor the code to generate a WANT_READ into a function, as we arebeck2017-01-261-18/+20
| | | | | using it more and more to avoid spins. ok jsing@
* Remove most of SSL3_ENC_METHOD - we can just inline the function callsjsing2017-01-2611-135/+63
| | | | | | and defines since they are the same everywhere. ok beck@
* Move relatively new version range code from ssl_lib.c into a separatejsing2017-01-263-158/+175
| | | | | | ssl_versions.c file. ok beck@
* Rename s3_{both,clnt,pkt_srvr}.c to have an ssl_ prefix since they are nojsing2017-01-265-6/+6
| | | | | | longer SSLv3 code. ok beck@
* Merge the client/server version negotiation into the existing (currentlyjsing2017-01-2616-1229/+395
| | | | | | fixed version) client/server code. ok beck@
* Remove ssl3_undef_enc_method - if we have internal bugs we want to segfaultjsing2017-01-265-36/+8
| | | | | | | so that we can debug it, rather than adding a "should not be called" error to the stack. Discussed with beck@
* Remove a sess_cert reference from a comment in the public header.jsing2017-01-261-5/+2
| | | | Noted by zhuk@
* Limit enabled version range by the versions configured on the SSL_CTX/SSL,jsing2017-01-253-23/+84
| | | | | | | provide an ssl_supported_versions_range() function which also limits the versions to those supported by the current method. ok beck@
* Change the SSL_IS_DTLS() macro to check the version, rather than using ajsing2017-01-252-7/+4
| | | | | | | flag in the encryption methods. We can do this since there is currently only one DTLS version. This makes upcoming changes easier. ok beck@
* Provide ssl3_packet_read() and ssl3_packet_extend() functions that improvejsing2017-01-253-35/+59
| | | | | | | the awkward API provided by ssl3_read_n(). Call these when we need to read or extend a packet. ok beck@
* Provide defines for SSL_CTRL_SET_CURVES/SSL_CTRL_SET_CURVES_LIST for thingsjsing2017-01-251-1/+15
| | | | | | | | that are conditioning on these. From BoringSSL. ok beck@
* BUF_MEM_free(), X509_STORE_free() and X509_VERIFY_PARAM_free() all checkjsing2017-01-242-18/+10
| | | | for NULL, as does lh_free() - do not do the same from the caller.
* sk_free() checks for NULL so do not bother doing it from the callers.jsing2017-01-244-10/+9
|
* sk_pop_free() checks for NULL so do not bother doing it from the callers.jsing2017-01-247-50/+31
|
* Within libssl a SSL_CTX * is referred to as a ctx - fix this forjsing2017-01-241-29/+29
| | | | SSL_CTX_free().
* #if 0 the ecformats_list and eccurves_list - these are currently unused butjsing2017-01-241-2/+5
| | | | will be revisited at some point in the near future.
* Remove unused cert variable.jsing2017-01-241-3/+1
| | | | Found by bcook@
* Bump libssl and libtls minors due to symbol additions.jsing2017-01-241-1/+1
|
* Add support for setting the supported EC curves viajsing2017-01-247-26/+197
| | | | | | | | | | | | | SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names. This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself. Inspired by parts of BoringSSL and OpenSSL. ok beck@
* Correct bounds checks used when generating the EC curves extension.jsing2017-01-241-3/+3
| | | | ok beck@
* Fix typo in brainpool curve name within a comment.jsing2017-01-241-2/+2
|
* There is no point returning then breaking...jsing2017-01-241-2/+1
|
* unifdef OPENSSL_NO_BIO - we do not support this in any form.jsing2017-01-241-15/+1
| | | | ok beck@
* ssl_cert_free() checks for NULL itself.jsing2017-01-241-10/+5
|
* Remove a "free up if allocated" comment that exists before code that freesjsing2017-01-241-2/+1
| | | | | | things if they are allocated. ok captainobvious@
* sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same fromjsing2017-01-244-27/+16
| | | | the callers.
* ssl_sess_cert_free() checks for NULL, so do not bother doing it at thejsing2017-01-242-6/+8
| | | | call sites.
* There is no point in zeroing fields that exist within a struct that isjsing2017-01-241-3/+1
| | | | about to be explicit_bzero'd and freed.
* move default_passwd_cb and default_passwd_cb_userdata back intobeck2017-01-234-30/+35
| | | | | | | the ssl_ctx from internal - these are used directly by python and openvpn and a few other things - we have the set accessors but the get accessors were added in 1.1 and these roll their own caveat OPENSSL_VERSION chickenpluckery
* Move options and mode from SSL_CTX and SSL to internal, since these can bejsing2017-01-2312-66/+70
| | | | set and cleared via existing functions.
* Split most of SSL_METHOD out into an internal variant, which is opaque.jsing2017-01-2323-303/+378
| | | | Discussed with beck@
* Remove ssl_ctrl, ssl_ctx_ctrl, ssl_callback_ctrl and ssl_ctx_callback_ctrljsing2017-01-238-76/+14
| | | | | | | from SSL_METHOD, replacing usage with direct calls to the appropriate functions. ok beck@
* send state and rstate from ssl_st into internal. There are accessorsbeck2017-01-2316-295/+296
| | | | | so these should not be diddled with directly ok jsing@
* move back read_hash and enc_read_ctx into ssl_st. wpa_supplicant andbeck2017-01-238-52/+57
| | | | other perversions touches them sickly and unnaturally.
* Move a large part of ssl_st into internal, so we can see what squeals.beck2017-01-2322-888/+892
| | | | ok jsing@
* Move ex_data, next and prev from SSL_SESSION to internal.jsing2017-01-233-31/+32
| | | | ok beck@
* Move most of the fields in SSL_CTX to internal - the ones that remain arejsing2017-01-2311-202/+209
| | | | | | known to be in use. ok beck@
* move the callbacks from ssl_st to internalbeck2017-01-2319-230/+237
| | | | ok jsing@
* Move callback function pointers and argument pointers from SSL_CTX tojsing2017-01-2316-200/+210
| | | | | | internal. ok beck@
* Move not_resumable and sess_cert from SSL_SESSION to internal.jsing2017-01-237-47/+50
| | | | ok beck@
* Remove heartbeat related fields from the SSL_CTX, which are unusedjsing2017-01-231-9/+1
| | | | (thankfully).
* Move the stats struct from SSL_CTX to internal.jsing2017-01-2310-65/+64
| | | | ok beck@
* Move most of the SSL3_STATE fields to internal - the ones that remain arejsing2017-01-2218-681/+690
| | | | | | known to be used by ports. ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-04 01:09:40 +0000