summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Set up the default callback in SSL_CERTtb2022-06-281-1/+8
| | | | ok beck jsing sthen
* Implement the default security level callbacktb2022-06-283-2/+202
| | | | | | And here is where the fun starts. The tentacles will grow everywhere. ok beck jsing sthen
* Provide OPENSSL_TLS_SECURITY_LEVEL definetb2022-06-281-1/+7
| | | | ok beck jsing sthen
* Implement SSL_{CTX_}_{g,s}et_security_level(3)tb2022-06-281-1/+25
| | | | ok beck jsing sthen
* Add security callback, level and ex_data fields to SSL_CERTtb2022-06-281-1/+6
| | | | ok beck jsing sthen
* Add #defines and prototypes for security level APItb2022-06-281-1/+72
| | | | | | | This marks the start of one of the worst API additions in the history of this library. And as everybody knows the bar is high. Very high. ok beck jsing sthen
* Free ciphers before assigning to themtb2022-06-281-6/+6
| | | | | | | | While this is not a leak currently, it definitely looks like one. Pointed out by jsing on review of a diff that touched the vicinity a while ago. ok jsing
* Change the loop index from an unsigned int to size_t now that alltb2022-06-071-2/+2
| | | | | | upper bounds are known to be size_t. ok jsing
* Simplify another CBS_write_bytes() call in d2i_SSL_SESSION()tb2022-06-071-5/+2
| | | | ok jsing
* Switch sid_ctx_length in SSL, SSL_CTX and SSL_SESSION to a size_ttb2022-06-071-4/+4
| | | | ok jsing
* Use CBS_write_bytes() instead of manual unpacking of a CBS and assigningtb2022-06-071-3/+5
| | | | | | | length and using memcpy(). This also provides a missing overflow check (which is done by the only caller, however). ok jsing
* Simplify various CBS_write_bytes() callstb2022-06-073-13/+7
| | | | | | | Now that session_id_length is a size_t, we can pass it directly to CBS_write_bytes() instead of using a temporary variable. ok jsing
* Switch SSL_SESSION's session_id_length to a size_ttb2022-06-071-2/+2
| | | | ok jsing
* Add missing error check call in ssl3_get_new_session_ticket()tb2022-06-071-4/+9
| | | | | | | EVP_Digest() can fail, so handle failure appropriately and prepare switch of session_id_length to a size_t. ok jsing
* Another small readability tweak: compare explicitly against 0 and NULL,tb2022-06-071-4/+3
| | | | | | respectively ok jsing
* Tweak readability of a test: compare tmp explicitly against 0 and droptb2022-06-071-2/+2
| | | | | | redundant parentheses. ok jsing
* Add a cast to SSL_SESSION_get_id() to indicate that session_id_lengthtb2022-06-071-2/+2
| | | | | | | is deliberately reduced to an unsigned int. Since the session_id is at most 32 bytes, this is not a concern. ok jsing
* fix indenttb2022-06-071-2/+2
|
* Unindent and simplify remove_session_lock()tb2022-06-071-21/+22
| | | | ok jsing (who informs me he had the same diff in his jungle)
* Drop an unnecessary casttb2022-06-071-2/+2
| | | | ok jsing
* Simplify CBS_write_bytes() invocationtb2022-06-071-5/+2
| | | | | | | Now that master_key_length is a size_t, we no longer have to fiddle with data_len. We can rather pass a pointer to it to CBS_write_bytes(). ok jsing
* The master_key_length can no longer be < 0tb2022-06-071-2/+2
| | | | ok jsing
* Switch the SSL_SESSION's master_key_length to a size_ttb2022-06-071-2/+2
| | | | ok jsing
* Add error checking to tls_session_secret_cb() callstb2022-06-072-32/+49
| | | | | | | | | | | Failure of this undocumented callback was previously silently ignored. Follow OpenSSL's behavior and throw an internal error (for lack of a better choice) if the callback failed or if it set the master_key_length to a negative number. Unindent the success path and clean up some strange idioms. ok jsing
* Use SSL3_CK_VALUE_MASK instead of hardcoded 0xffff and remove sometb2022-06-062-12/+6
| | | | | | SSLv2 remnants. ok jsing
* Tweak comment describing the SSL_SESSION ASN.1tb2022-06-061-4/+5
| | | | ok jsing
* Minor style cleanup in ssl_txt.ctb2022-06-061-23/+41
| | | | | | | Wrap long lines and fix a bug where the wrong struct member was checked for NULL. ok jsing
* Fix comment + spacing.tb2022-06-061-2/+2
| | | | | Apparently 60 * 5 + 4 seconds is 5 minutes. Presumably this is the case with sufficiently potent crack, which would explain a few things in here.
* Remove incorrect and ungrammattical commenttb2022-06-061-3/+2
| | | | | The fallback to SHA-1 if SHA-256 is disabled fell victim to tedu many moons ago when this file was still called s3_clnt.c and had no RCS ID.
* Fix spaces before tabstb2022-06-061-12/+12
|
* The parse stubs need to skip over the extension data.tb2022-06-041-3/+3
| | | | | | Found by anton with tlsfuzzer ok anton
* Tweak a comment using review feedback from jsingtb2022-06-041-4/+4
|
* Add stubbed out handlers for the pre_shared_key extensiontb2022-06-032-2/+65
| | | | ok jsing
* Implement handlers for the psk_key_exchange_modes extensions.tb2022-06-032-3/+96
| | | | ok jsing
* Add a use_psk_dhe_ke flag to the TLSv1.3 handshake structtb2022-06-031-1/+4
| | | | | | | This will be used to indicate client side support for DHE key establishment. ok jsing
* Ensure that a client who sent a PSK extension has also sent a PSKtb2022-06-031-4/+9
| | | | | | key exchange mode extension, as required by RFC 8446, 4.2.9. ok jsing
* Provide #defines for the two currently registered PskKeyExchangeModes.tb2022-06-031-1/+12
| | | | ok jsing
* Drop unused KeyUpdate from debug printftb2022-04-191-3/+1
| | | | | | | | | The handshake state machine does not handle key updates since that's a post-handshake handshake message. This is code under #ifdef TLS13_DEBUG and if it is ever to be reused in tls13_handshake_msg.c, that will have to be revisited. ok inoguchi jsing
* man pages: add missing commas between subordinate and main clausesnaddy2022-03-314-18/+18
| | | | | | | jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@
* man pages: add missing word, The foo() ... -> The foo() function ...naddy2022-03-291-5/+6
| | | | ok jmc@ schwarze@
* man pages: add missing commas in enumerationsnaddy2022-03-291-3/+3
|
* Clean up {dtls1,ssl3}_read_bytes()jsing2022-03-262-200/+166
| | | | | | | | | | Now that {dtls1,ssl3}_read_bytes() have been refactored, do a clean up pass - this cleans up various parts of the code and reduces differences between these two functions. ok = 1; *(&(ok)) tb@ ok inoguchi@
* Remove the minimum record length checks from dtls1_read_bytes()jsing2022-03-261-32/+1
| | | | | | | | The code that handles each record type already has appropriate length checks. Furthermore, the handling of application data here is likely incorrect and bypasses the normal state checks at the end of this function. ok inoguchi@ tb@
* Remove three useless tests filestb2022-03-193-185/+0
| | | | | | | | | The asn1test depends on asn1_mac.h which had a date with the bitbucket a few years back (and the test "isn't meant to run particularly, it's just to test type checking"). methtest.c tests an API that was never present in OpenSSL's git history. r160test.c is nothing but a licence. "nuke away" jsing
* Simplify SSL_do_handshake().jsing2022-03-181-7/+5
| | | | ok inoguchi@ tb@
* Rewrite legacy DTLS unexpected handshake message handling.jsing2022-03-181-83/+139
| | | | | | | | | Rewrite the code that handles unexpected handshake messages in the legacy DTLS stack. Parse the DTLS message header up front, then process it based on the message type. Overall the code should be more strict and we should reject various invalid messages that would have previously been accepted. ok inoguchi@ tb@
* Rewrite legacy TLS unexpected handshake message handling.jsing2022-03-171-78/+114
| | | | | | | | | | | | Rewrite the code that handles unexpected handshake messages in the legacy TLS stack. Parse the TLS message header up front, then process it based on the message type. Overall the code should be more strict and we should reject various invalid messages that would have previously been accepted. I also reviewed steve's experimental code and fixed the bug that it contained. ok inoguchi@ tb@
* Clean up and simplify ssl3_renegotiate{,_check}()jsing2022-03-171-22/+15
| | | | ok inoguchi@ tb@
* Remove const from tls1_transcript_hash_value()jsing2022-03-172-5/+5
| | | | | | | This function populates the passed *out argument, hence it should not be marked const. ok tb@
* Factor out unexpected handshake message handling code in the legacy stack.jsing2022-03-142-229/+256
| | | | | | | | | | | | | | The TLS record layer has to be able to handle unexpected handshake messages that result when it has been asked to read application data. The way that this is currently done in the legacy stack is a layering violation - the record layer knows about DTLS/TLS handshake messages, parsing them and then deciding what action to take. This is further complicated by the need to handle handshake message fragments. For now, factor this code out with minimal changes - since it is a layering violation we have to retain separate code for DTLS and TLS. ok beck@ inoguchi@ tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 12:33:49 +0000