summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Currently tls1_PRF() requires that a temporary buffer be provided, thatjsing2017-03-181-50/+32
| | | | | | | | | | | | | | matches the size of the output buffer. This is used in the case where there are multiple hashes - tls_P_hash() is called with the temporary buffer and the result is then xored into the output buffer. Avoid this by simply using a local buffer in tls_P_hash() and then xoring the result into the output buffer. Overall this makes the code cleaner and simplifies all of the tls_PRF() callers. Similar to BoringSSL. ok inoguchi@
* Remove the handshake digests and related code, replacing remaining usesjsing2017-03-107-166/+45
| | | | | | | with the handshake hash. For now tls1_digest_cached_records() is retained to release the handshake buffer. ok beck@ inoguchi@
* Switch CBB to use recallocarray() - this ensures that we do not leakjsing2017-03-101-2/+2
| | | | | | secrets via realloc(). ok inoguchi@
* First pass at cleaning up the tls1_P_hash() function - remove a pointlessjsing2017-03-101-20/+19
| | | | | | | EVP_DigestSignInit() call and avoid the need for ctx_tmp by reordering the code slightly. ok inoguchi@
* Make tls1_PRF() non-static so it can be regress tested.jsing2017-03-101-2/+7
|
* Correctly handle TLS PRF with MD5+SHA1 - the secret has to be partitionedjsing2017-03-071-5/+26
| | | | | | and each hash processed separately. Tested by tb@
* Clean up and simplify the tls1_PRF() implementation now that we have ajsing2017-03-061-48/+19
| | | | | | single EVP MD for the PRF hash. ok beck@ inoguchi@
* Correctly convert an SSLv2 challenge into an SSLv3/TLS client random byjsing2017-03-051-9/+27
| | | | | | truncating or left zero padding. ok beck@ inoguchi@ sthen@
* Provide a rolling handshake hash that commences as soon as the cipherjsing2017-03-058-54/+193
| | | | | | | | | | suite has been selected, and convert the final finish MAC to use this handshake hash. This is a first step towards cleaning up the current handshake buffer/digest code. ok beck@ inoguchi@
* Convert various handshake message generation functions to CBB.jsing2017-03-054-56/+113
| | | | ok beck@ inoguchi@
* Drop the second argument of dtls1_set_message_header() and make it a voidjsing2017-03-043-13/+10
| | | | | function. Nothing makes use of the return value and the second argument was only used to produce the return value...
* Call ssl3_handshake_write() instead of ssl3_do_write() - this was missedjsing2017-03-041-2/+2
| | | | | | | | | | | when ssl3_send_client_certificate() was converted to the standard handshake functions in r1.150 of s3_clnt.c. This has no impact on TLS, however it causes the DTLS client to fail if the server sends a certificate request, since the TLS MAC is calculated on a non-populated DTLS header. Issue reported by umokk on github.
* Convert ssl3_{get,send}_server_key_exchange() to EVP_md5_sha1().jsing2017-03-013-44/+29
| | | | ok inoguchi@
* Bump minors due to symbol addition.jsing2017-02-281-1/+1
|
* Stop pretending that MD5 and SHA1 might not exist - rather than locatingjsing2017-02-284-20/+8
| | | | | | | "ssl3-md5" and "ssl-sha1", call the EVP_md5() and EVP_sha1() functions directly. ok beck@ inoguchi@
* Remove STREEBOG 512 as a TLS MAC since there are currently no cipher suitesjsing2017-02-212-26/+6
| | | | | | that make use of it. ok bcook@ inoguchi@
* Avoid dereferencing a pointer when reporting an error about the samejsing2017-02-151-2/+2
| | | | | | pointer being NULL. Found by jsg@ with cppcheck; also detected by Coverity.
* Change SSLerror() back to taking two args, with the first one being an SSL *.beck2017-02-0725-573/+841
| | | | | | | | | Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
* Define values for SSL_CTRL_SET_GROUPS{,_LIST} and wire them up to thejsing2017-02-052-15/+19
| | | | | | | | SSL_{,CTX_}ctrl() functions. As crazy as it is, some software appears to call the control functions directly rather than using the macros (or functions) provided by the library. Discussed with beck@ and sthen@
* Provide an SSL_OP_NO_CLIENT_RENEGOTIATION option that disallowsjsing2017-01-312-2/+12
| | | | | | | client-initiated renegotiation. The current default behaviour remains unchanged. ok beck@ reyk@
* Send the function codes from the error functions to the bit bucket,beck2017-01-292-4/+4
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Put comment back in the right place.jsing2017-01-291-9/+9
|
* Avoid clearing the mac_packet flag in the wrong place.jsing2017-01-291-2/+1
| | | | | | | | In many cases we got away with this, however if a server sends multiple handshake messages in the same record only the first message would be added to the MAC. Should fix breakage reported by various people.
* knfbeck2017-01-261-6/+11
|
* Convert ssl3_get_client_hello() to CBS.jsing2017-01-261-76/+71
| | | | ok beck@
* Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the uglybeck2017-01-2618-653/+335
| | | | line wraps that resulted
* Send the error function codes to rot in the depths of hell where they belongbeck2017-01-2624-798/+572
| | | | | | | We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
* Merge the single two line function from ssl_err2.c into ssl_err.c.jsing2017-01-263-76/+12
| | | | ok beck@
* english is hard.beck2017-01-261-2/+2
|
* Limit the number of sequential empty records that we will processbeck2017-01-264-7/+30
| | | | | | before yielding, and fail if we exceed a maximum. loosely based on what boring and openssl are doing ok jsing@
* Refactor the code to generate a WANT_READ into a function, as we arebeck2017-01-261-18/+20
| | | | | using it more and more to avoid spins. ok jsing@
* Remove most of SSL3_ENC_METHOD - we can just inline the function callsjsing2017-01-2611-135/+63
| | | | | | and defines since they are the same everywhere. ok beck@
* Move relatively new version range code from ssl_lib.c into a separatejsing2017-01-263-158/+175
| | | | | | ssl_versions.c file. ok beck@
* Rename s3_{both,clnt,pkt_srvr}.c to have an ssl_ prefix since they are nojsing2017-01-265-6/+6
| | | | | | longer SSLv3 code. ok beck@
* Merge the client/server version negotiation into the existing (currentlyjsing2017-01-2616-1229/+395
| | | | | | fixed version) client/server code. ok beck@
* Remove ssl3_undef_enc_method - if we have internal bugs we want to segfaultjsing2017-01-265-36/+8
| | | | | | | so that we can debug it, rather than adding a "should not be called" error to the stack. Discussed with beck@
* Remove a sess_cert reference from a comment in the public header.jsing2017-01-261-5/+2
| | | | Noted by zhuk@
* Limit enabled version range by the versions configured on the SSL_CTX/SSL,jsing2017-01-253-23/+84
| | | | | | | provide an ssl_supported_versions_range() function which also limits the versions to those supported by the current method. ok beck@
* Change the SSL_IS_DTLS() macro to check the version, rather than using ajsing2017-01-252-7/+4
| | | | | | | flag in the encryption methods. We can do this since there is currently only one DTLS version. This makes upcoming changes easier. ok beck@
* Provide ssl3_packet_read() and ssl3_packet_extend() functions that improvejsing2017-01-253-35/+59
| | | | | | | the awkward API provided by ssl3_read_n(). Call these when we need to read or extend a packet. ok beck@
* Provide defines for SSL_CTRL_SET_CURVES/SSL_CTRL_SET_CURVES_LIST for thingsjsing2017-01-251-1/+15
| | | | | | | | that are conditioning on these. From BoringSSL. ok beck@
* BUF_MEM_free(), X509_STORE_free() and X509_VERIFY_PARAM_free() all checkjsing2017-01-242-18/+10
| | | | for NULL, as does lh_free() - do not do the same from the caller.
* sk_free() checks for NULL so do not bother doing it from the callers.jsing2017-01-244-10/+9
|
* sk_pop_free() checks for NULL so do not bother doing it from the callers.jsing2017-01-247-50/+31
|
* Within libssl a SSL_CTX * is referred to as a ctx - fix this forjsing2017-01-241-29/+29
| | | | SSL_CTX_free().
* #if 0 the ecformats_list and eccurves_list - these are currently unused butjsing2017-01-241-2/+5
| | | | will be revisited at some point in the near future.
* Remove unused cert variable.jsing2017-01-241-3/+1
| | | | Found by bcook@
* Bump libssl and libtls minors due to symbol additions.jsing2017-01-241-1/+1
|
* Add support for setting the supported EC curves viajsing2017-01-247-26/+197
| | | | | | | | | | | | | SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names. This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself. Inspired by parts of BoringSSL and OpenSSL. ok beck@
* Correct bounds checks used when generating the EC curves extension.jsing2017-01-241-3/+3
| | | | ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-05 07:07:11 +0000