summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Rename and collapse tls12_get_sigandhash_cbb().jsing2018-08-194-39/+28
| | | | | | | | | | Now that all callers of tls12_get_sigandhash() have been converted to CBB, collapse tls12_get_sigandhash() and tls12_get_sigandhash_cbb() into a single function. Rename it to tls12_gethashandsig() to be representative of the actual order of the sigalgs parameters, and perform some other clean up. ok inoguchi@ tb@
* Convert ssl3_send_newsession_ticket() to CBB.jsing2018-08-191-55/+64
| | | | | | This removes a memorable BUF_MEM_grow() and associated comment. ok inoguchi@ tb@
* Convert ssl3_send_client_verify() to CBB.jsing2018-08-171-43/+50
| | | | ok inoguchi@ tb@
* Provide CBB_add_u32(), as needed for an upcoming conversion.jsing2018-08-162-2/+17
| | | | ok tb@
* Simplify the add signature code/logic in ssl3_send_server_key_exchange().jsing2018-08-161-13/+8
| | | | ok tb@
* Convert ssl3_send_server_key_exchange() to CBB.jsing2018-08-163-47/+71
| | | | ok inoguchi@ tb@
* Convert ssl3_get_server_key_exchange() to CBS.jsing2018-08-161-69/+55
| | | | ok inoguchi@ tb@
* Remove now unused variable, that got left behind from a previous change.jsing2018-08-141-3/+1
|
* Actually check the return values for EVP_Sign* and EVP_Verify*.jsing2018-08-142-15/+23
| | | | ok bcook@ beck@ tb@
* Simplify server key exchange signature verification.jsing2018-08-101-49/+18
| | | | | | Everything can go through the EVP_Verify* code path. ok inoguchi@ tb@
* Simplify server kex exchange signature generation.jsing2018-08-101-61/+33
| | | | | | Everything can go through the single EVP_Sign* code path. ok inoguchi@ tb@
* Now that all of the server-side client key exchange processing functionsjsing2018-06-101-53/+40
| | | | | | have been converted to CBS, pull it up a level. ok inoguchi@ tb@
* Allocate a dedicated buffer for use when deriving a shared key duringjsing2018-06-031-10/+18
| | | | | | | client KEX DHE processing, rather than reusing the buffer that is used to send/receive handshake messages. ok beck@ inoguchi@
* Check the return value from DH_size() in ssl3_send_client_kex_dhe().jsing2018-06-031-4/+6
| | | | ok beck@ inoguchi@
* Convert ssl3_get_client_kex_ecdhe_ecp() to CBS.jsing2018-06-021-44/+42
| | | | | | | Also allocate a dedicated buffer to hold the shared secret, rather than reusing init_buf. ok inoguchi@ tb@
* Remove the three remaining single DES cipher suites.jsing2018-06-021-49/+1
| | | | | | | | | These are insecure and should not be used - furthermore, we would should not have been allowing their negotiation with TLSv1.2 (as noted by Robert Merget, Juraj Somorovsky and Simon Friedberger). Removing these cipher suites also fixes this issue. ok beck@ inoguchi@
* Clean out a pile of cruft from ssl3_get_client_kex_ecdhe_ecp().jsing2018-05-191-93/+38
| | | | | | | | | For pure ECDHE we do not need to construct a new key using the one that was set up during the other half of the key exchange. Also, since we do not support any form of ECDH the n == 0 case is not valid (per RFC 4492 section 5.7), so we can ditch this entirely. ok inoguchi@ tb@
* Convert ssl3_get_client_kex_gost() to CBS.jsing2018-05-191-21/+23
| | | | ok beck@ tb@
* Fix a malloc() NULL check in ssl3_send_client_kex_ecdhe_ecp(), by addingjsing2018-05-131-2/+3
| | | | the missing goto. While here also remove a set of unnecessary parentheses.
* More clean up of the RSA key exchange code.jsing2018-05-131-24/+34
| | | | | | | | Convert to CBS, use more appropriate variable names and improve validation. Allocate a dedicated buffer to hold the decrypted result, rather than decrypting into the handshake buffer (which is also used to send data). ok beck@ inoguchi@ tb@
* If we fail to decode an EC point format extension, send a decode_errorjsing2018-05-121-4/+6
| | | | | | | | alert rather than an internal_error alert. Issue found by Simon Friedberger, Robert Merget and Juraj Somorovsky. ok beck@ inoguchi@
* In ssl.h rev. 1.158 2018/05/01 13:30:24, tb@ changed BIO_f_ssl(3)schwarze2018-05-011-3/+3
| | | | to return const. Update the documentation.
* const for BIO_f_ssl(), the last const difference to OpenSSL in ourtb2018-05-012-5/+5
| | | | | | public API in libssl. ok beck, jsing
* Correct direction of SSL_ERROR_ZERO_RETURN caseguenther2018-04-291-3/+3
| | | | ok schwarze@
* Avoid talking about the innternal, undocumented data type "struct lhash_st",schwarze2018-04-251-3/+3
| | | | show the public data type name "LHASH_OF(SSL_SESSION)" instead.
* Document the callbacks as taking "SSL *" and "SSL_CTX *" argumentsschwarze2018-04-251-7/+7
| | | | | and avoid the internal, undocumented names "struct ssl_st *" and "struct ssl_ctx_st *".
* In ssl.h rev. 1.156 2018/04/25 07:10:39, tb@ added const qualifiersschwarze2018-04-255-16/+16
| | | | | to some parameters and return values of some functions. Update the documentation.
* Fix capitalization of data. Pointed out by jsing and forgotten intb2018-04-251-2/+2
| | | | previous commit.
* OpenSSL started adding const to functions all over the place. Make alltb2018-04-257-38/+30
| | | | | | | | our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step. this went through a i386 bulk by sthen ok jsing
* make ENGINE_finish() succeed on NULL and simplify callers as intb2018-04-141-3/+2
| | | | | | | | | | | OpenSSL commit 7c96dbcdab9 by Rich Salz. This cleans up the caller side quite a bit and reduces the number of lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net shows that almost nothing checks the return value of ENGINE_finish(). While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'. ok jsing, tested by & ok inoguchi
* In ssl.h rev. 1.155 2018/04/11 17:47:36, jsing@ changedschwarze2018-04-111-13/+3
| | | | | SSL_OP_TLS_ROLLBACK_BUG to no longer have any effect. Update the manual page.
* Nuke SSL_OP_TLS_ROLLBACK_BUG - this is a workaround for buggy clients fromjsing2018-04-112-36/+17
| | | | | | | around the SSLv3/TLSv1.0 period... and buggy clients are buggy. This also helps to clean up the RSA key exchange code. ok "kill it with fire" beck@ tb@
* Write documentation for the control string parameter from scratch,schwarze2018-04-101-30/+273
| | | | collecting the information by inspecting the source code.
* Remove function pointers for ssl_{read,write,peek}.jsing2018-04-078-59/+11
| | | | | | | Now that everything goes through the same code path, we can remove a layer of indirection and just call ssl3_{read,write,peek} directly. ok beck@ inoguchi@
* Nuke SSL3_FLAGS_DELAY_CLIENT_FINISHED and SSL3_FLAGS_POP_BUFFER.jsing2018-04-074-70/+8
| | | | | | | These flags enabled experimental behaviour in the write path, which nothing uses. Removing this code greatly simplifies ssl3_write(). ok beck@ inoguchi@ sthen@ tb@
* In ssl.h rev. 1.151 2018/03/17 15:48:31, tb@ providedschwarze2018-04-021-6/+34
| | | | | | | | SSL_CTX_get_default_passwd_cb(3) and SSL_CTX_get_default_passwd_cb_userdata(3). Merge the documentation, tweaked by me; from Christian Heimes <cheimes at redhat dot com> via OpenSSL commit 0c452abc Mar 2 12:53:40 2016 +0100.
* fix typo; from <Alex dot Gaynor at gmail dot com>schwarze2018-03-301-4/+4
| | | | via OpenSSL commit 3266cf58 Mar 10 13:13:23 2018 -0500
* Add missing $OpenBSD$.jsing2018-03-301-0/+1
|
* found a complete archive of SSLeay-0.4 to SSLeay-0.8.1b tarballsschwarze2018-03-2779-270/+342
| | | | on the web, so fix up SSLeay HISTORY accordingly
* finish ssl HISTORY; mostly 1.1.0/6.3, but also various other fixeslibressl-v2.7.1schwarze2018-03-2418-47/+104
|
* ouch, previous was wrong; revert it and fix HISTORY insteadschwarze2018-03-241-2/+29
|
* delete two functions that do not existschwarze2018-03-231-22/+1
|
* ssl.h HISTORY up to 1.0.2; researched from OpenSSL git and OpenBSD CVSschwarze2018-03-236-9/+41
|
* ssl.h HISTORY up to 1.0.1; researched from OpenSSL gitschwarze2018-03-239-18/+60
|
* ssl.h HISTORY up to 1.0.0; researched from OpenSSL gitschwarze2018-03-232-5/+15
|
* ssl.h HISTORY up to 0.9.8zh; researched from OpenSSL gitschwarze2018-03-232-8/+11
|
* ssl.h HISTORY up to 0.9.8h; researched from OpenSSL gitschwarze2018-03-233-6/+23
|
* ssl.h HISTORY up to 0.9.8; researched from OpenSSL gitschwarze2018-03-234-8/+31
|
* ssl.h HISTORY up to 0.9.7; researched from OpenSSL gitschwarze2018-03-224-12/+19
|
* ssl.h HISTORY up to 0.9.6c; researched from OpenSSL gitschwarze2018-03-221-2/+8
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-28 11:20:38 +0000