summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src/ssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Rename functions that moved to t1_enc.c, with a tls1_ prefix instead of ajsing2015-09-1112-65/+65
| | | | | | ssl3_ prefix. ok beck@
* Merge the remnants of s3_enc.c into t1_enc.c.jsing2015-09-112-266/+123
| | | | ok beck@
* Nuke ssl_set_peer_cert_type().jsing2015-09-112-10/+2
| | | | ok "flensing knife"
* Nuke ssl_bad_method().jsing2015-09-112-11/+2
| | | | ok "flensing knife"
* Nuke ssl3_default_timeout().jsing2015-09-112-13/+2
| | | | ok "flensing knife"
* Nuke ssl_replace_hash().jsing2015-09-112-23/+2
| | | | ok "flensing knife"
* Nuke ssl3_cbc_remove_padding().jsing2015-09-112-34/+2
| | | | ok "flensing knife"
* Nuke ssl3_alert_code().jsing2015-09-112-74/+2
| | | | ok "flensing knife"
* Nuke ssl3_cert_verify_mac() and ssl3_handshake_mac().jsing2015-09-112-84/+2
| | | | | | We also no longer need the ssl3_pad_1 and ssl3_pad_2 arrays... ok "flensing knife"
* Nuke ssl3_final_finish_mac().jsing2015-09-112-19/+2
| | | | ok "flensing knife"
* Nuke ssl3_change_cipher_state().jsing2015-09-112-111/+2
| | | | ok "flensing knife"
* Nuke ssl3_generate_master_secret().jsing2015-09-112-36/+2
| | | | ok "flensing knife"
* Nuke ssl3_setup_key_block() and ssl3_generate_key_block().jsing2015-09-112-120/+2
| | | | ok "flensing knife"
* Nuke n_ssl3_mac().jsing2015-09-112-101/+2
| | | | ok "flensing knife"
* Nuke ssl3_enc().jsing2015-09-112-74/+2
| | | | ok "flensing knife"
* Nuke SSLv3_enc_data.jsing2015-09-112-24/+3
| | | | ok "flensing knife"
* Shuffle the code in ssl3_send_finished() to make it more logical/readable.jsing2015-09-111-9/+7
| | | | ok beck@
* Replace dtls1_send_finished() with ssl3_send_finished() - they're nowjsing2015-09-114-48/+6
| | | | | | | both essentially the same (in fact DTLS benefits from improvements previously made to the ssl3_send_finished() function). ok beck@
* style(9), fix comments, wrap long lines and tweak whitespace.jsing2015-09-111-31/+59
|
* Convert dtls1_send_finished() and ssl3_send_finished() tojsing2015-09-112-22/+10
| | | | | | ssl3_handshake_msg_start()/ssl3_handshake_msg_finish(). ok beck@
* Put the *method* data structures and functions in the same place.jsing2015-09-112-137/+60
| | | | | | | We can also now nuke ssl23_get_method() since it is the same as tls1_get_method(). And the empty file can bite the dust. ok bcook@ miod@
* Put the *server_method* data structures and functions in the same place.jsing2015-09-112-74/+61
| | | | | | | We can also now nuke ssl23_get_server_method() since it is the same as tls1_get_server_method(). ok miod@
* Put the *client_method* data structures and functions in the same place.jsing2015-09-112-74/+61
| | | | | | | We can also now nuke ssl23_get_client_method() since it is the same as tls1_get_client_method(). ok bcook@ miod@
* Remove support for DTLS_BAD_VER. We do not support non-standard andjsing2015-09-1010-49/+23
| | | | | | | incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years. ok bcook@ miod@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-108-22/+22
| | | | ok miod@
* Check handshake_func against NULL rather than 0, since it is a functionjsing2015-09-091-7/+7
| | | | | | pointer. ok bcook@ miod@
* Replace dtls1_client_hello() with ssl3_client_hello() - both are basicallyjsing2015-09-023-106/+29
| | | | | | | | | | | the same code, with two slight differences for DTLS handling. Also, make use of send_cookie to determine if the client random needs to be preserved, rather than testing if it is zeroed (hopefully your random number generator never returned all zeros, since the existing code would break). Inspired by BoringSSL. ok doug@
* Fewer magic numbers - we already have defines for the header lengths, sojsing2015-09-021-5/+7
| | | | | | make use of them. ok doug@
* Remove duplicate prototype for SSL_get_selected_srtp_profile().jsing2015-09-011-2/+1
| | | | From Aaron Burghardt.
* Remove the ssl_prepare_{client,server}hello_tlsext() functions, which arejsing2015-09-015-34/+5
| | | | | | now nothing more than noops. ok bcook@ doug@
* Make it always safe to call CBB_cleanup() providing that CBB_init() orjsing2015-09-011-2/+8
| | | | | | CBB_init_fixed() have been attempted. ok doug@
* Now that SSLv3 is going away, TLS_* and SSLv23 are equivalent.doug2015-08-294-166/+7
| | | | | | Remove the TLS method data and tls_any_* functions. Point to SSLv23. ok jsing@
* Delete s3_meth.c since it was only for SSLv3 support.doug2015-08-291-103/+0
| | | | ok jsing@
* Remove SSLv3 method data structs and unlink s3_meth.c from the build.doug2015-08-292-81/+2
| | | | ok jsing@
* Change AEAD out_len argument to size_t instead of ssize_t - while here,jsing2015-08-271-10/+8
| | | | | | | rename it to out_len so that its purpose is more obvious. Also, drop two checks that are no longer possible (and have not been for a long time). Spotted by and ok doug@
* Remove SSLv3 support from LibreSSL.doug2015-08-2710-98/+17
| | | | | | | | | | This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support. Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@. ok jsing@, beck@
* Properly handle missing TLS extensions in client hello as a non-failure.bcook2015-08-191-1/+3
| | | | | Noticed by @Ligushka from github. ok miod@, doug@
* Fix SRTP parsing.doug2015-07-311-3/+2
| | | | | | | jsing@ noticed that during the CBS conversion, an extra CBS_len comparison was introduced. It should be 0 after extracting MKI. ok jsing@ bcook@ deraadt@
* Add linker warnings in case SSLv3_{,client,server}_method are referenced.miod2015-07-293-3/+21
| | | | | | | Use of this symbols proves the existence of a code path willingly using SSLv3, even with OPENSSL_NO_SSL3 being defined, which hints that it needs fixing. Discussed with the LibreSSL cabal during c2k15; ok deraadt@
* Convert tls1_process_ticket to CBS.doug2015-07-242-31/+38
| | | | ok miod@ jsing@
* Convert tls1_process_sigalgs to CBS.doug2015-07-241-5/+14
| | | | ok miod@ jsing@
* Convert ssl3_get_record to CBS.doug2015-07-241-22/+29
| | | | ok miod@ jsing@
* Remove duplicate check in libssl.doug2015-07-211-3/+1
| | | | | | | If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687. ok bcook@
* Allow *_free() functions in libssl to handle NULL input.doug2015-07-195-5/+19
| | | | | | This mimics free()'s behavior which makes error handling simpler. ok bcook@ miod@
* Convert ssl3_get_certificate_request to CBS.doug2015-07-191-31/+33
| | | | ok miod@
* Fix symbol collision with libtls.doug2015-07-194-21/+21
| | | | | | Pointed out by guenther. ok guenther@
* Add TLS_method, TLS_client_method and TLS_server_method.doug2015-07-195-5/+185
| | | | | | | | | | | | | | | | Use these instead of SSLv23_*method when you want to make sure TLS is used. By default, we disable SSLv3 but it's still possible for the user to re-enable it. TLS_*method does not allow SSLv3. Both BoringSSL and (next version of) OpenSSL have these methods. However, they have changed the implementation significantly. We will as well, but not right now. Riding the libssl major bump. ok miod@ bcook@
* Crank major and remove legacy variables.doug2015-07-192-14/+2
| | | | | | Libtls is riding this crank. ok miod@ bcook@
* Assign p to CBS_data since it is used later.doug2015-07-191-2/+3
| | | | | | The p initialization was hiding this bug but Coverity 126279 saw it. ok miod@ bcook@ beck@
* Convert dtls1_get_message_header to CBS and change to int.doug2015-07-183-16/+37
| | | | | | | Changed return value from void to int. It should never return an error given that the input length is not checked yet. ok miod@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.