aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/s3_lib.c
Commit message (Collapse)AuthorAgeFilesLines
* Convert WPACKET_put_bytes to use convenience macrosMatt Caswell2016-09-201-2/+2
| | | | | | | | All the other functions that take an argument for the number of bytes use convenience macros for this purpose. We should do the same with WPACKET_put_bytes(). Reviewed-by: Rich Salz <rsalz@openssl.org>
* Address WPACKET review commentsMatt Caswell2016-09-131-1/+1
| | | | | | | | | | | A few style tweaks here and there. The main change is that curr and packet_len are now offsets into the buffer to account for the fact that the pointers can change if the buffer grows. Also dropped support for the WPACKET_set_packet_len() function. I thought that was going to be needed but so far it hasn't been. It doesn't really work any more due to the offsets change. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Move from explicit sub-packets to implicit onesMatt Caswell2016-09-131-2/+2
| | | | | | No need to declare an explicit sub-packet. Just start one. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Rename PACKETW to WPACKETMatt Caswell2016-09-131-7/+7
| | | | | | To avoid confusion with the read PACKET structure. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Convert tls_construct_client_hello() to use PACKETWMatt Caswell2016-09-131-1/+39
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Put DES into "not default" category.Rich Salz2016-08-241-11/+11
| | | | | | Add CVE to CHANGES Reviewed-by: Emilia Käsper <emilia@openssl.org>
* To avoid SWEET32 attack, move 3DES to weakRich Salz2016-08-241-0/+18
| | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Indent ssl/Emilia Kasper2016-08-181-75/+73
| | | | | | | | | Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add missing session id and tlsext_status accessorsRemi Gacogne2016-08-171-0/+8
| | | | | | | | | | * SSL_SESSION_set1_id() * SSL_SESSION_get0_id_context() * SSL_CTX_get_tlsext_status_cb() * SSL_CTX_get_tlsext_status_arg() Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix no-ecDr. Stephen Henson2016-08-151-23/+34
| | | | | | | Fix no-ec builds by having separate functions to create keys based on an existing EVP_PKEY and a curve id. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Modify TLS support for new X25519 API.Dr. Stephen Henson2016-08-131-5/+16
| | | | | | | | When handling ECDH check to see if the curve is "custom" (X25519 is currently the only curve of this type) and instead of setting a curve NID just allocate a key of appropriate type. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix cipher support for DTLS1_BAD_VERDavid Woodhouse2016-08-041-88/+88
| | | | | | | | | | Commit 3eb2aff40 ("Add support for minimum and maximum protocol version supported by a cipher") disabled all ciphers for DTLS1_BAD_VER. That wasn't helpful. Give them back. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Sanity check in ssl_get_algorithm2().Dr. Stephen Henson2016-07-201-1/+4
| | | | | | RT#4600 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Split out PSK preamble and RSA from process CKE codeMatt Caswell2016-07-181-5/+9
| | | | | | | | The tls_process_client_key_exchange() function is far too long. This splits out the PSK preamble processing, and the RSA processing into separate functions. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add checks on sk_TYPE_push() returned resultFdaSilvaYY2016-06-231-3/+8
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Add SSL_CTX_get_tlsext_status_type()Matt Caswell2016-06-071-0/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Return the value of tlsext_status_type in the return not argMatt Caswell2016-06-071-2/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add SSL_get_tlsext_status_type() methodAlessandro Ghedini2016-06-071-0/+5
| | | | | | | | The tlsext_status_type field in SSL is used by e.g. OpenResty to determine if the client requested the certificate status, but SSL is now opaque. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Copyright consolidation 01/10Rich Salz2016-05-171-107/+7
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* session tickets: use more sizeofKurt Roeckx2016-05-161-2/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> MR: #2153
* session tickets: Use sizeof() for the various fieldsTJ Saunders2016-05-161-8/+20
| | | | | | | Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #515, MR: #2153
* Propagate tlsext_status_type from SSL_CTX to SSLjfigus2016-05-161-0/+4
| | | | | | | | | To allow OCSP stapling to work with libcurl. Github PR #200 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Don't use GOST ciphersuites with DTLS.Dmitry Belyavsky2016-05-121-4/+4
| | | | | | | RT#4438 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Move 3DES from HIGH to MEDIUMRich Salz2016-05-051-14/+14
| | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* various spelling fixesFdaSilvaYY2016-04-281-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/952)
* Revert "various spelling fixes"Rich Salz2016-04-041-1/+1
| | | | | | | This reverts commit 620d540bd47a96fb6905fbbdd8ea5167a8841a3e. It wasn't reviewed. Reviewed-by: Rich Salz <rsalz@openssl.org>
* various spelling fixesFdaSilvaYY2016-04-041-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* RT4458: Fix #ifndef line for GOSTPauli2016-03-311-2/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove #error from include files.Rich Salz2016-03-201-3/+1
| | | | | | | | Don't have #error statements in header files, but instead wrap the contents of that file in #ifndef OPENSSL_NO_xxx This means it is now always safe to include the header file. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Sort cipher-list at runtime.Rich Salz2016-03-161-1528/+1224
| | | | | | Reduces #ifdef complexity. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Move disabling of RC4 for DTLS to the cipher list.Kurt Roeckx2016-03-091-10/+10
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> MR: #1595
* IDEA is not supported in TLS 1.2Kurt Roeckx2016-03-091-2/+2
| | | | | | | | | This currently seems to be the only cipher we still support that should get disabled. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> MR: #1595
* Add support for minimum and maximum protocol version supported by a cipherKurt Roeckx2016-03-091-176/+358
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> MR: #1595
* GH815: The ChaCha20/Poly1305 codepoints are officialBenjamin Kaduk2016-03-081-1/+1
| | | | | | | | | | CCA8, CCA9, CCAA, CCAB, CCAC, CCAD, and CCAE are now present in https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml so remove the "as per draft-ietf-tls-chacha20-poly1305-03" note accordingly. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* GH787: Fix ALPNTodd Short2016-03-081-16/+4
| | | | | | | | | | | | * Perform ALPN after the SNI callback; the SSL_CTX may change due to that processing * Add flags to indicate that we actually sent ALPN, to properly error out if unexpectedly received. * clean up ssl3_free() no need to explicitly clear when doing memset * document ALPN functions Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Rework the default cipherlist.Emilia Kasper2016-03-071-58/+58
| | | | | | | | | | | | - Always prefer forward-secure handshakes. - Consistently order ECDSA above RSA. - Next, always prefer AEADs to non-AEADs, irrespective of strength. - Within AEADs, prefer GCM > CHACHA > CCM for a given strength. - Prefer TLS v1.2 ciphers to legacy ciphers. - Remove rarely used DSS, IDEA, SEED, CAMELLIA, CCM from the default list to reduce ClientHello bloat. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Don't mark the eNULL ciphers as non-default.Kurt Roeckx2016-03-041-19/+19
| | | | | | | | They're not part of ALL, so they're not part of COMPLEMENTOFDEFAULT Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #2202
* Don't build RC4 ciphersuites into libssl by defaultMatt Caswell2016-03-041-0/+18
| | | | | | | | RC4 based ciphersuites in libssl have been disabled by default. They can be added back by building OpenSSL with the "enable-weak-ssl-ciphers" Configure option at compile time. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove unused parameter in ssl_set_masks().Dr. Stephen Henson2016-02-241-1/+1
| | | | | | | | The ssl_set_masks() function no longer depends on the cipher. This also means there is no need to set the masks for each cipher in ssl3_choose_cipher. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove outdated DEBUG flags.Rich Salz2016-02-181-21/+0
| | | | | | | | | | | | | | | | | Add -DBIO_DEBUG to --strict-warnings. Remove comments about outdated debugging ifdef guards. Remove md_rand ifdef guarding an assert; it doesn't seem used. Remove the conf guards in conf_api since we use OPENSSL_assert, not assert. For pkcs12 stuff put OPENSSL_ in front of the macro name. Merge TLS_DEBUG into SSL_DEBUG. Various things just turned on/off asserts, mainly for checking non-NULL arguments, which is now removed: camellia, bn_ctx, crypto/modes. Remove some old debug code, that basically just printed things to stderr: DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG, RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG. Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL. Reviewed-by: Richard Levitte <levitte@openssl.org>
* GH675: make ssl3_ciphers staticViktor Szakats2016-02-131-1/+1
| | | | | Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove static ECDH support.Dr. Stephen Henson2016-02-111-341/+0
| | | | | | | Remove support for static ECDH ciphersuites. They require ECDH keys in certificates and don't support forward secrecy. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Remove TLS heartbeat, disable DTLS heartbeatRich Salz2016-02-111-11/+12
| | | | | | | | | To enable heartbeats for DTLS, configure with enable-heartbeats. Heartbeats for TLS have been completely removed. This addresses RT 3647 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Deprecate undocumented SSL_cache_hit().Dr. Stephen Henson2016-02-081-3/+0
| | | | | | | Deprecate undocumented SSL_cache_hit(). Make SSL_session_reused() into a real function. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Handle SSL_shutdown while in init more appropriately #2Matt Caswell2016-02-081-15/+0
| | | | | | | | | | | | | | | | | | | Previous commit 7bb196a71 attempted to "fix" a problem with the way SSL_shutdown() behaved whilst in mid-handshake. The original behaviour had SSL_shutdown() return immediately having taken no action if called mid- handshake with a return value of 1 (meaning everything was shutdown successfully). In fact the shutdown has not been successful. Commit 7bb196a71 changed that to send a close_notify anyway and then return. This seems to be causing some problems for some applications so perhaps a better (much simpler) approach is revert to the previous behaviour (no attempt at a shutdown), but return -1 (meaning the shutdown was not successful). This also fixes a bug where SSL_shutdown always returns 0 when shutdown *very* early in the handshake (i.e. we are still using SSLv23_method). Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* constify PACKETEmilia Kasper2016-02-011-1/+1
| | | | | | | | PACKET contents should be read-only. To achieve this, also - constify two user callbacks - constify BUF_reverse. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove /* foo.c */ commentsRich Salz2016-01-261-1/+0
| | | | | | | | | | | | This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Handle SSL_shutdown while in init more appropriatelyMatt Caswell2016-01-201-0/+15
| | | | | | | | | | | | | | | Calling SSL_shutdown while in init previously gave a "1" response, meaning everything was successfully closed down (even though it wasn't). Better is to send our close_notify, but fail when trying to receive one. The problem with doing a shutdown while in the middle of a handshake is that once our close_notify is sent we shouldn't really do anything else (including process handshake/CCS messages) until we've received a close_notify back from the peer. However the peer might send a CCS before acting on our close_notify - so we won't be able to read it because we're not acting on CCS messages! Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Fix GOST2012-NULL-GOST12Dmitry Belyavsky2016-01-191-1/+1
| | | | | | | | | Fix a typo in the definition of the GOST2012-NULL-GOST12 ciphersuite. RT#4213 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Empty SNI names are not validViktor Dukhovni2016-01-161-1/+4
| | | | | | | While empty inputs to SSL_set1_host() clear the reference identifier list. Reviewed-by: Rich Salz <rsalz@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 23:35:19 +0000