| Age | Commit message (Collapse) | Author |
|---|
|
Discussed with tb@
|
|
ssl3_pending() is used for all protocols and dtls1_shutdown() just calls
ssl3_shutdown(), so just call the appropriate function directly instead.
ok beck@ inoguchi@ tb@
|
|
Now that all handshake messages are created using CBB, remove the non-CBB
ssl3_handshake_msg_start()/ssl3_handshake_msg_finish() functions. Rename
the CBB variants by dropping the _cbb suffix.
ok bcook@ inoguchi@ tb@
|
|
Now that everything goes through the same code path, we can remove a layer
of indirection and just call ssl3_{read,write,peek} directly.
ok beck@ inoguchi@
|
|
With review/feedback from inoguchi@
|
|
ssl3_accept() - synchronise comments, whitespace, line wrapping, etc.
|
|
which allows us to drop dtls1_send_change_cipher_spec() entirely.
ok inoguchi@
|
|
while we are at it, convert SSLerror to use a function
internally, so that we may later allocate the handshake
structure and check for it
ok jsing@
|
|
ok jsing@, gcc@, regress@
|
|
with the handshake hash. For now tls1_digest_cached_records() is retained
to release the handshake buffer.
ok beck@ inoguchi@
|
|
ok beck@ inoguchi@
|
|
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
|
line wraps that resulted
|
|
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@
|
|
and defines since they are the same everywhere.
ok beck@
|
|
fixed version) client/server code.
ok beck@
|
|
Discussed with beck@
|
|
from SSL_METHOD, replacing usage with direct calls to the appropriate
functions.
ok beck@
|
|
so these should not be diddled with directly
ok jsing@
|
|
ok jsing@
|
|
ok jsing@
|
|
internal.
ok beck@
|
|
ok beck@
|
|
known to be used by ports.
ok beck@
|
|
ok jsing@
|
|
currently unused, but will be in the near future.
ok beck@
|
|
handshake functions, we can remove more copied code from DTLS.
|
|
ok jsing@
|
|
then decrement it and call a callback on exit from the function. As such,
these functions should not return in the middle, otherwise in_handshake is
never decremented and the callback never called.
ok beck@ "with many sighs" miod@
|
|
|
|
|
|
code deduped.
|
|
lines of code, while gaining SIGALGs support.
|
|
lines of code, while gaining bug fixes and SIGALGs support.
|
|
|
|
|
|
|
|
ssl3_ prefix.
ok beck@
|
|
both essentially the same (in fact DTLS benefits from improvements
previously made to the ssl3_send_finished() function).
ok beck@
|
|
incomplete implementations just so that we can interoperate with products
from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
|
Another relic due to the old US crypto policy.
From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and
95275599399e277e71d064790a1f828a99fc661a.
ok jsing@ miod@
|
|
DTLS currently doesn't check whether a client cert is expected. This
change makes the logic in dtls1_accept() match that from ssl3_accept().
From OpenSSL commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65
input + ok jsing@ miod@
|
|
This commit matches the OpenSSL removal in commit
3c33c6f6b10864355553961e638514a6d1bb00f6.
ok deraadt@
|
|
jsg@ noticed that some of the lines in libssl and libcrypto are not
indented properly. At a quick glance, it looks like it has a different
control flow than it really does. I checked the history in our tree and
in OpenSSL to make sure these were simple mistakes.
ok miod@ jsing@
|
|
ok doug@
|
|
in four different places.
ok doug@ guenther@
|
|
OpenBSD does not have SCTP support and it sees little use in the wild.
OPENSSL_NO_SCTP is already specified via opensslfeatures.h, hence this
is a code removal only and symbols should remain unchanged.
ok beck@ miod@ tedu@
|
|
message handling routines.
ok miod@
|
|
This API was intended to be an internal only, however like many things in
OpenSSL, it is exposed externally and parts of the software ecosystem are
now using it since there is no real alternative within the public API.
ok doug@, tedu@ and reluctantly miod@
|
|
A few EVP_DigestInit_ex() calls were left alone since reporting an
error would change the public API.
Changed internal ssl3_cbc_digest_record() to return a value due to the above
change. It will also now set md_out_size=0 on failure.
This is based on part of BoringSSL's commit to fix malloc crashes:
https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364
ok miod@
|
