![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / lib / libssl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.31 / (download) - annotate - [select for diffs], Sat Jul 8 16:40:13 2023 UTC (11 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.30: +25 -1 lines
Diff to previous 1.30 (colored)
Hide all public symbols in libssl With the guentherizer 9000 ok tb@
Revision 1.30 / (download) - annotate - [select for diffs], Thu Jul 6 07:56:32 2023 UTC (11 months ago) by beck
Branch: MAIN
Changes since 1.29: +1 -36 lines
Diff to previous 1.29 (colored)
unifdef the LIBRESSL_HAS_TLS1_3_[CLIENT|SERVER] goo And remove the tendrils. This was useful for transition but we are now well past this.
Revision 1.29 / (download) - annotate - [select for diffs], Sat Nov 26 16:08:56 2022 UTC (18 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.28: +3 -3 lines
Diff to previous 1.28 (colored)
Make internal header file names consistent Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
Revision 1.28 / (download) - annotate - [select for diffs], Mon Jul 26 03:17:38 2021 UTC (2 years, 10 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.27: +1 -17 lines
Diff to previous 1.27 (colored)
Dedup dtls1_dispatch_alert()/ssl3_dispatch_alert(). The code for dtls1_dispatch_alert() and ssl3_dispatch_alert() is largely identical - with a bit of reshuffling we can use ssl3_dispatch_alert() for both protocols and remove the ssl_dispatch_alert function pointer. ok inoguchi@ tb@
Revision 1.27 / (download) - annotate - [select for diffs], Sat Jul 3 16:06:45 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.26: +1 -49 lines
Diff to previous 1.26 (colored)
Do a first pass clean up of SSL_METHOD. The num_ciphers, get_cipher_by_char and put_cipher_by_char function pointers use the same function for all methods - call ssl3_num_ciphers() directly, absorb ssl3_get_cipher_by_char() into SSL_CIPHER_find() and remove the unused ssl3_put_cipher_by_char() code. ok inoguchi@ tb@
Revision 1.26 / (download) - annotate - [select for diffs], Thu Jul 1 17:53:39 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.25: +33 -97 lines
Diff to previous 1.25 (colored)
Merge SSL_METHOD_INTERNAL into SSL_METHOD. Now that SSL_METHOD is opaque and in internal headers, we can remove SSL_METHOD_INTERNAL by merging it back into SSL_METHOD. ok tb@
Revision 1.25 / (download) - annotate - [select for diffs], Sun May 16 13:56:31 2021 UTC (3 years ago) by jsing
Branch: MAIN
Changes since 1.24: +2 -1 lines
Diff to previous 1.24 (colored)
Move DTLS structs/definitions/prototypes to dtls_locl.h. Now that the DTLS structs are opaque, add a dtls_locl.h header and move internal-only structs from dtls1.h, along with prototypes from ssl_locl.h. Only pull this header in where DTLS code actually exists. ok inoguchi@ tb@
Revision 1.24 / (download) - annotate - [select for diffs], Wed Mar 31 16:59:32 2021 UTC (3 years, 2 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.23: +1 -15 lines
Diff to previous 1.23 (colored)
Expose various DTLSv1.2 specific functions and defines ok bcook inoguchi jsing
Revision 1.23 / (download) - annotate - [select for diffs], Thu Feb 25 17:06:05 2021 UTC (3 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.22: +33 -33 lines
Diff to previous 1.22 (colored)
Only use TLS versions internally (rather than both TLS and DTLS versions). DTLS protocol version numbers are the 1's compliment of human readable TLS version numbers, which means that newer versions decrease in value and there is no direct mapping between TLS protocol version numbers and DTLS protocol version numbers. Rather than having to deal with this internally, only use TLS versions internally and map between DTLS and TLS protocol versions when necessary. Rename functions and variables to use 'tls_version' when they contain a TLS version (and never a DTLS version). ok tb@
Revision 1.22 / (download) - annotate - [select for diffs], Sat Feb 20 08:33:17 2021 UTC (3 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.21: +152 -2 lines
Diff to previous 1.21 (colored)
Add DTLSv1.2 methods. These are currently guarded by LIBRESSL_HAS_DTLS1_2 and LIBRESSL_INTERNAL. ok tb@
Revision 1.21 / (download) - annotate - [select for diffs], Tue Dec 1 07:46:02 2020 UTC (3 years, 6 months ago) by tb
Branch: MAIN
Changes since 1.20: +196 -8 lines
Diff to previous 1.20 (colored)
Bring back *_client_method() structs The method unification broke an API promise of SSL_is_server(). According to the documentation, calling SSL_is_server() on SSL objects constructed from generic and server methods would result in 1 even before any call to SSL_set_accept_state(). This means the information needs to be available when SSL_new() is called, so must come from the method itself. Prior to the method unification, s->server would be set to 0 or 1 in SSL_new() depending on whether the accept method was undefined or not. Instead, introduce a flag to the internal structs to distinguish client methods from server and generic methods and copy that flag to s->server in SSL_new(). This problem was reported to otto due to breakage of DoH in net/dnsdist. The reason for this is that www/h2o relies on SSL_is_server() to decide whether to call SSL_accept() or SSL_connect(). Thus, the h2o server would end up responding to a ClientHello with another ClientHello, which results in a handshake failure. The bandaid applied to www/h2o can be removed once this fix has made it into snaps. No other breakage is known. This commit brings back only about half of the duplication removed in the method unification, so is preferable to a full revert. ok jsing
Revision 1.20 / (download) - annotate - [select for diffs], Wed Oct 14 16:44:15 2020 UTC (3 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.19: +7 -1 lines
Diff to previous 1.19 (colored)
Mark DTLS methods as DTLS. Rather than inferring DTLS from the method version, add a field that marks a method as specifically being DTLS. Have SSL_IS_DTLS condition on this rather than on version. ok tb@
Revision 1.19 / (download) - annotate - [select for diffs], Sun Oct 11 12:45:52 2020 UTC (3 years, 8 months ago) by guenther
Branch: MAIN
Changes since 1.18: +7 -7 lines
Diff to previous 1.18 (colored)
SSL3_ENC_METHOD is just a flag word; merge it into SSL_METHOD_INTERNAL with #defines for the per-version initializers instead of extern globals. Add SSL_USE_SHA256_PRF() to complete the abstraction. ok tb@ jsing@
Revision 1.18 / (download) - annotate - [select for diffs], Sun Oct 11 02:22:27 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.17: +54 -419 lines
Diff to previous 1.17 (colored)
Condense and simplify TLS methods. Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method. Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does. ok tb@
Revision 1.17 / (download) - annotate - [select for diffs], Sat Oct 3 17:54:27 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.16: +4 -4 lines
Diff to previous 1.16 (colored)
Use TLSv1_1_enc_data instead of DTLSv1_enc_data. DTLSv1 is TLSv1.1 over datagrams - there is no need for a separate SSL3_ENC_METHOD struct, just use TLSv1_1_enc_data and remove DTLSv1_enc_data entirely. ok tb@
Revision 1.16 / (download) - annotate - [select for diffs], Thu Sep 17 15:23:29 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.15: +35 -49 lines
Diff to previous 1.15 (colored)
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and
if that returns NULL, call dtls1_get_{client,server}_method(). Simplify
this by combining the lookup into a single function. While here also use
uint16_t for version types.
ok inoguchi@ millert@
Revision 1.15 / (download) - annotate - [select for diffs], Tue Sep 15 09:41:24 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.14: +1 -47 lines
Diff to previous 1.14 (colored)
Mop up the get_ssl_method function pointer. Now that get_ssl_method is no longer used, we can garbage collect the function pointer and some associated machinery. ok beck@
Revision 1.14 / (download) - annotate - [select for diffs], Tue Jul 7 19:31:11 2020 UTC (3 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.13: +1 -37 lines
Diff to previous 1.13 (colored)
Remove some unnecessary function pointers from SSL_METHOD_INTERNAL. ssl_version is completely unused and get_timeout is the same everywhere. ok beck@ inoguchi@ tb@
Revision 1.13 / (download) - annotate - [select for diffs], Tue Jul 7 19:24:23 2020 UTC (3 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.12: +50 -4 lines
Diff to previous 1.12 (colored)
Enable TLSv1.3 for the generic TLS_method(). This can be done now that we have both TLSv1.3 client and server. ok beck@ inoguchi@ tb@
Revision 1.12 / (download) - annotate - [select for diffs], Thu Feb 6 16:05:58 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.11: +9 -1 lines
Diff to previous 1.11 (colored)
Add a workaround to make SSL_set_session() work with TLSv1.3. While we do not currently do session resumption, just return the TLS_client_method() or TLS_server_method() when asked for a method that does TLSv1.3. ok tb@ (who also arrived at the same diff)
Revision 1.11 / (download) - annotate - [select for diffs], Thu Jan 23 10:48:37 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.10: +3 -20 lines
Diff to previous 1.10 (colored)
Remove the ssl_get_message function pointer from SSL_METHOD_INTERNAL. ssl_get_message is essentially a switch between ssl3_get_message and dtls1_get_message, both only used by the legacy stack. Instead, use SSL_IS_DTLS() in ssl3_get_message to call the DTLS function when necessary. ok beck@ inoguchi@ tb@
Revision 1.10 / (download) - annotate - [select for diffs], Thu Jan 23 05:08:30 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.9: +3 -3 lines
Diff to previous 1.9 (colored)
Implement pending for TLSv1.3. Makes `openssl s_client -peekaboo` work with TLSv1.3. ok beck@ tb@
Revision 1.9 / (download) - annotate - [select for diffs], Thu Jan 23 03:17:40 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.8: +18 -1 lines
Diff to previous 1.8 (colored)
Switch back to a function pointer for ssl_pending. This will allow the TLSv1.3 stack to provide its own implementation. Nuke a completely bogus comment from SSL_pending() whilst here. ok beck@
Revision 1.8 / (download) - annotate - [select for diffs], Wed Jan 22 15:47:22 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.7: +45 -3 lines
Diff to previous 1.7 (colored)
Wire up the TLSv1.3 server. This currently only has enough code to handle fallback to the legacy TLS stack for TLSv1.2 or earlier, however allows for further development and testing. ok beck@
Revision 1.7 / (download) - annotate - [select for diffs], Wed Jan 22 02:34:39 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.6: +1 -1 lines
Diff to previous 1.6 (colored)
Hook up the TLSv1.3 legacy shutdown code. Missed in an earlier commit.
Revision 1.6 / (download) - annotate - [select for diffs], Wed Jan 22 01:21:43 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.5: +3 -3 lines
Diff to previous 1.5 (colored)
Split the TLSv1.3 guards into separate client and server guards. ok beck@ tb@
Revision 1.5 / (download) - annotate - [select for diffs], Sun Nov 17 19:07:07 2019 UTC (4 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.4: +17 -1 lines
Diff to previous 1.4 (colored)
Bring back the ssl_shutdown internal method pointer. For now ssl3_shutdown() is called in all cases, however TLSv1.3 will soon get its own version. ok beck@
Revision 1.4 / (download) - annotate - [select for diffs], Sun Mar 17 17:28:08 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.3: +19 -1 lines
Diff to previous 1.3 (colored)
Provide version agnostic DTLS methods. ok tb@
Revision 1.3 / (download) - annotate - [select for diffs], Thu Feb 14 18:53:15 2019 UTC (5 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.2: +3 -3 lines
Diff to previous 1.2 (colored)
Correct guards.
Revision 1.2 / (download) - annotate - [select for diffs], Thu Feb 14 17:50:07 2019 UTC (5 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.1: +45 -3 lines
Diff to previous 1.1 (colored)
Provide a TLS 1.3 capable client method. ok tb@
Revision 1.1 / (download) - annotate - [select for diffs], Mon Nov 5 05:45:15 2018 UTC (5 years, 7 months ago) by jsing
Branch: MAIN
Consolidate all of the SSL method structs/functions into a single file. Discussed with tb@