summaryrefslogtreecommitdiffstats
path: root/ssl/s23_clnt.c
AgeCommit message (Collapse)Author
2015-05-16Version negotiation rewrite cleanupMatt Caswell
Following the version negotiation rewrite all of the previous code that was dedicated to version negotiation can now be deleted - all six source files of it!! Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-16Client side version negotiation rewriteMatt Caswell
Continuing from the previous commit this changes the way we do client side version negotiation. Similarly all of the s23* "up front" state machine code has been avoided and again things now work much the same way as they already did for DTLS, i.e. we just do most of the work in the ssl3_get_server_hello() function. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-01free NULL cleanup -- codaRich Salz
After the finale, the "real" final part. :) Do a recursive grep with "-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are an "if NULL" check that can be removed. Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-04-16Code style: space after 'if'Viktor Dukhovni
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-26Move s->packet and s->packet_length into s->rlayerMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-26Provide RECORD_LAYER_set_data functionMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-26Encapsulate SSL3_BUFFER and all access to s->s3->rbuf.Matt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-25RAND_bytes updatesMatt Caswell
Ensure RAND_bytes return value is checked correctly, and that we no longer use RAND_pseudo_bytes. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-23Fix missing return value checksMatt Caswell
Ensure that all functions have their return values checked where appropriate. This covers all functions defined and called from within libssl. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-06dead code cleanup: #if 0 in sslRich Salz
I left many "#if 0" lines, usually because I thought we would probably want to revisit them later, or because they provided some useful internal documentation tips. Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-22Run util/openssl-format-source -v -c .Matt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08Remove some unnecessary OPENSSL_FIPS referencesDr. Stephen Henson
FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS capable. Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-04Remove SSLv2 supportKurt Roeckx
The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-10-15Fix no-ssl3 configuration optionGeoff Thorpe
CVE-2014-3568 Reviewed-by: Emilia Kasper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-15Support TLS_FALLBACK_SCSV.Bodo Moeller
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-08-28Custom extension revision.Dr. Stephen Henson
Use the same structure for client and server custom extensions. Add utility functions in new file t1_ext.c. Use new utility functions to handle custom server and client extensions and remove a lot of code duplication. Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-08-15Revision of custom extension code.Dr. Stephen Henson
Move custom extension structures from SSL_CTX to CERT structure. This change means the form can be revised in future without binary compatibility issues. Also since CERT is part of SSL structures so per-SSL custom extensions could be supported in future as well as per SSL_CTX. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-07-04Remove all RFC5878 code.Dr. Stephen Henson
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
2014-07-01Fix warning.Dr. Stephen Henson
(cherry picked from commit c97ec5631bb08a2171a125008d2f0d2a75687aaa)
2014-03-28Security framework.Dr. Stephen Henson
Security callback: selects which parameters are permitted including sensible defaults based on bits of security. The "parameters" which can be selected include: ciphersuites, curves, key sizes, certificate signature algorithms, supported signature algorithms, DH parameters, SSL/TLS version, session tickets and compression. In some cases prohibiting the use of a parameters will mean they are not advertised to the peer: for example cipher suites and ECC curves. In other cases it will abort the handshake: e.g DH parameters or the peer key size. Documentation to follow...
2014-02-05Re-add alert variables removed during rebaseScott Deboy
Whitespace fixes
2014-02-05Update custom TLS extension and supplemental data 'generate' callbacks to ↵Scott Deboy
support sending an alert. If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake. Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate.
2013-10-21Remove unused variable.Ben Laurie
2013-10-21Do not include a timestamp in the Client/ServerHello Random field.Nick Mathewson
Instead, send random bytes, unless SSL_SEND_{CLIENT,SERVER}RANDOM_MODE is set. This is a forward-port of commits: 4af793036f6ef4f0a1078e5d7155426a98d50e37 f4c93b46edb51da71f09eda99e83eaf193a33c08 3da721dac9382c48812c8eba455528fd59af2eef 2583270191a8b27eed303c03ece1da97b9b69fd3 While the gmt_unix_time record was added in an ostensible attempt to mitigate the dangers of a bad RNG, its presence leaks the host's view of the current time in the clear. This minor leak can help fingerprint TLS instances across networks and protocols... and what's worse, it's doubtful thet the gmt_unix_time record does any good at all for its intended purpose, since: * It's quite possible to open two TLS connections in one second. * If the PRNG output is prone to repeat itself, ephemeral handshakes (and who knows what else besides) are broken.
2013-09-06Add callbacks supporting generation and retrieval of supplemental data ↵Scott Deboy
entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
2013-07-31Various custom extension fixes.Trevor Perrin
Force no SSL2 when custom extensions in use. Don't clear extension state when cert is set. Clear on renegotiate.
2012-12-07send out the raw SSL/TLS headers to the msg_callback and display them in ↵Dr. Stephen Henson
SSL_trace
2012-08-15Add three Suite B modes to TLS code, supporting RFC6460.Dr. Stephen Henson
2012-05-30RFC 5878 support.Ben Laurie
2012-04-25s23_clnt.c: ensure interoperability by maitaining client "version capability"Andy Polyakov
vector contiguous. PR: 2802
2012-04-17Additional workaround for PR#2771Dr. Stephen Henson
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client ciphersuites to this value. A value of 50 should be sufficient. Document workarounds in CHANGES.
2012-04-17Partial workaround for PR#2771.Dr. Stephen Henson
Some servers hang when presented with a client hello record length exceeding 255 bytes but will work with longer client hellos if the TLS record version in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all cases...
2011-05-19Implement FIPS_mode and FIPS_mode_setDr. Stephen Henson
2011-04-29Initial incomplete TLS v1.2 support. New ciphersuites added, new versionDr. Stephen Henson
checking added, SHA256 PRF support added. At present only RSA key exchange ciphersuites work with TLS v1.2 as the new signature format is not yet implemented.
2011-03-12Remove redundant check to stop compiler warning.Dr. Stephen Henson
2010-02-16PR: 2171Dr. Stephen Henson
Submitted by: Tomas Mraz <tmraz@redhat.com> Since SSLv2 doesn't support renegotiation at all don't reject it if legacy renegotiation isn't enabled. Also can now use SSL2 compatible client hello because RFC5746 supports it.
2009-12-28return v1.1 methods for client/serverDr. Stephen Henson
2009-12-07Initial experimental TLSv1.1 supportDr. Stephen Henson
2009-11-18Don't use SSLv2 compatible client hello if we don't tolerate legacy ↵Dr. Stephen Henson
renegotiation
2009-08-05Update from 1.0.0-stable.Dr. Stephen Henson
2009-04-08Update from 1.0.0-stableDr. Stephen Henson
2008-12-30Document dead code.Ben Laurie
2008-09-03Make no-tlsext compile.Dr. Stephen Henson
2008-06-03Memory saving patch.Ben Laurie
2007-09-26Support for certificate status TLS extension.Dr. Stephen Henson
2007-09-21Implement the Opaque PRF Input TLS extensionBodo Möller
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and bugfixes on the way. In particular, this fixes the buffer bounds checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext(). Note that the opaque PRF Input TLS extension is not compiled by default; see CHANGES.
2006-11-29fix support for receiving fragmented handshake messagesBodo Möller
2006-01-11improvements for alert handlingBodo Möller
2006-01-11More TLS extension related changes.Bodo Möller
Submitted by: Peter Sylvester
2006-01-08Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts)Bodo Möller
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-03 06:37:06 +0000