Remove unnecessary str variable in ssl_stat.c

Drop about 1/4 of the lines in here by avoiding the use of a variable.
For some reason the API in this file made me go listen to Pow R. Toc H.
All of a

Remove unnecessary str variable in ssl_stat.c

Drop about 1/4 of the lines in here by avoiding the use of a variable.
For some reason the API in this file made me go listen to Pow R. Toc H.
All of a sudden the lyrics made sense. I should probably be worried.

ok beck jsing

show more ...

Add missing alerts to SSL_alert_desc_string{,_long}()

ok beck

Hide all public symbols in libssl

With the guentherizer 9000

ok tb@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_l

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

show more ...

Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.

These are no longer necessary due to SSL_CTX and SSL now being fully
opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back
into SSL.

P

Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.

These are no longer necessary due to SSL_CTX and SSL now being fully
opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back
into SSL.

Prompted by tb@

show more ...

Bye bye S3I.

S3I has served us well, however now that libssl is fully opaque it is time
to say goodbye. Aside from removing the calloc/free/memset, the rest is
mechanical sed.

ok inoguchi@ tb@

Add SSL_AD_MISSING_EXTENSION.

This is an alert that was added in TLSv1.3 - we already use it internally,
but did not provide the SSL_AD_* define previously.

ok tb@

Remove references to obsolete alerts.

The "no_certificate" alert only existed in SSLv3, while the
"decryption_failed" and "export_restriction" alerts were removed in
TLSv1.1.

ok tb@

Only use SSL_AD_* internally.

Due to hysterical raisins there are three different types of defines for
alerts. SSL3_AD_* are from SSLv3, TLS1_AD_* are from TLSv1.0 onwards and
SSL_AD_* currently map

Only use SSL_AD_* internally.

Due to hysterical raisins there are three different types of defines for
alerts. SSL3_AD_* are from SSLv3, TLS1_AD_* are from TLSv1.0 onwards and
SSL_AD_* currently map to either an SSL3_AD_* or TLS1_AD_* define.

Currently, all three of these are used in various places - switch to using
just SSL_AD_* values internally, as a first step in cleaning this up.

ok tb@

show more ...

Move state from ssl->internal to the handshake structure.
while we are at it, convert SSLerror to use a function
internally, so that we may later allocate the handshake
structure and check for it
ok

Move state from ssl->internal to the handshake structure.
while we are at it, convert SSLerror to use a function
internally, so that we may later allocate the handshake
structure and check for it
ok jsing@

show more ...

send state and rstate from ssl_st into internal. There are accessors
so these should not be diddled with directly
ok jsing@

Sort and group includes.

Another large dose of KNF.

tags as requested by miod and tedu

More KNF and style consistency tweaks

remove ssl2 support even more completely.
in the process, always include ssl3 and tls1, we don't need config options
for them. when the time comes to expire ssl3, it will be with an ax.
checked by mi

remove ssl2 support even more completely.
in the process, always include ssl3 and tls1, we don't need config options
for them. when the time comes to expire ssl3, it will be with an ax.
checked by miod

show more ...

First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

show more ...

OpenSSL 0.9.4 merge

Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build
functionality for shared libs.

Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in th

Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build
functionality for shared libs.

Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in this library.

Needs documentation and help from ports for easy upgrade to full
functionality where legally possible.

show more ...