A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_6_7_BASE 2020-04-18T14:07:56+00:00 2020-04-18T14:07:56+00:00 jsing 2020-04-18T14:07:56+00:00 urn:sha1:45ae045ccf3a3740b07e9b2ecbbbbb3320d2f36d SSL_get_server_tmp_key() provides the peer ephemeral public key used for key exchange. In the case of TLSv1.3 this is essentially the peer public key from the key share used for TLSv1.3 key exchange, hence make it availaable via SSL_get_server_tmp_key(). ok inoguchi@ tb@ 2020-02-16T14:33:04+00:00 inoguchi 2020-02-16T14:33:04+00:00 urn:sha1:fa0b5b94cc25e2b4dd64fd2788b5be80ec542d59 Changed to use local variable to hold malloc address rather than directly set to S3I(s)->tmp.x25519, and set that private_key pointer to S3I(s)->tmp.x25519 after all the "goto err;". Also added freezero for S3I(s)->tmp.x25519 to ssl3_free() and ssl3_clear(). ok jsing@ tb@ 2020-01-30T17:09:23+00:00 jsing 2020-01-30T17:09:23+00:00 urn:sha1:8c4b49ffef3b61d982a273df3cd92b2e017aa065 Pull out the key share handling code and provide a clean/self contained interface. This will make it easier to support groups other than X25519. ok beck@ inoguchi@ tb@ 2020-01-23T10:40:59+00:00 jsing 2020-01-23T10:40:59+00:00 urn:sha1:e923e6a6e5ee7ab0943514d73b7f609470b200a5 Currently, TLSv1.3 cipher suites are filtered out by the fact that they have authentication and key exchange algorithms that are not being set in ssl_set_cert_masks(). Fix this so that ssl3_choose_cipher() works for TLSv1.3, however we also now need to ensure that we filter out TLSv1.3 for non-TLSv1.3 and only select TLSv1.3 for TLSv1.3. ok beck@ tb@ 2020-01-02T06:37:13+00:00 jsing 2020-01-02T06:37:13+00:00 urn:sha1:1e40b0f750f6957c62327661ea1b410544e11a30 In OpenSSL, SSL_CTX_get_extra_chain_certs() really means return extra certs, unless there are none, in which case return the chain associated with the certificate. If you really just want the extra certs, including knowing if there are no extra certs, then you need to call SSL_CTX_get_extra_chain_certs_only()! And to make this even more entertaining, these functions are not documented in any OpenSSL release. Reported by sephiroth-j on github, since the difference in behaviour apparently breaks OCSP stapling with nginx. ok beck@ inoguchi@ tb@ 2019-10-04T17:21:24+00:00 jsing 2019-10-04T17:21:24+00:00 urn:sha1:4cd703f8ea6ce1ad19febbcab84532f2943d2b6c The recent EC group cofactor change results in stricter validation, which causes the EC_GROUP_set_generator() call to fail. Issue reported and fix tested by rsadowski@ ok tb@ 2019-04-04T15:03:21+00:00 jsing 2019-04-04T15:03:21+00:00 urn:sha1:3a7c85d931b2023a54a02c316fd13e9c48298d91 These allow for chains to be managed on a per-certificate basis rather than as a single "extra certificates" list. Note that "chain" in this context does not actually include the leaf certificate however, unlike SSL_CTX_use_certificate_chain_{file,mem}(). Thanks to sthen@ for running this through a bulk ports build. ok beck@ tb@ 2019-03-25T17:21:18+00:00 jsing 2019-03-25T17:21:18+00:00 urn:sha1:c46928243f6c8aa22e46219e22df33de006a501f Previously the signature algorithm was selected when the TLS extension was parsed (or the client received a certificate request), however the actual certificate to be used is not known at this stage. This leads to various problems, including the selection of a signature algorithm that cannot be used with the certificate key size (as found by jeremy@ via ruby regress). Instead, store the signature algorithms list and only select a signature algorithm when we're ready to do signature generation. Joint work with beck@. 2019-02-09T15:26:15+00:00 jsing 2019-02-09T15:26:15+00:00 urn:sha1:bf3fc1487ab4d49b366d075e6f48ee4eef2d29a4 While handshake hash is correct (in as far as it is a hash of handshake messages), using tls1_transcript_hash*() aligns them with the naming of the tls1_transcript*() functions. Additionally, the TLSv1.3 specification uses Transcript-Hash and "transcript hash", which this matches. ok inoguchi@ tb@ 2019-01-24T15:50:47+00:00 beck 2019-01-24T15:50:47+00:00 urn:sha1:412284188c2a3c98dca1de88b2b7b416e4930489 ok jsing@ bcook@