openbsd/src/lib/libssl, branch OPENBSD_6_4

openbsd/src/lib/libssl, branch OPENBSD_6_4_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_6_4_BASE 2018-09-12T06:36:15+00:00 crank to follow minor crank in libcrypto; ok tb@ jsing@ 2018-09-12T06:36:15+00:00 djm 2018-09-12T06:36:15+00:00 urn:sha1:acf423199f07a7c18afa9a7e6000e17d6d4fce38 Remove now unused code for EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE. 2018-09-08T14:39:41+00:00 jsing 2018-09-08T14:39:41+00:00 urn:sha1:796a6cede5802a1cdee69a9fbb287c26897883f9 ok inoguchi@ tb@ SSL_MAX_DIGEST is no longer needed. 2018-09-08T14:29:52+00:00 jsing 2018-09-08T14:29:52+00:00 urn:sha1:f7f25e05343da66a03d305acf325d93ab9cae779 Drop SSL_CIPHER_ALGORITHM2_AEAD flag. 2018-09-06T16:40:45+00:00 jsing 2018-09-06T16:40:45+00:00 urn:sha1:39009dce3f2b539a01cfeed40b04f52c37955b4c All of our algorithm_mac == SSL_AEAD cipher suites use EVP_AEAD, so we can condition on that rather than having a separate redundant flag. ok tb@ Use the newer/more sensible names for EVP_MD_CTX_* functions. 2018-09-05T16:58:59+00:00 jsing 2018-09-05T16:58:59+00:00 urn:sha1:4e47c515f40e5440374f3cb833834c52edfd8b18 EVP_MD_CTX_create -> EVP_MD_CTX_new EVP_MD_CTX_destroy -> EVP_MD_CTX_free This should make the intent more obvious and reduce head scratching during code reviews. Raised by tb@ Correctly clear the current cipher state, when changing cipher state. 2018-09-05T16:48:11+00:00 jsing 2018-09-05T16:48:11+00:00 urn:sha1:c67d138a999b0555285f0993584d8124abc2b926 When a renegotiation results in a change of cipher suite, the renegotation would fail if it switched from AEAD to non-AEAD or vice versa. This is due to the fact that the previous EVP_AEAD or EVP_CIPHER state remained, resulting in incorrect logic that caused MAC failures. Rename ssl_clear_cipher_ctx() to ssl_clear_cipher_state() and split it into separate read/write components, then call these functions from the appropriate places when a ChangeCipherSpec message is being processed. Also, remove the separate ssl_clear_hash_ctx() calls and fold these into the ssl_clear_cipher_{read,write}_state() functions. Issue reported by Bernard Spil, who also tested this diff. ok tb@ Stop using composite EVP_CIPHER AEADs. 2018-09-03T18:00:50+00:00 jsing 2018-09-03T18:00:50+00:00 urn:sha1:09e3c4eaff9a257054b6dc7cc8fbeed5239c481c The composite AEADs are "stitched" mode ciphers, that are only supported on some architectures/CPUs and are designed to be faster than a separate EVP_CIPHER and EVP_MD implementation. The three AEADs are used for less than ideal cipher suites (if you have hardware support that these use there are better cipher suite options), plus continuing to support AEADs via EVP_CIPHER is creating additional code complexity. ok inoguchi@ tb@ Stop handling AES-GCM via ssl_cipher_get_evp(). 2018-09-03T17:45:24+00:00 jsing 2018-09-03T17:45:24+00:00 urn:sha1:34efe444a75c4a4667abad7e2961c1090e97096f All of the AES-GCM ciphersuites use the EVP_AEAD interface, so there is no need to support them via EVP_CIPHER. ok inoguchi@ tb@ Clean up SSL_DES and SSL_IDEA remnants. 2018-09-03T17:41:13+00:00 jsing 2018-09-03T17:41:13+00:00 urn:sha1:7e13e67bd932c42e580dd62e18bcfc50c5d19180 All ciphersuites that used these encryption algorithms were removed some time ago. ok bcook@ inoguchi@ tb@ Remove unused argument to tls1_change_cipher_state_cipher(). 2018-08-31T18:31:34+00:00 jsing 2018-08-31T18:31:34+00:00 urn:sha1:ab82fc96211b03411f245a194d52f6ef86aa12d5