openbsd/src/lib/libtls, branch OPENBSD_7_6

openbsd/src/lib/libtls, branch OPENBSD_7_6_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_6_BASE 2024-08-31T10:54:12+00:00 major bump for libcrypto libssl and libtls 2024-08-31T10:54:12+00:00 tb 2024-08-31T10:54:12+00:00 urn:sha1:71ba87c7b967350832d234fc05a24f33898e3408 Give libtls the same bump as libssl 2024-08-12T21:02:24+00:00 tb 2024-08-12T21:02:24+00:00 urn:sha1:252403d7ae62fce4218c94b3714a4d666fe438b7 libtls: fix legacy protocol parsing 2024-08-02T15:00:01+00:00 tb 2024-08-02T15:00:01+00:00 urn:sha1:b406bf2119594dc725dd7e537eb049151f94db87 Redefining TLS_PROTOCOL_TLSv1_0 and TLS_PROTOCOL_TLSv1_1 to be the same as TLS_PROTOCOL_TLSv1_2 had undesired side effects, as witnessed in the accompanying regress tests. The protocol string all:tlsv1.0 would disable TLSv1.2 (so only enable TLSv1.3) and tlsv1.2:!tlsv1.1 would disable all protocols. It makes more sense to ignore any setting of TLSv1.0 and TLSv1.1, so if you request 'tlsv1.1' you get no protocol, but 'all:!tlsv1.1' will enable the two supported protocols TLSv1.3 and TLSv1.2. Restore the defines to their original values and adjust the parsing code to set/unset them. Issue reported by Kenjiro Nakayama Fixes https://github.com/libressl/openbsd/issues/151 with/ok jsing sync includes in tls_signer.c 2024-06-11T16:35:24+00:00 op 2024-06-11T16:35:24+00:00 urn:sha1:90527c425b68e3277192a621ce09c1fc0f2a8b8d pthread -> mutex stdint -> uint8_t stdio.h -> asprintf stdlib.h -> calloc string.h -> memcpy ecdsa -> ECDSA_METHOD leftover, remove ec -> EC_KEY evp -> EVP_PKEY pem -> PEM_read_bio_X509 x509 -> X509 90% of the diff is from tb@, I only spotted the missing string.h :) ok tb@ crank libtls like libcrypto and libssl 2024-04-15T16:01:23+00:00 tb 2024-04-15T16:01:23+00:00 urn:sha1:f8b4b2d623499cf612fe2e30bd0e3528db318940 Remove spaces before tabs 2024-04-08T20:47:32+00:00 tb 2024-04-08T20:47:32+00:00 urn:sha1:d52332356c8ba6fc11d87f6d466baff39351a3ee Use TLS_ERROR_INVALID_ARGUMENT for "too large" and "too small" errors 2024-03-28T06:55:02+00:00 joshua 2024-03-28T06:55:02+00:00 urn:sha1:d3012ebd0480445b9625c35635eb2e6849c6501a ok beck tb Use TLS_ERROR_OUT_OF_MEMORY error code for calloc errors in libtls 2024-03-28T02:08:24+00:00 joshua 2024-03-28T02:08:24+00:00 urn:sha1:a7dd7b8d74e7f7e9f77b865ade3204f7e1c26188 ok jsing Add TLS_ERROR_INVALID_ARGUMENT error code to libtls 2024-03-27T07:35:30+00:00 joshua 2024-03-27T07:35:30+00:00 urn:sha1:2f91b3106eca7de0d2c1cd49842ac4b5e027fc63 This is an initial pass, defining the error code and using it for "too long"/length-related errors. ok beck jsing Add TLS_ERROR_INVALID_CONTEXT error code to libtls 2024-03-26T08:54:48+00:00 joshua 2024-03-26T08:54:48+00:00 urn:sha1:770136de1e8bfda122badbcfdd67920088e8d5fc ok jsing@ beck@