summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* bump to LibreSSL 2.9.3OPENBSD_6_5bcook2019-06-101-3/+3
|
* MFC libssl fix - rev 1.49 (commitid: DLpHk0vyoFEK0Baa)sthen2019-06-071-5/+2
| | | | | | | | | | | | | | | --- Relax parsing of TLS key share extensions on the server. The RFC does not require X25519 and it also allows clients to send an empty key share when the want the server to select a group. The current behaviour results in handshake failures where the client supports TLS 1.3 and sends a TLS key share extension that does not contain X25519. --- (this fixes server side in some cases with TLS 1.3 clients with what would normally be unusual config - however triggered by recent Firefox packages on Fedora, https://bugzilla.redhat.com/show_bug.cgi?id=1713777)
* In DTLS, use_srtp is part of the extended server hello while in TLSv1.3,libressl-v2.9.2tb2019-05-151-2/+3
| | | | | | | | | | | | it is an encrypted extension. Include it in the server hello for now. This will have to be revisited once TLSv1.3 gets there. Fixes SRTP negotiation. Problem found by two rust-openssl regress failures reported by mikeb. with & ok beck OpenBSD 6.5 errata 002
* LibreSSL 2.9.2bcook2019-05-131-3/+3
|
* This commit was manufactured by cvs2git to create branch 'OPENBSD_6_5'.libressl-v2.9.1cvs2svn2019-04-100-0/+0
|
* Avoid an overread caused by d2i_PrivateKey().jsing2019-04-101-1/+3
| | | | | | | | | | | There are cases where the old_priv_decode() function can fail but consume bytes. This will result in the pp pointer being advanced, which causes d2i_PKCS8_PRIV_KEY_INFO() to be called with an advanced pointer and incorrect length. Fixes oss-fuzz #13803 and #14142. ok deraadt@ tb@
* Recommend SSL_CTX_add1_chain_cert(3) rather thanschwarze2019-04-091-12/+11
| | | | | | | SSL_CTX_add_extra_chain_cert(3). From Dr. Stephen Henson <steve at openssl dot org> via OpenSSL commit a4339ea3 Jan 3 22:38:03 2014 +0000 which is still under a free license.
* Document SSL_CTX_clear_mode(3) and SSL_clear_mode(3).schwarze2019-04-091-22/+48
| | | | | | | From Kurt Roeckx <kurt at roeckx dot be> via OpenSSL commit 57fd5170 May 13 11:24:11 2018 +0200 which is still under a free license. While here, polish awkward wording and reduce duplication.
* exitting -> exitingtb2019-04-071-1/+1
| | | | From Michael Scovetta, PR #108
* Revert tasn_prn.c r1.18.jsing2019-04-071-6/+2
| | | | | | | | | | | In this code, just because something is cast to a type doesn't mean it is necessarily that type - in this case we cannot check the length of the ASN1_STRING here, since it might be another data type and later handled as an int (for example, in the V_ASN1_BOOLEAN case). We will revisit this post release. ok tb@
* whitespace consistencytb2019-04-051-1/+2
|
* Add SERVER_HELLO_RETRY statetb2019-04-051-1/+7
|
* By design, our state machine is a DAG contrary to the state machine intb2019-04-054-7/+29
| | | | | | | | | | | | the spec. To avoid the obvious loop in the RFC's state machine, we added a CLIENT_HELLO_RETRY state which is a second ClientHello with special rules. There is, however, no state to react to this second client hello. This adds a matching SERVER_HELLO_RETRY state to the handshakes table. This means in particular that the WITH_HRR state cannot be set in tls13_server_hello_recv(), so remove this now dead check. ok jsing
* Import SSL_CTX_add1_chain_cert(3) from OpenSSL branch 1.1.1, which is stillschwarze2019-04-055-17/+264
| | | | | | | | | under a free license, omitting functions we don't have and tweaked by me; the functions were provided by jsing@ in ssl.h rev. 1.166. While here, also document SSL_CTX_get_extra_chain_certs(3) because it is closely related to companion functions are already documented and the API is kind of incomplete without it.
* Zap two dead #defines that were unused since jsing deleted thetb2019-04-051-5/+1
| | | | | | record_type member of the tls13_handshake_action struct. ok jsing
* I forgot to mark some targets as .PHONYtb2019-04-041-1/+5
|
* Implement legacy fallback for the TLS 1.3 client.jsing2019-04-043-8/+87
| | | | | | | If the Server Hello received indicates that the server did not negotiate TLS 1.3, fallback to the original TLS client implementation. ok bcook@, tb@
* Clean up the cipher/digest table mess.jsing2019-04-043-179/+45
| | | | | | | | | | The original implementation allows for libcrypto to be compiled without a given algorithm and libssl then detects that ciphers or digests are unavailable so that it can disable the associated cipher suites. This is unnecessary since we do not compile out algorithms. ok beck@, tb@ (a while back)
* Use correct define.jsing2019-04-041-2/+2
|
* Only assign destlen when src is non-NULL.jsing2019-04-041-3/+4
| | | | This avoids ever having a non-zero len with a NULL pointer.
* Switch to pthread_mutex_init().jsing2019-04-041-3/+5
| | | | | | | While PTHREAD_MUTEX_INITIALIZER can be used on OpenBSD, some other platforms do not like it. Noted by bcook@
* Bump libssl/libtls minors due to symbol addition.jsing2019-04-042-2/+2
|
* Provide SSL chain/cert chain APIs.jsing2019-04-043-2/+161
| | | | | | | | | | | These allow for chains to be managed on a per-certificate basis rather than as a single "extra certificates" list. Note that "chain" in this context does not actually include the leaf certificate however, unlike SSL_CTX_use_certificate_chain_{file,mem}(). Thanks to sthen@ for running this through a bulk ports build. ok beck@ tb@
* This case also needs to be fatal.jsing2019-04-041-1/+2
|
* update root CAs in cert.pem in sync with Mozillasthen2019-04-041-287/+440
| | | | ok millert@
* Avoid some out of bound accesses in aesni_cbc_hmac_sha1_cipher().tb2019-04-031-7/+13
| | | | | | | | | | | | | | | The plen variable can be NO_PAYLOAD_LENGTH == (size_t)-1, so doing tls_aad[plen-4] is no good. Also check that the length of the AAD set via the control interface is equal to 13 since the whole file is written with that case in mind. Note that we no longer use this code in LibreSSL/OpenBSD. We eliminated the use of these control interfaces and stitched cipher modes in libssl a while ago. Problem found by Guido Vranken with his cryptofuzz - thanks! input & ok beck, jsing
* fix broken commentsthen2019-04-021-1/+1
|
* Sort.jsing2019-04-011-3/+3
|
* Make the openssl(1) enc -iter flag actually work.jsing2019-04-011-2/+2
| | | | Diff from Steven Roberts <sroberts at fenderq dot com> - thanks!
* Add a mutex to guard reference counting for tls_config.jsing2019-04-013-4/+16
| | | | | | | | This makes libtls more friendly for multithreaded use - otherwise we can end up with incorrect refcounts and end up freeing when we should not be (or not freeing when we should be). ok beck@
* Implement a print function for BIGNUM_it.jsing2019-04-011-2/+18
| | | | ok beck@, tb@
* Correct the return values from long_print.jsing2019-04-011-2/+5
| | | | | | | BIO_print() returns -1 on failure, whereas the ASN print functions need to return 0. ok beck@, tb@
* Require all ASN1_PRIMITIVE_FUNCS functions to be provided.jsing2019-04-015-26/+42
| | | | | | | | | | | | If an ASN.1 item provides its own ASN1_PRIMITIVE_FUNCS functions, require all functions to be provided (currently excluding prim_clear). This avoids situations such as having a custom allocator that returns a specific struct but then is then printed using the default primative print functions, which interpret the memory as a different struct. Found by oss-fuzz, fixes issue #13799. ok beck@, tb@
* mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sighderaadt2019-04-011-3/+3
|
* Correct subtle bug in sigalgs, only care about curve_nid if we arebeck2019-04-011-4/+4
| | | | | checking the curve. ok jsing@ tb@
* Clean up and simplify the client verify code:jsing2019-03-311-50/+49
| | | | | | | | | | - Be consistent with _len naming. - Use size_t where possible/appropriate. - Group the CBB code. - Use EVP_MAX_MD_SIZE consistently, instead of "magic" values. - Switch GOST to EVP_DigestSign*, making it similar to sigalgs. ok tb@ a while back.
* Wrap long lines and apply some style(9).jsing2019-03-311-7/+10
|
* Use named field initialisers.jsing2019-03-312-16/+18
|
* Use correct capitalization of EC_GROUP_get_curve_GF{2m,p}(3).tb2019-03-291-4/+4
|
* Enable GOST cipher selection test after libssl has been fixed.bluhm2019-03-281-6/+1
|
* Cast nonce bytes to avoid undefined behaviour when left shifting.jsing2019-03-271-3/+3
| | | | | | Reported by oss-fuzz, really fixes issue #13805. ok beck@ tb@
* remove duplicate set key file call. from alf.tedu2019-03-271-3/+1
| | | | ok jsing
* bump to 2.9.1bcook2019-03-271-3/+3
|
* Use limits.h instead of sys/limits.h for portability.jsing2019-03-261-3/+2
| | | | From phrocker via github.
* Update regress following sigalgs changes.jsing2019-03-251-17/+1
|
* Strip out all of the pkey to sigalg and sigalg to pkey linkages.jsing2019-03-255-59/+8
| | | | | | These are no longer used now that we defer signature algorithm selection. ok beck@
* tls1_process_sigalgs() is no longer needed.jsing2019-03-252-57/+2
| | | | ok beck@
* Defer sigalgs selection until the certificate is known.jsing2019-03-259-48/+124
| | | | | | | | | | | | | Previously the signature algorithm was selected when the TLS extension was parsed (or the client received a certificate request), however the actual certificate to be used is not known at this stage. This leads to various problems, including the selection of a signature algorithm that cannot be used with the certificate key size (as found by jeremy@ via ruby regress). Instead, store the signature algorithms list and only select a signature algorithm when we're ready to do signature generation. Joint work with beck@.
* Rework ssl_ctx_use_certificate_chain_bio() to use the CERT_PKEY chain.jsing2019-03-251-46/+26
| | | | | | | | | | This means that any additional CA certificates end up on the per certificate chain, rather than the single/shared extra_certs. Also simplify this code and in particular, avoid setting the return value to indicate success until we've actually succeeded. ok beck@ tb@
* Remove ssl_get_server_send_cert() which is now unused.jsing2019-03-252-14/+2
| | | | ok beck@ tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-15 21:32:07 +0000