| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
Use a bad_record_mac alert instead.
Found with tlsfuzzer's ChaCha20 test.
ok beck inoguchi jsing
|
| |
|
|
|
|
|
| |
messages must terminate the connection with a decrypt_error alert, so
replace the use of the deprecated decryption_failed alert accordingly.
ok beck inoguchi jsing
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
Also consolidate it into the one place, since there is no reason to write
the epoch and sequence out later.
ok inoguchi@ tb@
|
| |
|
|
|
|
| |
comments to their correct places.
ok inoguchi@ tb@
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
| |
Allow semantic lookup by manually tagging sections (.Sh) for which no
automatic tagging has been implemented; this thereby also eliminates false
positives such that ":tx509<Enter>" now jumps to the X509 section.
feedback remi inoguchi schwarze
OK tb
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When empty fragments were added as a countermeasure against chosen
plaintext attacks on CBC, it was done by adding a recursive call to
do_ssl3_write(). This makes the code more complex and difficult to change.
Split the record creation code into a separate ssl3_create_record()
function, which do_ssl3_write() calls. In the case where an empty fragment
is needed, ssl3_create_record() is simply called twice, removing the need
for recursion.
ok inoguchi@ tb@
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
| |
ok and suggestion jmc@
|
| |
|
|
|
|
|
|
| |
There was no limitation for the length of openssl conf value.
This brings possibility of out-of-memory problem as oss-fuzz had detected.
This diff restricts the length of conf value up to 64k.
ok jsing@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Also stop using version pinned methods, instead setting the min and max
protocol versions.
Requested by inoguchi@
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It is currently possible for key_share to be NULL when a TLS client
receives a keyshare extension. However, for this to occur the client has
to be doing TLS 1.2 or earlier, which means that it was invalid for the
server to send the extension. As such, check for NULL and treat it as an
invalid extension.
Found by oss-fuzz (#20741 and #20745).
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
Changed to use local variable to hold malloc address rather than directly
set to S3I(s)->tmp.x25519, and set that private_key pointer to
S3I(s)->tmp.x25519 after all the "goto err;".
Also added freezero for S3I(s)->tmp.x25519 to ssl3_free() and ssl3_clear().
ok jsing@ tb@
|
| |
|
|
|
|
| |
separate file.
Discussed with beck@ and tb@
|
| | |
|
| |
|
|
|
|
| |
when <unistd.h> is included;
patch from Jan Stary <hans at stare dot cz>;
OK millert
|
| |
|
|
| |
similar to what deraadt@ recently did in other manual pages.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Starting from "Combined Table of Contents" in Doug McIlroy's
"A Research UNIX Reader" a table of which edition manuals appeared in.
Checked against manuals from bitsavers/TUHS and source from TUHS where
available.
Ingo points out there are cases where something is included but not
documented until a later release.
bcd(6) v6 v7
printf(3) v2 v4
abort(3) v5 v6
system(3) v6 v7
fmod(3) v5 v6
ok schwarze@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
| |
While we do not currently do session resumption, just return the
TLS_client_method() or TLS_server_method() when asked for a method that
does TLSv1.3.
ok tb@ (who also arrived at the same diff)
|
| |
|
|
|
|
|
|
|
| |
In the case of a hello retry request, we need to replace the client hello
with a synthetic handshake message, switch key share to that selected by
the server, build and send a new client hello, then process the resulting
server hello.
ok tb@
|
| |
|
|
|
|
|
|
| |
In a hello retry request the server will only send the selected group and
not actually provide a key exchange. In this case we need to store the
server selected group for further processing.
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use flags to signal the need to switch to the legacy client and to identify
a hello retry request. This allows the caller to take appropriate action,
rather than trying to do this in the parsing/processing code.
Split the key deriviation and record protection engagement code into a
separate function, both for readability and reuse.
Change handshake states outside of the processing code.
ok tb@
|
| |
|
|
|
|
|
| |
This got added to the wrong functions (server side, not client) - swap the
now unimplemented send/recv functions between client and server.
ok tb@
|
| |
|
|
|
|
| |
mangling.
ok tb@
|
| |
|
|
|
|
| |
This is soon going to be used in the TLSv1.3 client code.
ok tb@
|
| |
|
|
|
|
| |
their own CBS as a preparation for upcoming HRR diffs.
ok jsing
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
| |
Unlike TLSv1.2 there is only a single hash in use, hence as soon as we
know what the hash is and have initialised the transcript hash, we can
free the transcript buffers.
ok inoguchi@ tb@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Even if we're not processing/using the peer public key from the key share,
we still need to unpack it in order to parse the TLS extension correctly.
Resolves issues with TLSv1.3 clients talking to TLSv1.2 server.
ok tb@
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Pull out the key share handling code and provide a clean/self contained
interface. This will make it easier to support groups other than X25519.
ok beck@ inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
| |
This reduces replication between the existing TLS client/server and allows
the code to soon be reused for TLSv1.3.
With feedback from inoguchi@ and tb@
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
| |
Note that the last test triggers a kernel bug related to waitpid(9) and
ptraced processes. This is now visible thanks to recent make(1) changes.
guenther@ suggests to look at the logic behind `p_orphan' in FreeBSD to
fix this bug.
|
| | |
|
| |
|
|
|
|
|
|
| |
on the error stack, refrain from pushing an 'unknown' error on the stack.
This should allow libcrypto errors (including bio) to be visible, where we
have nothing better to offer.
ok tb@
|
| |
|
|
|
|
| |
and used version is in tls13_server.c.
ok inoguchi jsing
|
| |
|
|
|
| |
4672ff74d68766e7785c2cac4c597effccef2c5c have a zero byte prepended.
Run the secp224k1 ECDH tests and adjust this if needed.
|
| |
|
|
| |
will attempt again later, now that there is new regress
|
| |
|
|
| |
ok jsing@
|
