summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Change various ALPN related internal struct memberstb2022-07-201-6/+6
| | | | | | | | Change alpn_client_proto_list and alpn_selected from unsigned char * to uint8_t and change alpn_client_proto_list_len to be a size_t instead of an unsigned int. ok jsing
* Factor out ALPN extension format checktb2022-07-202-14/+27
| | | | | | | | The ALPN extension must contain a non-empty list of protocol names. Split a check of this out of tlsext_alpn_server_parse() so that it can be reused elsewhere in the library. ok jsing
* Remove tls_buffer_set_data() and remove/revise callers.jsing2022-07-206-34/+14
| | | | | | | | | | | | | There is no way that tls_buffer_set_data() can currently work in conjunction with tls_buffer_expand(). This fact is currently hidden by the way that PHH works, which reads the same data from the record layer (which it needs to do anyway, since we may not have all of the handshake message in a single record). Since this is broken, mop it up and change the PHH callback to not provide the record data. ok beck@ tb@
* Correct server-side handling of TLSv1.3 key updates.jsing2022-07-201-20/+30
| | | | | | | | The existing code updates the correct secret, however then sets it for the wrong direction. Fix this, while untangling the code and consistenly using 'read' and 'write' rather than 'local' and 'peer'. ok beck@ tb@
* zap trailing spacestb2022-07-191-2/+2
|
* fix indenttb2022-07-191-2/+2
|
* Regenerate golden numbers due to RC4-MD5 now being disabled by default.tb2022-07-191-61/+58
|
* Disallow MD5 and SHA-1 HMACs depending on the security leveltb2022-07-191-2/+11
| | | | | | | | Ciphers using an MD5 HMAC are not allowed on security levels >= 1 and using a SHA-1 HMAC is disallowed on security levels >= 4. This disables RC4-MD5 by default. ok jsing
* Avoid unnecessary loops in BN_generate_prime_ex()tb2022-07-191-4/+6
| | | | | | | | | Since there is nothing randomized in bn_is_prime_bpsw(), the concept of rounds makes no sense. Apply a minimal change for now that avoids expensive loops that won't change the outcome in case we found a probable prime. ok jsing
* Document -tls1_{1,2,3} in openssl cipherstb2022-07-191-2/+11
| | | | ok jsing
* Allow displaying ciphers according to protocol versiontb2022-07-191-4/+39
| | | | | | | | | Instead of only using the default client method, allow selecting a specific protocol version and display the supported ciphers accordingly. This removes the noop status of -tls1 and adds -tls1_{1,2,3} as in other commands. ok jsing
* Revert accidental committb2022-07-181-2/+2
|
* Add comments to explain the magic numbers 57 and 58tb2022-07-182-3/+6
|
* Avoid sending the QUIC transport parameters extension now that wetb2022-07-181-4/+4
| | | | | | send an unsupported extension alert. Noted by anton
* Handle X509_check_purpose(3) and EVP_get_digestbyobj(3)kn2022-07-171-2/+5
| | | | OK tb
* Add initial support for ESSCertIDv2 verificationkn2022-07-171-19/+99
| | | | | | | | | Based on OpenSSL commit f0ef20bf386b5c37ba5a4ce5c1de9a819bbeffb2 "Added support for ESSCertIDv2". This makes TS validation work in the new security/libdigidocpp port. Input OK tb
* Disable TLSv1.3 middlebox compatibility mode for QUIC connections.jsing2022-07-171-2/+3
| | | | | | This is required by RFC 9001. ok tb@
* Pass SSL pointer to tls13_ctx_new().jsing2022-07-173-15/+11
| | | | | | | | struct tls13_ctx already knows about SSL's and this way tls13_ctx_new() can set up various pointers, rather than duplicating this in tls13_legacy_accept() and tls13_legacy_connect(). ok tb@
* Revise regress for QUIC transport parameters TLS extension.jsing2022-07-171-15/+32
|
* Correct handling of QUIC transport parameters extension.jsing2022-07-171-48/+16
| | | | | | | | | | | Remove duplicate U16 length prefix, since tlsext_build() already adds this for us. Condition on SSL_is_quic() rather than TLS version - RFC 9001 is clear that this extension is only permitted on QUIC transport and an fatal unsupported extension alert is required if used elsewhere. Additionally, at the point where extensions are parsed, we do not necessarily know what TLS version has been negotiated. ok beck@ tb@
* Provide SSL_is_quic()jsing2022-07-173-5/+14
| | | | | | | | This function will allow code to know if the SSL connection is configured for use with QUIC or not. Also move existing SSL_.*quic.* functions under LIBRESSL_HAS_QUIC to prevent exposing them prematurely. ok beck@ tb@
* Correct TLSEXT_TYPE_quic_transport_parameters message types.jsing2022-07-171-2/+2
| | | | | | | Per RFC 9001, TLSEXT_TYPE_quic_transport_parameters may only appear in ClientHello and EncryptedExtensions (not ServerHello). ok beck@ tb@
* Correct value for TLSEXT_TYPE_quic_transport_parametersjsing2022-07-171-4/+6
| | | | | | | | Use the correct value for TLSEXT_TYPE_quic_transport_parameters according to RFC 9001 section 8.2. Also move the define under LIBRESSL_HAS_QUIC to avoid things finding it prematurely. ok beck@ tb@
* AESCGM -> AESGCMjsg2022-07-171-4/+4
|
* Add ESSCertIDv2 stack macroskn2022-07-161-1/+25
| | | | | | | | Copy existing ESSCertID macros and s/_ID/&_V2/g. Guard the new code under LIBRESSL_INTERNAL to defer visibility. OK tb
* Add ESSCertIDv2 ASN.1 boilerplatekn2022-07-162-2/+170
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and minor library bump (thanks tb). ts/ts.h bits from RFC 5035 Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility ts/ts_asn1.c bits expanded from ASN1_SEQUENCE(ESS_CERT_ID_V2) = { ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2) IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2) ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) } static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2) Feedback OK tb
* Add NID for signingCertificateV2kn2022-07-162-0/+2
| | | | | | https://oidref.com/1.2.840.113549.1.9.16.2.47 OK tb
* Avoid direct X509 structure accesskn2022-07-162-12/+12
| | | | | | | Cherry-picked from OpenSSL commit a8d8e06b0ac06c421fd11cc1772126dcb98f79ae. This reduces upcoming TS changes. OK jsing tb
* Zap duplicate ERR_load_TS_strings() prototypekn2022-07-161-3/+1
| | | | | | It's defined again (more appropiately) further down above the error codes. OK jsing tb
* Revert previous. The added includes were already there. Duh.tb2022-07-161-4/+1
|
* Expand the comment explaining the for loop with bn_lucas_step() a bit.tb2022-07-151-3/+3
|
* Comment for factorization of n - 1 = k * 2^s in bn_miller_rabin_base_2()tb2022-07-151-1/+2
|
* Rename is_perfect_square to out_perfect in prototype to matchtb2022-07-151-2/+2
| | | | the code in bn_isqrt.c.
* Zap trailing whitespacetb2022-07-141-4/+4
|
* Suppress output of the deprecated -tls1 option in usage() and helptb2022-07-141-3/+2
| | | | | | output. The option wasn't documented in the manpage. pointed out by jsing
* Switch to using TLS_client_method()tb2022-07-141-2/+2
| | | | | | | | | Apparently, TLSv1_client_method() is used for historical reasons. This behavior is no longer helpful if we want to know what ciphers a TLS connection could use. This could change again after further investigation of what the behavior should be... ok beck jsing
* Only run the client connection test with supported ciphers. Avoids testtb2022-07-141-2/+2
| | | | breakage also noted by anton.
* Document openssl ciphers -stb2022-07-141-3/+5
| | | | ok beck jsing
* Add -s option to openssl cipherstb2022-07-141-4/+20
| | | | | | | With this option, the command only shows the ciphers supported by the SSL method. ok beck jsing
* add .Xr links to SSL_CTX_set_security_level(3)schwarze2022-07-135-15/+20
|
* add a few .Xr links to new manual pagesschwarze2022-07-1311-24/+36
|
* In dsa.h rev. 1.34 (14 Jan 2022), tb@ provided DSA_bits(3).schwarze2022-07-131-10/+51
| | | | | | | Document it from scratch. While here, merge a few details from the OpenSSL 1.1.1 branch, which is still under a free license, into the documentation of DSA_size(3).
* In x509_vfy.h rev. 1.54, tb@ provided X509_VERIFY_PARAM_get_time(3)schwarze2022-07-131-3/+44
| | | | | | and X509_VERIFY_PARAM_set_auth_level(3). Document them. For the latter, i included a few sentences from the OpenSSL 1.1.1 branch, which is still under a free license.
* link three new manual pages to the buildschwarze2022-07-131-1/+4
|
* Start documenting our new pet octopus, SSL_CTX_set_security_level(3).schwarze2022-07-132-1/+161
| | | | | | | Or should we call it a centipede? Feedback and OK on a previous version from jsing@ and from our chief myriapodologist, tb@.
* Cast int64_t to uint64_t before negating.jsing2022-07-131-3/+7
| | | | | | | | | Avoid undefined behaviour/integer overflow by casting an int64_t to uint64_t before negating. Fixes oss-fuzz #49043 ok tb@
* Write documentation for EVP_PKEY_check(3), EVP_PKEY_public_check(3),schwarze2022-07-135-44/+504
| | | | | | | | | | | | EVP_PKEY_param_check(3), and EVP_PKEY_security_bits(3) from scratch. Move the documentation of EVP_PKEY_size(3) and EVP_PKEY_bits(3) to the new manual page EVP_PKEY_size(3). Merge the documentation of the related function pointers from the OpenSSL 1.1.1 branch, which is still under a free license. OK tb@ on the new page EVP_PKEY_size(3).
* Simplify computation of max_pub_key = dh->p - 1.tb2022-07-131-4/+2
| | | | ok jsing
* New manual page written from scratch;schwarze2022-07-131-0/+137
| | | | | tb@ recently added these functions to libcrypto and also provided feedback on my first draft of this page.
* Remove #ifndef around the definition of OPENSSL_TLS_SECURITY_LEVEL.tb2022-07-131-3/+1
| | | | | | | | We do not intend to make this a compile-time option. Reminded by schwarze who asked about it ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-30 05:53:14 +0000