summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Enable TLSv1.3 for the generic TLS_method().jsing2020-07-072-5/+52
| | | | | | This can be done now that we have both TLSv1.3 client and server. ok beck@ inoguchi@ tb@
* Add support for timeconting in userland.pirofti2020-07-066-6/+146
| | | | | | | | | | | | | | | | | | | | | | | | | | This diff exposes parts of clock_gettime(2) and gettimeofday(2) to userland via libc eliberating processes from the need for a context switch everytime they want to count the passage of time. If a timecounter clock can be exposed to userland than it needs to set its tc_user member to a non-zero value. Tested with one or multiple counters per architecture. The timing data is shared through a pointer found in the new ELF auxiliary vector AUX_openbsd_timekeep containing timehands information that is frequently updated by the kernel. Timing differences between the last kernel update and the current time are adjusted in userland by the tc_get_timecount() function inside the MD usertc.c file. This permits a much more responsive environment, quite visible in browsers, office programs and gaming (apparently one is are able to fly in Minecraft now). Tested by robert@, sthen@, naddy@, kmos@, phessler@, and many others! OK from at least kettenis@, cheloha@, naddy@, sthen@
* Add a missing circular_init() call in the TLS ordering test.jsing2020-07-041-1/+3
| | | | | | | This makes the regress work correctly again - this was previously masked by the fact that tls_close() (and hence SSL_shutdown()) was draining the circular buffer, whereas now we're leaving data behind from a previous test, resulting in the ordering test failing.
* zap trailing whitespace on one linetb2020-07-031-2/+2
|
* tlsexttest: pass message type to the extension functionstb2020-07-031-144/+144
| | | | ok beck jsing
* Make the message type available to the extension functionstb2020-07-032-167/+181
| | | | | | | | | | | | | | Some TLS extensions need to be treated differently depending on the handshake message they appear in. Over time, various workarounds and hacks were used to deal with the unavailability of the message type in these functions, but this is getting fragile and unwieldy. Having the message type available will enable us to clean this code up and will allow simple fixes for a number of bugs in our handling of the status_request extension reported by Michael Forney. This approach was suggested a while ago by jsing. ok beck jsing
* adjust alpn extension test to new argument ordertb2020-07-031-3/+3
|
* adjust tlsexttest to new argument ordertb2020-07-031-5/+5
|
* Improve argument order for the internal tlsext APItb2020-07-038-39/+39
| | | | | | | | Move is_server and msg_type right after the SSL object so that CBS and CBB and alert come last. This brings these functions more in line with other internal functions and separates state from data. requested by jsing
* Disable assembly code for powerpc64; more work is needed to make it work.kettenis2020-06-291-8/+9
|
* Switch back to bn_mul_mont_int since the bn_mul_mont_fpu64 code isn'tkettenis2020-06-281-3/+3
| | | | | hooked up and the lack of a bn_mul_mont_int implementation results in undefined references.
* Provide an optimized implementation of ffs(3) in libc onnaddy2020-06-263-2/+26
| | | | | | aarch64/powerpc/powerpc64, making use of the count leading zeros instruction. Also add a brief regression test. ok deraadt@ kettenis@
* Accidentally doubled these files on first commit. Correcting.drahn2020-06-262-194/+1
|
* Switch the order of the two tests in tls13_client_hello_required_extensionstb2020-06-251-9/+9
| | | | to match the order they are listed in the RFC. No functional change.
* Intial attempt at powerpc64 libcrypto pieces.drahn2020-06-252-0/+386
| | | | just commit this kettenis@
* Properly document the return values of EVP_PKEY_base_id(3)schwarze2020-06-244-70/+152
| | | | | | | | and EVP_PKEY_id(3), then describe the "type" parameters of various functions more precisely referencing that information. In particular, document X509_get_signature_type(3) which was so far missing. OK tb@
* use n-bit <noun> consistently; ok schwarze for the principal of the idea,jmc2020-06-246-28/+28
| | | | and for flagging which pages to check;
* Make tls13_legacy_shutdown() match ssl3_shutdown() semantics.jsing2020-06-241-21/+22
| | | | | | | | | | | | | When first called, queue and send a close notify, before returning 0 or 1 to indicate if a close notify has already been received from the peer. If called again only attempt to read a close notify if there is no pending application data and only read one record from the wire. In particular, this avoids continuing to read application data where the peer continues to send application data. Issue noted by naddy@ with ftp(1). ok jca@ tb@
* new manual page ChaCha(3);schwarze2020-06-243-2/+257
| | | | OK tb@
* new manual page CMAC_Init(3);schwarze2020-06-245-7/+298
| | | | OK tb@
* Document eight additional pre-OpenSSL-1.1 accessor functions that areschwarze2020-06-241-21/+122
| | | | | | | | | | still widely used according to code searches on the web, so people reading existing code will occasionally want to look them up. While here, correct the return type of X509_CRL_get0_lastUpdate(3) and X509_CRL_get0_nextUpdate(3), which return const pointers. Also, add some precision regarding RETURN VALUES.
* enable test-tls13-keyshare-omitted.pytb2020-06-241-5/+2
|
* Enforce restrictions for ClientHello extensionstb2020-06-241-1/+44
| | | | | | | | | | | | | | | RFC 8446 section 9.2 imposes some requirements on the extensions sent in the ClientHello: key_share and supported_groups must either both be present or both be absent. If no pre_shared_key was sent, the CH must contain both signature_algorithms and supported_groups. If either of these conditions is violated, servers must abort the handshake with a missing_extensions alert. Add a function that enforces this. If we are going to enforce that clients send an SNI, we can also do this in this function. Fixes failing test case in tlsfuzzer's test-tls13-keyshare-omitted.py ok beck inoguchi jsing
* Add test-ffdhe-expected-params.pytb2020-06-241-1/+2
|
* Enable lucky 13 test.tb2020-06-191-5/+2
|
* We inherited the constant time CBC padding removal from BoringSSL, buttb2020-06-191-4/+4
| | | | | | | | | | | missed a subsequent fix for an off-by-one in that code. If the first byte of a CBC padding of length 255 is mangled, we don't detect that. Adam Langley's BoringSSL commit 80842bdb44855dd7f1dde64a3fa9f4e782310fc7 Fixes the failing tlsfuzzer lucky 13 test case. ok beck inoguchi
* mark the functions documented in des_read_pw(3) as deprecatedschwarze2020-06-192-6/+11
| | | | | and point to UI_UTIL_read_pw(3) instead; tb@ agrees with the general direction
* document X509_get0_pubkey_bitstr(3),schwarze2020-06-191-5/+81
| | | | | | correct the description of X509_get_X509_PUBKEY(3), document error handling of the read accessors, and mention the relevant STANDARDS
* document error handling of X509_PUBKEY_get0(3) and X509_PUBKEY_get(3)schwarze2020-06-191-3/+52
|
* Merge documentation of X509_get0_serialNumber(3) from OpenSSL-1.1.1schwarze2020-06-191-4/+19
| | | | which is still under a free license. Wording tweaked by me.
* Document EVP_read_pw_string_min(3)tb2020-06-151-6/+44
| | | | | | | Add detailed information on the return values of all the functions in this page and remove the previous incorrect information. tweaks & ok schwarze
* Document PEM_def_callback(3).schwarze2020-06-153-106/+158
| | | | | | | Move pem_password_cb(3) to the file PEM_read(3) and rewrite its description from scratch for precision and conciseness. Plus some minor improvements in the vicinity. Tweaks and OK tb@.
* add my Copyright and license, which i forgot when adding a significantschwarze2020-06-121-3/+20
| | | | amount of text, the ERRORS section, in the previous commit
* add a comment saying that name_cmp() is intentionally undocumented;schwarze2020-06-121-2/+5
| | | | tb@ agrees that it should not be part of the public API
* document PEM_ASN1_read(3) and PEM_ASN1_read_bio(3);schwarze2020-06-125-7/+236
| | | | tweaks and OK tb@
* wording tweaks from ross l richardson and tb;jmc2020-06-111-6/+6
| | | | ok tb
* Add lucky13 and bleichenbacher-timing teststb2020-06-101-1/+7
|
* document PKCS7_get_signer_info(3)schwarze2020-06-105-8/+75
|
* describe six more PKCS7 attribute functionsschwarze2020-06-101-14/+208
|
* The check_includes step is incorrect dependency management model forderaadt2020-06-093-33/+3
| | | | | | how our tree gets built. If this was done in all the libraries (imagine sys/dev), it would disrupt the development process hugely. So it should not be done here either. use 'make includes' by hand instead.
* Implement a rolling hash of the ClientHello message, Enforce RFC 8446beck2020-06-067-9/+181
| | | | | | | | section 4.1.2 to ensure subsequent ClientHello messages after a HelloRetryRequest messages must be unchanged from the initial ClientHello. ok tb@ jsing@
* Add a custom copy handler for AES key wraptb2020-06-051-5/+31
| | | | | | | | | | | | | This is necessary because ctx->cipher_data is an EVP_AES_WRAP_CTX containing a pointer to ctx->iv. EVP_CIPHER_CTX_copy() uses memcpy to copy cipher_data to the target struct. The result is that the copy contains a pointer to the wrong struct, which then leads to a use-after-free. The custom copy handler fixes things up to avoid that. Issue reported by Guido Vranken ok beck inoguchi jsing
* Use IANA allocated GOST ClientCertificateTypes.jsing2020-06-053-9/+15
| | | | | | | | | | | IANA has allocated numbers for GOST ClientCertificateType. Use them in addition to private values (left in place for compatibility). Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux ok inoguchi@ tb@
* Stop sending GOST R 34.10-94 as a CertificateType.jsing2020-06-051-3/+1
| | | | | | | | | | | | GOST R 34.10-94 is an obsolete certificate type, unsupported by LibreSSL and by the rest of current software, so there is no point in sending in the CertificateTypes. Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux ok inoguchi@ tb@
* Handle GOST in ssl_cert_dup().jsing2020-06-051-1/+5
| | | | | | | | | | Add missing case entry for SSL_PKEY_GOST01. Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux ok inoguchi@ tb@
* Enable GOST_SIG_FORMAT_RS_LE when verifying certificate signatures.jsing2020-06-052-2/+15
| | | | | | | | | | | | | | GOST cipher suites requires that CertVerify signatures be generated in a special way (see ssl3_send_client_kex_gost(), ssl3_get_cert_verify()). However, the GOST_SIG_FORMAT_RS_LE flag was not passed in case of TLS 1.2 connections (because they use different code path). Set this flag on GOST PKEYs. Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux ok inoguchi@ tb@
* Allow GOST R 34.11-2012 in PBE/PBKDF2/PKCS#5.jsing2020-06-051-1/+3
| | | | | | | | Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux ok inoguchi@ tb@
* Add OIDs for HMAC using Streebog (GOST R 34.11-2012) hash function.jsing2020-06-052-0/+4
| | | | | | | | Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux ok inoguchi@ tb@
* Add a few more errors to help debugging.jsing2020-06-051-6/+16
| | | | | | | | Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux. ok inoguchi@ tb@
* Add support for additional GOST curves.jsing2020-06-054-12/+182
| | | | | | | | | | | | | These GOST curves are defined in RFC 7836 and draft-deremin-rfc4491-bis. Add aliases for 256-bit GOST curves (see draft-smyshlyaev-tls12-gost-suites) and rename the 512-bit curve ids to follow names defined in tc26 OID registry. Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux. ok inoguchi@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-30 05:52:57 +0000