summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Only hash known CH extensionstb2021-04-221-5/+5
| | | | | | | | | | | | | RFC 4.1.2 specifies the ways in which the extensions in the first and the second ClientHello may differ. It basically says that extensions not known to a server must not change. This in turn makes it impossible to introduce new extensions that do change. It makes little sense to enforce that extensions we don't know and care about aren't modified, so make the hashing more lenient and restrict it to the extensions we do care about. Arguably, enforcing no change in an unknown extension is incompatible with the requirement that it be ignored. ok bcook jsing
* Add a test that roundtrips a bunch of points on all builtin curvestb2021-04-212-6/+268
| | | | | via point2oct and oct2point and that checks the corner case in hybrid encoding that was fixed in ec2_oct.c r1.13.
* Clean up TLSv1.2 certificate request handshake data.jsing2021-04-215-43/+27
| | | | | | | | | | Currently cert_req is used by clients and cert_request is used by servers. Replace this by a single cert_request used by either client or server. Remove the certificate types as they are currently unused. This also fixes a bug whereby if the number of certificate types exceeds SSL3_CT_NUMBER the number of bytes read in is insufficient, which will break decoding. ok inoguchi@ tb@
* Fix const in previous. Pointed out by asoutb2021-04-211-5/+5
|
* Fix indent of EC_METHODs as requested by jsing.tb2021-04-206-192/+192
| | | | While there zap trailing whitespace from a KNF approximation gone wrong.
* Adjust ectest.c for set_compressed_coordinatestb2021-04-201-9/+9
|
* Compare pointer against NULL and fix a KNF issue.tb2021-04-201-3/+3
| | | | ok jsing
* Prepare to provide EC_POINT_set_compressed_coordinatestb2021-04-205-57/+41
| | | | ok jsing
* Adjust ectest.c for get_Jprojective coordinate changetb2021-04-201-2/+2
|
* Compare function pointers against NULL, not 0.tb2021-04-201-3/+3
| | | | ok jsing
* Provide EC_POINT_{g,s}et_Jprojective_coordinates for internal usetb2021-04-2010-77/+97
| | | | ok jsing
* Simplify code after adding EC_POINT_{s,g}et_affine_coordinates()tb2021-04-203-73/+18
| | | | ok jsing
* Adjust ecdhtest.c for affine_coordinates changetb2021-04-202-7/+7
|
* Adjust ectest.c for affine_coordinates changetb2021-04-201-17/+17
|
* Compare function pointers against NULL, not 0.tb2021-04-201-3/+3
| | | | ok jsing
* Prepare to provide EC_POINT_{g,s}et_affine_coordinatestb2021-04-2018-92/+90
| | | | | | Similar to part of OpenSSL commit 8e3cced75fb5fee5da59ebef9605d403a999391b ok jsing
* Simplify after EC_POINT_get_curve() additiontb2021-04-202-30/+8
| | | | ok jsing
* Adjust ectest.c for EC_GROUP_{g,s}et_curve changetb2021-04-202-15/+15
|
* Add prototypes for EC_GROUP_get_curve_{GF2m,GFp}().tb2021-04-201-1/+6
| | | | These will be removed once EC_GROUP_get_curve() is public.
* Compare function pointers against NULL, not 0.tb2021-04-201-3/+3
| | | | ok jsing
* Prepare to provide EC_GROUP_{get,set}_curve(3)tb2021-04-206-41/+51
| | | | | | | | | | | | | There are numerous functions in ec/ that exist with _GF2m and _GFp variants for no good reason. The code of both variants is the same. The EC_METHODs contain a pointer to the appropriate version. This commit hides the _GF2m and _GFp variants from internal use and provides versions that work for both curve types. These will be made public in an upcoming library bump. Similar to part of OpenSSL commit 8e3cced75fb5fee5da59ebef9605d403a999391b ok jsing
* Remove new_sym_enc and new_aead.jsing2021-04-193-10/+19
| | | | | | | These can be replaced with accessors that allow this information to be retrieved from the new record layer. ok inoguchi@ tb@
* Avoid division by zero in hybrid point encodingtb2021-04-191-17/+49
| | | | | | | | | | | | | | | In hybrid and compressed point encodings, the form octet contains a bit of information allowing to calculate y from x. For a point on a binary curve, this bit is zero if x is zero, otherwise it must match the rightmost bit of of the field element y / x. The existing code only considers the second possibility. It could thus fail with a division by zero error as found by Guido Vranken's cryptofuzz. This commit adds a few explanatory comments to oct2point and fixes some KNF issues. The only actual code change is in the last hunk which adds a BN_is_zero(x) check to avoid the division by zero. ok jsing
* Move new_mac_secret_size into the TLSv1.2 handshake struct.jsing2021-04-192-5/+7
| | | | | | Drop the 'new_' prefix in the process. ok inoguchi@ tb@
* Move reuse_message, message_type, message_size and cert_verify into thejsing2021-04-196-59/+62
| | | | | | TLSv1.2 handshake struct. ok inoguchi@ tb@
* Set alpn_selected_len to zero when freeing alpn_selected.jsing2021-04-191-1/+2
| | | | | | | This is not strictly necessary since we proceed to zero the entire struct, however it keeps the code consistent and easily auditable. ok tb@
* The powerpc64 ELFv2 ABI explicitly states that exception enable bitskettenis2021-04-191-1/+9
| | | | | | | and rounding control bits are not restored by longjmp(3). So expect the some failures on that platform. ok bluhm@
* mention DTLS1_2_VERSIONtb2021-04-151-3/+4
|
* Mention DTLS1_2_VERSION here, tootb2021-04-151-6/+8
|
* Document SSL_OP_NO_DTLSv1{,_2}tb2021-04-151-2/+15
|
* Document DTLSv1_2_{,client_,server_}method(3)tb2021-04-151-4/+36
|
* Merge documentation for SSL_is_dtls() from OpenSSLtb2021-04-151-5/+21
|
* Switch back to the legacy verifier for the release.tb2021-04-151-2/+2
| | | | | | | | | | | This is disappointing as a lot of work was put into the new verifier during this cycle. However, there are still too many known bugs and incompatibilities. It is better to be faced with known broken behavior than with new broken behavior and to switch now rather than via errata. This way we have another cycle to iron out the kinks and to fix some of the remaining bugs. ok jsing
* revert previous. some of the keyupdate tests still fail occasionallytb2021-04-141-2/+11
|
* Enable test-tls13-keyupdate.pytb2021-04-141-9/+2
|
* move test-record-size-limit.py to unsupportedtb2021-04-141-4/+3
|
* enable test-record-layer-fragmentation.pytb2021-04-141-7/+2
|
* factor argument to catch an alert mismatch into a helper functiontb2021-04-141-7/+8
|
* enable test-tlsfuzzer-invalid-compression-methods.pytb2021-04-131-5/+10
|
* enable test-large-hello.py as a slow testtb2021-04-131-3/+2
|
* with new defaults, test-fuzzed-plaintext.py is no longer slowtb2021-04-131-3/+2
|
* move a few tests to the unsupported group and fix two commentstb2021-04-131-15/+15
|
* annotate test-ecdhe-rsa-key-exchange-with-bad-messages.py with expectedtb2021-04-131-2/+3
| | | | alerts and where to add them.
* Update a stale comment and fix a typo.tb2021-04-111-3/+3
|
* An extra internal consistency check and a missing stats adjustment. ok tb@otto2021-04-091-1/+4
|
* Cache implementation has changed, we do not hold on to an exact numberotto2021-04-091-3/+4
| | | | of pages anymore, but also cache larger regions; ok tb@
* Enable test-cve-2016-6309.pytb2021-04-081-3/+2
|
* Avoid clobbering the error code when sending an alerttb2021-04-071-2/+3
| | | | | | | | | | | | In order to fail gracefully on encountering a self-signed cert, curl looks at the top-most error on the stack and needs specific SSL_R_ error codes. This mechanism was broken when the tls13_alert_sent_cb() was added after people complained about unhelpful unknown errors. Fix this by only setting the error code from a fatal alert if no error has been set previously. Issue reported by Christopher Reid ok jsing
* Use ERR_print_error_fp() to avoid leaking a BIO in fatal()tb2021-04-071-2/+2
|
* Check function return value in openssl(1) x509.cinoguchi2021-04-071-24/+71
| | | | input from bcook@, ok and comments from tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 22:17:41 +0000