summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* zap last remains of malloc.conf; prompted by and ok jmc@otto2018-11-081-6/+6
|
* Use in-place (un)wrapping in the keywrap tests.tb2018-11-071-5/+8
|
* Add in key_schedule regress tests to regress buildbeck2018-11-071-1/+2
|
* Add a self test for each SSL library by connecting client withbluhm2018-11-075-23/+88
| | | | | | server. Check that the highest available TLS version is selected. LibreSSL TLS 1.3 check is disabled until the feature becomes available.
* Add initial TLS 1.3 key schedule support with basic regress testsbeck2018-11-075-2/+685
| | | | ok jsing@ tb@
* Add interop test with OpenSSL 1.1. TLS 1.3 should be used automaticallybluhm2018-11-075-10/+55
| | | | | when it becomes available in LibreSSL. thanks to sthen@ for the new OpenSSL port
* Use memmove() instead of memcpy() to get rid of the need fortb2018-11-071-3/+3
| | | | | | | | | non-overlapping *in and *out buffers as we're already implementing the "in place (un)wrapping" algorithms as given in RFC 3394. This removes a gratuitous API difference to OpenSSLin these undocumented functions. Found while working on wycheproof regress tests. ok beck jsing
* Print SSLeay, OpenSSL, and LibreSSL version strings. Make clientbluhm2018-11-077-12/+71
| | | | | and server compile with OpenSSL 1.1. Check runtime version string of SSL library.
* Add TLSv1.3 cipher suites (with appropriate guards).jsing2018-11-076-9/+100
| | | | ok beck@ tb@
* +interopbluhm2018-11-071-1/+2
|
* Test TLS interoperability between LibreSSL and OpenSSL.bluhm2018-11-0710-0/+549
| | | | | | | | | | | | Implement simple SSL client and server in C. Create four binaries by linking them with LibreSSL or OpenSSL. This way API compatibility is tested. Connect and accept with netcat to test protocol compatibility with libtls. Currently OpenSSL 1.0.2p from ports is used. Plan is to move to OpenSSL 1.1 and and test TLS 1.3. idea from beck@; help from jsing@
* Add TLS extension type values for TLSv1.3 (under guards).jsing2018-11-061-2/+16
| | | | ok tb@
* Use TLS_CA_CERT_FILE instead of a separate define.jsing2018-11-062-7/+4
| | | | ok beck@ bluhm@ tb@
* Define TLS_CA_CERT_FILE rather than having every application create theirjsing2018-11-063-6/+6
| | | | | | own define for /etc/ssl/cert.pem. ok beck@ bluhm@ tb@
* better failure printing, add more checkstb2018-11-061-9/+35
|
* rm FILES section; prompted by Janne Johanssonotto2018-11-061-7/+2
|
* Use the new vm.malloc_conf sysctl; ok millert@ deraadt@otto2018-11-061-6/+11
|
* unrevert the use of bn_rand_interval().tb2018-11-066-35/+26
| | | | ok beck jsing
* Unset Z_is_zero after applying coordinate blinding andtb2018-11-061-3/+4
| | | | | | re-enable coordinate blinding. ok jsing
* link rand/ to buildtb2018-11-061-2/+4
|
* add a regression test for bn_rand_interval()tb2018-11-062-0/+98
|
* Flip reversed test in bn_rand_interval().tb2018-11-061-2/+2
| | | | ok jsing
* Unbreak following elliptic curves to supported groups rename.jsing2018-11-061-3/+3
| | | | Reported by Katherine <luigi30 at gmail dot com> on tech@
* disable EC_POINT coordinate blinding due to failures in ECDHE and TLStb2018-11-061-1/+3
|
* revert use of bn_rand_interval due to failures with ECDHE and TLStb2018-11-065-24/+33
|
* Add TLSv1.3 to version regress tests.jsing2018-11-061-4/+80
|
* Include TLSv1.3 in version handling code.jsing2018-11-061-3/+9
| | | | | | | This is effectively a no-op, since most of the code clamps to the maximum version supported by the TLS method (which are still at TLSv1.2). ok beck@ bluhm@ tb@
* Add TLS1_3_VERSION and SSL_OP_NO_TLSv1_3 defines under guards.jsing2018-11-062-2/+13
| | | | ok beck@ bluhm@ tb@
* Start working towards adding feature flags (rather than anti-feature flags)jsing2018-11-061-1/+10
| | | | | | | for LibreSSL. Add a (commented out) feature flag for TLSv1.3 and define the OPENSSL_NO_TLS1_3 anti-feature flag based on the feature flag. ok beck@ bluhm@ tb@
* Unbreak regress following Supported Elliptic Curve extension rename.jsing2018-11-061-49/+49
|
* Make use of bn_rand_interval() where appropriate.tb2018-11-055-33/+24
| | | | ok beck jsing
* Introduce bn_rand_interval() that allows specifying an interval [a, b)tb2018-11-052-2/+30
| | | | | | from which a a BIGNUM is chosen uniformly at random. ok beck jsing
* Eliminate a few "} else" branches, a few unneeded NULL checks beforetb2018-11-053-43/+33
| | | | | | freeing and indent nearby labels. ok beck jsing
* Remove two unnecessary BN_FLG_CONSTTIME dances: BN_mod_exp_ct() alreadytb2018-11-052-21/+7
| | | | | | takes care of this internally. ok beck jsing
* Rename the TLS Supported Elliptic Curves extension to Supported Groups.jsing2018-11-056-88/+92
| | | | | | | | | RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves. ok beck@ tb@
* Rework the TLS extension handling code to improve readability/flexibility,jsing2018-11-051-89/+112
| | | | | | by moving the needs/build/parse functions into their own struct. ok beck@ tb@
* Implement coordinate blinding for EC_POINT.tb2018-11-0510-18/+110
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Based on OpenSSL commit 875ba8b21ecc65ad9a6bdc66971e50 by Billy Brumley, Sohaib ul Hassan and Nicola Tuveri. ok beck jsing commit 875ba8b21ecc65ad9a6bdc66971e50461660fcbb Author: Sohaib ul Hassan <soh.19.hassan@gmail.com> Date: Sat Jun 16 17:07:40 2018 +0300 Implement coordinate blinding for EC_POINT This commit implements coordinate blinding, i.e., it randomizes the representative of an elliptic curve point in its equivalence class, for prime curves implemented through EC_GFp_simple_method, EC_GFp_mont_method, and EC_GFp_nist_method. This commit is derived from the patch https://marc.info/?l=openssl-dev&m=131194808413635 by Billy Brumley. Coordinate blinding is a generally useful side-channel countermeasure and is (mostly) free. The function itself takes a few field multiplicationss, but is usually only necessary at the beginning of a scalar multiplication (as implemented in the patch). When used this way, it makes the values that variables take (i.e., field elements in an algorithm state) unpredictable. For instance, this mitigates chosen EC point side-channel attacks for settings such as ECDH and EC private key decryption, for the aforementioned curves. For EC_METHODs using different coordinate representations this commit does nothing, but the corresponding coordinate blinding function can be easily added in the future to extend these changes to such curves. Co-authored-by: Nicola Tuveri <nic.tuv@gmail.com> Co-authored-by: Billy Brumley <bbrumley@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6526)
* Implement C11's aligned_alloc(3). ok guenther@otto2018-11-052-5/+84
|
* Clean up the code that checks if we can choose an EC cipher suite.jsing2018-11-053-16/+7
| | | | | | | | | The tls1_check_ec_tmp_key() function is now rather misnamed, so just inline the code. Also, rather than running tls1_get_shared_curve() once per EC cipher suite, we can run it once at the start of the ssl3_choose_cipher() function. ok bluhm@ tb@
* Consolidate all of the SSL method structs/functions into a single file.jsing2018-11-058-871/+672
| | | | Discussed with tb@
* Mop up ecdh_tmp, since it is no longer used.jsing2018-11-053-25/+4
| | | | ok bluhm@ tb@
* Define OPENSSL_NO_ASYNC - our libcryptosink does not have built in asyncjsing2018-11-041-1/+1
| | | | features (and possibly never will).
* Update the opensslfeatures.h to include all of the OPENSSL_NO_* flags thatjsing2018-11-041-8/+84
| | | | | | | | | | currently exist in OpenSSL - comment out that ones that we do not already define. Some OPENSSL_NO_* flags that we define have been removed from OpenSSL (and code that depended on these to know when features are not available now think that the features have been enabled...). We keep these defined but in their own separate group. ok bluhm@ tb@
* Reformat and sort the OPENSSL_NO_* defines.jsing2018-11-041-25/+25
|
* move X509_get0_serialNumber where it belongstb2018-11-021-1/+1
|
* whitespacetb2018-11-021-2/+2
|
* Make the documentation of -conv_form match reality. It defaultstb2018-11-011-6/+6
| | | | | | to uncompressed rather than compressed. From Jacqueline Jolicoeur
* show what went wrong with a unix domain socket, rather than fail silentlydlg2018-10-261-2/+4
| | | | | | handy if you type the path wrong or don't have permission... ok deraadt@
* Bump libcrypto/libssl/libtls majors due to symbol removals (libcrypto)jsing2018-10-243-6/+6
| | | | and changes to struct visibility/sizes (libssl).
* Make more of libssl's record layer state internal.jsing2018-10-248-88/+86
| | | | | | | | | | In January 2017, we changed large amounts of libssl's data structures to be non-visible/internal, however intentionally left things that the software ecosystem was needing to use. The four or so applications that reached into libssl for record layer related state now implement alternative code. As such, make these data structures internal. ok tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 04:56:13 +0000