| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Update the handshake state tables and flag names according to the
design decisions and naming conventions in the hackroom. Garbage collect
some things that turn out not to belong here.
ok jsing
|
|
|
|
|
|
pbkdf2 with OpenSSL compatible flags
ok jsing@
|
|
ok jsing@
|
|
appear with which messages.
ok jsing@
|
|
|
|
When the TLS extension code was rewritten, TLS extensions could only exist
in ClientHello and ServerHello messages - as such, they were named in pairs
of *_clienthello_{needs,build} which would be called by the client and
*_clienthello_parse. Likewise for *_serverhello_{needs,build} which would
be called by a server and *_serverhello_parse, which would be called by a
client.
Enter TLSv1.3 - TLS extensions can now exist in one of seven messages,
with only certain types being allowed to appear in each, meaning the naming
scheme no longer works. Instead, rename them to indicate the caller rather
than the message type - this effectively means:
clienthello_needs -> client_needs
clienthello_build -> client_build
clienthello_parse -> server_parse
serverhello_needs -> server_needs
serverhello_build -> server_build
serverhello_parse -> client_parse
ok beck@ tb@
|
|
|
|
ok jsing@ tb@
|
|
The read callback returns a TLS13_IO_* value on EOF, failure, want pollin
or want pollout, or a positive value indicating the number of bytes read.
This will be used by upcoming TLSv1.3 handshake message and record
processing code, both of which need the ability to read a fixed size
header, before extending the buffer to the number of bytes specified in the
header.
ok beck@ tb@
|
|
as per RFC8446 section 4.2. Recognized extensions that appear in an
incorrect message must abort the handshake.
ok jsing@
|
|
At the moment this is mechanical, with the functions renamed. This will be
refactored for tls13.
ok jsing@
|
|
CAVEATS pointing to the new CAVEATS section in setlocale(3).
Make those in wprintf(3) and wscanf(3) more concise
since duplicate information is a bad idea.
Incompleteness of information originally pointed out by millert@.
OK millert@
|
|
Checking Disabled flag. Introduce a RES flag to do so. ok krw@
deraadt@ eric@
|
|
by me and others indicate that it is the optimum.
|
|
making the number of pools variable. Do not document the malloc
conf settings atm, don't know yet if they will stay. Thanks to all
the testers. ok deraadt@
|
|
Use memset(3) instead of bzero(3) since POSIX recommends using the former and
because it's also more portable (conforms to ANSI C standard)
OK tedu@ tb@
|
|
bzero is defined in strings.h.
ok deraadt@
|
|
|
|
|
|
specify that ranges must be numeric, and only check for range if
first argument is a digit.
identified by danj, fix suggest by sthen
|
|
Omission reported by reyk and Alice Wonder.
ok bcook jsing
|
|
about functions that are deprecated, identical to other functions, and
never made sense in the first place.
As deraadt@ points out, we should not hide the information that
matters in a heap of clutter. It would waste reader's time and
make confusion and accidental misuse more likely.
OK deraadt@ jmc@
|
|
EVP_MD_CTX_free() instead if the goal is to avoid leaking memory.
From my corresponding upstream commit, reminded by schwarze
|
|
from Matt Caswell <matt at openssl dot org>
via OpenSSL commit d45a97f4 Mar 5 17:41:49 2018 +0000.
|
|
is no need to know at which time BN_pseudo_rand(3) was made the
same as BN_rand(3). Considering that question might even mislead
people to attempt ill-advised #ifdef'ing.
Pointed out by deraadt@.
|
|
Also clarify to which algorithms it applies.
From Matt Caswell <matt at openssl dot org>
via OpenSSL commit d45a97f4 Mar 5 17:41:49 2018 +0000.
Document
EVP_PKEY_CTX_get_rsa_padding(3), EVP_PKEY_CTX_get_rsa_pss_saltlen(3),
EVP_PKEY_CTX_set_rsa_mgf1_md(3), and EVP_PKEY_CTX_get_rsa_mgf1_md(3).
From Antoine Salon <asalon at vmware dot com>
via OpenSSL commit 87103969 Oct 1 14:11:57 2018 -0700
from the OpenSSL_1_1_1-stable branch, which is still under a free license.
|
|
Inspired by OpenSSL commit 6da34cfb Jun 2 16:17:32 2018 -0400
by Ken Goldman <kgoldman at us dot ibm dot com>,
but use the same wording as in ASN1_item_new(3) instead.
|
|
from <Matthias dot St dot Pierre at ncp dash e dot com>
via OpenSSL commit 5777254b May 27 09:07:07 2018 +0200.
|
|
via OpenSSL commit 521738e9 Oct 5 14:58:30 2018 -0400
|
|
Say so, and note that OpenSSL followed suit in 1.1.0 according
to OpenSSL commit 5ecff87d Jun 21 13:55:02 2017 +0100.
|
|
argument of 3; from Beat Bolli <dev at drbeat dot li>
via OpenSSL commit bd93f1ac Jul 28 16:45:22 2018 -0400.
|
|
Inspired by OpenSSL commit a130950d Aug 23 12:06:41 2017 -0400
by Rich Salz <rsalz at openssl dot org>, but using a more explicit
wording, and fixing *both* places rather than only half of them.
|
|
inspired by OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800
by Paul Yang <yang sot yang at baishancloud dot com>,
but without creating a RETURN VALUES section because that makes
no sense here: it would either result in a confusing order of
information or in duplicate information.
|
|
from Jakub Wilk <jwilk at jwilk dot net> via
OpenSSL commit a21285b3 Aug 21 18:30:34 2018 +0200
|
|
|
|
drops CA certificates whose validity dates don't comply with the rules on
ASN.1 encoding in RFC 5280 (and predecessors - same rule goes back to at
least RFC 2459, section 4.1.2.5).
LibreSSL strictly enforces this, so attempting to validate certificates
signed by these CAs just result in the following:
error 13 at 1 depth lookup:format error in certificate's notBefore field
"probably" beck@
|
|
Skip outputting them if invalid (e.g. GENERALIZEDTIME date before 2050).
|
|
use strcasecmp for reading args.
|
|
that should have been deleted before commit.
The cross reference is already present below SEE ALSO.
Glitch noticed by jsing@.
|
|
tested by many; ok florian@
|
|
ok jmc@, jsing@
|
|
|
|
around broken GOST implementations. It looks like client certificates with
GOST have been completely broken since reimport of the GOST code, so no-one
is using LibreSSL this way. The client side was fixed only last week for
TLSv1.0 and TLSv1.1. This workaround is now in the way of much needed
simplifcation and cleanup, so it is time for it to go.
suggested by and ok jsing
|
|
patch from Hiltjo Posthuma <hiltjo at codemadness dot org>
|
|
invalid change cipher spec. Found due to dead assignment warnings
by the Clang static analyzer.
ok inoguchi (previous version), jsing
|
|
This prototype was removed inadvertantly in r1.50.
OK jsing@
|
|
J. Clear that option to allow running full regress with paranoid
malloc flags. This is the same fix as for malloc_ulimit1.
|
