| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
server. Check that the highest available TLS version is selected.
LibreSSL TLS 1.3 check is disabled until the feature becomes
available.
|
|
ok jsing@ tb@
|
|
when it becomes available in LibreSSL.
thanks to sthen@ for the new OpenSSL port
|
|
non-overlapping *in and *out buffers as we're already implementing
the "in place (un)wrapping" algorithms as given in RFC 3394. This
removes a gratuitous API difference to OpenSSLin these undocumented
functions. Found while working on wycheproof regress tests.
ok beck jsing
|
|
and server compile with OpenSSL 1.1. Check runtime version string
of SSL library.
|
|
ok beck@ tb@
|
|
|
|
Implement simple SSL client and server in C. Create four binaries
by linking them with LibreSSL or OpenSSL. This way API compatibility
is tested. Connect and accept with netcat to test protocol
compatibility with libtls.
Currently OpenSSL 1.0.2p from ports is used. Plan is to move to
OpenSSL 1.1 and and test TLS 1.3.
idea from beck@; help from jsing@
|
|
ok tb@
|
|
ok beck@ bluhm@ tb@
|
|
own define for /etc/ssl/cert.pem.
ok beck@ bluhm@ tb@
|
|
|
|
|
|
|
|
ok beck jsing
|
|
re-enable coordinate blinding.
ok jsing
|
|
|
|
|
|
ok jsing
|
|
Reported by Katherine <luigi30 at gmail dot com> on tech@
|
|
|
|
|
|
|
|
This is effectively a no-op, since most of the code clamps to the maximum
version supported by the TLS method (which are still at TLSv1.2).
ok beck@ bluhm@ tb@
|
|
ok beck@ bluhm@ tb@
|
|
for LibreSSL. Add a (commented out) feature flag for TLSv1.3 and define the
OPENSSL_NO_TLS1_3 anti-feature flag based on the feature flag.
ok beck@ bluhm@ tb@
|
|
|
|
ok beck jsing
|
|
from which a a BIGNUM is chosen uniformly at random.
ok beck jsing
|
|
freeing and indent nearby labels.
ok beck jsing
|
|
takes care of this internally.
ok beck jsing
|
|
RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported
Groups and redefined it to include finite field DH (FFDH) in addition to
elliptic curve DH (ECDH). As such, rename the TLS extension and change the
associated code to refer to groups rather than curves.
ok beck@ tb@
|
|
by moving the needs/build/parse functions into their own struct.
ok beck@ tb@
|
|
Based on OpenSSL commit 875ba8b21ecc65ad9a6bdc66971e50
by Billy Brumley, Sohaib ul Hassan and Nicola Tuveri.
ok beck jsing
commit 875ba8b21ecc65ad9a6bdc66971e50461660fcbb
Author: Sohaib ul Hassan <soh.19.hassan@gmail.com>
Date: Sat Jun 16 17:07:40 2018 +0300
Implement coordinate blinding for EC_POINT
This commit implements coordinate blinding, i.e., it randomizes the
representative of an elliptic curve point in its equivalence class, for
prime curves implemented through EC_GFp_simple_method,
EC_GFp_mont_method, and EC_GFp_nist_method.
This commit is derived from the patch
https://marc.info/?l=openssl-dev&m=131194808413635 by Billy Brumley.
Coordinate blinding is a generally useful side-channel countermeasure
and is (mostly) free. The function itself takes a few field
multiplicationss, but is usually only necessary at the beginning of a
scalar multiplication (as implemented in the patch). When used this way,
it makes the values that variables take (i.e., field elements in an
algorithm state) unpredictable.
For instance, this mitigates chosen EC point side-channel attacks for
settings such as ECDH and EC private key decryption, for the
aforementioned curves.
For EC_METHODs using different coordinate representations this commit
does nothing, but the corresponding coordinate blinding function can be
easily added in the future to extend these changes to such curves.
Co-authored-by: Nicola Tuveri <nic.tuv@gmail.com>
Co-authored-by: Billy Brumley <bbrumley@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6526)
|
|
|
|
The tls1_check_ec_tmp_key() function is now rather misnamed, so just inline
the code. Also, rather than running tls1_get_shared_curve() once per EC
cipher suite, we can run it once at the start of the ssl3_choose_cipher()
function.
ok bluhm@ tb@
|
|
Discussed with tb@
|
|
ok bluhm@ tb@
|
|
features (and possibly never will).
|
|
currently exist in OpenSSL - comment out that ones that we do not already
define. Some OPENSSL_NO_* flags that we define have been removed from
OpenSSL (and code that depended on these to know when features are not
available now think that the features have been enabled...). We keep these
defined but in their own separate group.
ok bluhm@ tb@
|
|
|
|
|
|
|
|
to uncompressed rather than compressed.
From Jacqueline Jolicoeur
|
|
handy if you type the path wrong or don't have permission...
ok deraadt@
|
|
and changes to struct visibility/sizes (libssl).
|
|
In January 2017, we changed large amounts of libssl's data structures to
be non-visible/internal, however intentionally left things that the
software ecosystem was needing to use. The four or so applications that
reached into libssl for record layer related state now implement
alternative code. As such, make these data structures internal.
ok tb@
|
|
|
