| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In January 2017 we added SSL_OP_NO_CLIENT_RENEGOTIATION, which results in a
SSL_AD_NO_RENEGOTIATION fatal alert if a ClientHello message is seen on an
active connection (client initiated renegotation). Then in May 2017 OpenSSL
added SSL_OP_NO_RENEGOTIATION, which results in a SSL_AD_NO_RENEGOTIATION
warning alert if a server receives a ClientHello on an active connection
(client initiated renegotation), or a client receives a HelloRequest
(server requested renegotation). This option also causes calls to
SSL_renegotiate() and SSL_renegotiate_abbreviated() to fail. Then in 2021,
OpenSSL also added SSL_OP_ALLOW_CLIENT_RENEGOTIATION, which trumps
SSL_OP_NO_RENEGOTIATION but only for incoming ClientHello messages
(apparently unsetting SSL_OP_NO_RENEGOTIATION is too hard).
Provide SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION,
primarily to make life easier for ports. If SSL_OP_NO_CLIENT_RENEGOTIATION
is set it will take precedence and render SSL_OP_ALLOW_CLIENT_RENEGOTIATION
ineffective. The rest of the behaviour should match OpenSSL, with the
exception of ClientHellos triggering fatal alerts instead of warnings.
ok tb@
|
|
|
|
|
|
|
|
|
| |
Various ports throw a warning since their tls_session_secret_cb's
signature doesn't match what we expect. Aligns us with OpenSSL 1.1.
This is only useful for RFC 4851 EAP-FAST implementations and
surprisingly it's undocumented.
ok jsing
|
| |
|
|
|
|
| |
Nothing uses this and it collides with ALPN
|
|
|
|
|
|
|
|
| |
For every TLS alert there needs a corresponding error with error code
having an offset of SSL_AD_REASON_OFFSET (aka 1000), otherwise the error
stack fails to set the reason correctly.
ok beck
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSL_CTX_set_cert_store() should have been called SSL_CTX_set0_cert_store()
since it takes ownership of the store argument. Apparently a few people ran
into the issue of not bumping the refcount themselves, leading to use after
frees about 10 years ago. This is a quite rarely used API and there are no
misuses in the ports tree, but since someone did the work of writing a diff,
we can still add it.
Needless to say that SSL_CTX_get_cert_store() obviously has the exact same
issue and nobody seems to have thought of adding a get0 or get1 version to
match...
Fixes https://github.com/libressl/openbsd/issues/71
From Kenjiro Nakayama
|
|
|
|
|
|
|
| |
Needed by newer freeradius. This is a straightforward implementation that
essentially duplicates tls13_cipher_hash().
ok jsing
|
|
|
|
|
|
|
| |
Now that the SSL2 client hello support is gone, nothing uses this anymore,
except that a few ports still need SSL2_VERSION.
ok beck
|
|
|
|
|
|
|
| |
ENGINE, SSL and SSL_CTX remain even though the structs in the typedefs
don't exist as they are used as incomplete types.
feedback, ports bulk build and ok tb@
|
|
|
|
|
|
|
| |
The garbage truck is quite full by now. Collect the last symbol
straggler for this bump.
ok jsing
|
|
|
|
|
|
|
|
|
| |
While this undocumented API would have been much nicer and saner than
SSL_CIPHER_find(), nothing used this except for the exporter test.
Let's get rid of it again. libssl uses ssl3_get_cipher_by_{id,value}()
directly.
ok jsing
|
|
|
|
|
|
|
|
|
| |
Also move the prototypes to the correct header.
Oversight reported by Frank Lichtenheld, thanks!
Fixes https://github.com/libressl/openbsd/issues/147
ok jsing
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This version of GOST is old and not anywhere close to compliant with
modern GOST standards. It is also very intrusive in libssl and
makes a mess everywhere. Efforts to entice a suitably minded anyone
to care about it have been unsuccessful.
At this point it is probably best to remove this, and if someone
ever showed up who truly needed a working version, it should be
a clean implementation from scratch, and have it use something
closer to the typical API in libcrypto so it would integrate less
painfully here.
This removes it from libssl in preparation for it's removal from
libcrypto with a future major bump
ok tb@
|
|
|
|
|
|
|
| |
Its current position makes no sense and it will become a wrapper of the
latter in a subsequent commit.
ok jsing
|
|
|
|
|
|
| |
As usual, a few manual fixes to avoid duplicate lines.
ok jsing
|
|
|
|
| |
ok tb
|
|
|
|
| |
ok jsing
|
|
|
|
| |
ok jsing
|
|
|
|
|
|
|
| |
While more work is still required, this is sufficient to get ngtcp2 to
compile with QUIC and for curl to be able to make HTTP/3 requests.
ok tb@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This provides SSL_QUIC_METHOD (aka ssl_quic_method_st), which allows for
QUIC callback hooks to be passed to an SSL_CTX or SSL. This is largely
ported/adapted from BoringSSL.
It is worth noting that this struct is not opaque and the original
interface exposed by BoringSSL differs to the one they now use. The
original interface was copied by quictls and it appears that this API
will not be updated to match BoringSSL.
To make things even more challenging, at least one consumer does not use
named initialisers, making code completely dependent on the order in
which the function pointers are defined as struct members. In order to
try to support both variants, the set_read_secret/set_write_secret
functions are included, however they have to go at the end.
ok tb@
|
|
|
|
| |
ok tb@
|
|
|
|
|
|
|
| |
LibreSSL will not return these values, however software is starting to
check for these as return values from SSL_get_error().
ok tb@
|
|
|
|
|
|
|
|
| |
These are wrappers of SSL_ctrl() using the SSL_CTRL_GET_SHARED_GROUP
control. Do not provide SSL_CTRL_GET_SHARED_CURVE since that is only
mentioned in Net::SSLeay docs according to codesearch.debian.net.
ok jsing
|
|
|
|
|
|
|
|
|
|
|
|
| |
QUIC wants to know what "encryption level" handshake messages should be
sent at. Provide an ssl_encryption_level_t enum (via BoringSSL) that
defines these (of course quictls decided to make this an
OSSL_ENCRYPTION_LEVEL typedef, so provide that as well).
Wire these through to tls13_record_layer_set_{read,write}_traffic_key() so
that they can be used in upcoming commits.
ok tb@
|
|
|
|
|
|
|
|
| |
This function will allow code to know if the SSL connection is configured
for use with QUIC or not. Also move existing SSL_.*quic.* functions under
LIBRESSL_HAS_QUIC to prevent exposing them prematurely.
ok beck@ tb@
|
|
|
|
|
|
|
| |
This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
|
|
|
| |
ok jsing
|
|
|
|
|
|
|
|
|
|
| |
This is the start of adding the boringssl API for QUIC support,
and the TLS extensions necessary to send and receive QUIC transport
data.
Inspired by boringssl's https://boringssl-review.googlesource.com/24464
ok jsing@ tb@
|
|
|
|
| |
ok beck jsing sthen
|
|
|
|
|
|
|
| |
This marks the start of one of the worst API additions in the history of
this library. And as everybody knows the bar is high. Very high.
ok beck jsing sthen
|
|
|
|
|
|
| |
no longer needed.
ok jsing
|
|
|
|
|
|
| |
symbol will be exposed with tb@'s forthcoming bump
ok tb@
|
|
|
|
|
|
|
|
|
| |
Since we don't support session tickets in LibreSSL at the moment
these functions currently do not have any effect.
Again, symbols will appear with tb@'s reptar sized bump..
ok tb@
|
|
|
|
|
|
|
|
|
|
| |
As these still meet the usual expectations for special, I will leave
it up to ingo to decide to either document separately or in one man
page like OpenSSL did.
Will also need Symbols.list additions by tb@ when he starts the rapture
ok tb@ jsing@
|
|
|
|
|
|
|
|
| |
Some things in ports care about calling these functions. Since we will
not provide private key logging functionality they are documented
as being for compatibility and that they don't do anything.
ok tb@
|
|
|
|
|
|
| |
These were already under LIBRESSL_INTERNAL hence no ABI change.
ok tb@
|
|
|
|
|
|
|
| |
"typedef struct ssl_st SSL;" is defined in ossl_typ.h.
This reverts part of r1.204.
ok tb@
|
|
|
|
| |
ok inoguchi jsing
|
|
|
|
| |
ok beck jsing
|
|
|
|
| |
ok beck jsing
|
|
|
|
| |
ok beck
|
|
|
|
| |
with/ok jsing
|
|
|
|
|
|
| |
from public visibility.
with/ok jsing
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As reported by Jeremy Harris, we inherited a strange behavior from
OpenSSL, in that we ignore the SSL_TLSEXT_ERR_FATAL return from the
ALPN callback. RFC 7301, 3.2 states: 'In the event that the server
supports no protocols that the client advertises, then the server
SHALL respond with a fatal "no_application_protocol" alert.'
Honor this requirement and succeed only on SSL_TLSEXT_ERR_{OK,NOACK}
which is the current behavior of OpenSSL. The documentation change
is taken from OpenSSL 1.1.1 as well.
As pointed out by jsing, there is more to be fixed here:
- ensure that the same protocol is selected on session resumption
- should the callback be called even if no ALPN extension was sent?
- ensure for TLSv1.2 and earlier that the SNI has already been processed
ok beck jsing
|
|
|
|
| |
ok beck
|
|
|
|
| |
ok jsing
|
|
|
|
| |
ok bcook jsing
|
|
|
|
|
|
| |
Needed for nginx-lua to build with opaque SSL.
ok inoguchi jsing
|