openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Also remove ecdh.h use from libssl	tb	2023-07-28	1	-2/+1
\|
*	Switch from get_rfc() to BN_get_rfc()	tb	2023-06-27	1	-7/+7
\| \| \| \| \| \| \| \|	The existence of the public get_rfc() API is a historic curiosity that may soon be corrected. We inherited its use and it survived in libssl until now. Switch to the better named BN_get_rfc() wrappers. ok jsing
*	Convert ssl_kex.c to opaque DH	tb	2022-01-14	1	-11/+11
\| \| \| \| \| \|	Stop reaching into DH internals and use the new API functions instead. ok inoguchi jsing
*	Plumb decode errors through key share parsing code.	jsing	2022-01-11	1	-6/+16
\| \| \| \| \| \| \| \| \| \| \| \|	Distinguish between decode errors and other errors, so that we can send a SSL_AD_DECODE_ERROR alert when appropriate. Fixes a tlsfuzzer failure, due to it expecting a decode error alert and not receiving one. Prompted by anton@ ok tb@
*	Clean up and refactor server side DHE key exchange.	jsing	2021-12-04	1	-2/+46
\| \| \| \| \| \| \| \| \| \| \| \|	Provide ssl_kex_generate_dhe_params_auto() which handles DHE key generation based on parameters determined by the specified key bits. Convert the existing DHE auto parameter selection code into a function that just tells us how many key bits to use. Untangle and rework the server side DHE key exchange to use the ssl_kex_* functions. ok inoguchi@ tb@
*	Move the minimum DHE key size check into ssl_kex_peer_params_dhe()	jsing	2021-12-04	1	-4/+12
\| \| \| \|	ok inoguchi@ tb@
*	Check DH public key in ssl_kex_peer_public_dhe().	jsing	2021-12-04	1	-4/+12
\| \| \| \| \| \| \|	Call DH_check_pub_key() after decoding the peer public key - this will be needed for the server DHE key exchange, but also benefits the client. ok inoguchi@ tb@
*	Align ssl_kex_derive_ecdhe_ecp() with ssl_kex_derive_dhe()	tb	2021-11-30	1	-10/+10
\| \| \| \| \| \|	sk is commonly used for a STACK_OF(), so call the shared key simply key. ok jsing
*	First pass of converting ssl_kex.c to opaque DH.	tb	2021-11-29	1	-30/+58
\| \| \| \| \| \| \| \| \|	Assign the result of BN_dup() and BN_bn2bin() to local BIGNUMs, then set the factors and pubkey on the dh using DH_set0_{pqg,key}(). A second pass will be done during the upcoming bump. ok jsing
*	Factor out/rewrite DHE key exchange.	jsing	2021-11-29	1	-1/+144
\| \| \| \| \| \| \| \| \|	This follows what was done previously for ECDHE EC point key exchange and will allow for deduplication and further code improvement. Convert the TLSv1.2 client to use the new DHE key exchange functions. ok inoguchi@ tb@
*	Expose the peer ephemeral public key used for TLSv1.3 key exchange.	jsing	2020-04-18	1	-1/+42
\| \| \| \| \| \| \| \| \|	SSL_get_server_tmp_key() provides the peer ephemeral public key used for key exchange. In the case of TLSv1.3 this is essentially the peer public key from the key share used for TLSv1.3 key exchange, hence make it availaable via SSL_get_server_tmp_key(). ok inoguchi@ tb@
*	Factor out/rewrite the ECDHE EC point key exchange code.	jsing	2020-01-30	1	-0/+141
	This reduces replication between the existing TLS client/server and allows the code to soon be reused for TLSv1.3. With feedback from inoguchi@ and tb@ ok inoguchi@ tb@