summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Complete the TLS extension handling rewrite for the server-side.jsing2018-01-275-98/+86
| | | | | | | | | | | | | This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist. The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions). ok inoguchi@
* Clarify the comment re the F5 EC curves extension bug.jsing2018-01-271-5/+6
| | | | Also reference the knowledge base article instead of a discussion thread.
* Convert ssl3_put_cipher_by_char() to CBB.jsing2018-01-271-9/+26
| | | | | | | While here make the CBS usage in ssl3_get_cipher_by_char() more consistent with other code. ok inoguchi@
* Correct TLS extensions handling when no extensions are present.jsing2017-11-281-1/+13
| | | | | | | | If no TLS extensions are present in a client hello or server hello, omit the entire extensions block, rather than including it with a length of zero. ok beck@ inoguchi@
* Add CBB_discard_child(), which allows for a child CBB to be discarded.jsing2017-11-282-2/+22
| | | | Based on BoringSSL.
* Rename ssl3_client_hello() to ssl3_send_client_hello() for consistency.jsing2017-10-122-5/+5
|
* Fold dtls1_accept() into ssl_accept(), removing a lot of duplicated code.jsing2017-10-124-556/+143
| | | | With review/feedback from inoguchi@
* Drop prototypes for ssl23_*() functions, which no longer exist.jsing2017-10-121-11/+1
|
* Convert ssl3_client_hello() to CBB.jsing2017-10-114-93/+64
| | | | | | | As part of this, change ssl_cipher_list_to_bytes() to take a CBB argument, rather than a pointer/length. Some additional clean up/renames while here. Based on a diff from doug@
* Fully convert ssl3_send_server_hello() to CBB.jsing2017-10-113-53/+19
| | | | Based on a diff from doug@
* Make ssl_bytes_to_cipher_list() take a CBS, rather than a pointer andjsing2017-10-103-29/+19
| | | | | length, since the caller has already been converted to CBS. A small amount of additional clean up whilst here.
* ((remove) (some) (unnecessary) (parentheses))jsing2017-10-101-4/+4
| | | | Part of a diff from doug@
* Merge dtls1_connect() into ssl3_connect(), removing a large amount ofjsing2017-10-104-459/+117
| | | | | | | | duplicated code. For now this is essentially adds a diff of the two functions with 'if (SSL_IS_DTLS(s))' - further clean up and improvement will follow. ok inoguchi@
* Reduce non-functional differences between dtls1_accept() andjsing2017-10-081-34/+42
| | | | ssl3_accept() - synchronise comments, whitespace, line wrapping, etc.
* Reduce non-functional differences between dtls1_connect() andjsing2017-10-081-32/+38
| | | | ssl3_connect() - synchronise comments, whitespace, line wrapping, etc.
* Fix some style/whitespace/indentation issues in ssl3_accept().jsing2017-10-081-25/+14
|
* Fix some style/whitespace/indentation issues in ssl3_connect().jsing2017-10-081-10/+9
|
* Convert ssl3_send_change_cipher_spec() to use CBB and make it handle DTLS,jsing2017-10-086-57/+52
| | | | | | which allows us to drop dtls1_send_change_cipher_spec() entirely. ok inoguchi@
* Annotate some API-side memory leaks for future resolution.jsing2017-09-251-1/+3
|
* Fix various issues in the OCSP extension parsing code:jsing2017-09-251-20/+14
| | | | | | | | | | | | | | | | | | - When parsing the OCSP extension we can have multiple responder IDs - pull these out correctly. - Stop using CBS_stow() - it's unnecessary since we just need access to the data and length (which we can get via CBS_data() and CBS_len()). - Use a temporary pointer when calling d2i_*() functions, since it will increment the pointer by the number of bytes it consumed when decoding. The original code incorrectly passes the pointer allocated via CBS_stow() (using malloc()) to a d2i_*() function and then calls free() on the now incremented pointer, most likely resulting in a crash. This issue was reported by Robert Swiecki who found the issue using honggfuzz. ok beck@
* When building the OCSP extension, only add the length prefixed extensionsjsing2017-09-251-6/+6
| | | | | | | after we finish building the responder ID list. Otherwise adding to the responder ID list fails. ok beck@
* Move the full extension building into tlsext_{client,server}hello_build(),jsing2017-08-302-47/+26
| | | | | | leaving ssl_add_{client,server}hello_tlsext() as pointer to CBB wrappers. ok doug@
* Bump libssl/libtls minors due to symbol (re)addition.jsing2017-08-301-1/+1
|
* Bring back the NPN related symbols.jsing2017-08-303-3/+36
| | | | | | | | | | | Several pieces of software make use of these based on a conditional around OPENSSL_NPN_NEGOTIATED, rather than using the presence of the symbols, the non-existence of a OPENSSL_NO_NEXTPROTONEG define or even the existence of the TLS extension type. Unfortunately we cannot remove OPENSSL_NPN_NEGOTIATED since the API for ALPN was effectively botched and reuses two parts from the NPN implementation, rather than providing ALPN specific or generic versions.
* When OCSP status type is unknown, ignore the extension.doug2017-08-291-1/+6
| | | | | | | This needs to skip past the CBS data or it will be treated as a decode error even though it returns 1. ok jsing@
* Actually parse the ALPN extension in a client hello, even if no ALPNjsing2017-08-291-4/+4
| | | | | | | | callback has been installed. This ensures that the ALPN extension is valid and avoids leaving unprocessed extension data, which leads to a decode error. Found the hard way by jsg@
* ECDHE-RSA-DES-CBC3-SHA should not be marked HIGH.jsing2017-08-281-2/+2
| | | | Spotted by Andreas Bartelt <obsd at bartula dot de>
* Bump lib{crypto,ssl,tls} majors due to symbol removals.jsing2017-08-281-2/+2
|
* Completely remove NPN remnants.jsing2017-08-287-107/+9
| | | | Based on a diff from doug@, similar diff from inoguchi@
* Remove the original (pre-IETF) chacha20-poly1305 cipher suites.jsing2017-08-284-73/+5
| | | | | | | | | | Support for the IETF standardised chacha20-poly1305 cipher suites was added 16 months ago, which means they exist in both of the currently supported OpenBSD releases. Also prompted by Andreas Bartelt <obsd at bartula dot de>. ok beck@ doug@
* Rewrite SRTP extension using CBB/CBS and the new extension framework.doug2017-08-275-274/+250
| | | | input + ok beck@, jsing@
* Rewrite ALPN extension using CBB/CBS and the new extension framework.doug2017-08-264-143/+159
| | | | | ok bcook@ beck@ input + ok jsing@
* Work around bug in F5's handling of the supported elliptic curves extension.doug2017-08-231-2/+16
| | | | | | | | | | RFC 4492 only defines elliptic_curves for ClientHello. However, F5 is sending it in ServerHello. We need to skip over it since our TLS extension parsing code is now more strict. Thanks to Armin Wolfermann and WJ Liu for reporting the issue. input + ok jsing@
* import SSL_export_keying_material(3) from OpenSSLschwarze2017-08-213-3/+132
|
* merge the applicable parts of SSL_set_tlsext_host_name(3) documentation;schwarze2017-08-211-4/+28
| | | | | from Paul Yang <yang dot yang at baishancloud dot com> via OpenSSL commit 190b9a03 Jun 28 15:46:13 2017 +0800
* Selectively merge OpenSSL commit e091367d May 5 11:56:45 2017 +0100schwarze2017-08-211-16/+15
| | | | | | | from Matt Caswell <matt at openssl dot org>. In particular, stop talking about SSL 2.0 and SSL 3.0, but do not start talking about TLS 1.3 just yet.
* Mention three functions related to protocol selection by the clientschwarze2017-08-211-3/+48
| | | | | that are deprecated no-ops in LibreSSL, but that OpenSSL explicitly documented on April 19, 2017, without deprecating them.
* Delete non-existent function SSL_flush_sessions();schwarze2017-08-211-12/+4
| | | | | from Rich Salz <rsalz at openssl dot org> via OpenSSL commit 1722496f Jun 8 15:18:38 2017 -0400.
* Delete non-existent functions SSL_add_session() and SSL_remove_session() andschwarze2017-08-211-18/+6
| | | | | | | | | clarify that SSL_CTX_remove_session(3) marks the session as non-resumable. From Rich Salz <rsalz at openssl dot org> via OpenSSL commit 1722496f Jun 8 15:18:38 2017 -0400 and from Matt Caswell <matt at openssl dot org> via OpenSSL commit b8964668 Apr 26 15:16:18 2017 +0100.
* New manual page X509_check_private_key(3), using informationschwarze2017-08-201-3/+4
| | | | | | | | from the OpenSSL manual and from code inspection. Use my own Copyright and license because no Copyright-worthy amount of text from OpenSSL remains. And, no, these functions do *NOT* check private keys, not at all.
* remove a duplicate BIO_do_accept() call from an example;schwarze2017-08-201-12/+6
| | | | | from Beat Bolli <dev at drbeat dot li> via OpenSSL commit 7a67a3ba Jan 18 23:49:43 2017 +0100
* fix .Xr ordering, found with mandoc -Tlintschwarze2017-08-192-6/+6
|
* Import SSL_CTX_set_min_proto_version(3) from OpenSSL, suggested by jsing@.schwarze2017-08-195-7/+134
| | | | | | | | | While importing: * Fix the prototypes, they all contained wrong datatypes. * Delete SSL3_VERSION which is no longer supported. * Delete TLS1_3_VERSION and DTLS1_2_VERSION, not yet supported. * Delete the lie that these would be macros. * Improve SEE ALSO and HISTORY sections.
* fix a typo and mention OpenBSD in HISTORY;schwarze2017-08-191-3/+5
| | | | both pointed out by jsing@
* match function implementation with declaration, ok beck@, doug@bcook2017-08-131-2/+2
|
* Switch to -Werror with clang for libressl.doug2017-08-131-2/+2
| | | | | Discussed with beck@ and jsing@ ok beck@
* Make SSL{,_CTX}_set_alpn_protos() do atomic updates and handle NULL.doug2017-08-131-10/+38
| | | | | | | | | | | Previously, the code would accept NULL and 0 length and try to malloc/memcpy it. On OpenBSD, malloc(0) does not return NULL. It could also fail in malloc and leave the old length. Also, add a note that this public API has backwards semantics of what you would expect where 0 is success and 1 is failure. input + ok jsing@ beck@
* Remove support for the TLS padding extension.jsing2017-08-132-39/+4
| | | | | | | | This was added as a workaround for broken F5 TLS termination, which then created issues talking to broken IronPorts. The size of the padding is hardcoded so it cannot be used in any generic sense. ok bcook@ beck@ doug@
* Nuke SSL_OP_CRYPTOPRO_TLSEXT_BUG.jsing2017-08-132-27/+4
| | | | | | | This was a workaround for a server that needed to talk GOST to old/broken CryptoPro clients. This has no impact on TLS clients that are using GOST. ok bcook@ beck@ doug@
* Rewrite the TLS status request extension to use the new TLS extension framework.beck2017-08-123-177/+179
| | | | ok jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-24 21:28:07 +0000