summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove unused fields from struct dtls1_retransmit_state.jsing2021-10-231-3/+1
|
* Fold DTLS1_STATE_INTERNAL into DTLS1_STATE.jsing2021-10-238-171/+154
| | | | | | | Now that DTLS1_STATE is opaque, fold DTLS1_STATE_INTERNAL back into DTLS1_STATE and remove D1I() usage. ok tb@
* tweak previous: properly mark up function pointer typedefschwarze2021-10-231-6/+18
| | | | plus .Dv NULL, SEE ALSO, HISTORY
* Change ssl_verify_cert_chain() for compatibility with opaquetb2021-10-231-16/+19
| | | | | | | X509_STORE_CTX and use accessors instead of reaching directly into the struct. ok jsing
* Use X509_STORE_CTX_get0_chain() instead of grabbing the chain directlytb2021-10-232-4/+4
| | | | | | out of the X509_STORE_CTX. ok jsing
* Rename tls13_buffer to tls_buffer.jsing2021-10-237-69/+111
| | | | | | | This code will soon be used in the DTLSv1.2 and TLSv1.2 stack. Also introduce tls_internal.h and move/rename the read/write/flush callbacks. ok beck@ tb@
* Add SSL_CTX_set_keylog_callback and SSL_CTX_get_keylog_callbackbeck2021-10-235-4/+67
| | | | | | | | Some things in ports care about calling these functions. Since we will not provide private key logging functionality they are documented as being for compatibility and that they don't do anything. ok tb@
* Untangle ssl3_get_message() return values.jsing2021-10-236-166/+139
| | | | | | | | | | | | | | | This function currently has a long return type that may be <= 0 on error/retry (which is then cast to an int in order to return it up the stack), or it returns the length of the handshake message (on success). This obviously means that 0 can be returned for both success and failure, which is the reason why a separate 'ok' argument has to exist. Untangle this mess by changing the return value to an int that indicates success (1) or error/retry (<= 0). The length never needs to actually be returned as it is already stored in s->internal->init_num (which is where the return value is read from anyway). ok tb@
* Change tlsext_tick_lifetime_hint to uint32_t.jsing2021-10-234-17/+11
| | | | | | | | Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long to uint32_t (matching RFC4507), rather than continuing to work around an inappropriate type choice. ok tb@
* Avoid potential NULL dereferences in dtls1_free()tb2021-10-211-2/+7
| | | | ok jsing
* Move various structs from ssl.h/tls1.h to ssl_locl.h.jsing2021-10-153-140/+128
| | | | | | These were already under LIBRESSL_INTERNAL hence no ABI change. ok tb@
* Implement flushing for TLSv1.3 handshakes.jsing2021-09-165-7/+69
| | | | | | | | | | | | | | | When we finish sending a flight of records, flush the record layer output. This effectively means calling BIO_flush() on the wbio. Some things (such as apache2) have custom BIOs that perform buffering and do not actually send on BIO_write(). Without BIO_flush() the server thinks it has sent data and starts receiving records, however the client never sends records since it never received those that the server should have sent. Joint work with tb@ ok tb@
* Avoid typedef redefinitionlibressl-v3.4.0inoguchi2021-09-141-3/+1
| | | | | | | "typedef struct ssl_st SSL;" is defined in ossl_typ.h. This reverts part of r1.204. ok tb@
* zap trailing white spacetb2021-09-141-2/+2
|
* Call the info cb on connect/accept exit in TLSv1.3tb2021-09-142-4/+16
| | | | | | | | | The p5-Net-SSLeay test expects the info callback to be called on connect exit. This is the behavior in the legacy stack but wasn't implemented in the TLSv1.3 stack. With this commit, p5-Net-SSLeay tests are happy again after the bump. ok bluhm inoguchi jsing
* provide a small manual page for the SSL_set_psk_use_session_callback(3)schwarze2021-09-142-1/+88
| | | | | stub, written from scratch; OK tb@ on SSL_set_psk_use_session_callback.3
* Merge the stub SSL_SESSION_is_resumable(3) manual page from theschwarze2021-09-143-3/+86
| | | | | | OpenSSL 1.1.1 branch, which is still under a free license. A few tweaks to wording and structure by me. OK tb@ on SSL_SESSION_is_resumable.3
* merge the description of SSL_get_tlsext_status_type(3)schwarze2021-09-111-3/+35
| | | | from the OpenSSL 1.1.1 branch, which is still under a free license
* bump major after symbol addition and struct removal, struct visibilitytb2021-09-101-1/+1
| | | | changes
* Update Symbols.list after API additionstb2021-09-101-0/+18
|
* Move SSL_set0_rbio() outside of LIBRESSL_HAS_TLS1_3tb2021-09-101-3/+1
| | | | ok inoguchi jsing
* Expose SSL_get_tlext_status_type() in tls1.htb2021-09-101-3/+1
| | | | ok beck jsing
* Expose SSL_R_NO_APPLICATION_PROTOCOL in ssl.htb2021-09-101-3/+1
| | | | ok beck jsing
* Expose SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE in ssl.htb2021-09-101-3/+1
| | | | ok beck jsing
* Expose SSL_CTX_get0_privatekey() in ssl.htb2021-09-101-3/+1
| | | | ok beck
* Remove TLS1_get_{,client_}version()tb2021-09-101-9/+1
| | | | ok jsing
* Remove SSL3_RECORD and SSL3_BUFFERtb2021-09-101-25/+1
| | | | with/ok jsing
* Remove TLS1_RT_HEARTBEATtb2021-09-101-2/+1
| | | | ok jsing
* Make SSL opaquetb2021-09-101-2/+4
| | | | with/ok jsing
* Remove struct tls_session_ticket_ext_st and TLS_SESSION_TICKET_EXTtb2021-09-102-2/+6
| | | | | | from public visibility. with/ok jsing
* Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callbacktb2021-09-104-7/+31
| | | | | | | | | | | | | | | | | | | As reported by Jeremy Harris, we inherited a strange behavior from OpenSSL, in that we ignore the SSL_TLSEXT_ERR_FATAL return from the ALPN callback. RFC 7301, 3.2 states: 'In the event that the server supports no protocols that the client advertises, then the server SHALL respond with a fatal "no_application_protocol" alert.' Honor this requirement and succeed only on SSL_TLSEXT_ERR_{OK,NOACK} which is the current behavior of OpenSSL. The documentation change is taken from OpenSSL 1.1.1 as well. As pointed out by jsing, there is more to be fixed here: - ensure that the same protocol is selected on session resumption - should the callback be called even if no ALPN extension was sent? - ensure for TLSv1.2 and earlier that the SNI has already been processed ok beck jsing
* Prepare to provide SSL_CTX_get0_privatekey()tb2021-09-102-2/+14
| | | | ok beck
* Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubstb2021-09-083-3/+24
| | | | ok jsing
* Prepare to provide API stubs for PHAtb2021-09-082-2/+27
| | | | ok bcook jsing
* Prepare to provide SSL_get_tlsext_status_type()tb2021-09-083-3/+20
| | | | | | Needed for nginx-lua to build with opaque SSL. ok inoguchi jsing
* Prepare to provide SSL_set0_rbio()tb2021-09-082-2/+12
| | | | | | | This is needed for telephony/coturn and telephony/resiprocate to compile without opaque SSL. ok inoguchi jsing
* Factor out the TLSv1.3 code that handles content from TLS records.jsing2021-09-046-80/+238
| | | | | | | | | | | | Currently, the plaintext content from opened TLS records is handled via the rbuf code in the TLSv1.3 record layer. Factor this out and provide a separate struct tls_content, which knows how to track and manipulate the content. This makes the TLSv1.3 code cleaner, however it will also soon also be used to untangle parts of the legacy record layer. ok beck@ tb@
* Refactor ssl_update_cache. This now matches the logic used for TLS 1.3beck2021-09-041-22/+106
| | | | | | | in Openssl 1.1.1 for when to call the session callbacks. I believe it to also generates a lot less eye bleed, confirmed by tb@ ok jsing@ tb@
* Improve DTLS hello request handling code.jsing2021-09-041-2/+8
| | | | | | | Rather than manually checking multiple bytes, actually parse the DTLS handshake message header, then check the values against what we parsed. ok inoguchi@ tb@
* Change dtls1_get_message_header() to take a CBS.jsing2021-09-043-22/+21
| | | | | | The callers know the actual length and can initialise a CBS correctly. ok inoguchi@ tb@
* Improve DTLS record header parsing.jsing2021-09-041-7/+7
| | | | | | | | Rather than pulling out the epoch and then six bytes of sequence number, pull out SSL3_SEQUENCE_SIZE for the sequence number, then pull the epoch off the start of the sequence number. ok inoguchi@ tb@
* Use SSL3_HM_HEADER_LENGTH instead of the magic number 4.jsing2021-09-031-13/+14
| | | | ok beck@
* Ensure that a server hello does not have trailing data.jsing2021-09-031-1/+4
| | | | | | Found by tlsfuzzer. ok beck@
* Ensure that a client hello does not have trailing data.jsing2021-09-031-1/+4
| | | | | | Found by tlsfuzzer. ok beck@
* Set message_size correctly when switching to the legacy stack.jsing2021-09-031-2/+2
| | | | | | | | The message_size variable is not actually the handshake message size, rather the number of bytes contained within the handshake message, hence we have to subtract the length of the handshake message header. ok beck@
* We need to allow for either a CERTIFICATE or CERTIFICATE_STATUS messagebeck2021-09-021-2/+3
| | | | | | here or we break the handshake with BAD_MESSAGE ok tb@
* Call the ocsp callback if present and we get no response, instead ofbeck2021-09-021-3/+2
| | | | | | succeeding unconditionally. Makes muststaple work with tls1.3 in nc ok tb@
* Correct the is_server flag in the call to the debug callback to be correct.beck2021-09-021-2/+2
| | | | ok tb@
* RFC 6066 section 8 allows the server MAY choose not send the CertificateStatusbeck2021-09-021-3/+37
| | | | | | | | message, even if it has received a "status_request" extension in the client hello message and has sent a "status_request" extention in the server hello message. Genua found a site that is this broken. This makes it work. ok jsing@
* comment out the detailed description of SSL_get_servername(3),schwarze2021-09-011-7/+9
| | | | | | leaving only the basic description in the RETURN VALUES section; tb@ pointed out LibreSSL does not currently provide all those guarantees, and he also OK'ed this diff
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-03 01:24:59 +0000