summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Bring back the ssl_shutdown internal method pointer.jsing2019-11-173-4/+21
| | | | | | | For now ssl3_shutdown() is called in all cases, however TLSv1.3 will soon get its own version. ok beck@
* Add a reference for the non-standard post-handshake handshake (PHH).tb2019-11-171-2/+2
| | | | ok beck, jsing
* Ensure that we are never operating in plaintext mode once the handshakejsing2019-11-171-1/+7
| | | | | | is complete, which should never occur. ok beck@
* Provide framework for sending alerts and post-handshake handshake messages.jsing2019-11-172-15/+174
| | | | | | Discussed at length with beck@ ok beck@ tb@
* indent with a tab instead of 8 spacestb2019-11-171-2/+2
|
* Move the TLSv1.3 server message handling stubs.jsing2019-11-172-125/+125
|
* Add the initial framework for the TLSv1.3 server.jsing2019-11-173-3/+84
| | | | ok beck@
* tls13_connect() should be static.jsing2019-11-171-2/+2
|
* Fix backoff to legacy when in client auth mode.beck2019-11-171-2/+2
| | | | ok jsing@
* Drop back to the legacy tls method if we are doing client authenticaitonbeck2019-11-171-1/+7
| | | | | | from a tls 1.3 connection, for now. ok jsing@
* Separate the callbacks for recieved and completed post handshake messagesbeck2019-11-173-10/+22
| | | | | | from the record layer ok jsing@
* Revert previous deduplication diff, I broke portable in a strange way.beck2019-11-161-47/+58
| | | | | I'll figure it out a bit later. Found and diagnosed by inoguchi@
* Deduplicate some extension processing code.beck2019-11-151-58/+47
| | | | ok tb@ inoguchi@
* Add missing cross-reference to NOTES section.millert2019-11-141-3/+3
| | | | OK kn@ tb@
* Allow ip addresses as argument to SSL_set1_host() but be careful to nototto2019-11-041-2/+14
| | | | poison the context. ok and help jsing@ tb@
* Bump libcrypto, libssl and libtls minors due to symbol additions.jsing2019-11-021-1/+1
|
* Bump libcrypto, libssl and libtls majors due to changes in struct sizesjsing2019-10-241-2/+2
| | | | and symbol addition.
* Use a valid curve when constructing an EC_KEY that looks like X25519.jsing2019-10-041-2/+3
| | | | | | | | | The recent EC group cofactor change results in stricter validation, which causes the EC_GROUP_set_generator() call to fail. Issue reported and fix tested by rsadowski@ ok tb@
* Further improve the documentation of library initialization and configuration.schwarze2019-06-143-37/+37
| | | | | | | | | Among other improvements: * Use a uniform wording at the top of the DECSRIPTION for obsolete pages. * Better explain how to use a non-standard configuration file. * Remove obsolete functions from SEE ALSO. Triggered by some suggestions from tb@. Tweaks and OK tb@.
* add missing backlinks to ssl(3)schwarze2019-06-1231-64/+100
|
* List all 17 SSL pages that were missing.schwarze2019-06-121-51/+89
| | | | | | Split some excessively long lists into useful sub-categories. Add a new, very short subsection "Obsolete functions" at the end. OK tb@ jmc@
* remove pointless NOTES section header linesschwarze2019-06-089-27/+27
|
* provide getters and setters for the RSA_METHOD interfacegilles2019-06-051-1/+1
| | | | ok tb@, jsing@, sthen@
* Relax parsing of TLS key share extensions on the server.jsing2019-05-291-5/+2
| | | | | | | | | | | The RFC does not require X25519 and it also allows clients to send an empty key share when the want the server to select a group. The current behaviour results in handshake failures where the client supports TLS 1.3 and sends a TLS key share extension that does not contain X25519. Issue reported by Hubert Kario via github. ok tb@
* Do not send an SNI extension when resuming a session that contains a serverjsing2019-05-291-1/+4
| | | | | | | | name (which means the client sent SNI during the initial handshake). Issue reported by Renaud Allard. ok tb@
* Fix typo and label indent.jsing2019-05-281-3/+3
|
* Tidy up some names/structures following the renaming of TLS extensionjsing2019-05-281-35/+35
| | | | | | | | | functions based on message type (clienthello/serverhello), to which side is handling the processing. No intended functional change. ok beck@
* *an* RSA;jmc2019-05-202-6/+6
|
* s3 is never NULL since s2 (formerly used for SSLv2) does not exist, so there isbcook2019-05-153-29/+20
| | | | | | | no need to check for it. Fixes COV-165788, identified with help from Alex Bumstead. ok jsing@
* Remove unused pad check, which is handled by tls1_cbc_remove_padding() now.bcook2019-05-131-4/+2
| | | | | | Fixes COV-174858 ok tb@
* In DTLS, use_srtp is part of the extended server hello while in TLSv1.3,tb2019-05-081-2/+3
| | | | | | | | | | it is an encrypted extension. Include it in the server hello for now. This will have to be revisited once TLSv1.3 gets there. Fixes SRTP negotiation. Problem found by two rust-openssl regress failures reported by mikeb. with & ok beck
* Use calloc/freezero when allocating and freeing the session ticket data.jsing2019-04-251-4/+6
| | | | | | The decrypted session ticket contains key material. ok tb@
* Use EVP_CIPHER_CTX_{new,free}() and HMAC_CTX_{new,free}() instead ofjsing2019-04-251-24/+29
| | | | | | | | | allocating on stack. While here also check the return values from EVP_DecryptInit_ex() and HMAC_Init_ex(). ok tb@
* Rename some variables in tls_decrypt_ticket().jsing2019-04-251-18/+18
| | | | | | | | | Rename mlen to hlen since it is a hmac (and this matches hctx and hmac). Rename ctx to cctx since it is a cipher context and ctx is usually used to mean SSL_CTX in this code. ok tb@
* Convert tls_decrypt_ticket() to CBS.jsing2019-04-231-44/+72
| | | | | | This removes various pointer arithmetic and manual length checks. ok tb@
* Provide a derr label (decode/decrypt error) in tls1_decrypt_ticket().jsing2019-04-221-41/+29
| | | | | | This handles the ret = 2 case and makes the code more readable. ok tb@
* Pass the session ID down to the session/ticket handling code as a CBS.jsing2019-04-224-35/+36
| | | | | | | | | Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions. ok tb@
* Inline and remove the tlsext_tick_md macro.jsing2019-04-223-6/+5
| | | | | | | There is not much point having a tlsext_tick_md macro that replaces EVP_sha256() in two places, when the cipher is just hardcoded. ok tb@
* Clean up tls1_process_ticket().jsing2019-04-211-39/+43
| | | | | | | | We only have to find one extension, so do that first then proceed with processing and decryption. This makes the code more readable and drops two levels of indent. ok tb@
* Cleanup more of tls_decrypt_ticket().jsing2019-04-211-5/+9
| | | | | | | | | | | Separate the malloc() check and EVP_DecryptUpdate() - the malloc() failure is fatal while a EVP_DecryptUpdate() is a decryption failure. Also ensure that we clear the error stack in all cases where we are indicating a failure to decrypt or decode the ticket - otherwise SSL_error() while later return failure when it should not. ok tb@
* Start cleaning up tls_decrypt_ticket().jsing2019-04-211-58/+63
| | | | | | | | | Rather than returning from multiple places and trying to clean up as we go, move to a single exit point and clean/free in one place. Also invert the logic that handles NULL sessions - fail early, rather than having an indented if test for success. ok tb@
* Avoid leak in SSL_dup_CA_list()tb2019-04-131-8/+14
| | | | | | | | In the case that X509_NAME_dup() succeeds, but sk_X509_NAME_push() fails, name is leaked. The entire function is trying to be clever and therefore hard to follow. Let's do it the stupid but safe way. ok jsing
* Recommend SSL_CTX_add1_chain_cert(3) rather thanschwarze2019-04-091-12/+11
| | | | | | | SSL_CTX_add_extra_chain_cert(3). From Dr. Stephen Henson <steve at openssl dot org> via OpenSSL commit a4339ea3 Jan 3 22:38:03 2014 +0000 which is still under a free license.
* Document SSL_CTX_clear_mode(3) and SSL_clear_mode(3).schwarze2019-04-091-22/+48
| | | | | | | From Kurt Roeckx <kurt at roeckx dot be> via OpenSSL commit 57fd5170 May 13 11:24:11 2018 +0200 which is still under a free license. While here, polish awkward wording and reduce duplication.
* By design, our state machine is a DAG contrary to the state machine intb2019-04-054-7/+29
| | | | | | | | | | | | the spec. To avoid the obvious loop in the RFC's state machine, we added a CLIENT_HELLO_RETRY state which is a second ClientHello with special rules. There is, however, no state to react to this second client hello. This adds a matching SERVER_HELLO_RETRY state to the handshakes table. This means in particular that the WITH_HRR state cannot be set in tls13_server_hello_recv(), so remove this now dead check. ok jsing
* Import SSL_CTX_add1_chain_cert(3) from OpenSSL branch 1.1.1, which is stillschwarze2019-04-055-17/+264
| | | | | | | | | under a free license, omitting functions we don't have and tweaked by me; the functions were provided by jsing@ in ssl.h rev. 1.166. While here, also document SSL_CTX_get_extra_chain_certs(3) because it is closely related to companion functions are already documented and the API is kind of incomplete without it.
* Zap two dead #defines that were unused since jsing deleted thetb2019-04-051-5/+1
| | | | | | record_type member of the tls13_handshake_action struct. ok jsing
* Implement legacy fallback for the TLS 1.3 client.jsing2019-04-043-8/+87
| | | | | | | If the Server Hello received indicates that the server did not negotiate TLS 1.3, fallback to the original TLS client implementation. ok bcook@, tb@
* Clean up the cipher/digest table mess.jsing2019-04-043-179/+45
| | | | | | | | | | The original implementation allows for libcrypto to be compiled without a given algorithm and libssl then detects that ciphers or digests are unavailable so that it can disable the associated cipher suites. This is unnecessary since we do not compile out algorithms. ok beck@, tb@ (a while back)
* Bump libssl/libtls minors due to symbol addition.jsing2019-04-041-1/+1
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-24 20:49:20 +0000