| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
| |
10% of our manual pages using this macro employed useless quoting anyway.
Remove these quotes such that they do not incite fear, uncertainty,
and doubt in developers who happen to look at these pages.
jmc@ and tb@ agree with the direction.
|
| |
|
|
|
| |
reported by smatch via jsg
ok beck
|
| | |
|
| |
|
|
|
| |
that no longer exists, and add .Lb libssl libcrypto;
OK tb@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Switch argument order and use sizeof(*ctx) rather than sizeof(struct ...).
ok jsg
|
| |
|
|
| |
ok jsg
|
| |
|
|
| |
found with smatch, ok tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
SSL_alert_desc_string() is only used by our good old friends M2Crypto
and Net::SSLeay. While some of the two-letter combinations can be made
sense of without looking at the switch, I guess, this is just a
completely useless interface. The same level of uselessness can be
acchieved in a single line matching BoringSSL.
ok joshua kenjiro
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a precursor to adding new group ids for post quantum
stuff which are up in the 4000 range, so using the array index
as the group id will be silly. Instead we just add the group
id to the structure and we walk the list to find it.
This should never be a very large list for us, so no need
to do anything cuter than linear search for now.
ok jsing@, joshua@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Makes upcoming changes in regress less ugly.
|
| |
|
|
|
|
|
|
|
|
|
| |
All supported releases of LibreSSL ensure that the corresponding callbacks
are called in a predefined order rather than honoring the order in which a
client sends its extensions. Therefore the ALPN callback for apache-httpd's
virtual host setups can rely on SNI information being available and we no
longer need to work around this on hte client side. Cuts the amount of code
needed for tlsext randomization in half.
ok jsing
|
| | |
|
| |
|
|
| |
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
code #ifdef'ing these and compiled with new headers won't work as expected on
earlier libraries
minor libtls bump to match libssl bump
ok tb@
|
| |
|
|
| |
ok miod
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In January 2017 we added SSL_OP_NO_CLIENT_RENEGOTIATION, which results in a
SSL_AD_NO_RENEGOTIATION fatal alert if a ClientHello message is seen on an
active connection (client initiated renegotation). Then in May 2017 OpenSSL
added SSL_OP_NO_RENEGOTIATION, which results in a SSL_AD_NO_RENEGOTIATION
warning alert if a server receives a ClientHello on an active connection
(client initiated renegotation), or a client receives a HelloRequest
(server requested renegotation). This option also causes calls to
SSL_renegotiate() and SSL_renegotiate_abbreviated() to fail. Then in 2021,
OpenSSL also added SSL_OP_ALLOW_CLIENT_RENEGOTIATION, which trumps
SSL_OP_NO_RENEGOTIATION but only for incoming ClientHello messages
(apparently unsetting SSL_OP_NO_RENEGOTIATION is too hard).
Provide SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION,
primarily to make life easier for ports. If SSL_OP_NO_CLIENT_RENEGOTIATION
is set it will take precedence and render SSL_OP_ALLOW_CLIENT_RENEGOTIATION
ineffective. The rest of the behaviour should match OpenSSL, with the
exception of ClientHellos triggering fatal alerts instead of warnings.
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Various ports throw a warning since their tls_session_secret_cb's
signature doesn't match what we expect. Aligns us with OpenSSL 1.1.
This is only useful for RFC 4851 EAP-FAST implementations and
surprisingly it's undocumented.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
Some people are concerned that leaking a user name is a privacy issue.
Allow disabling the __FILE__ and __LINE__ argument in the error stack
to avoid this. This can be improved a bit in tree.
From Viktor Szakats in https://github.com/libressl/portable/issues/761
ok bcook jsing
|
| | |
|
| |
|
|
|
|
|
| |
It doesn't need to have optional arguments anymore, so we can pass
in values and don't need NULL checks and dereferencing.
ok jsing
|
| | |
|
| |
|
|
| |
ok cc + sha256
|
| |
|
|
|
| |
The only caller ensures that the EC_KEY is not NULL and passes the address
of comp_id on its stack, so neither will be NULL.
|
| |
|
|
|
|
|
|
|
| |
If we get here, we're in a server and have managed to load the cert.
The public key is therefore a point on a built-in curve, and we know
the group is defined over some prime field. Now it is just a matter of
figuring out whether we support the group in libssl.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
Support was removed nearly a decade ago. No need to mention this anymore.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
| |
Support for this went away in 2017, but a few things still mentioned DSA
in various contexts. Replace DSA with ECDSA where appropriate and otherwise
delete this. It won't work.
ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This switches to using the X509_get_signature_info() API instead of hand
rolling a part of it. This is slightly tangly since the security level API
is strange. In particular, some failures are passed to the security level
callback so that applications can override them.
This makes the security level API handle RSA-PSS and EdDSA certificates
correctly and the handshake with such can progress a bit further. Of note,
we check that the certs are actually suitable for use in TLS per RFC 8446
contrary to what OpenSSL does.
ok beck jsing
|
