summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Implement pending for TLSv1.3.jsing2020-01-234-6/+42
| | | | | | Makes `openssl s_client -peekaboo` work with TLSv1.3. ok beck@ tb@
* Remove lies from the SSL_pending man page, Our implementation neverbeck2020-01-231-22/+3
| | | | | | advances the record layer, it only reports internal state. ok jsing@ tb@
* Switch back to a function pointer for ssl_pending.jsing2020-01-233-14/+24
| | | | | | | This will allow the TLSv1.3 stack to provide its own implementation. Nuke a completely bogus comment from SSL_pending() whilst here. ok beck@
* Add a TLS13_IO_ALERT return value so that we can explicitly signal whenjsing2020-01-233-11/+22
| | | | | | | | | | we sent or received a fatal alert. Pull the fatal_alert check up into tls13_legacy_error(). Also, if sending an alert resulted in EOF, do not propagate this back since we do not want to signal EOF to the caller (rather we want to indicate failure). ok beck@ tb@
* Pass a CBB to TLSv1.3 send handlers.jsing2020-01-234-50/+44
| | | | | | | This avoids the need for each send handler to call tls13_handshake_msg_start() and tls13_handshake_msg_finish(). ok beck@ tb@
* The length of the IV of EVP_chacha20 is currently 64 bits, not 96.tb2020-01-221-3/+3
| | | | ok beck
* Wire up the TLSv1.3 server.jsing2020-01-223-6/+182
| | | | | | | | This currently only has enough code to handle fallback to the legacy TLS stack for TLSv1.2 or earlier, however allows for further development and testing. ok beck@
* Pass a handshake message content CBS to TLSv1.3 receive handlers.jsing2020-01-225-85/+70
| | | | | | | | | This avoids every receive handler from having to get the handshake message content itself. Additionally, pull the trailing data check up so that each receive handler does not have to implement it. This makes the code more readable and reduces duplication. ok beck@ tb@
* Fix things so that `make -DTLS1_3` works again.jsing2020-01-221-1/+3
|
* Send alerts on certificate verification failures of server certsbeck2020-01-221-2/+2
| | | | ok tb@
* Rename failure into alert_desc in tlsext_ocsp_server_parse().tb2020-01-221-5/+5
|
* fix previous: alert_desc needs to be an int.tb2020-01-221-2/+2
|
* Avoid modifying alert in the success path.tb2020-01-221-11/+17
| | | | ok beck jsing
* Enable the TLSv1.3 client in libssl.jsing2020-01-221-2/+3
| | | | | | | | | | | | | | This also makes it available to clients that use libtls, including ftp(1) and nc(1). Note that this does not expose additional defines via public headers, which means that any code conditioning on defines like TLS1_3_VERSION or SSL_OP_NO_TLSv1_3 will not enable or use TLSv1.3. This approach is necessary since too many pieces of software assume that if TLS1_3_VERSION is available, other OpenSSL 1.1 API will also be available, which is not necessarily the case. ok beck@ tb@
* Correct includes check for libtls.jsing2020-01-221-2/+2
|
* Add checks to ensure that lib{crypto,ssl,tls} public headers have actuallyjsing2020-01-223-3/+33
| | | | | | been installed prior to building. Requested by and ok tb@
* delete wasteful ;;deraadt2020-01-221-2/+2
| | | | ok tedu
* Move guards from public to internal headers, and fix not use values.beck2020-01-222-8/+7
| | | | | | reverts previous attempt which would have broken ports ok jsing@
* Simplify header installation by combining the HDRS and HDRS_GEN loops.jsing2020-01-221-9/+2
| | | | ok beck@
* Note in the man page that the default protocols list includes 1.3beck2020-01-221-4/+4
| | | | ok jsing@
* Enable TLS version 1.3 in the default protocols for libtls.beck2020-01-221-2/+2
| | | | | | | This will as yet not do anything, until we turn it on in the lower level libraries. ok jsing@
* Implement support for SSL_peek() in the TLSv1.3 record layer.jsing2020-01-223-14/+39
| | | | ok beck@ tb@
* After the ClientHello has been sent or received and before the peer'stb2020-01-224-8/+22
| | | | | | | | Finished message has been received, a change cipher spec may be received and must be ignored. Add a flag to the record layer struct and set it at the appropriate moments during the handshake so that we will ignore it. ok jsing
* Correctly set the legacy version when TLSv1.3 is building a client hello.jsing2020-01-221-4/+11
| | | | | | | The legacy version field is capped at TLSv1.2, however it may be lower than this if we are only choosing to use TLSv1.0 or TLSv1.1. ok beck@ tb@
* Don't add an extra unknown error if we got a fatal alertbeck2020-01-221-2/+3
| | | | ok jsing@
* The legacy_record_version must be set to TLS1_2_VERSION excepttb2020-01-224-9/+30
| | | | | | | | | in the ClientHello where it may be set to TLS1_VERSION. Use the minimal supported version to decide whether we choose to do so or not. Use a sent hook to set it back TLS1_2_VERSION right after the ClientHello message is on the wire. ok beck jsing
* Hook up the TLSv1.3 legacy shutdown code.jsing2020-01-221-2/+2
| | | | Missed in an earlier commit.
* Add minimal support for hello retry request for RFC conformance.beck2020-01-224-11/+71
| | | | | | We currently don't support sending a modified clienthello ok jsing@ tb@
* Split the TLSv1.3 guards into separate client and server guards.jsing2020-01-223-6/+13
| | | | ok beck@ tb@
* Implement close-notify and SSL_shutdown() handling for the TLSv1.3 client.jsing2020-01-223-9/+76
| | | | ok beck@ inoguchi@ tb@
* Correct legacy fallback for TLSv1.3 client.jsing2020-01-213-9/+30
| | | | | | | | | When falling back to the legacy TLS client, in the case where a server has sent a TLS record that contains more than one handshake message, we also need to stash the unprocessed record data for later processing. Otherwise we end up with missing handshake data. ok beck@ tb@
* Remove redundant ASN1_INTEGER_set call in PKCS7_set_typeinoguchi2020-01-211-2/+1
| | | | ok bcook@
* Provide SSL_R_UNKNOWN.jsing2020-01-213-5/+7
| | | | | | | This allows us to indicate that the cause of the failure is unknown, rather than implying that it was an internal error when it was not. ok beck@
* Clear and free the tls13_ctx that hangs off an SSL *s fromtb2020-01-212-2/+8
| | | | | | | | | SSL_{clear,free}(3). Make sure the handshake context is cleaned up completely: the hs_tls13 reacharound is taken care of by ssl3_{clear,free}(3). Add a missing tls13_handshake_msg_free() call to tls13_ctx_free(). ok beck jsing
* Add alert processing in tls client code, by adding alert to thebeck2020-01-213-19/+30
| | | | | | | tls13 context, and emiting the alert at the upper layers when the lower level code fails ok jsing@, tb@
* Add alerts to the tls 1.3 record layer and handshake layerbeck2020-01-202-49/+29
| | | | ok jsing@, inoguchi@, tb@
* Provide an error framework for use with the TLSv1.3 code.jsing2020-01-205-7/+151
| | | | | | | This is based on the libtls error handling code, but adds machine readable codes and subcodes. We then map these codes back to libssl error codes. ok beck@ inoguchi@
* Add support for TLSv1.3 as a protocol to libtls.jsing2020-01-204-11/+20
| | | | | | | This makes tls_config_parse_protocols() recognise and handle "tlsv1.3". If TLSv1.3 is enabled libtls will also request libssl to enable it. ok beck@ tb@
* Free pss in RSA_freeinoguchi2020-01-171-1/+2
| | | | | ok bcook@ ok and "move it down two lines" jsing@
* bump to 3.1.0bcook2020-01-141-3/+3
|
* Document how to make getopt_long(3) process arguments in order and stopstsp2020-01-131-2/+18
| | | | | at the first non-option argument. I had to read source code to figure it out.
* Avoid leak in error path of PKCS5_PBE_keyivgeninoguchi2020-01-121-1/+2
| | | | ok jsing@ tb@
* Avoid leak in error path of asn1_parse2inoguchi2020-01-091-17/+21
| | | | ok tb@
* Avoid leak in error path of dh_priv_decodeinoguchi2020-01-041-1/+2
| | | | ok jsing@ tb@
* In ssl.h rev. 1.167 and s3_lib.c rev. 1.188, jsing@ providedschwarze2020-01-021-4/+21
| | | | | | | | the new function SSL_CTX_get_extra_chain_certs_only(3) and changed the semantics of the existing SSL_CTX_get_extra_chain_certs(3) API from the former OpenSSL 1.0.1 behaviour to the new, incompatible OpenSSL 1.0.2 behaviour. Adjust the documentation. OK jsing@ beck@ inoguchi@
* Revise SSL_CTX_get_extra_chain_certs() to match OpenSSL behaviour.jsing2020-01-022-8/+23
| | | | | | | | | | | | | | In OpenSSL, SSL_CTX_get_extra_chain_certs() really means return extra certs, unless there are none, in which case return the chain associated with the certificate. If you really just want the extra certs, including knowing if there are no extra certs, then you need to call SSL_CTX_get_extra_chain_certs_only()! And to make this even more entertaining, these functions are not documented in any OpenSSL release. Reported by sephiroth-j on github, since the difference in behaviour apparently breaks OCSP stapling with nginx. ok beck@ inoguchi@ tb@
* Provide TLSEXT_TYPE_* aliases for TLS 1.3.jsing2020-01-021-1/+10
| | | | | | | | | | | OpenSSL decided to use their own names for two of the TLS 1.3 extensions, rather than using the names given in the RFC. Provide aliases for these so that code written to work with OpenSSL also works with LibreSSL (otherwise everyone gets to provide their own workarounds). Issue noted by d3x0r on github. ok inoguchi@ tb@
* drand48(3) returns values in [0.0, 1.0).tb2019-12-201-3/+3
| | | | | | From j@bitminer.ca with input from Andras Farkas, deraadt, joerg@netbsd "fix however you feel best!" jmc
* spelling; from bryan stensonjmc2019-12-191-3/+3
|
* Fix documented signatures of HMAC(3) and HMAC_Update(3). The n and lentb2019-12-141-4/+4
| | | | | arguments were changed from int to size_t with the import of OpenSSL 0.9.8h in 2008.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 23:17:12 +0000