summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Convert TLS transcript from BUF_MEM to tls_buffer.jsing2022-07-222-29/+16
| | | | ok beck@ tb@
* Add read and write support to tls_buffer.jsing2022-07-224-13/+139
| | | | | | | | tls_buffer was original created for a specific use case, namely reading in length prefixed messages. This adds read and write support, along with a capacity limit, allowing it to be used in additional use cases. ok beck@ tb@
* Simplify tls13_server_encrypted_extensions_recvtb2022-07-221-8/+2
| | | | | | | We can rely on tlsext_client_parse() to set the alert, so no need to do this in the error path. ok jsing
* Remove redundant length checks in parse functionstb2022-07-221-21/+1
| | | | | | | | | | | The main parsing function already checks that the entire extension data was consumed, so the length checks inside some of the parse handlers are redundant. They were also not done everywhere, so this makes the parse handlers more consistent. Similar diff was sent by jsing a long while back ok jsing
* Simplify tlsext_supported_groups_server_parsetb2022-07-201-45/+31
| | | | | | | | | Add an early return in the s->internal->hit case so that we can unindent a lot of this code. In the HRR case, we do not need to check that the list of supported groups is unmodified from the first CH. The CH extension hashing already does that for us. ok jsing
* Drop some unnecessary parentheses.tb2022-07-201-3/+2
| | | | ok jsing
* Copy alpn_selected using CBStb2022-07-201-6/+7
| | | | ok jsing
* Copy alpn_client_proto_list using CBS in SSL_new()tb2022-07-201-12/+7
| | | | | | | This makes the code both shorter and safer since freeing, allocation, and copying are handled by CBS_stow() internally. ok jsing
* Validate protocols in SSL{_CTX,}_set_alpn_protos()tb2022-07-201-1/+12
| | | | | | | | | | | This wonderful API requires users to pass the protocol list in wire format. This list is then sent as part of the ClientHello. Validate it to be of the correct form. This reuses tlsext_alpn_check_format() that was split out of tlsext_alpn_server_parse(). Similar checks were introduced in OpenSSL 86a90dc7 ok jsing
* Rewrite SSL{_CTX,}_set_alpn_protos() using CBStb2022-07-201-23/+15
| | | | | | | | | This simplifies the freeing, assigning and copying of the passed protocols by replacing all that code with a pair of CBS_init() and CBS_stow(). In addition, this aligns the behavior with OpenSSL, which no longer errors on NULL proto or 0 proto_len since 86a90dc7. ok jsing
* Change various ALPN related internal struct memberstb2022-07-201-6/+6
| | | | | | | | Change alpn_client_proto_list and alpn_selected from unsigned char * to uint8_t and change alpn_client_proto_list_len to be a size_t instead of an unsigned int. ok jsing
* Factor out ALPN extension format checktb2022-07-202-14/+27
| | | | | | | | The ALPN extension must contain a non-empty list of protocol names. Split a check of this out of tlsext_alpn_server_parse() so that it can be reused elsewhere in the library. ok jsing
* Remove tls_buffer_set_data() and remove/revise callers.jsing2022-07-206-34/+14
| | | | | | | | | | | | | There is no way that tls_buffer_set_data() can currently work in conjunction with tls_buffer_expand(). This fact is currently hidden by the way that PHH works, which reads the same data from the record layer (which it needs to do anyway, since we may not have all of the handshake message in a single record). Since this is broken, mop it up and change the PHH callback to not provide the record data. ok beck@ tb@
* Correct server-side handling of TLSv1.3 key updates.jsing2022-07-201-20/+30
| | | | | | | | The existing code updates the correct secret, however then sets it for the wrong direction. Fix this, while untangling the code and consistenly using 'read' and 'write' rather than 'local' and 'peer'. ok beck@ tb@
* Disallow MD5 and SHA-1 HMACs depending on the security leveltb2022-07-191-2/+11
| | | | | | | | Ciphers using an MD5 HMAC are not allowed on security levels >= 1 and using a SHA-1 HMAC is disallowed on security levels >= 4. This disables RC4-MD5 by default. ok jsing
* Avoid unnecessary loops in BN_generate_prime_ex()tb2022-07-191-4/+6
| | | | | | | | | Since there is nothing randomized in bn_is_prime_bpsw(), the concept of rounds makes no sense. Apply a minimal change for now that avoids expensive loops that won't change the outcome in case we found a probable prime. ok jsing
* Handle X509_check_purpose(3) and EVP_get_digestbyobj(3)kn2022-07-171-2/+5
| | | | OK tb
* Add initial support for ESSCertIDv2 verificationkn2022-07-171-19/+99
| | | | | | | | | Based on OpenSSL commit f0ef20bf386b5c37ba5a4ce5c1de9a819bbeffb2 "Added support for ESSCertIDv2". This makes TS validation work in the new security/libdigidocpp port. Input OK tb
* Disable TLSv1.3 middlebox compatibility mode for QUIC connections.jsing2022-07-171-2/+3
| | | | | | This is required by RFC 9001. ok tb@
* Pass SSL pointer to tls13_ctx_new().jsing2022-07-173-15/+11
| | | | | | | | struct tls13_ctx already knows about SSL's and this way tls13_ctx_new() can set up various pointers, rather than duplicating this in tls13_legacy_accept() and tls13_legacy_connect(). ok tb@
* Correct handling of QUIC transport parameters extension.jsing2022-07-171-48/+16
| | | | | | | | | | | Remove duplicate U16 length prefix, since tlsext_build() already adds this for us. Condition on SSL_is_quic() rather than TLS version - RFC 9001 is clear that this extension is only permitted on QUIC transport and an fatal unsupported extension alert is required if used elsewhere. Additionally, at the point where extensions are parsed, we do not necessarily know what TLS version has been negotiated. ok beck@ tb@
* Provide SSL_is_quic()jsing2022-07-173-5/+14
| | | | | | | | This function will allow code to know if the SSL connection is configured for use with QUIC or not. Also move existing SSL_.*quic.* functions under LIBRESSL_HAS_QUIC to prevent exposing them prematurely. ok beck@ tb@
* Correct TLSEXT_TYPE_quic_transport_parameters message types.jsing2022-07-171-2/+2
| | | | | | | Per RFC 9001, TLSEXT_TYPE_quic_transport_parameters may only appear in ClientHello and EncryptedExtensions (not ServerHello). ok beck@ tb@
* Correct value for TLSEXT_TYPE_quic_transport_parametersjsing2022-07-171-4/+6
| | | | | | | | Use the correct value for TLSEXT_TYPE_quic_transport_parameters according to RFC 9001 section 8.2. Also move the define under LIBRESSL_HAS_QUIC to avoid things finding it prematurely. ok beck@ tb@
* AESCGM -> AESGCMjsg2022-07-171-4/+4
|
* Add ESSCertIDv2 stack macroskn2022-07-161-1/+25
| | | | | | | | Copy existing ESSCertID macros and s/_ID/&_V2/g. Guard the new code under LIBRESSL_INTERNAL to defer visibility. OK tb
* Add ESSCertIDv2 ASN.1 boilerplatekn2022-07-162-2/+170
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and minor library bump (thanks tb). ts/ts.h bits from RFC 5035 Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility ts/ts_asn1.c bits expanded from ASN1_SEQUENCE(ESS_CERT_ID_V2) = { ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2) IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2) ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) } static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2) Feedback OK tb
* Add NID for signingCertificateV2kn2022-07-162-0/+2
| | | | | | https://oidref.com/1.2.840.113549.1.9.16.2.47 OK tb
* Avoid direct X509 structure accesskn2022-07-162-12/+12
| | | | | | | Cherry-picked from OpenSSL commit a8d8e06b0ac06c421fd11cc1772126dcb98f79ae. This reduces upcoming TS changes. OK jsing tb
* Zap duplicate ERR_load_TS_strings() prototypekn2022-07-161-3/+1
| | | | | | It's defined again (more appropiately) further down above the error codes. OK jsing tb
* Expand the comment explaining the for loop with bn_lucas_step() a bit.tb2022-07-151-3/+3
|
* Comment for factorization of n - 1 = k * 2^s in bn_miller_rabin_base_2()tb2022-07-151-1/+2
|
* Rename is_perfect_square to out_perfect in prototype to matchtb2022-07-151-2/+2
| | | | the code in bn_isqrt.c.
* Zap trailing whitespacetb2022-07-141-4/+4
|
* add .Xr links to SSL_CTX_set_security_level(3)schwarze2022-07-135-15/+20
|
* add a few .Xr links to new manual pagesschwarze2022-07-1311-24/+36
|
* In dsa.h rev. 1.34 (14 Jan 2022), tb@ provided DSA_bits(3).schwarze2022-07-131-10/+51
| | | | | | | Document it from scratch. While here, merge a few details from the OpenSSL 1.1.1 branch, which is still under a free license, into the documentation of DSA_size(3).
* In x509_vfy.h rev. 1.54, tb@ provided X509_VERIFY_PARAM_get_time(3)schwarze2022-07-131-3/+44
| | | | | | and X509_VERIFY_PARAM_set_auth_level(3). Document them. For the latter, i included a few sentences from the OpenSSL 1.1.1 branch, which is still under a free license.
* link three new manual pages to the buildschwarze2022-07-131-1/+4
|
* Start documenting our new pet octopus, SSL_CTX_set_security_level(3).schwarze2022-07-132-1/+161
| | | | | | | Or should we call it a centipede? Feedback and OK on a previous version from jsing@ and from our chief myriapodologist, tb@.
* Cast int64_t to uint64_t before negating.jsing2022-07-131-3/+7
| | | | | | | | | Avoid undefined behaviour/integer overflow by casting an int64_t to uint64_t before negating. Fixes oss-fuzz #49043 ok tb@
* Write documentation for EVP_PKEY_check(3), EVP_PKEY_public_check(3),schwarze2022-07-135-44/+504
| | | | | | | | | | | | EVP_PKEY_param_check(3), and EVP_PKEY_security_bits(3) from scratch. Move the documentation of EVP_PKEY_size(3) and EVP_PKEY_bits(3) to the new manual page EVP_PKEY_size(3). Merge the documentation of the related function pointers from the OpenSSL 1.1.1 branch, which is still under a free license. OK tb@ on the new page EVP_PKEY_size(3).
* Simplify computation of max_pub_key = dh->p - 1.tb2022-07-131-4/+2
| | | | ok jsing
* New manual page written from scratch;schwarze2022-07-131-0/+137
| | | | | tb@ recently added these functions to libcrypto and also provided feedback on my first draft of this page.
* Remove #ifndef around the definition of OPENSSL_TLS_SECURITY_LEVEL.tb2022-07-131-3/+1
| | | | | | | | We do not intend to make this a compile-time option. Reminded by schwarze who asked about it ok jsing
* On May 4 14:19:08 2006 UTC, while fixing a security issue, djm@schwarze2022-07-131-11/+64
| | | | | | | | | provided the new public function DH_check_pub_key(3) in <openssl/dh.h>. Sorry for being a bit tardy in documenting the new function. Then again, OpenSSL doesn't document it either, yet. While here, drop a HISTORY entry about a constant that was renamed in OpenSSL 0.9.5. That's no longer relevant.
* Do not make tables static so we can access them from regress.tb2022-07-131-5/+5
|
* Enable BPSW primality test.tb2022-07-131-1/+3
| | | | ok jsing
* Hook BPSW into BN_is_prime_fasttest_ex()tb2022-07-131-3/+13
| | | | ok jsing
* Link bn_bpsw.c to buildtb2022-07-131-2/+2
| | | | ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-05 13:44:11 +0000