| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
While the implementation needs tls13_internal.h, consumers of
tls13_record.h should not.
|
| | |
|
| |
|
|
|
| |
Consistently include local headers in the same location, using the same
grouping/sorting across all files.
|
| |
|
|
|
|
|
|
| |
Now that the DTLS structs are opaque, add a dtls_locl.h header and move
internal-only structs from dtls1.h, along with prototypes from ssl_locl.h.
Only pull this header in where DTLS code actually exists.
ok inoguchi@ tb@
|
| | |
|
| | |
|
| |
|
|
|
| |
Forward declare struct sigalg in ssl_locl.h and avoid including
ssl_sigalgs.h. Explicitly include ssl_sigalgs.h where it is needed.
|
| |
|
|
|
| |
The bytestring APIs are self contained, hence including openssl headers
here is unnecessary.
|
| |
|
|
|
|
| |
Where a file references to OPENSSL_NO_* conditions, ensure that we
explicitly include <openssl/opensslconf.h> before any references, rather
than relying on another header to pull this in.
|
| | |
|
| |
|
|
|
|
|
| |
Modify objxref.pl to output $OpenBSD$ header and
__BEGIN_HIDDEN_DECLS / __END_HIDDEN_DECLS .
ok and comment from tb@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Based on the OpenSSL 1.1.1 manual written by Rich Salz with a healthy
dose of improvements by schwarze.
ok schwarze
|
| |
|
|
|
|
|
|
|
|
| |
Found missing sigoid_srt record in crypto/objects/obj_xref.h, and
this causes error while executing openssl cms -encrypt with EC key/cert.
Added required definitions to obj_xref.txt and obj_xref.h.
Issue reported by Theodore Wynnychenko (tmw <at> uchicago.edu) on misc.
ok tb@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
for EC_POINT_set_compressed_coordinates from OpenSSL 1.1.1.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
and a few other structs in libssl opaque.
from/ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
EC_POINT_set_compressed_coordinates(3)
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
| |
Listed under 'SMI Security for S/MIME CMS Content Type
(1.2.840.113549.1.9.16.1)'
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
These are one-shot versions combining EVP_Digest{Sign,Verify}{Update,Final}.
and are part of the OpenSSL 1.1.1 API. While they simplify callers in some
situations slightly, their real use is for EdDSA that by design can't be
split into Update/Final steps.
Based on OpenSSL commit 7539418981c140648a620d72edd7398564878b5c
ok inoguchi
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
For TLSv1.2 a single key block is generated, then partitioned into
individual secrets for use as IVs and keys. The previous implementation
splits this across two functions tls1_setup_key_block() and
tls1_change_cipher_state(), which means that the IV and key sizes have to
be known in multiple places.
This implementation generates and partitions the key block in a single
step, meaning that the secrets are then simply handed out when requested.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
| |
Per X9.62 4.4.1.b., the compressed representation of a point with
zero x coordinate on a binary curve must have y_bit unset. Error
out in that case of ec_GF2m_set_compressed_coordinates() instead
of ignoring y_bit.
ok jsing
|
| |
|
|
|
| |
copied from other 64 bit arch
ok jsg@
|
| |
|
|
|
|
|
|
| |
After jsing's recent commits, SSL3_CC_{READ,WRITE,CLIENT,SERVER}
and the derived SSL3_CHANGE_CIPHER_{CLIENT,SERVER}_{READ,WRITE}
are no longer used by LibreSSL and should never be used again.
discussed with jsing
|
| |
|
|
|
|
|
|
| |
Replace flag gymnastics at call sites with separate read and write,
functions which call the common code. Condition on s->server instead of
using SSL_ST_ACCEPT, for consistency and more readable code.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
This avoids calling into the key block setup code multiple times and makes
the server code consistent with the client.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
Rather than doing flag gymnastics, split dtls1_reset_seq_numbers() into
separate read and write functions. Move the calls of these functions into
tls1_change_cipher_state() so they directly follow the change of cipher
state in the record layer, which avoids having to duplicate the calls in
the client and server.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
There are several paths where a subtle bug could result in
tls1_transcript_hash_value() being called with a NULL handshake hash - add
an explicit check for this case. As noted by tb@, due to the wonders of
the libcrypto EVP APIs, combined with integer promotion, we already have
a NULL check - this one is just more obvious.
ok tb@
|
| |
|
|
|
|
|
| |
Require master key length to be greater than zero if we're asked to derive
verify data for a finished or peer finished message.
ok tb@
|
| |
|
|
|
|
|
|
| |
We already derive the peer finished in ssl3_do_change_cipher_spec(), which
DTLS relies on. In the case of TLS we've been doing it twice - once in
ssl3_get_message() and once in ssl3_do_change_cipher_spec().
ok tb@
|
| |
|
|
|
|
|
|
|
| |
Instead of using the output parameters directly, null them out at the
beginning and work with local variables which are only assigned to the
output parameters on success. This way we avoid leaking stale pointers
back to the caller.
requested/ok jsing
|
| |
|
|
| |
OK deraadt@
|
