| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
stub, written from scratch;
OK tb@ on SSL_set_psk_use_session_callback.3
|
| |
|
|
|
|
| |
OpenSSL 1.1.1 branch, which is still under a free license.
A few tweaks to wording and structure by me.
OK tb@ on SSL_SESSION_is_resumable.3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
and OPENSSL_EC_EXPLICIT_CURVE
from OpenSSL commit 146ca72c Feb 19 14:35:43 2015 +0000
after tb@ changed the default from 0 to OPENSSL_EC_NAMED_CURVE
in ec/ec_lib.c rev. 1.41,
which is the same default that OpenSSL uses since 1.1.0.
While merging, drop the description of the pre-1.1.0 behaviour.
It seems irrelevant to me because tb@ found no application in Debian
codesearch using OPENSSL_EC_EXPLICIT_CURVE. A former devious default
that was probably never relied upon by anyone does not need to be
documented.
|
| |
|
|
|
|
| |
as in all other palces. Check the EXFLAG_SET flag first and if not set
grab the CRYPTO_LOCK_X509 before calling x509v3_cache_extensions().
OK tb@ beck@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pre-OpenSSL 1.1.0 default was to use explicit curve parameter
encoding. Most applications want to use named curve parameter encoding
and have to opt into this explicitly.
Stephen Henson changed this default in OpenSSL commit 86f300d3 6 years
ago and provided a new OPENSSL_EC_EXPLICIT_CURVE define to opt back into
the old default. According to Debian's codesearch, no application
currently does this, which indicates that we currently have a bad default.
In the future it is more likely that applications expect the new
default, so we follow OpenSSL to avoid problems.
Prompted by schwarze who noted that OPENSSL_EC_EXPLICIT_CURVE is missing.
ok beck inoguchi jsing
|
| |
|
|
| |
from the OpenSSL 1.1.1 branch, which is still under a free license
|
| |
|
|
|
|
|
|
|
| |
branch, which is still under a free license.
While here, also merge a few other improvements, mostly regarding
EC_GROUP_get_order(3) and EC_GROUP_get_cofactor(3); in particular,
some statements below RETURN VALUES were outright wrong.
This patch includes a few minor tweaks and an addition to HISTORY by me.
Feedback and OK tb@.
|
| |
|
|
| |
OK tb@
|
| |
|
|
|
|
|
| |
and BN_lebin2bn(3) from the OpenSSL 1.1.1 branch,
which is still under a free license.
While here, tweak a number of details for clarity.
OK tb@
|
| |
|
|
| |
automatically initializes itself. OK tb@
|
| |
|
|
| |
'may as well' deraadt
|
| | |
|
| |
|
|
| |
changes
|
| | |
|
| | |
|
| |
|
|
| |
ok beck inoguchi jsing
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
with/ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
with/ok jsing
|
| |
|
|
|
|
| |
from public visibility.
with/ok jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
BN_rand_range()
From OpenSSL 1.1.1l
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck inoguchi
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As reported by Jeremy Harris, we inherited a strange behavior from
OpenSSL, in that we ignore the SSL_TLSEXT_ERR_FATAL return from the
ALPN callback. RFC 7301, 3.2 states: 'In the event that the server
supports no protocols that the client advertises, then the server
SHALL respond with a fatal "no_application_protocol" alert.'
Honor this requirement and succeed only on SSL_TLSEXT_ERR_{OK,NOACK}
which is the current behavior of OpenSSL. The documentation change
is taken from OpenSSL 1.1.1 as well.
As pointed out by jsing, there is more to be fixed here:
- ensure that the same protocol is selected on session resumption
- should the callback be called even if no ALPN extension was sent?
- ensure for TLSv1.2 and earlier that the SNI has already been processed
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck
|
| |
|
|
|
|
|
|
|
| |
has decided to change a succeess to a failure and change the error code.
Fixes a regression in the openssl-ruby tests which expect to test this
functionality.
ok tb@
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok bcook jsing
|
| |
|
|
|
|
|
|
| |
Free ec->key before reassigning it.
From OpenSSL 1.1.1, 58e1e397
ok inoguchi
|
| |
|
|
|
|
| |
Needed for nginx-lua to build with opaque SSL.
ok inoguchi jsing
|
| |
|
|
|
|
|
| |
This is needed for telephony/coturn and telephony/resiprocate to compile
without opaque SSL.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
| |
As found by jsg and patrick, this is needed for newer uboot and
will also be used in upcoming elliptic curve work.
This is from OpenSSL 1.1.1l with minor style tweaks.
ok beck inoguchi
|
| |
|
|
| |
OK tb@
|
| |
|
|
| |
OK tb@
|
| |
|
|
|
|
| |
No functional changes.
OK tb@
|
| |
|
|
| |
OK tb@ jsing@ beck@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently, the plaintext content from opened TLS records is handled via
the rbuf code in the TLSv1.3 record layer. Factor this out and provide a
separate struct tls_content, which knows how to track and manipulate the
content.
This makes the TLSv1.3 code cleaner, however it will also soon also be used
to untangle parts of the legacy record layer.
ok beck@ tb@
|
| |
|
|
|
|
|
| |
in Openssl 1.1.1 for when to call the session callbacks. I believe it
to also generates a lot less eye bleed, confirmed by tb@
ok jsing@ tb@
|
| |
|
|
|
|
|
| |
Rather than manually checking multiple bytes, actually parse the DTLS
handshake message header, then check the values against what we parsed.
ok inoguchi@ tb@
|
| |
|
|
|
|
| |
The callers know the actual length and can initialise a CBS correctly.
ok inoguchi@ tb@
|
