summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Free the server tls transcript in case session reuse did not work.bluhm2018-11-111-3/+4
| | | | | Regression found by Perl module p5-IO-Socket-SSL tests. with beck@ tb@
* include crypto.h from the correct path, remove unused variablebcook2018-11-111-5/+2
|
* Add support for RSA PSS algorithims being used in sigalgs.beck2018-11-112-2/+29
| | | | | | lightly tested, but will need sanity checks and regress test changes before being added to any sigalgs list for real ok jsing@ tb@
* Convert signatures and verifcation to use the EVP_DigestXXX apibeck2018-11-113-45/+93
| | | | | | to allow for adding PSS, Nuke the now unneejded guard around the PSS algorithms in the sigalgs table ok jsing@ tb@
* Remove dead codebeck2018-11-102-16/+2
| | | | ok jsing@
* Tweak and improve the TLSv1.3 state machine.jsing2018-11-101-24/+46
| | | | | | | | | | | | | | | | - Provide a tls13_handshake_active_action() function to reduce code duplication and replace tls13_handshake_get_sender(). - Add an INVALID message_type, so we can explicitly detect invalid conditions. - Implement skeletons for the tls13_handshake_send_action() and tls13_handshake_recv_action() functions. - OR in the NEGOTIATED value at the end of recving or sending a server hello so that we switch to the next chain in the state table. ok tb@
* Avoid a double allocation and memory leak.jsing2018-11-101-4/+2
| | | | Reported by Ben L <bobsayshilol at live dot co dot uk>
* Stop keeping track of sigalgs by guessing it from digest and pkey,beck2018-11-108-92/+102
| | | | | | just keep the sigalg around so we can remember what we actually decided to use. ok jsing@
* Use TLS13_HS_{CLIENT,SERVER} instead of using a redundant _SEND{,S}.tb2018-11-101-30/+28
| | | | ok jsing
* Fix last of the empty hash nonsensebeck2018-11-101-26/+3
| | | | ok jsing@
* Fix the TLSv1.3 key schedule implementation.jsing2018-11-092-66/+95
| | | | | | | | | | | | When the RFC refers to ("") for key derivation, it is referring to the transcript hash of an empty string, not an empty string. Rename tls13_secrets_new() to tls13_secrets_create(), make it take an EVP_MD * and calculate the hash of an empty string so that we have it available for the "derived" and other steps. Merge tls13_secrets_init() into the same function, remove the EVP_MD * from other functions and use the empty string hash at the appropriate places. ok beck@ tb@
* Use "send" and "recv" consistently instead of mixing them with "read"tb2018-11-091-98/+108
| | | | | | and "write". Use self-documenting C99 initializers. ok bcook, jsing
* Initialize priv_key and pub_key on first use instead of at the top.tb2018-11-091-6/+4
| | | | | | While there, eliminate a flag that was only used once. ok beck jsing mestre
* Initialize priv_key and pub_key on first use instead of at the top.tb2018-11-091-4/+4
| | | | ok beck jsing mestre
* Avoid dereferencing eckey before checking it for NULL.tb2018-11-091-5/+6
| | | | | | CID 184282 ok beck jsing mestre
* Remove ethers(5) YP support bits from libc as it makes it difficult tobrynet2018-11-092-70/+8
| | | | | | | | effectively use pledge(2) in some programs. approval from many, thanks! idea by & ok deraadt@
* Ensure we free the handshake transcript upon session resumption.jsing2018-11-091-1/+4
| | | | | | Found the hard way by jmc@ ok tb@
* Ensure we only choose sigalgs from our prefernce list, not the whole listbeck2018-11-094-10/+19
| | | | ok jsing@
* Add the ability to have a separate priority list for sigalgs.beck2018-11-094-12/+43
| | | | | Add a priority list for tls 1.2 ok jsing@
* Correct defines for writer tests in connect/accept loops.jsing2018-11-091-3/+3
| | | | ok tb@
* Correct function naming for tls13_handshake_advance_state_machine().jsing2018-11-091-4/+2
| | | | ok tb@
* Avoid leak: free existing SRTP connection profiles beforetb2018-11-091-1/+2
| | | | | | setting it. From Ben L <bobsayshilol () live ! co ! uk>.
* Avoid leaking memory that was already allocated in ASN1_item_new().tb2018-11-091-5/+1
| | | | From Ben L <bobsayshilol () live ! co ! uk>
* Fix a buffer overrun in asn1_parse2().tb2018-11-091-4/+7
| | | | | From Ben L bobsayshilol () live ! co ! uk Similar fixes in BoringSSL and OpensSSL.
* Add const to the data argument of ASN1_set{,_int}_octetstring().tb2018-11-092-6/+6
| | | | | | From Ben L bobsayshilol () live ! co ! uk ok jsing
* Add header guards and hidden declarations.jsing2018-11-092-2/+19
|
* Add header guards and hidden declarations.jsing2018-11-091-1/+10
|
* Reimplement the sigalgs processing code into a new implementationbeck2018-11-099-253/+340
| | | | | that will be usable with TLS 1.3 with less eye bleed. ok jsing@ tb@
* First skeleton of the TLS 1.3 state machine. Based on RFC 8446 andtb2018-11-083-4/+607
| | | | | | inspired by s2n's state machine. Lots of help and input from jsing. ok beck, jsing
* KNFbeck2018-11-081-3/+4
|
* Clean up and simplify the handshake transcript code.jsing2018-11-0810-166/+144
| | | | | | | This provides a cleaner, simpler and more readable API, with code that uses a BUF_MEM instead of a BIO. ok beck@ ("hurry up") and tb@.
* Stop pretending that a cert member in a SSL and SSL_CTX can be NULL.jsing2018-11-088-121/+18
| | | | ok beck@ tb@
* Move #include <openssl/evp.h> to the header.tb2018-11-082-3/+4
| | | | discussed with beck and jsing
* Ensure the handshake transcript is cleaned up.jsing2018-11-082-3/+20
| | | | | | | | | Add a check at the completion of the client/server handshake to ensure that the handshake transcript has been freed. Fix the case where a server asks the client for a certificate, but it does not have one, resulting in the handshake transcript being left around post-handshake. ok bcook@ tb@
* Remove some function prototypes that should have been removed in thejsing2018-11-081-10/+2
| | | | | | previous clean up. Spotted by bcook@
* LibreSSL 2.9.0bcook2018-11-081-3/+3
|
* zap last remains of malloc.conf; prompted by and ok jmc@otto2018-11-081-6/+6
|
* Add initial TLS 1.3 key schedule support with basic regress testsbeck2018-11-073-2/+436
| | | | ok jsing@ tb@
* Use memmove() instead of memcpy() to get rid of the need fortb2018-11-071-3/+3
| | | | | | | | | non-overlapping *in and *out buffers as we're already implementing the "in place (un)wrapping" algorithms as given in RFC 3394. This removes a gratuitous API difference to OpenSSLin these undocumented functions. Found while working on wycheproof regress tests. ok beck jsing
* Add TLSv1.3 cipher suites (with appropriate guards).jsing2018-11-076-9/+100
| | | | ok beck@ tb@
* Add TLS extension type values for TLSv1.3 (under guards).jsing2018-11-061-2/+16
| | | | ok tb@
* Define TLS_CA_CERT_FILE rather than having every application create theirjsing2018-11-063-6/+6
| | | | | | own define for /etc/ssl/cert.pem. ok beck@ bluhm@ tb@
* rm FILES section; prompted by Janne Johanssonotto2018-11-061-7/+2
|
* Use the new vm.malloc_conf sysctl; ok millert@ deraadt@otto2018-11-061-6/+11
|
* unrevert the use of bn_rand_interval().tb2018-11-066-35/+26
| | | | ok beck jsing
* Unset Z_is_zero after applying coordinate blinding andtb2018-11-061-3/+4
| | | | | | re-enable coordinate blinding. ok jsing
* Flip reversed test in bn_rand_interval().tb2018-11-061-2/+2
| | | | ok jsing
* disable EC_POINT coordinate blinding due to failures in ECDHE and TLStb2018-11-061-1/+3
|
* revert use of bn_rand_interval due to failures with ECDHE and TLStb2018-11-065-24/+33
|
* Include TLSv1.3 in version handling code.jsing2018-11-061-3/+9
| | | | | | | This is effectively a no-op, since most of the code clamps to the maximum version supported by the TLS method (which are still at TLSv1.2). ok beck@ bluhm@ tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-28 01:52:53 +0000