|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| ... |  | 
| | 
| 
| 
| | ok tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| | The "no_certificate" alert only existed in SSLv3, while the
"decryption_failed" and "export_restriction" alerts were removed in
TLSv1.1.
ok tb@ | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | RFC 5077. Note that session resumption via session tickets is
only for TLSv1.2 and earlier.
prompted by a question by/ok jmc | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Due to hysterical raisins there are three different types of defines for
alerts. SSL3_AD_* are from SSLv3, TLS1_AD_* are from TLSv1.0 onwards and
SSL_AD_* currently map to either an SSL3_AD_* or TLS1_AD_* define.
Currently, all three of these are used in various places - switch to using
just SSL_AD_* values internally, as a first step in cleaning this up.
ok tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | SRTP_AEAD_AES_128_GCM/SRTP_AEAD_AES_256_GCM can be used as DTLS-SRTP
protection profiles - seen with an update of telephony/baresip i'm
working on.
adapted from openssl commit 43e5faa2539ae8aae6ef55be2239b9b1a77fea45
ok tb@ jsing@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | (certificates with the "server auth" trust purpose permitted).
ok tb@
-AC Camerfirma S.A.
-  /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008
-  /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008
-
 FNMT-RCM
   /C=ES/O=FNMT-RCM/OU=AC RAIZ FNMT-RCM
+  /C=ES/O=FNMT-RCM/OU=Ceres/2.5.4.97=VATES-Q2826004J/CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS
-GeoTrust Inc.
-  /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
-  /C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G2
-
 GlobalSign nv-sa
+  /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root E46
+  /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root R46
   /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
 Staat der Nederlanden
   /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden EV Root CA
-  /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G3
 Unizeto Technologies S.A.
   /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA
+  /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2
-
-VeriSign, Inc.
-  /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority
(Note, "Staat der Nederlanden Root CA - G3" was changed to email trust only,
so is removed from this due to it only listing "server auth" purposes). | 
| | 
| 
| 
| 
| 
| | Use SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER instead.
ok tb@ | 
| | 
| 
| 
| 
| 
| | This ensures that diff reports the correct function prototype.
Prompted by tb@ | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | The default alert in the tlsext parsing code is a decode_error, so
there's no need for an error path that only sets that alert.
suggested by/ok jsing | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | On receiving the first flight from the peer, we do not yet know if
we are using TLSv1.3. In particular, we might get an alert record
with record version 0x0300 from a pre-TLSv1.2 peer in response to
our client hello. Ignore the record version instead of sending a
protocol version alert in that situtation. This may also be hit
when talking to a LibreSSL 3.3 server with an illegal SNI.
Part of an issue reported by danj.
ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | As soon as we know that we're dealing with a TLSv1.3 client, set
the legacy version in the record layer to 0x0303 so that we send
alerts with the correct record version.  Previously we would send
early alerts with a record version of 0x0300.
ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | According to RFC 8422, we must send an illegal_parameter alert on
receiving an ECPF extension that doesn't include the uncompressed
format, not a decode_error.
Reported via GitHub issue #675.
ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| | In libssl.pc, Libs: should not have '-lcrypto', and Requires.private:
should have it as 'libcrypto'.
openssl.pc does not need Libs: and Cflags:, but should have Requires:.
OK millert@ | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | While an FQDN includes a trailing dot for the zero-length label of
the root, SNI explicitly does not contain it. Contrary to other TLS
implementations, our tlsext_sni_is_valid_hostname() rejects a trailing
dot. The result is that LibreSSL TLS servers encountering an SNI with
trailing dot abort the connection with an illegal_parameter alert.
This fixes an issue reported by danj in nc(1) and by sthen in ftp(1).
DNS cluebat from florian.
ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| 
| 
| 
| | did not terminate anymore on some machines.  The test counts 100
send errors before it finishes.  NetBSD has added sched_yield() in
the receiver loop to trigger the errors on the sender side.  Although
not perfect, it works for me.  Get current t_sendrecv.c from NetBSD. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | EVP_DigestSign{,Init,Update,Final}() and EVP_DigestVerify{Init,Update}()
always returned 1 for success and 0 for failure. EVP_DigestVerify()
and EVP_DigestVerifyFinal() can return -1 or -2, though.
Based on OpenSSL 1.1.1 56c59ddd99da05c2f30832cccaffb873a8481555
ok inoguchi | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | To generate current obj_xref.h, third item of lines
id_tc26_signwithdigest_gost3410_2012_256/512 should be id_GostR3410_2001.
obj_xref.txt r1.2 and obj_xref.h r1.3 were committed at the same time,
and these third item were coded different value each other.
This adjusts obj_xref.txt to current obj_xref.h.
ok tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| | The information contained in SSL_AEAD_CTX really belongs in the
tls12_record_protection struct. Absorb SSL_AEAD_CTX, using more appropriate
types in the process.
ok tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| | In tls12_record_protection_clear(), rather than zeroing or NULLing
individual fields once a pointer has been freed, zero the entire struct once
the pointers have been dealt with.
ok tb@ | 
| | 
| 
| 
| 
| | While the implementation needs tls13_internal.h, consumers of
tls13_record.h should not. | 
| | |  | 
| | 
| 
| 
| 
| | Consistently include local headers in the same location, using the same
grouping/sorting across all files. | 
| | 
| 
| 
| 
| 
| 
| 
| | Now that the DTLS structs are opaque, add a dtls_locl.h header and move
internal-only structs from dtls1.h, along with prototypes from ssl_locl.h.
Only pull this header in where DTLS code actually exists.
ok inoguchi@ tb@ | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| | Forward declare struct sigalg in ssl_locl.h and avoid including
ssl_sigalgs.h. Explicitly include ssl_sigalgs.h where it is needed. | 
| | 
| 
| 
| 
| | The bytestring APIs are self contained, hence including openssl headers
here is unnecessary. | 
| | 
| 
| 
| 
| 
| | Where a file references to OPENSSL_NO_* conditions, ensure that we
explicitly include <openssl/opensslconf.h> before any references, rather
than relying on another header to pull this in. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | Modify objxref.pl to output $OpenBSD$ header and
__BEGIN_HIDDEN_DECLS / __END_HIDDEN_DECLS .
ok and comment from tb@ | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | Based on the OpenSSL 1.1.1 manual written by Rich Salz with a healthy
dose of improvements by schwarze.
ok schwarze | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | Found missing sigoid_srt record in crypto/objects/obj_xref.h, and
this causes error while executing openssl cms -encrypt with EC key/cert.
Added required definitions to obj_xref.txt and obj_xref.h.
Issue reported by Theodore Wynnychenko (tmw <at> uchicago.edu) on misc.
ok tb@ | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| | EC_GROUP_get_curve() and remove no longer needed prototypes. |