summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix two copy paste errors in error messagestb2021-04-041-3/+3
|
* Add tests for DTLSv1_2{,_client,_server}_method()tb2021-04-041-1/+20
|
* Use correct type for tmp in test_write_bytes()tb2021-04-041-2/+2
|
* Explicitly NULL pointers to avoid a double free.tb2021-04-041-1/+3
|
* Don't leak key and dh in the error path.tb2021-04-041-4/+7
|
* Clean up client and server tls{,_config} contexts in tls_test().tb2021-04-041-2/+11
| | | | Leaks reported by Ilya Shipitsin.
* Run the CMAC tests through EVP_PKEY_new_CMAC_key().tb2021-04-031-10/+22
|
* Two cases of BRE involving counts and backrefs that go wrong andotto2021-04-021-1/+16
| | | | | similar that have no isssues. Reported by Michael Paoli. Failing cases commented out for now.
* Show DTLS1.2 message with openssl(1) s_server and s_clientinoguchi2021-04-021-2/+6
| | | | ok jsing@ tb@
* Compare the pointer variable explicitly with NULL in if conditioninoguchi2021-04-011-18/+17
|
* one of the examples needs an -N (and explanation);jmc2021-03-311-4/+7
| | | | | | diff from robert scheck discussed with and tweaked by sthen
* Update for DTLSv1.2 support.tb2021-03-311-2/+4
|
* Remove workarounds for SSL_is_dtls()tb2021-03-312-11/+2
| | | | Reminded by inoguchi jsing
* Remove workaround for missing d2i_DSAPrivateKey_fp prototypetb2021-03-311-5/+1
|
* Bump minors after symbol additiontb2021-03-313-3/+3
|
* Expose various DTLSv1.2 specific functions and definestb2021-03-315-27/+8
| | | | ok bcook inoguchi jsing
* Document SSL_set_hostflags(3) and SSL_get0_peername(3)tb2021-03-311-18/+4
| | | | ok bcook inoguchi jsing
* Expose SSL_set_hostflags(3) and SSL_get0_peername(3)tb2021-03-312-3/+3
| | | | ok bcook inoguchi jsing
* Document SSL_use_certificate_chain_file(3)tb2021-03-311-11/+3
| | | | ok bcook inoguchi jsing
* Expose SSL_use_certificate_chain_file(3)tb2021-03-312-3/+2
| | | | ok bcook inoguchi jsing
* Provide missing prototype for d2i_DSAPrivateKey_fp(3)tb2021-03-311-1/+2
| | | | ok bcook inoguchi jsing
* Document EVP_PKEY_new_CMAC_key(3)tb2021-03-311-16/+4
| | | | ok bcook inoguchi jsing
* Provide EVP_PKEY_new_CMAC_key(3)tb2021-03-312-5/+2
| | | | ok bcook inoguchi jsing
* whitespace nitstb2021-03-291-4/+4
|
* Prepare documenting EVP_PKEY_new_CMAC_key(3)tb2021-03-291-2/+54
| | | | Based on some text in OpenSSL 1.1.1's EVP_PKEY_new.pod.
* Remove pointless assignment in SSL_get0_alpn_selected().jsing2021-03-291-4/+1
| | | | ok tb@
* Avoid transcript initialisation when sending a TLS HelloRequest.jsing2021-03-291-4/+6
| | | | | | | | | | When server side renegotiation is triggered, the TLSv1.2 state machine sends a HelloRequest before going to ST_SW_FLUSH and ST_OK. In this case we do not need the transcript and currently hit the sanity check in ST_OK that ensures the transcript has been freed, breaking server initiated renegotiation. We do however need the transcript in the DTLS case. ok tb@
* Move finished and peer finished to the handshake struct.jsing2021-03-297-44/+44
| | | | | | | | | This moves the finish_md and peer_finish_md from the 'tmp' struct to the handshake struct, renaming to finished and peer_finished in the process. This also allows the remaining S3I(s) references to be removed from the TLSv1.3 client and server. ok inoguchi@ tb@
* Add regress coverage for TLSv1.2 record number increment.jsing2021-03-291-8/+151
|
* Move the TLSv1.2 record number increment into the new record layer.jsing2021-03-293-19/+44
| | | | | | | This adds checks (based on the TLSv1.3 implementation) to ensure that the TLS/DTLS sequence numbers do not wrap, as required by the respective RFCs. ok inoguchi@ tb@
* Prepare to provide EVP_PKEY_new_CMAC_key()tb2021-03-294-20/+84
| | | | | | | sebastia ran into this when attempting to update security/hcxtools. This will be tested via wycheproof.go once the symbol is public. ok jsing, tested by sebastia
* The failure mode of test-tls13-version-negotiation.py has changed.tb2021-03-281-4/+2
| | | | Update comment.
* Fix duplicate SSL_is_dtls in libssl and apps.cinoguchi2021-03-281-1/+3
| | | | | | | | | | Currently, SSL_is_dtls exists in both libssl and apps.c, and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet. This causes portable build broke with openssl(1) and optionstest. To solve this temporarily, rename SSL_is_dtls by apps.h. This temporary renaming will be removed when the SSL_is_dtls() is exposed. ok jsing@
* Enable test-sig-algs-renegotiation-resumption.py.tb2021-03-271-5/+6
| | | | | | | This test covers various scenarios with renegotiation and session resumption. In particular it crashes the OpenSSL 1.1.1j server due to the sigalg NULL deref fixed this week. We need --sig-algs-drop-ok since we do not currently implement signature_algorithms_cert.
* Garbage collect s->internal->typetb2021-03-276-18/+9
| | | | | | | | | | | | | | | | | | | This variable is used in the legacy stack to decide whether we are a server or a client. That's what s->server is for... The new TLSv1.3 stack failed to set s->internal->type, which resulted in hilarious mishandling of previous_{client,server}_finished. Indeed, both client and server would first store the client's verify_data in previous_server_finished and later overwrite it with the server's verify_data. Consequently, renegotiation has been completely broken for more than a year. In fact, server side renegotiation was broken during the 6.5 release cycle. Clearly, no-one uses this. This commit fixes client side renegotiation and restores the previous behavior of SSL_get_client_CA_list(). Server side renegotiation will be fixed in a later commit. ok jsing
* Handle dynamic definition of SIGSTKSZ as of glibc 2.34 on Linux.bcook2021-03-271-7/+24
| | | | ok bluhm@, inoguchi@, tb@, deraadt@
* Add test-sig-algs-renegotiation-resumption.pytb2021-03-261-1/+5
| | | | This test currently fails but may soon be fixed.
* Sort header files and wrap long lines in x509.cinoguchi2021-03-261-67/+110
|
* Avoid mangled output in BIO_debug_callbacktb2021-03-251-4/+12
| | | | | | | Instead of blindly skipping 14 characters, we can use the return value of snprintf() to determine how much we should skip. From Martin Vahlensieck with minor tweaks by me
* The server only sends a cookie during a HRR, not a SHtb2021-03-241-4/+4
|
* Update regress for new_cipher rename.jsing2021-03-242-6/+6
|
* Rename new_cipher to cipher.jsing2021-03-2411-64/+64
| | | | | | | | This is in the SSL_HANDSHAKE struct and is what we're currently negotiating, so there is really nothing more "new" about the cipher than there is the key block or other parts of the handshake data. ok inoguchi@ tb@
* Add SSL_HANDSHAKE_TLS12 for TLSv1.2 specific handshake data.jsing2021-03-245-40/+48
| | | | | | Move TLSv1.2 specific components over from SSL_HANDSHAKE. ok inoguchi@ tb@
* Convert openssl(1) x509 option handlinginoguchi2021-03-241-414/+747
| | | | | | | | | | | | | Apply new option handling to openssl(1) x509. To handle incremental order value, using newly added OPTION_ORDER. I left the descriptions for -CAform, -inform, and -outform as it was, for now. These description would be fixed. And digest option handler could be consolidated to one between some subcommands in the future. ok and comments from tb@, and "I'd move forward with your current plan." from jsing@
* Add option type OPTION_ORDERinoguchi2021-03-242-2/+9
| | | | | | | | | | To handle incremental order value, added new option type OPTION_ORDER. openssl(1) x509 requires this option handling, since, - -CA and -signkey require to set both filename and incremental 'num'. - -dates requires to set two variables in a row, startdate and enddate. and this couldn't be solved by OPTION_FLAG_ORD. ok tb@ and "I'd move forward with your current plan." from jsing@
* OCSP_basic_verify() doesn't set errno, so use tls_set_errorx()tb2021-03-231-2/+2
| | | | ok inoguchi
* Don't leak ca in test_cms_sign_verify().tb2021-03-221-1/+2
| | | | Reported by Ilya Shipitsin
* Plug a few memory leaks reported by Ilya Shipitsintb2021-03-221-9/+7
|
* Fully initialize rrec in tls12_record_layer_open_record_protectedtb2021-03-211-1/+2
| | | | | | | | | | The CBC code path initializes rrec.padding_length in an indirect fashion and later makes use of it for copying the MAC. This is confusing some static analyzers as well as people investigating the whining. Avoid this confusion and add a bit of robustness by clearing the stack variable up front. ok jsing
* Revise regress to match handshake struct changes.jsing2021-03-211-18/+18
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 00:23:28 +0000