summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Enable test-cve-2016-6309.pytb2021-04-081-3/+2
|
* Avoid clobbering the error code when sending an alerttb2021-04-071-2/+3
| | | | | | | | | | | | In order to fail gracefully on encountering a self-signed cert, curl looks at the top-most error on the stack and needs specific SSL_R_ error codes. This mechanism was broken when the tls13_alert_sent_cb() was added after people complained about unhelpful unknown errors. Fix this by only setting the error code from a fatal alert if no error has been set previously. Issue reported by Christopher Reid ok jsing
* Use ERR_print_error_fp() to avoid leaking a BIO in fatal()tb2021-04-071-2/+2
|
* Check function return value in openssl(1) x509.cinoguchi2021-04-071-24/+71
| | | | input from bcook@, ok and comments from tb@
* Avoid leak in error pathinoguchi2021-04-071-3/+7
| | | | ok and input from tb@
* use errx() instead of err()tb2021-04-061-8/+8
|
* spaces -> tabstb2021-04-061-5/+5
|
* minor style tweakstb2021-04-061-5/+6
|
* Don't leak param->name in x509_verify_param_zero()tb2021-04-051-1/+2
| | | | | | | | | For dynamically allocated verify parameters, param->name is only ever set in X509_VERIFY_set1_name() where the old one is freed and the new one is assigned via strdup(). Setting it to NULL without freeing it beforehand is a leak. looks correct to millert, ok inoguchi
* Add missing error check for AES_unwrap_key().tb2021-04-041-1/+3
|
* Fix two copy paste errors in error messagestb2021-04-041-3/+3
|
* Add tests for DTLSv1_2{,_client,_server}_method()tb2021-04-041-1/+20
|
* Use correct type for tmp in test_write_bytes()tb2021-04-041-2/+2
|
* Explicitly NULL pointers to avoid a double free.tb2021-04-041-1/+3
|
* Don't leak key and dh in the error path.tb2021-04-041-4/+7
|
* Clean up client and server tls{,_config} contexts in tls_test().tb2021-04-041-2/+11
| | | | Leaks reported by Ilya Shipitsin.
* Run the CMAC tests through EVP_PKEY_new_CMAC_key().tb2021-04-031-10/+22
|
* Two cases of BRE involving counts and backrefs that go wrong andotto2021-04-021-1/+16
| | | | | similar that have no isssues. Reported by Michael Paoli. Failing cases commented out for now.
* Show DTLS1.2 message with openssl(1) s_server and s_clientinoguchi2021-04-021-2/+6
| | | | ok jsing@ tb@
* Compare the pointer variable explicitly with NULL in if conditioninoguchi2021-04-011-18/+17
|
* one of the examples needs an -N (and explanation);jmc2021-03-311-4/+7
| | | | | | diff from robert scheck discussed with and tweaked by sthen
* Update for DTLSv1.2 support.tb2021-03-311-2/+4
|
* Remove workarounds for SSL_is_dtls()tb2021-03-312-11/+2
| | | | Reminded by inoguchi jsing
* Remove workaround for missing d2i_DSAPrivateKey_fp prototypetb2021-03-311-5/+1
|
* Bump minors after symbol additiontb2021-03-313-3/+3
|
* Expose various DTLSv1.2 specific functions and definestb2021-03-315-27/+8
| | | | ok bcook inoguchi jsing
* Document SSL_set_hostflags(3) and SSL_get0_peername(3)tb2021-03-311-18/+4
| | | | ok bcook inoguchi jsing
* Expose SSL_set_hostflags(3) and SSL_get0_peername(3)tb2021-03-312-3/+3
| | | | ok bcook inoguchi jsing
* Document SSL_use_certificate_chain_file(3)tb2021-03-311-11/+3
| | | | ok bcook inoguchi jsing
* Expose SSL_use_certificate_chain_file(3)tb2021-03-312-3/+2
| | | | ok bcook inoguchi jsing
* Provide missing prototype for d2i_DSAPrivateKey_fp(3)tb2021-03-311-1/+2
| | | | ok bcook inoguchi jsing
* Document EVP_PKEY_new_CMAC_key(3)tb2021-03-311-16/+4
| | | | ok bcook inoguchi jsing
* Provide EVP_PKEY_new_CMAC_key(3)tb2021-03-312-5/+2
| | | | ok bcook inoguchi jsing
* whitespace nitstb2021-03-291-4/+4
|
* Prepare documenting EVP_PKEY_new_CMAC_key(3)tb2021-03-291-2/+54
| | | | Based on some text in OpenSSL 1.1.1's EVP_PKEY_new.pod.
* Remove pointless assignment in SSL_get0_alpn_selected().jsing2021-03-291-4/+1
| | | | ok tb@
* Avoid transcript initialisation when sending a TLS HelloRequest.jsing2021-03-291-4/+6
| | | | | | | | | | When server side renegotiation is triggered, the TLSv1.2 state machine sends a HelloRequest before going to ST_SW_FLUSH and ST_OK. In this case we do not need the transcript and currently hit the sanity check in ST_OK that ensures the transcript has been freed, breaking server initiated renegotiation. We do however need the transcript in the DTLS case. ok tb@
* Move finished and peer finished to the handshake struct.jsing2021-03-297-44/+44
| | | | | | | | | This moves the finish_md and peer_finish_md from the 'tmp' struct to the handshake struct, renaming to finished and peer_finished in the process. This also allows the remaining S3I(s) references to be removed from the TLSv1.3 client and server. ok inoguchi@ tb@
* Add regress coverage for TLSv1.2 record number increment.jsing2021-03-291-8/+151
|
* Move the TLSv1.2 record number increment into the new record layer.jsing2021-03-293-19/+44
| | | | | | | This adds checks (based on the TLSv1.3 implementation) to ensure that the TLS/DTLS sequence numbers do not wrap, as required by the respective RFCs. ok inoguchi@ tb@
* Prepare to provide EVP_PKEY_new_CMAC_key()tb2021-03-294-20/+84
| | | | | | | sebastia ran into this when attempting to update security/hcxtools. This will be tested via wycheproof.go once the symbol is public. ok jsing, tested by sebastia
* The failure mode of test-tls13-version-negotiation.py has changed.tb2021-03-281-4/+2
| | | | Update comment.
* Fix duplicate SSL_is_dtls in libssl and apps.cinoguchi2021-03-281-1/+3
| | | | | | | | | | Currently, SSL_is_dtls exists in both libssl and apps.c, and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet. This causes portable build broke with openssl(1) and optionstest. To solve this temporarily, rename SSL_is_dtls by apps.h. This temporary renaming will be removed when the SSL_is_dtls() is exposed. ok jsing@
* Enable test-sig-algs-renegotiation-resumption.py.tb2021-03-271-5/+6
| | | | | | | This test covers various scenarios with renegotiation and session resumption. In particular it crashes the OpenSSL 1.1.1j server due to the sigalg NULL deref fixed this week. We need --sig-algs-drop-ok since we do not currently implement signature_algorithms_cert.
* Garbage collect s->internal->typetb2021-03-276-18/+9
| | | | | | | | | | | | | | | | | | | This variable is used in the legacy stack to decide whether we are a server or a client. That's what s->server is for... The new TLSv1.3 stack failed to set s->internal->type, which resulted in hilarious mishandling of previous_{client,server}_finished. Indeed, both client and server would first store the client's verify_data in previous_server_finished and later overwrite it with the server's verify_data. Consequently, renegotiation has been completely broken for more than a year. In fact, server side renegotiation was broken during the 6.5 release cycle. Clearly, no-one uses this. This commit fixes client side renegotiation and restores the previous behavior of SSL_get_client_CA_list(). Server side renegotiation will be fixed in a later commit. ok jsing
* Handle dynamic definition of SIGSTKSZ as of glibc 2.34 on Linux.bcook2021-03-271-7/+24
| | | | ok bluhm@, inoguchi@, tb@, deraadt@
* Add test-sig-algs-renegotiation-resumption.pytb2021-03-261-1/+5
| | | | This test currently fails but may soon be fixed.
* Sort header files and wrap long lines in x509.cinoguchi2021-03-261-67/+110
|
* Avoid mangled output in BIO_debug_callbacktb2021-03-251-4/+12
| | | | | | | Instead of blindly skipping 14 characters, we can use the return value of snprintf() to determine how much we should skip. From Martin Vahlensieck with minor tweaks by me
* The server only sends a cookie during a HRR, not a SHtb2021-03-241-4/+4
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-27 21:53:54 +0000