|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| ... |  | 
| | 
| 
| 
| 
| 
| 
| | This makes the code both shorter and safer since freeing, allocation,
and copying are handled by CBS_stow() internally.
ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | This wonderful API requires users to pass the protocol list in wire
format. This list is then sent as part of the ClientHello. Validate
it to be of the correct form. This reuses tlsext_alpn_check_format()
that was split out of tlsext_alpn_server_parse().
Similar checks were introduced in OpenSSL 86a90dc7
ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | This simplifies the freeing, assigning and copying of the passed
protocols by replacing all that code with a pair of CBS_init() and
CBS_stow(). In addition, this aligns the behavior with OpenSSL,
which no longer errors on NULL proto or 0 proto_len since 86a90dc7.
ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| | Change alpn_client_proto_list and alpn_selected from unsigned char *
to uint8_t and change alpn_client_proto_list_len to be a size_t instead
of an unsigned int.
ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| | The ALPN extension must contain a non-empty list of protocol names.
Split a check of this out of tlsext_alpn_server_parse() so that it
can be reused elsewhere in the library.
ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | There is no way that tls_buffer_set_data() can currently work in
conjunction with tls_buffer_expand(). This fact is currently hidden by the
way that PHH works, which reads the same data from the record layer (which
it needs to do anyway, since we may not have all of the handshake message
in a single record).
Since this is broken, mop it up and change the PHH callback to not provide
the record data.
ok beck@ tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| | The existing code updates the correct secret, however then sets it for the
wrong direction. Fix this, while untangling the code and consistenly using
'read' and 'write' rather than 'local' and 'peer'.
ok beck@ tb@ | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | Ciphers using an MD5 HMAC are not allowed on security levels >= 1 and
using a SHA-1 HMAC is disallowed on security levels >= 4. This disables
RC4-MD5 by default.
ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Since there is nothing randomized in bn_is_prime_bpsw(), the concept
of rounds makes no sense. Apply a minimal change for now that avoids
expensive loops that won't change the outcome in case we found a
probable prime.
ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Instead of only using the default client method, allow selecting a
specific protocol version and display the supported ciphers accordingly.
This removes the noop status of -tls1 and adds -tls1_{1,2,3} as in
other commands.
ok jsing | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| | send an unsupported extension alert.
Noted by anton | 
| | 
| 
| 
| | OK tb | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Based on OpenSSL commit f0ef20bf386b5c37ba5a4ce5c1de9a819bbeffb2
"Added support for ESSCertIDv2".
This makes TS validation work in the new security/libdigidocpp port.
Input OK tb | 
| | 
| 
| 
| 
| 
| | This is required by RFC 9001.
ok tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| | struct tls13_ctx already knows about SSL's and this way tls13_ctx_new() can
set up various pointers, rather than duplicating this in
tls13_legacy_accept() and tls13_legacy_connect().
ok tb@ | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Remove duplicate U16 length prefix, since tlsext_build() already adds this
for us. Condition on SSL_is_quic() rather than TLS version - RFC 9001 is
clear that this extension is only permitted on QUIC transport and an
fatal unsupported extension alert is required if used elsewhere.
Additionally, at the point where extensions are parsed, we do not
necessarily know what TLS version has been negotiated.
ok beck@ tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| | This function will allow code to know if the SSL connection is configured
for use with QUIC or not. Also move existing SSL_.*quic.* functions under
LIBRESSL_HAS_QUIC to prevent exposing them prematurely.
ok beck@ tb@ | 
| | 
| 
| 
| 
| 
| 
| | Per RFC 9001, TLSEXT_TYPE_quic_transport_parameters may only appear in
ClientHello and EncryptedExtensions (not ServerHello).
ok beck@ tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| | Use the correct value for TLSEXT_TYPE_quic_transport_parameters according
to RFC 9001 section 8.2. Also move the define under LIBRESSL_HAS_QUIC to
avoid things finding it prematurely.
ok beck@ tb@ | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | Copy existing ESSCertID macros and s/_ID/&_V2/g.
Guard the new code under LIBRESSL_INTERNAL to defer visibility.
OK tb | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and
minor library bump (thanks tb).
ts/ts.h bits from
	RFC 5035 Enhanced Security Services (ESS) Update:
	    Adding CertID Algorithm Agility
ts/ts_asn1.c bits expanded from
	ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
	        ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
	        ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
	        ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
	} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
	IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
	IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
	ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
	        ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
	        ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
	} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
	IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
	IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
Feedback OK tb | 
| | 
| 
| 
| 
| 
| | https://oidref.com/1.2.840.113549.1.9.16.2.47
OK tb | 
| | 
| 
| 
| 
| 
| 
| | Cherry-picked from OpenSSL commit a8d8e06b0ac06c421fd11cc1772126dcb98f79ae.
This reduces upcoming TS changes.
OK jsing tb | 
| | 
| 
| 
| 
| 
| | It's defined again (more appropiately) further down above the error codes.
OK jsing tb | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| | the code in bn_isqrt.c. | 
| | |  | 
| | 
| 
| 
| 
| 
| | output. The option wasn't documented in the manpage.
pointed out by jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Apparently, TLSv1_client_method() is used for historical reasons.
This behavior is no longer helpful if we want to know what ciphers
a TLS connection could use. This could change again after further
investigation of what the behavior should be...
ok beck jsing | 
| | 
| 
| 
| | breakage also noted by anton. | 
| | 
| 
| 
| | ok beck jsing | 
| | 
| 
| 
| 
| 
| 
| | With this option, the command only shows the ciphers supported by the
SSL method.
ok beck jsing | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | Document it from scratch.
While here, merge a few details from the OpenSSL 1.1.1 branch, which
is still under a free license, into the documentation of DSA_size(3). | 
| | 
| 
| 
| 
| 
| | and X509_VERIFY_PARAM_set_auth_level(3).  Document them.
For the latter, i included a few sentences from the OpenSSL 1.1.1
branch, which is still under a free license. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | Or should we call it a centipede?
Feedback and OK on a previous version from jsing@
and from our chief myriapodologist, tb@. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Avoid undefined behaviour/integer overflow by casting an int64_t to
uint64_t before negating.
Fixes oss-fuzz #49043
ok tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | EVP_PKEY_param_check(3), and EVP_PKEY_security_bits(3) from scratch.
Move the documentation of EVP_PKEY_size(3) and EVP_PKEY_bits(3)
to the new manual page EVP_PKEY_size(3).
Merge the documentation of the related function pointers
from the OpenSSL 1.1.1 branch, which is still under a free license.
OK tb@ on the new page EVP_PKEY_size(3). |