summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Error out if the out secret wasn't properly initializedtb2022-10-141-2/+6
| | | | | | | | Calling HKDF_expand() with a length of 0 happens to succeed due to a quirk in the API inherited from BoringSSL. This hides caller-side errors during development. Error out to catch such mistakes early on. ok jsing
* put the malloc_readonly struct into the "openbsd.mutable" section, soderaadt2022-10-141-2/+3
| | | | | that the kernel and ld.so will know not to mark it immutable. malloc handles the read/write transitions by itself.
* Fix path of mentioned regress testtb2022-10-111-2/+2
|
* Handle corner case in which the test case can actually be a squaretb2022-10-111-4/+3
|
* unwrap two lines for readabilitytb2022-10-051-5/+3
|
* fix an obvious thinko without serious consequences in the display of eespie2022-10-041-2/+2
| | | | | | for rsa and friends. okay tb@
* Dynamically link libssl for QUIC regress.jsing2022-10-021-2/+2
| | | | Now that the QUIC API is public, we can stop linking this statically.
* Remove unused headers.jsing2022-10-021-5/+1
|
* Revise for SSL_CTX_INTERNAL and SSL_INTERNAL removal.jsing2022-10-025-68/+66
|
* Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.jsing2022-10-0226-1237/+1220
| | | | | | | | These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL. Prompted by tb@
* Move handshake message handling functions from ssl_both.c to client/server.jsing2022-10-014-225/+342
| | | | | | | | | | | | | | | Currently, ssl_both.c contains several functions that are used by both the legacy client and legacy server. This interwines the client and server, making it harder to make progressive changes. While it does deduplicate some code, it also ends up with code that is conditioned on s->server and forces the caller to pass in SSL3_ST_* values. Move these functions from ssl_both.c into ssl_clnt.c and ssl_srvr.c, renaming as appropriate and removing the s->server conditionals. Also move the client and server function prototypes from ssl_locl.h into the .c files, making them static in the process. ok tb@
* use Fn rather than Nm for swab(); from josiah frentsosjmc2022-09-281-6/+6
|
* Tweak symbols test in such a way that it would have caught the recenttb2022-09-212-3/+9
| | | | | Symbols.list mistake: undefine aliases (except _cfb block ciphers which are aliases for historical reasons). Use -Wl,--no-allow-shlib-undefined.
* Remove PKCS12_MAKE_{,SH}KEYBAG from Symbols.listtb2022-09-191-2/+0
| | | | | | | | | | | | | | These functions were renamed in the last bump #define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf #define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt They don't appear in the compiled library itself, so no further bump required. Fixes libressl-portable/portable#791 Found the hard way by vollkommenheit ok deraadt jsing
* Allow TLSv1.3 clients to send CCS without middlebox compatibility mode.jsing2022-09-171-4/+2
| | | | | | | | | | | | | | | | | While RFC 8446 is clear about what legacy session identifiers can be sent by a TLSv1.3 client and how middlebox compatibility mode is requested, it is delightfully vague about the circumstances under which a client is permitted to send CCS messages. While it does not make sense for a client to send CCS messages when they are not requesting middlebox compatibility mode, it is not strictly forbidden by the RFC and at least one (unknown) TLSv1.3 stack has been observed to do this in the wild. Revert part of the previous change and allow clients to send CCS messages, even if they are not requesting middlebox compatibility mode. Found the hard way by florian@ ok tb@
* Link to SSL_read_early_data(3)kn2022-09-171-3/+3
| | | | OK tb
* Add OID for RPKI signedTAL objectsjob2022-09-152-0/+2
| | | | | | | | | IANA made a permanent registration in the SMI Security for S/MIME CMS Content Type registry at https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 for signed objects conforming to draft-ietf-sidrops-signed-tal. OK tb@
* Use LONG_MAX as the limit for ciphers with long based APIs.jsing2022-09-156-169/+120
| | | | | | | | | | | These ciphers have long based APIs, while EVP has a size_t based API. The intent of these loops is to handle sizes that are bigger than LONG_MAX. Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX rounded down to a large block size, ensuring that it is a block size multiple. Revert the recently added overflow checks now that this is handled more appropriately. ok tb@
* remove an extraneous empty linetb2022-09-141-2/+1
|
* Stop pretending that EVP_CIPHER cleanup can fail.jsing2022-09-134-14/+15
| | | | | | | Now that EVP_CIPHER is opaque, stop pretending that EVP_CIPHER cleanup can fail. ok tb@
* zap extra .Pptb2022-09-121-2/+1
|
* Stop documenting i2c_ASN1_INTEGER.tb2022-09-122-48/+4
| | | | | This is no longer public API. Also remove some comments about i2c and c2i functions being intentionally undocumented since they are no longer public.
* Add CBC, CFB64 and OFB64 test coverage for RC2tb2022-09-121-34/+463
| | | | From Joshua Sing
* whitespace nitstb2022-09-121-4/+5
|
* Move division by two out of sizeof()tb2022-09-121-3/+3
|
* Error checks for EVP_*tb2022-09-121-25/+36
| | | | CID 356777
* Move division by two out of sizeof()tb2022-09-121-3/+3
| | | | CID 356778
* Add regression tests for the sendmmsg and recvmmsg system calls.mbuhl2022-09-114-2/+410
|
* Enforce the minimum TLS version requirement for QUIC.jsing2022-09-111-1/+9
| | | | ok tb@
* Adjust for opaque structs in ts.htb2022-09-111-14/+24
| | | | ok jsing
* Adjust for opaque structs in pkcs12.htb2022-09-111-25/+38
| | | | ok jsing
* bump major after libcrypto and libssl major bumptb2022-09-111-2/+2
|
* Crank major after symbol addition and libcrypto major bumptb2022-09-111-2/+2
|
* Update Symbols.listtb2022-09-111-0/+11
| | | | ok jsing
* Expose SSL_get_share_{group,curve}() and related #definestb2022-09-111-7/+3
| | | | ok jsing
* Expose some error codes needed for QUIC supporttb2022-09-111-3/+1
| | | | ok jsing
* Define LIBRESSL_HAS_QUICtb2022-09-111-0/+1
| | | | ok jsing
* Bump major after symbol addition and removal and struct visibility changestb2022-09-111-2/+2
|
* Update Symbols.listtb2022-09-111-9/+31
| | | | ok jsing
* Make structs in ts.h opaquetb2022-09-112-215/+223
| | | | ok jsing
* Make structs in pkcs12.h opaquetb2022-09-114-162/+45
| | | | ok jsing
* Expose EVP_chacha20_poly1305()tb2022-09-111-3/+1
| | | | ok jsing
* Expose various EVP AEAD constants for EVP ChaCha and QUICtb2022-09-111-3/+1
| | | | ok jsing
* Expose OPENSL_cleanup()tb2022-09-111-3/+1
| | | | ok jsing
* Make BIO_info_cb() identical to bio_info_cb()tb2022-09-111-2/+3
| | | | | | | | | | | | | Various projects use bio_info_cb and BIO_info_cb interchangeably, for example mupdf and freerdp. This is because this was changed in OpenSSL commit fce78bd4 (2017), triggered by new warnings in gcc 8. https://github.com/openssl/openssl/pull/4493 This results in some scary compiler warnings and useless patches in ports. Nobody seems to be using the old bio_info_cb() version. ok jsing
* Remove c2i_* and i2c_* from public visibilitytb2022-09-112-10/+11
| | | | | | | | This removes c2i_ASN1_OBJECT(), {c2i,i2c}_ASN1_BIT_STRING() and {c2i,i2c}_ASN1_INTEGER(). These are not part of the OpenSSL 1.1 API and should never have been exposed in the first place. ok jsing
* link asn1object test statically in preparation for upcoming bumptb2022-09-111-1/+2
|
* Be stricter with middlebox compatibility mode in the TLSv1.3 server.jsing2022-09-111-5/+21
| | | | | | | | | | Only allow a TLSv1.3 client to request middlebox compatibility mode if this is permitted. Ensure that the legacy session identifier is either zero length or 32 bytes in length. Additionally, only allow CCS messages on the server side if the client actually requested middlebox compatibility mode. ok tb@
* Only permit CCS messages if requesting middlebox compatibility mode.jsing2022-09-111-4/+4
| | | | | | | | Currently the TLSv1.3 client always permits the server to send CCS messages. Be more strict and only permit this if the client is actually requesitng middlebox compatibility mode. ok tb@
* Use CBS when procesing a CCS message in the legacy stack.jsing2022-09-111-4/+7
| | | | ok tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-31 19:44:42 +0000