![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / lib / libssl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.433, Sat Nov 26 16:08:56 2022 UTC (18 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: HEAD
Changes since 1.432: +1 -1 lines
FILE REMOVED
Make internal header file names consistent Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
Revision 1.432 / (download) - annotate - [select for diffs], Fri Nov 11 17:15:26 2022 UTC (18 months, 4 weeks ago) by jsing
Branch: MAIN
Changes since 1.431: +7 -4 lines
Diff to previous 1.431 (colored)
Convert the legacy TLS stack to tls_content. This converts the legacy TLS stack to tls_content - records are now opened into a tls_content structure, rather than being written back into the same buffer that the sealed record was read into. This will allow for further clean up of the legacy record layer. ok tb@
Revision 1.431 / (download) - annotate - [select for diffs], Thu Nov 10 18:06:37 2022 UTC (19 months ago) by jsing
Branch: MAIN
Changes since 1.430: +4 -7 lines
Diff to previous 1.430 (colored)
Use tls_buffer for alert and handshake fragments in the legacy stack. This avoids a bunch of pointer munging and a handrolled memmove. ok tb@
Revision 1.430 / (download) - annotate - [select for diffs], Mon Nov 7 11:58:45 2022 UTC (19 months ago) by jsing
Branch: MAIN
Changes since 1.429: +1 -4 lines
Diff to previous 1.429 (colored)
Rewrite TLSv1.2 key exporter. Replace the grotty TLSv1.2 key exporter with a cleaner version that uses CBB and CBS. ok tb@
Revision 1.429 / (download) - annotate - [select for diffs], Thu Oct 20 15:22:51 2022 UTC (19 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.428: +2 -1 lines
Diff to previous 1.428 (colored)
Provide ssl_session_dup() SSL_SESSION_dup() is a currently essentially unused public OpenSSL 1.1.1 API. Add a version that does not duplicate the secrets for internal use. If the public API should be needed, we can easily make it a wrapper. ok jsing
Revision 1.428 / (download) - annotate - [select for diffs], Thu Oct 20 15:20:27 2022 UTC (19 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.427: +4 -2 lines
Diff to previous 1.427 (colored)
Extend SSL_SESSION struct for TLSv1.3 PSK Add members necessary to store the "ticket_age_add" value and the resumption master secret needed in the TLSv1.3 version of session resumption. ok jsing
Revision 1.427 / (download) - annotate - [select for diffs], Sun Oct 2 16:36:41 2022 UTC (20 months, 1 week ago) by jsing
Branch: MAIN
Changes since 1.426: +86 -94 lines
Diff to previous 1.426 (colored)
Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL. These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL. Prompted by tb@
Revision 1.426 / (download) - annotate - [select for diffs], Sat Oct 1 16:23:15 2022 UTC (20 months, 1 week ago) by jsing
Branch: MAIN
Changes since 1.425: +1 -36 lines
Diff to previous 1.425 (colored)
Move handshake message handling functions from ssl_both.c to client/server. Currently, ssl_both.c contains several functions that are used by both the legacy client and legacy server. This interwines the client and server, making it harder to make progressive changes. While it does deduplicate some code, it also ends up with code that is conditioned on s->server and forces the caller to pass in SSL3_ST_* values. Move these functions from ssl_both.c into ssl_clnt.c and ssl_srvr.c, renaming as appropriate and removing the s->server conditionals. Also move the client and server function prototypes from ssl_locl.h into the .c files, making them static in the process. ok tb@
Revision 1.425 / (download) - annotate - [select for diffs], Sat Sep 10 15:29:33 2022 UTC (21 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.424: +2 -1 lines
Diff to previous 1.424 (colored)
Provide a version of ssl_msg_callback() that takes a CBS. Use this from the TLSv1.3 code. ok tb@
Revision 1.424 / (download) - annotate - [select for diffs], Sun Aug 21 19:39:44 2022 UTC (21 months, 2 weeks ago) by jsing
Branch: MAIN
Changes since 1.423: +3 -2 lines
Diff to previous 1.423 (colored)
Wire up SSL_QUIC_METHOD callbacks to the record layer callbacks for QUIC. ok tb@
Revision 1.423 / (download) - annotate - [select for diffs], Sun Aug 21 19:32:38 2022 UTC (21 months, 2 weeks ago) by jsing
Branch: MAIN
Changes since 1.422: +3 -2 lines
Diff to previous 1.422 (colored)
Provide SSL_QUIC_METHOD. This provides SSL_QUIC_METHOD (aka ssl_quic_method_st), which allows for QUIC callback hooks to be passed to an SSL_CTX or SSL. This is largely ported/adapted from BoringSSL. It is worth noting that this struct is not opaque and the original interface exposed by BoringSSL differs to the one they now use. The original interface was copied by quictls and it appears that this API will not be updated to match BoringSSL. To make things even more challenging, at least one consumer does not use named initialisers, making code completely dependent on the order in which the function pointers are defined as struct members. In order to try to support both variants, the set_read_secret/set_write_secret functions are included, however they have to go at the end. ok tb@
Revision 1.422 / (download) - annotate - [select for diffs], Thu Aug 18 07:00:59 2022 UTC (21 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.421: +2 -2 lines
Diff to previous 1.421 (colored)
Tweak prototype to match function definition (n -> index)
Revision 1.421 / (download) - annotate - [select for diffs], Wed Aug 17 18:45:25 2022 UTC (21 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.420: +4 -2 lines
Diff to previous 1.420 (colored)
Refactor tls1_get_supported_group() This splits tls1_get_supported_group() into a few helper functions to be able to count shared groups and to return the n-th shared group since someone thought it is a great idea to expose that in a single API and some others thought it is useful to add this info to log noise. This is all made a bit more complicated thanks to the security level having its tentacles everywhere and because a user-provided security callback can influence the list of groups shared by the peers. ok jsing
Revision 1.420 / (download) - annotate - [select for diffs], Wed Aug 17 18:42:13 2022 UTC (21 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.419: +5 -5 lines
Diff to previous 1.419 (colored)
Make tls1_get_{format,group_}list() take a const SSL
ok jsing
Revision 1.419 / (download) - annotate - [select for diffs], Wed Aug 17 18:41:17 2022 UTC (21 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.418: +2 -1 lines
Diff to previous 1.418 (colored)
Provide ssl_security_shared_group() Refactor ssl_security_supported_group() into a wrapper of a new internal ssl_security_group() which takes a secop as an argument. This allows adding ssl_security_shared_group() which will be needed in upcoming commits. ok jsing
Revision 1.418 / (download) - annotate - [select for diffs], Wed Aug 17 07:39:19 2022 UTC (21 months, 3 weeks ago) by jsing
Branch: MAIN
Changes since 1.417: +7 -3 lines
Diff to previous 1.417 (colored)
Deduplicate peer certificate chain processing code. Rather than reimplement this in each TLS client and server, deduplicate it into a single function. Furthermore, rather than dealing with the API hazard that is SSL_get_peer_cert_chain() in this code, simply produce two chains - one that has the leaf and one that does not. SSL_get_peer_cert_chain() can then return the appropriate one. This also moves the peer cert chain from the SSL_SESSION to the SSL_HANDSHAKE, which makes more sense since it is not available on resumption. ok tb@
Revision 1.417 / (download) - annotate - [select for diffs], Sun Jul 24 14:28:16 2022 UTC (22 months, 2 weeks ago) by jsing
Branch: MAIN
Changes since 1.416: +5 -1 lines
Diff to previous 1.416 (colored)
Provide record layer callbacks for QUIC. QUIC uses TLS to complete the handshake, however unlike normal TLS it does not use the TLS record layer, rather it provides its own transport. This means that we need to intercept all communication between the TLS handshake and the record layer. This allows TLS handshake message writes to be directed to QUIC, likewise for TLS handshake message reads. Alerts also need to be sent via QUIC, plus it needs to be provided with the traffic keys that are derived by TLS. ok tb@
Revision 1.416 / (download) - annotate - [select for diffs], Fri Jul 22 19:54:46 2022 UTC (22 months, 2 weeks ago) by jsing
Branch: MAIN
Changes since 1.415: +2 -2 lines
Diff to previous 1.415 (colored)
Convert TLS transcript from BUF_MEM to tls_buffer. ok beck@ tb@
Revision 1.415 / (download) - annotate - [select for diffs], Wed Jul 20 13:43:33 2022 UTC (22 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.414: +6 -6 lines
Diff to previous 1.414 (colored)
Change various ALPN related internal struct members Change alpn_client_proto_list and alpn_selected from unsigned char * to uint8_t and change alpn_client_proto_list_len to be a size_t instead of an unsigned int. ok jsing
Revision 1.414 / (download) - annotate - [select for diffs], Sun Jul 17 14:49:01 2022 UTC (22 months, 3 weeks ago) by jsing
Branch: MAIN
Changes since 1.413: +3 -2 lines
Diff to previous 1.413 (colored)
Provide SSL_is_quic() This function will allow code to know if the SSL connection is configured for use with QUIC or not. Also move existing SSL_.*quic.* functions under LIBRESSL_HAS_QUIC to prevent exposing them prematurely. ok beck@ tb@
Revision 1.413 / (download) - annotate - [select for diffs], Sun Jul 10 18:40:55 2022 UTC (23 months ago) by tb
Branch: MAIN
Changes since 1.412: +3 -3 lines
Diff to previous 1.412 (colored)
Annotate the security callback and the security ex_data as deliberately not exposed in the public API.
Revision 1.412 / (download) - annotate - [select for diffs], Thu Jul 7 13:04:39 2022 UTC (23 months ago) by tb
Branch: MAIN
Changes since 1.411: +1 -3 lines
Diff to previous 1.411 (colored)
Unifdef LIBRESSL_HAS_SECURITY_LEVEL and remove some workarounds that are no longer needed now that libcrypto exposes the necessary security-bits API. ok jsing
Revision 1.411 / (download) - annotate - [select for diffs], Sat Jul 2 16:31:04 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.410: +6 -4 lines
Diff to previous 1.410 (colored)
Stop using ssl{_ctx,}_security() outside of ssl_seclevel.c
The API is ugly and we can easily abstract it away. The SSL_SECOP_* stuff
is now confined into ssl_seclevel.c and the rest of the library can make
use of the more straightforward wrappers, which makes it a lot easier on
the eyes.
ok beck jsing
Revision 1.410 / (download) - annotate - [select for diffs], Sat Jul 2 16:00:12 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.409: +7 -7 lines
Diff to previous 1.409 (colored)
Rename uses 'curve' to 'group' and rework tls1 group API. This reworks various tls1_ curve APIs to indicate success via a boolean return value and move the output to an out parameter. This makes the caller code easier and more consistent. Based on a suggestion by jsing ok jsing
Revision 1.409 / (download) - annotate - [select for diffs], Thu Jun 30 16:05:07 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.408: +3 -1 lines
Diff to previous 1.408 (colored)
Check security level for supported groups. ok jsing
Revision 1.408 / (download) - annotate - [select for diffs], Thu Jun 30 11:17:49 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.407: +2 -1 lines
Diff to previous 1.407 (colored)
Add checks to ensure we do not initiate or negotiate handshakes with versions below the minimum required by the security level. input & ok jsing
Revision 1.407 / (download) - annotate - [select for diffs], Wed Jun 29 21:18:04 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.406: +3 -3 lines
Diff to previous 1.406 (colored)
Make ssl_cert_add{0,1}_chain_cert() take ssl/ctx
ok beck jsing
Revision 1.406 / (download) - annotate - [select for diffs], Wed Jun 29 21:17:22 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.405: +3 -3 lines
Diff to previous 1.405 (colored)
ssl_cert_set{0,1}_chain() take ssl/ctx
ok beck jsing
Revision 1.405 / (download) - annotate - [select for diffs], Wed Jun 29 21:12:19 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.404: +2 -1 lines
Diff to previous 1.404 (colored)
Refactor use_certificate_chain_* to take ssl/ctx instead of a cert ok beck jsing
Revision 1.404 / (download) - annotate - [select for diffs], Wed Jun 29 21:10:20 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.403: +5 -1 lines
Diff to previous 1.403 (colored)
Add functions that check security level in certs and cert chains. ok beck jsing
Revision 1.403 / (download) - annotate - [select for diffs], Wed Jun 29 20:04:28 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.402: +2 -2 lines
Diff to previous 1.402 (colored)
Parse the @SECLEVEL=n annotation in cipher strings To this end, hand the SSL_CERT through about 5 levels of indirection to set an integer on it. ok beck jsing
Revision 1.402 / (download) - annotate - [select for diffs], Wed Jun 29 17:39:20 2022 UTC (23 months, 1 week ago) by beck
Branch: MAIN
Changes since 1.401: +9 -1 lines
Diff to previous 1.401 (colored)
Add support for sending QUIC transport parameters This is the start of adding the boringssl API for QUIC support, and the TLS extensions necessary to send and receive QUIC transport data. Inspired by boringssl's https://boringssl-review.googlesource.com/24464 ok jsing@ tb@
Revision 1.401 / (download) - annotate - [select for diffs], Wed Jun 29 12:03:38 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.400: +2 -2 lines
Diff to previous 1.400 (colored)
whitespace nit
Revision 1.400 / (download) - annotate - [select for diffs], Wed Jun 29 08:30:04 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.399: +2 -1 lines
Diff to previous 1.399 (colored)
Also check the security level of the 'tmp dh' ok beck jsing
Revision 1.399 / (download) - annotate - [select for diffs], Wed Jun 29 08:27:51 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.398: +2 -1 lines
Diff to previous 1.398 (colored)
Check the security of DH key shares ok beck, looks good to jsing
Revision 1.398 / (download) - annotate - [select for diffs], Wed Jun 29 07:59:14 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.397: +2 -2 lines
Diff to previous 1.397 (colored)
Rename one s to ssl for consistency
Revision 1.397 / (download) - annotate - [select for diffs], Tue Jun 28 21:14:32 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.396: +5 -1 lines
Diff to previous 1.396 (colored)
Add prototypes for ssl{_ctx,}_security()
ok beck jsing sthen
Revision 1.396 / (download) - annotate - [select for diffs], Tue Jun 28 20:40:24 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.395: +6 -1 lines
Diff to previous 1.395 (colored)
Implement the default security level callback And here is where the fun starts. The tentacles will grow everywhere. ok beck jsing sthen
Revision 1.395 / (download) - annotate - [select for diffs], Tue Jun 28 20:31:43 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.394: +6 -1 lines
Diff to previous 1.394 (colored)
Add security callback, level and ex_data fields to SSL_CERT ok beck jsing sthen
Revision 1.394 / (download) - annotate - [select for diffs], Tue Jun 7 17:52:00 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.393: +4 -4 lines
Diff to previous 1.393 (colored)
Switch sid_ctx_length in SSL, SSL_CTX and SSL_SESSION to a size_t ok jsing
Revision 1.393 / (download) - annotate - [select for diffs], Tue Jun 7 17:42:35 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.392: +2 -2 lines
Diff to previous 1.392 (colored)
Switch SSL_SESSION's session_id_length to a size_t ok jsing
Revision 1.392 / (download) - annotate - [select for diffs], Tue Jun 7 17:18:21 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.391: +2 -2 lines
Diff to previous 1.391 (colored)
Switch the SSL_SESSION's master_key_length to a size_t ok jsing
Revision 1.391 / (download) - annotate - [select for diffs], Mon Jun 6 16:11:00 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.390: +5 -4 lines
Diff to previous 1.390 (colored)
Tweak comment describing the SSL_SESSION ASN.1 ok jsing
Revision 1.390 / (download) - annotate - [select for diffs], Mon Jun 6 08:48:11 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.389: +12 -12 lines
Diff to previous 1.389 (colored)
Fix spaces before tabs
Revision 1.389 / (download) - annotate - [select for diffs], Fri Jun 3 13:28:36 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.388: +4 -1 lines
Diff to previous 1.388 (colored)
Add a use_psk_dhe_ke flag to the TLSv1.3 handshake struct This will be used to indicate client side support for DHE key establishment. ok jsing
Revision 1.388 / (download) - annotate - [select for diffs], Thu Mar 17 17:22:16 2022 UTC (2 years, 2 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.387: +2 -2 lines
Diff to previous 1.387 (colored)
Remove const from tls1_transcript_hash_value() This function populates the passed *out argument, hence it should not be marked const. ok tb@
Revision 1.387 / (download) - annotate - [select for diffs], Sat Mar 12 12:53:03 2022 UTC (2 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.386: +2 -1 lines
Diff to previous 1.386 (colored)
Factor out change cipher spec handing code in the legacy stack. Factor out the code that handles the processing of a change cipher spec message that has been read in the legacy stack, deduplicating code in the DTLS stack. ok inoguchi@ tb@
Revision 1.386 / (download) - annotate - [select for diffs], Mon Feb 21 18:22:20 2022 UTC (2 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.385: +2 -1 lines
Diff to previous 1.385 (colored)
Factor out alert handing code in the legacy stack. Pull out the code that processes incoming alerts - a chunk of the complexity is due to the fact that in TLSv1.2 and earlier, alerts can be fragmented across multiple records or multiple alerts can be delivered in a single record. In DTLS there is no way that we can reassemble fragmented alerts (although the RFC is silent on this), however we could have multiple alerts in the same record. This change means that we will handle this situation more appropriately and if we encounter a fragmented alert we will now treat this as a decode error (instead of silently ignoring it). ok beck@ tb@
Revision 1.385 / (download) - annotate - [select for diffs], Sat Feb 5 14:54:10 2022 UTC (2 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.384: +7 -15 lines
Diff to previous 1.384 (colored)
Bye bye S3I. S3I has served us well, however now that libssl is fully opaque it is time to say goodbye. Aside from removing the calloc/free/memset, the rest is mechanical sed. ok inoguchi@ tb@
Revision 1.384 / (download) - annotate - [select for diffs], Thu Feb 3 16:33:12 2022 UTC (2 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.383: +2 -2 lines
Diff to previous 1.383 (colored)
Cleanup/simplify ssl_cert_type() Remove the X509 argument as it is unused - this was passed so that ssl_cert_type() can get the public key from the X509 object if the EVP_PKEY argument is NULL, however this is never the case. ok tb@
Revision 1.383 / (download) - annotate - [select for diffs], Tue Jan 11 19:03:15 2022 UTC (2 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.382: +3 -10 lines
Diff to previous 1.382 (colored)
Remove peer_pkeys from SSL_SESSION. peer_pkeys comes from some world where peers can send multiple certificates - in fact, one of each known type. Since we do not live in such a world, get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2 and TLSv1.3, both clients and servers can only send a single leaf (aka end-entity) certificate). ok inoguchi@ tb@
Revision 1.382 / (download) - annotate - [select for diffs], Tue Jan 11 18:39:28 2022 UTC (2 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.381: +2 -2 lines
Diff to previous 1.381 (colored)
Rename 'peer' to 'peer_cert' in SSL_SESSION. The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful. ok inoguchi@ tb@
Revision 1.381 / (download) - annotate - [select for diffs], Tue Jan 11 18:28:41 2022 UTC (2 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.380: +5 -3 lines
Diff to previous 1.380 (colored)
Plumb decode errors through key share parsing code. Distinguish between decode errors and other errors, so that we can send a SSL_AD_DECODE_ERROR alert when appropriate. Fixes a tlsfuzzer failure, due to it expecting a decode error alert and not receiving one. Prompted by anton@ ok tb@
Revision 1.380 / (download) - annotate - [select for diffs], Sun Jan 9 15:53:52 2022 UTC (2 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.379: +2 -2 lines
Diff to previous 1.379 (colored)
Swap arguments to ssl_check_srvr_ecc_cert_and_alg() If a libssl function takes an SSL *, it should normally be the first argument.
Revision 1.379 / (download) - annotate - [select for diffs], Sat Jan 8 12:59:59 2022 UTC (2 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.378: +10 -19 lines
Diff to previous 1.378 (colored)
Merge SESS_CERT into SSL_SESSION. There is no reason for SESS_CERT to exist - remove it and merge its members into SSL_SESSION for the time being. More clean up to follow. ok inoguchi@ tb@
Revision 1.378 / (download) - annotate - [select for diffs], Sat Jan 8 12:54:32 2022 UTC (2 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.377: +1 -7 lines
Diff to previous 1.377 (colored)
Remove commented out CERT_* defines.
Revision 1.377 / (download) - annotate - [select for diffs], Sat Jan 8 12:43:44 2022 UTC (2 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.376: +45 -45 lines
Diff to previous 1.376 (colored)
Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY. Nearly all structs in libssl start with an SSL_ suffix, rename CERT and CERT_PKEY for consistency. ok inoguchi@ tb@
Revision 1.376 / (download) - annotate - [select for diffs], Fri Jan 7 16:45:06 2022 UTC (2 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.375: +4 -4 lines
Diff to previous 1.375 (colored)
Rename dh_tmp to dhe_params. Support for non-ephemeral DH was removed a long time ago - as such, the dh_tmp and dh_tmp_cb are used for DHE parameters. Rename them to reflect reality. ok inoguchi@ tb@
Revision 1.375 / (download) - annotate - [select for diffs], Fri Jan 7 15:46:30 2022 UTC (2 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.374: +1 -10 lines
Diff to previous 1.374 (colored)
Convert legacy server to tls_key_share. This requires a few more additions to the DHE key share code - we need to be able to either set the DHE parameters or specify the number of key bits for use with auto DHE parameters. Additionally, we need to be able to serialise the DHE parameters to send to the client. This removes the infamous 'tmp' struct from ssl3_state_internal_st. ok inoguchi@ tb@
Revision 1.374 / (download) - annotate - [select for diffs], Thu Jan 6 18:23:56 2022 UTC (2 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.373: +1 -6 lines
Diff to previous 1.373 (colored)
Convert legacy TLS client to tls_key_share. This requires adding DHE support to tls_key_share. In doing so, tls_key_share_peer_public() has to lose the group argument and gains an invalid_key argument. The one place that actually needs the group check is tlsext_keyshare_client_parse(), so add code to do this. ok inoguchi@ tb@
Revision 1.373 / (download) - annotate - [select for diffs], Wed Jan 5 17:10:02 2022 UTC (2 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.372: +4 -2 lines
Diff to previous 1.372 (colored)
Rename tls13_key_share to tls_key_share. In preparation to use the key share code in both the TLSv1.3 and legacy stacks, rename tls13_key_share to tls_key_share, moving it into the shared handshake struct. Further changes will then allow the legacy stack to make use of the same code for ephemeral key exchange. ok inoguchi@ tb@
Revision 1.372 / (download) - annotate - [select for diffs], Sat Dec 4 14:03:22 2021 UTC (2 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.371: +3 -2 lines
Diff to previous 1.371 (colored)
Clean up and refactor server side DHE key exchange. Provide ssl_kex_generate_dhe_params_auto() which handles DHE key generation based on parameters determined by the specified key bits. Convert the existing DHE auto parameter selection code into a function that just tells us how many key bits to use. Untangle and rework the server side DHE key exchange to use the ssl_kex_* functions. ok inoguchi@ tb@
Revision 1.371 / (download) - annotate - [select for diffs], Sat Dec 4 13:50:35 2021 UTC (2 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.370: +2 -2 lines
Diff to previous 1.370 (colored)
Move the minimum DHE key size check into ssl_kex_peer_params_dhe() ok inoguchi@ tb@
Revision 1.370 / (download) - annotate - [select for diffs], Sat Dec 4 13:15:10 2021 UTC (2 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.369: +2 -2 lines
Diff to previous 1.369 (colored)
Check DH public key in ssl_kex_peer_public_dhe(). Call DH_check_pub_key() after decoding the peer public key - this will be needed for the server DHE key exchange, but also benefits the client. ok inoguchi@ tb@
Revision 1.369 / (download) - annotate - [select for diffs], Mon Nov 29 16:00:32 2021 UTC (2 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.368: +9 -1 lines
Diff to previous 1.368 (colored)
Factor out/rewrite DHE key exchange. This follows what was done previously for ECDHE EC point key exchange and will allow for deduplication and further code improvement. Convert the TLSv1.2 client to use the new DHE key exchange functions. ok inoguchi@ tb@
Revision 1.368 / (download) - annotate - [select for diffs], Mon Oct 25 10:09:28 2021 UTC (2 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.367: +3 -1 lines
Diff to previous 1.367 (colored)
Use ssl_force_want_read() in the DTLS code. Also mop up some mostly unhelpful comments while here. ok beck@ tb@
Revision 1.367 / (download) - annotate - [select for diffs], Mon Oct 25 10:01:46 2021 UTC (2 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.366: +19 -24 lines
Diff to previous 1.366 (colored)
Fold SSL_SESSION_INTERNAL back into SSL_SESSION. ok beck@ tb@
Revision 1.366 / (download) - annotate - [select for diffs], Sat Oct 23 20:42:50 2021 UTC (2 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.365: +2 -1 lines
Diff to previous 1.365 (colored)
Add SSL_get0_verified_chain - needed by some new stuff symbol will be exposed with tb@'s forthcoming bump ok tb@
Revision 1.365 / (download) - annotate - [select for diffs], Sat Oct 23 16:29:15 2021 UTC (2 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.364: +4 -1 lines
Diff to previous 1.364 (colored)
Add new OpenSSL API SSL_CTX_set_num_tickets and friends. Since we don't support session tickets in LibreSSL at the moment these functions currently do not have any effect. Again, symbols will appear with tb@'s reptar sized bump.. ok tb@
Revision 1.364 / (download) - annotate - [select for diffs], Sat Oct 23 15:02:27 2021 UTC (2 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.363: +1 -13 lines
Diff to previous 1.363 (colored)
Mop up enc_read_ctx and read_hash. These are no longer public, so we can mop them up along with the machinery needed to set/clear them. ok beck@ tb@
Revision 1.363 / (download) - annotate - [select for diffs], Sat Oct 23 14:40:54 2021 UTC (2 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.362: +9 -1 lines
Diff to previous 1.362 (colored)
Provide a way to determine our maximum legacy version. With the introduction of TLSv1.3, we need the ability to determine our maximum legacy version and to track our peer's maximum legacy version. This is needed for both the TLS record layer when using TLSv1.3, plus it is needed for RSA key exhange in TLS prior to TLSv1.3, where the maximum legacy version is incorporated in the pre-master secret to avoid downgrade attacks. This unbreaks RSA KEX for the TLS client when the non-version specific method is used with TLSv1.0 or TLSv1.1 (clearly no one does this). ok tb@
Revision 1.362 / (download) - annotate - [select for diffs], Sat Oct 23 11:41:52 2021 UTC (2 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.361: +2 -1 lines
Diff to previous 1.361 (colored)
Add SSL_CTX_set_keylog_callback and SSL_CTX_get_keylog_callback Some things in ports care about calling these functions. Since we will not provide private key logging functionality they are documented as being for compatibility and that they don't do anything. ok tb@
Revision 1.361 / (download) - annotate - [select for diffs], Sat Oct 23 08:34:36 2021 UTC (2 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.360: +2 -2 lines
Diff to previous 1.360 (colored)
Untangle ssl3_get_message() return values. This function currently has a long return type that may be <= 0 on error/retry (which is then cast to an int in order to return it up the stack), or it returns the length of the handshake message (on success). This obviously means that 0 can be returned for both success and failure, which is the reason why a separate 'ok' argument has to exist. Untangle this mess by changing the return value to an int that indicates success (1) or error/retry (<= 0). The length never needs to actually be returned as it is already stored in s->internal->init_num (which is where the return value is read from anyway). ok tb@
Revision 1.360 / (download) - annotate - [select for diffs], Sat Oct 23 08:13:02 2021 UTC (2 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.359: +4 -4 lines
Diff to previous 1.359 (colored)
Change tlsext_tick_lifetime_hint to uint32_t. Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long to uint32_t (matching RFC4507), rather than continuing to work around an inappropriate type choice. ok tb@
Revision 1.359 / (download) - annotate - [select for diffs], Fri Oct 15 16:48:47 2021 UTC (2 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.358: +126 -1 lines
Diff to previous 1.358 (colored)
Move various structs from ssl.h/tls1.h to ssl_locl.h. These were already under LIBRESSL_INTERNAL hence no ABI change. ok tb@
Revision 1.358 / (download) - annotate - [select for diffs], Mon Aug 30 19:25:43 2021 UTC (2 years, 9 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.357: +17 -10 lines
Diff to previous 1.357 (colored)
Clean up and simplify info and msg callbacks. The info and msg callbacks result in duplication - both for code that refers to the function pointers and for the call sites. Avoid this by providing typedefs for the function pointers and pulling the calling sequences into their own functions. ok inoguchi@ tb@
Revision 1.357 / (download) - annotate - [select for diffs], Mon Aug 30 19:12:25 2021 UTC (2 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.356: +2 -2 lines
Diff to previous 1.356 (colored)
Replace DTLS r_epoch with the read epoch from the TLSv1.2 record layer. ok inoguchi@ tb@
Revision 1.356 / (download) - annotate - [select for diffs], Mon Jul 26 03:17:38 2021 UTC (2 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.355: +1 -2 lines
Diff to previous 1.355 (colored)
Dedup dtls1_dispatch_alert()/ssl3_dispatch_alert(). The code for dtls1_dispatch_alert() and ssl3_dispatch_alert() is largely identical - with a bit of reshuffling we can use ssl3_dispatch_alert() for both protocols and remove the ssl_dispatch_alert function pointer. ok inoguchi@ tb@
Revision 1.355 / (download) - annotate - [select for diffs], Sat Jul 3 16:06:45 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.354: +1 -5 lines
Diff to previous 1.354 (colored)
Do a first pass clean up of SSL_METHOD. The num_ciphers, get_cipher_by_char and put_cipher_by_char function pointers use the same function for all methods - call ssl3_num_ciphers() directly, absorb ssl3_get_cipher_by_char() into SSL_CIPHER_find() and remove the unused ssl3_put_cipher_by_char() code. ok inoguchi@ tb@
Revision 1.354 / (download) - annotate - [select for diffs], Thu Jul 1 17:53:39 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.353: +7 -11 lines
Diff to previous 1.353 (colored)
Merge SSL_METHOD_INTERNAL into SSL_METHOD. Now that SSL_METHOD is opaque and in internal headers, we can remove SSL_METHOD_INTERNAL by merging it back into SSL_METHOD. ok tb@
Revision 1.353 / (download) - annotate - [select for diffs], Wed Jun 30 18:04:06 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.352: +106 -1 lines
Diff to previous 1.352 (colored)
Move some structs from public to private headers. Move struct ssl_cipher_st, struct ssl_method_st, struct ssl_session_st and struct ssl3_state_st from public to private headers. These are already under #ifdef LIBRESSL_INTERNAL and are no longer publicly visible. ok inoguchi@ tb@
Revision 1.352 / (download) - annotate - [select for diffs], Sun Jun 27 19:23:51 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.351: +6 -3 lines
Diff to previous 1.351 (colored)
Track the sigalgs used by ourselves and our peer. Move the sigalg pointer from SSL_HANDSHAKE_TLS13 to SSL_HANDSHAKE, naming it our_sigalg, adding an equivalent peer_sigalg. Adjust the TLSv1.3 code that records our signature algorithm. Add code to record the signature algorithm used by our peer. Needed for upcoming API additions. ok tb@
Revision 1.351 / (download) - annotate - [select for diffs], Wed Jun 23 11:12:33 2021 UTC (2 years, 11 months ago) by tb
Branch: MAIN
Changes since 1.350: +1 -3 lines
Diff to previous 1.350 (colored)
Garbage collect prototoype for ssl_parse_serverhello_tlsext() which was removed in t1_lib.c r1.141.
Revision 1.350 / (download) - annotate - [select for diffs], Sat Jun 19 17:21:40 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.349: +2 -2 lines
Diff to previous 1.349 (colored)
Correctly handle epoch wrapping in dtls1_get_bitmap(). Due to a type bug that has been present in DTLS since the code was first committed in 2005, dtls1_get_bitmap() fails to handle next epoch correctly when the epoch is currently 0xffff (and wraps to zero). For various reasons unknown, the epoch field in the SSL3_RECORD_INTERNAL (formerly SSL3_RECORD) was added as unsigned long (even though the value is an unsigned 16 bit value on the wire, hence cannot exceed 0xffff), however was added to other code as unsigned short. Due to integer promotion, the r_epoch value is incremented by one to become 0x10000, before being cast to an unsigned long and compared to the value pulled from the DTLS record header (which is zero). Strangely 0x10000 != 0, meaning that we drop the DTLS record, instead of queueing it for the next epoch. Fix this issue by using more appropriate types and pulling up the calculation of the next epoch value for improved readability. ok inoguchi@ tb@
Revision 1.349 / (download) - annotate - [select for diffs], Sat Jun 19 16:52:47 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.348: +4 -1 lines
Diff to previous 1.348 (colored)
Provide the ability to set the initial DTLS epoch value. This allows for regress to test edge cases for epoch handling. ok tb@
Revision 1.348 / (download) - annotate - [select for diffs], Sun Jun 13 15:34:41 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.347: +1 -2 lines
Diff to previous 1.347 (colored)
Remove tls1_alert_code().
After running the preprocessor, this function becomes:
switch (code) {
case 0:
return (0);
case 10:
return (10);
case 20:
return (20);
...
}
Its intended purpose was to prevent SSLv3 alerts being sent from TLS code,
however now that we've removed "no_certificate" from LibreSSL's reach, it
no longer does anything useful.
ok tb@
Revision 1.347 / (download) - annotate - [select for diffs], Sun May 16 15:49:01 2021 UTC (3 years ago) by jsing
Branch: MAIN
Changes since 1.346: +1 -23 lines
Diff to previous 1.346 (colored)
Absorb SSL_AEAD_CTX into struct tls12_record_protection. The information contained in SSL_AEAD_CTX really belongs in the tls12_record_protection struct. Absorb SSL_AEAD_CTX, using more appropriate types in the process. ok tb@
Revision 1.346 / (download) - annotate - [select for diffs], Sun May 16 13:56:31 2021 UTC (3 years ago) by jsing
Branch: MAIN
Changes since 1.345: +1 -109 lines
Diff to previous 1.345 (colored)
Move DTLS structs/definitions/prototypes to dtls_locl.h. Now that the DTLS structs are opaque, add a dtls_locl.h header and move internal-only structs from dtls1.h, along with prototypes from ssl_locl.h. Only pull this header in where DTLS code actually exists. ok inoguchi@ tb@
Revision 1.345 / (download) - annotate - [select for diffs], Sun May 16 10:55:17 2021 UTC (3 years ago) by jsing
Branch: MAIN
Changes since 1.344: +3 -2 lines
Diff to previous 1.344 (colored)
Avoid pulling ssl_sigalgs.h in via ssl_locl.h. Forward declare struct sigalg in ssl_locl.h and avoid including ssl_sigalgs.h. Explicitly include ssl_sigalgs.h where it is needed.
Revision 1.344 / (download) - annotate - [select for diffs], Sun May 16 08:24:21 2021 UTC (3 years ago) by jsing
Branch: MAIN
Changes since 1.343: +2 -1 lines
Diff to previous 1.343 (colored)
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_* Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
Revision 1.343 / (download) - annotate - [select for diffs], Wed May 5 19:52:00 2021 UTC (3 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.342: +2 -5 lines
Diff to previous 1.342 (colored)
Replace DTLS w_epoch with epoch from TLSv1.2 record layer. ok inoguchi@ tb@
Revision 1.342 / (download) - annotate - [select for diffs], Wed May 5 10:05:27 2021 UTC (3 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.341: +16 -12 lines
Diff to previous 1.341 (colored)
Rewrite TLSv1.2 key block handling. For TLSv1.2 a single key block is generated, then partitioned into individual secrets for use as IVs and keys. The previous implementation splits this across two functions tls1_setup_key_block() and tls1_change_cipher_state(), which means that the IV and key sizes have to be known in multiple places. This implementation generates and partitions the key block in a single step, meaning that the secrets are then simply handed out when requested. ok inoguchi@ tb@
Revision 1.341 / (download) - annotate - [select for diffs], Sun May 2 17:46:58 2021 UTC (3 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.340: +3 -2 lines
Diff to previous 1.340 (colored)
Clean up tls1_change_cipher_state(). Replace flag gymnastics at call sites with separate read and write, functions which call the common code. Condition on s->server instead of using SSL_ST_ACCEPT, for consistency and more readable code. ok inoguchi@ tb@
Revision 1.340 / (download) - annotate - [select for diffs], Sun May 2 17:18:10 2021 UTC (3 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.339: +3 -2 lines
Diff to previous 1.339 (colored)
Clean up dtls1_reset_seq_numbers(). Rather than doing flag gymnastics, split dtls1_reset_seq_numbers() into separate read and write functions. Move the calls of these functions into tls1_change_cipher_state() so they directly follow the change of cipher state in the record layer, which avoids having to duplicate the calls in the client and server. ok inoguchi@ tb@
Revision 1.339 / (download) - annotate - [select for diffs], Fri Apr 30 19:26:44 2021 UTC (3 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.338: +3 -3 lines
Diff to previous 1.338 (colored)
Clean up and harden TLSv1.2 master key derivation. The master key and its length are only stored in one location, so it makes no sense to handle these outside of the derivation function (the current 'out' argument is unused). This simplifies the various call sites. If derivation fails for some reason, fail hard rather than continuing on and hoping that something deals with this correctly later. ok inoguchi@ tb@
Revision 1.338 / (download) - annotate - [select for diffs], Sun Apr 25 13:15:22 2021 UTC (3 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.337: +10 -3 lines
Diff to previous 1.337 (colored)
Clean up derivation of finished/peer finished. Make this process more readable by having specific client/server functions, calling the correct one based on s->server. This allows to remove various SSL_ST_ACCEPT/SSL_ST_CONNECT checks, along with duplicate code. ok inoguchi@ tb@
Revision 1.337 / (download) - annotate - [select for diffs], Wed Apr 21 19:27:56 2021 UTC (3 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.336: +5 -9 lines
Diff to previous 1.336 (colored)
Clean up TLSv1.2 certificate request handshake data. Currently cert_req is used by clients and cert_request is used by servers. Replace this by a single cert_request used by either client or server. Remove the certificate types as they are currently unused. This also fixes a bug whereby if the number of certificate types exceeds SSL3_CT_NUMBER the number of bytes read in is insufficient, which will break decoding. ok inoguchi@ tb@
Revision 1.336 / (download) - annotate - [select for diffs], Mon Apr 19 17:26:39 2021 UTC (3 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.335: +3 -4 lines
Diff to previous 1.335 (colored)
Remove new_sym_enc and new_aead. These can be replaced with accessors that allow this information to be retrieved from the new record layer. ok inoguchi@ tb@
Revision 1.335 / (download) - annotate - [select for diffs], Mon Apr 19 17:03:39 2021 UTC (3 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.334: +4 -2 lines
Diff to previous 1.334 (colored)
Move new_mac_secret_size into the TLSv1.2 handshake struct. Drop the 'new_' prefix in the process. ok inoguchi@ tb@
Revision 1.334 / (download) - annotate - [select for diffs], Mon Apr 19 16:51:56 2021 UTC (3 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.333: +11 -8 lines
Diff to previous 1.333 (colored)
Move reuse_message, message_type, message_size and cert_verify into the TLSv1.2 handshake struct. ok inoguchi@ tb@
Revision 1.333 / (download) - annotate - [select for diffs], Mon Mar 29 16:46:09 2021 UTC (3 years, 2 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.332: +10 -6 lines
Diff to previous 1.332 (colored)
Move finished and peer finished to the handshake struct. This moves the finish_md and peer_finish_md from the 'tmp' struct to the handshake struct, renaming to finished and peer_finished in the process. This also allows the remaining S3I(s) references to be removed from the TLSv1.3 client and server. ok inoguchi@ tb@
Revision 1.332 / (download) - annotate - [select for diffs], Mon Mar 29 16:19:15 2021 UTC (3 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.331: +1 -2 lines
Diff to previous 1.331 (colored)
Move the TLSv1.2 record number increment into the new record layer. This adds checks (based on the TLSv1.3 implementation) to ensure that the TLS/DTLS sequence numbers do not wrap, as required by the respective RFCs. ok inoguchi@ tb@
Revision 1.331 / (download) - annotate - [select for diffs], Sat Mar 27 17:56:28 2021 UTC (3 years, 2 months ago) by tb
Branch: MAIN
Changes since 1.330: +1 -3 lines
Diff to previous 1.330 (colored)
Garbage collect s->internal->type
This variable is used in the legacy stack to decide whether we are
a server or a client. That's what s->server is for...
The new TLSv1.3 stack failed to set s->internal->type, which resulted
in hilarious mishandling of previous_{client,server}_finished. Indeed,
both client and server would first store the client's verify_data in
previous_server_finished and later overwrite it with the server's
verify_data. Consequently, renegotiation has been completely broken
for more than a year. In fact, server side renegotiation was broken
during the 6.5 release cycle. Clearly, no-one uses this.
This commit fixes client side renegotiation and restores the previous
behavior of SSL_get_client_CA_list(). Server side renegotiation will
be fixed in a later commit.
ok jsing
Revision 1.330 / (download) - annotate - [select for diffs], Wed Mar 24 18:44:00 2021 UTC (3 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.329: +2 -2 lines
Diff to previous 1.329 (colored)
Rename new_cipher to cipher. This is in the SSL_HANDSHAKE struct and is what we're currently negotiating, so there is really nothing more "new" about the cipher than there is the key block or other parts of the handshake data. ok inoguchi@ tb@
Revision 1.329 / (download) - annotate - [select for diffs], Wed Mar 24 18:40:03 2021 UTC (3 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.328: +20 -13 lines
Diff to previous 1.328 (colored)
Add SSL_HANDSHAKE_TLS12 for TLSv1.2 specific handshake data. Move TLSv1.2 specific components over from SSL_HANDSHAKE. ok inoguchi@ tb@
Revision 1.328 / (download) - annotate - [select for diffs], Sun Mar 21 18:36:34 2021 UTC (3 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.327: +41 -40 lines
Diff to previous 1.327 (colored)
Move the TLSv1.3 handshake struct inside the shared handshake struct. There are currently three different handshake structs that are in use - the SSL_HANDSHAKE struct (as S3I(s)->hs), the SSL_HANDSHAKE_TLS13 struct (as S3I(s)->hs_tls13 or ctx->hs in the TLSv1.3 code) and the infamous 'tmp' embedded in SSL3_STATE_INTERNAL (as S3I(s)->tmp)). This is the first step towards cleaning up the handshake structs so that shared data is in the SSL_HANDSHAKE struct, with sub-structs for TLSv1.2 and TLSv1.3 specific information. Place SSL_HANDSHAKE_TLS13 inside SSL_HANDSHAKE and change ctx->hs to refer to the SSL_HANDSHAKE struct instead of the SSL_HANDSHAKE_TLS13 struct. This allows the TLSv1.3 code to access the shared handshake data without needing the SSL struct. ok inoguchi@ tb@
Revision 1.327 / (download) - annotate - [select for diffs], Wed Mar 17 17:42:53 2021 UTC (3 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.326: +5 -1 lines
Diff to previous 1.326 (colored)
Enable DTLSv1.2. This means that the DTLS_method() will now use DTLSv1.2 rather than DTLSv1. Additional DTLSv1.2 related symbols and defines will be made publicly visible in the near future. ok inoguchi@ tb@
Revision 1.326 / (download) - annotate - [select for diffs], Thu Mar 11 17:14:47 2021 UTC (3 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.325: +1 -2 lines
Diff to previous 1.325 (colored)
Remove ssl_downgrade_max_version(). Now that we store our maximum TLS version at the start of the handshake, we can check against that directly. ok inoguchi@ tb@
Revision 1.325 / (download) - annotate - [select for diffs], Wed Mar 10 18:27:01 2021 UTC (3 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.324: +20 -6 lines
Diff to previous 1.324 (colored)
Improve internal version handling. Add handshake fields for our minimum TLS version, our maximum TLS version and the TLS version negotiated during the handshake. Initialise our min/max versions at the start of the handshake and leave these unchanged. The negotiated TLS version is set in the client once we receive the ServerHello and in the server at the point we select the highest shared version. Provide an ssl_effective_version() function that returns the negotiated TLS version if known, otherwise our maximum TLS version - this is effectively what is stored in s->version currently. Convert most of the internal code to use one of these three version fields, which greatly simplifies code (especially in the TLS extension handling code). ok tb@
Revision 1.324 / (download) - annotate - [select for diffs], Sat Feb 27 14:20:50 2021 UTC (3 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.323: +8 -18 lines
Diff to previous 1.323 (colored)
Move handling of cipher/hash based cipher suites into the new record layer. ok tb@
Revision 1.323 / (download) - annotate - [select for diffs], Thu Feb 25 17:06:05 2021 UTC (3 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.322: +14 -14 lines
Diff to previous 1.322 (colored)
Only use TLS versions internally (rather than both TLS and DTLS versions). DTLS protocol version numbers are the 1's compliment of human readable TLS version numbers, which means that newer versions decrease in value and there is no direct mapping between TLS protocol version numbers and DTLS protocol version numbers. Rather than having to deal with this internally, only use TLS versions internally and map between DTLS and TLS protocol versions when necessary. Rename functions and variables to use 'tls_version' when they contain a TLS version (and never a DTLS version). ok tb@
Revision 1.322 / (download) - annotate - [select for diffs], Mon Feb 22 15:59:10 2021 UTC (3 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.321: +4 -2 lines
Diff to previous 1.321 (colored)
Factor out/change some of the legacy client version handling code. This consolidates the version handling code and will make upcoming changes easier. ok tb@
Revision 1.321 / (download) - annotate - [select for diffs], Sat Feb 20 09:43:29 2021 UTC (3 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.320: +17 -3 lines
Diff to previous 1.320 (colored)
Return a min/max version of zero if set to zero.
OpenSSL's SSL{_CTX,}_get_{min,max}_proto_version() return a version of zero
if the minimum or maximum has been set to zero (which means the minimum or
maximum version supported by the method). Previously we returned the
minimum or maximum version supported by the method, instead of zero. Match
OpenSSL's behaviour by using shadow variables.
Discussed with tb@
Revision 1.320 / (download) - annotate - [select for diffs], Sun Feb 7 15:26:32 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.319: +1 -3 lines
Diff to previous 1.319 (colored)
Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md(). The mess that is ssl_get_algorithm2() only exists to upgrade the handshake MAC of a pre-TLSv1.2 cipher suite to SHA256 when used with TLSv1.2. We can readily do this in ssl_get_handshake_evp_md(), which is far more readable. ok tb@
Revision 1.319 / (download) - annotate - [select for diffs], Sun Feb 7 15:04:10 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.318: +2 -1 lines
Diff to previous 1.318 (colored)
Factor out the legacy stack version checks. Also check for explicit version numbers, rather than just the major version value. ok tb@
Revision 1.318 / (download) - annotate - [select for diffs], Thu Jan 28 17:00:39 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.317: +3 -9 lines
Diff to previous 1.317 (colored)
Move AEAD handling into the new TLSv1.2 record layer. ok tb@
Revision 1.317 / (download) - annotate - [select for diffs], Tue Jan 26 14:22:20 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.316: +2 -11 lines
Diff to previous 1.316 (colored)
Move sequence numbers into the new TLSv1.2 record layer. This allows for all of the DTLS sequence number save/restore code to be removed. ok inoguchi@ "whee!" tb@
Revision 1.316 / (download) - annotate - [select for diffs], Thu Jan 21 18:48:57 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.315: +1 -3 lines
Diff to previous 1.315 (colored)
Mop up unused dtls1_build_sequence_number() function.
Revision 1.315 / (download) - annotate - [select for diffs], Tue Jan 19 19:07:39 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.314: +11 -1 lines
Diff to previous 1.314 (colored)
Add code to handle change of cipher state in the new TLSv1.2 record layer. This provides the basic framework for handling change of cipher state in the new TLSv1.2 record layer, creating new record protection. In the DTLS case we retain the previous write record protection and can switch back to it when retransmitting. This will allow the record layer to start owning sequence numbers and encryption/decryption state. ok inoguchi@ tb@
Revision 1.314 / (download) - annotate - [select for diffs], Tue Jan 19 18:57:09 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.313: +3 -1 lines
Diff to previous 1.313 (colored)
Provide functions to determine if TLSv1.2 record protection is engaged. Call these functions from code that needs to know if we've changed cipher state and enabled record protection, rather than inconsistently checking various pointers from other places in the code base. This also fixes a minor bug where the wrong pointers are checked if we're operating with AEAD. ok inoguchi@ tb@
Revision 1.313 / (download) - annotate - [select for diffs], Tue Jan 19 18:51:08 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.312: +3 -1 lines
Diff to previous 1.312 (colored)
Provide record layer overhead for DTLS. Rather than manually calculating the maximum record layer overhead in the DTLS code, have the record layer provide this information. This also makes it work correctly with AEAD ciphersuites. ok inoguchi@ tb@
Revision 1.312 / (download) - annotate - [select for diffs], Wed Jan 13 18:20:54 2021 UTC (3 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.311: +1 -3 lines
Diff to previous 1.311 (colored)
Clean up sequence number handing in the new TLSv1.2 record layer. Handle protocol specific (DTLS vs TLS) sequence number differences in the open/seal record functions and propagate the sequence number through to the called functions. This means that DTLS specific knowledge is limited to two functions and also avoids building sequence numbers multiple times over. As a result, the DTLS explicit sequence number is now extracted from the record header and passed through for processing, which makes the read epoch handling redundant. ok inoguchi@ tb@
Revision 1.311 / (download) - annotate - [select for diffs], Thu Jan 7 15:32:59 2021 UTC (3 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.310: +1 -3 lines
Diff to previous 1.310 (colored)
Move the read MAC key into the TLSv1.2 record layer. ok inoguchi@ tb@
Revision 1.310 / (download) - annotate - [select for diffs], Tue Dec 15 16:04:49 2020 UTC (3 years, 5 months ago) by tb
Branch: MAIN
Changes since 1.309: +4 -6 lines
Diff to previous 1.309 (colored)
Use natural sizes for S3I(s)->tmp's *_md arrays It is a historical artifact that cert_verify_md[], finish_md[] and peer_finish_md[] are twice as large as they need to be. This is confusing, especially for finish_md[] and peer_finish_md[] which are copied to to previous_client_finished[] and previous_server_finished[] which are only half as large. It is easy to check that they will never get more than EVP_MAX_MD_SIZE data written to them. In 1998, EVP_MAX_MD_SIZE was 20 bytes long (for SHA-1). This got bumped to 16+20 for the SSLv3-specific md5+sha1. Apparently under the impression that EVP_MAX_MD_SIZE was still 20 bytes, someone else doubled finish_md[]'s size to EVP_MAX_MD_SIZE*2 and added /* actually only needs to be 16+20 */. A bit later finish_md[] was split up, and still a bit later the comment was amended for TLSv1. Shortly thereafter SHA-512 required a bump of EVP_MAX_MD_SIZE to 64 by a third person and we have been carrying 192 bytes of untouched memory in each of our SSLs ever since. ok inoguchi jsing (jsing had the same diff)
Revision 1.309 / (download) - annotate - [select for diffs], Mon Dec 14 15:20:31 2020 UTC (3 years, 5 months ago) by tb
Branch: MAIN
Changes since 1.308: +3 -3 lines
Diff to previous 1.308 (colored)
Switch finish{,_peer}_md_len from int to size_t
This is the natural type for these and it simplifies an upcoming commit.
The few consumers have been carefully checked to be fine with this.
ok inoguchi jsing
Revision 1.308 / (download) - annotate - [select for diffs], Tue Dec 1 07:46:02 2020 UTC (3 years, 6 months ago) by tb
Branch: MAIN
Changes since 1.307: +2 -1 lines
Diff to previous 1.307 (colored)
Bring back *_client_method() structs The method unification broke an API promise of SSL_is_server(). According to the documentation, calling SSL_is_server() on SSL objects constructed from generic and server methods would result in 1 even before any call to SSL_set_accept_state(). This means the information needs to be available when SSL_new() is called, so must come from the method itself. Prior to the method unification, s->server would be set to 0 or 1 in SSL_new() depending on whether the accept method was undefined or not. Instead, introduce a flag to the internal structs to distinguish client methods from server and generic methods and copy that flag to s->server in SSL_new(). This problem was reported to otto due to breakage of DoH in net/dnsdist. The reason for this is that www/h2o relies on SSL_is_server() to decide whether to call SSL_accept() or SSL_connect(). Thus, the h2o server would end up responding to a ClientHello with another ClientHello, which results in a handshake failure. The bandaid applied to www/h2o can be removed once this fix has made it into snaps. No other breakage is known. This commit brings back only about half of the duplication removed in the method unification, so is preferable to a full revert. ok jsing
Revision 1.307 / (download) - annotate - [select for diffs], Wed Nov 11 18:14:12 2020 UTC (3 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.306: +2 -2 lines
Diff to previous 1.306 (colored)
Use size_t for key_block_len. This allows us to remove a check and will make future changes simpler. Use suitable names for tls1_generate_key_block() arguments while here. ok inoguchi@ tb@
Revision 1.306 / (download) - annotate - [select for diffs], Wed Oct 14 16:57:33 2020 UTC (3 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.305: +1 -5 lines
Diff to previous 1.305 (colored)
Replace SSL_IS_DTLS with SSL_is_dtls(). Garbage collect the now unused SSL_IS_DTLS macro. ok tb@
Revision 1.305 / (download) - annotate - [select for diffs], Wed Oct 14 16:44:15 2020 UTC (3 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.304: +3 -2 lines
Diff to previous 1.304 (colored)
Mark DTLS methods as DTLS. Rather than inferring DTLS from the method version, add a field that marks a method as specifically being DTLS. Have SSL_IS_DTLS condition on this rather than on version. ok tb@
Revision 1.304 / (download) - annotate - [select for diffs], Sun Oct 11 12:45:52 2020 UTC (3 years, 8 months ago) by guenther
Branch: MAIN
Changes since 1.303: +17 -14 lines
Diff to previous 1.303 (colored)
SSL3_ENC_METHOD is just a flag word; merge it into SSL_METHOD_INTERNAL with #defines for the per-version initializers instead of extern globals. Add SSL_USE_SHA256_PRF() to complete the abstraction. ok tb@ jsing@
Revision 1.303 / (download) - annotate - [select for diffs], Sun Oct 11 02:44:27 2020 UTC (3 years, 8 months ago) by tb
Branch: MAIN
Changes since 1.302: +2 -2 lines
Diff to previous 1.302 (colored)
Make profile_name const in srtp_find_profile_by_name() There is no reason (and there never was any) for profile_name to be non-const, it was always just passed to strncmp(). Changing this allows removing an ugly instance of casting away const. ok guenther jsing
Revision 1.302 / (download) - annotate - [select for diffs], Sun Oct 11 02:22:27 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.301: +2 -6 lines
Diff to previous 1.301 (colored)
Condense and simplify TLS methods. Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method. Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does. ok tb@
Revision 1.301 / (download) - annotate - [select for diffs], Sun Oct 11 01:16:31 2020 UTC (3 years, 8 months ago) by guenther
Branch: MAIN
Changes since 1.300: +4 -4 lines
Diff to previous 1.300 (colored)
Constipate srtp_known_profiles, pushing it into .data.rel.ro ok tb@ jsing@
Revision 1.300 / (download) - annotate - [select for diffs], Sun Oct 11 01:13:04 2020 UTC (3 years, 8 months ago) by guenther
Branch: MAIN
Changes since 1.299: +2 -2 lines
Diff to previous 1.299 (colored)
Constipate ssl3_ciphers and tls1[23]_sigalgs*, pushing them into .data.rel.ro and .rodata respectively. ok tb@ jsing@
Revision 1.299 / (download) - annotate - [select for diffs], Wed Oct 7 08:43:34 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.298: +1 -14 lines
Diff to previous 1.298 (colored)
Mop up various things that are now unused with the new record layer. ok inoguchi@ tb@
Revision 1.298 / (download) - annotate - [select for diffs], Sat Oct 3 18:01:55 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.297: +3 -3 lines
Diff to previous 1.297 (colored)
Merge d1_{clnt,srvr}.c into ssl_{clnt,srvr}.c
The d1_{clnt,srvr}.c contain a single function each - merge these into the
ssl_{clnt,srvr}.c, renaming them with an ssl3_ prefix for consistency.
ok beck@ tb@
Revision 1.297 / (download) - annotate - [select for diffs], Sat Oct 3 17:54:27 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.296: +1 -2 lines
Diff to previous 1.296 (colored)
Use TLSv1_1_enc_data instead of DTLSv1_enc_data. DTLSv1 is TLSv1.1 over datagrams - there is no need for a separate SSL3_ENC_METHOD struct, just use TLSv1_1_enc_data and remove DTLSv1_enc_data entirely. ok tb@
Revision 1.296 / (download) - annotate - [select for diffs], Sat Oct 3 17:35:16 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.295: +9 -5 lines
Diff to previous 1.295 (colored)
Reimplement the TLSv1.2 record handling for the read side. This is the next step in replacing the TLSv1.2 record layer. The existing record handling code does decryption and processing in place, which is not ideal for various reasons, however it is retained for now as other code depends on this behaviour. Additionally, CBC requires special handling to avoid timing oracles - for now the existing timing safe code is largely retained. ok beck@ inoguchi@ tb@
Revision 1.295 / (download) - annotate - [select for diffs], Thu Sep 24 18:12:00 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.294: +2 -1 lines
Diff to previous 1.294 (colored)
Simplify the cleanup of init_buf via a ssl3_release_init_buffer() function. ok beck@ inoguchi@ tb@
Revision 1.294 / (download) - annotate - [select for diffs], Thu Sep 24 17:59:54 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.293: +4 -3 lines
Diff to previous 1.293 (colored)
Release read and write buffers using freezero().
Provide a ssl3_release_buffer() function that correctly frees a buffer
and call it from the appropriate locations. While here also change
ssl3_release_{read,write}_buffer() to void since they cannot fail and
no callers check the return value currently.
ok beck@ inoguchi@ tb@
Revision 1.293 / (download) - annotate - [select for diffs], Thu Sep 17 15:23:29 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.292: +3 -5 lines
Diff to previous 1.292 (colored)
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and
if that returns NULL, call dtls1_get_{client,server}_method(). Simplify
this by combining the lookup into a single function. While here also use
uint16_t for version types.
ok inoguchi@ millert@
Revision 1.292 / (download) - annotate - [select for diffs], Tue Sep 15 09:41:24 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.291: +1 -3 lines
Diff to previous 1.291 (colored)
Mop up the get_ssl_method function pointer. Now that get_ssl_method is no longer used, we can garbage collect the function pointer and some associated machinery. ok beck@
Revision 1.291 / (download) - annotate - [select for diffs], Sun Sep 13 16:49:05 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.290: +11 -2 lines
Diff to previous 1.290 (colored)
Implement SSL_{CTX_,}set_ciphersuites().
OpenSSL added a separate API for configuring TLSv1.3 ciphersuites. Provide
this API, while retaining the current behaviour of being able to configure
TLSv1.3 via the existing interface.
Note that this is not currently exposed in the headers/exported symbols.
ok beck@ inoguchi@ tb@
Revision 1.290 / (download) - annotate - [select for diffs], Fri Sep 11 17:36:27 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.289: +3 -11 lines
Diff to previous 1.289 (colored)
Remove cipher_list_by_id. When parsing a cipher string, a cipher list is created, before being duplicated and sorted - the second copy being stored as cipher_list_by_id. This is done only so that a client can ensure that the cipher selected by a server is in the cipher list. This is pretty pointless given that most clients are short-lived and that we already had to iterate over the cipher list in order to build the client hello. Additionally, any update to the cipher list requires that cipher_list_by_id also be updated and kept in sync. Remove all of this and replace it with a simple linear scan - the overhead of duplicating and sorting the cipher list likely exceeds that of a simple linear scan over the cipher list (64 maximum, more typically ~9 or so). ok beck@ tb@
Revision 1.289 / (download) - annotate - [select for diffs], Fri Sep 11 15:28:08 2020 UTC (3 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.288: +3 -3 lines
Diff to previous 1.288 (colored)
Rename ssl_cipher_is_permitted() The name ssl_cipher_is_permitted() is not entirely specific - what it really means is "can this cipher be used with a given version range". Use ssl_cipher_allowed_in_version_range() to more clearly indicate this. Bikeshedded with tb@ ok tb@
Revision 1.288 / (download) - annotate - [select for diffs], Tue Sep 1 12:40:53 2020 UTC (3 years, 9 months ago) by tb
Branch: MAIN
Changes since 1.287: +2 -3 lines
Diff to previous 1.287 (colored)
copy session id directly in ssl_get_prev_session ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session(). Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so. ok inoguchi jsing
Revision 1.287 / (download) - annotate - [select for diffs], Tue Sep 1 05:32:11 2020 UTC (3 years, 9 months ago) by tb
Branch: MAIN
Changes since 1.286: +1 -2 lines
Diff to previous 1.286 (colored)
simplify tls1_process_ticket() exit path tls1_process_ticket() - the only caller of tls_decrypt_ticket() - ends in a switch over the return value of tls_decrypt_ticket() to decide whether or not to set s->internal->tlsext_ticket_expected = 1. Since tls_decrypt_ticket() already knows what it will return and partly bases its decision on what to return on whether or not the ticket needs to be renewed, it can also take care of setting this flag. This way we don't need to have a confusing switch that conflates some return values and sets this flag. Moreover, we can get rid of the ugly TLS1_TICKET_DECRYPTED_RENEW whose only purpose is to signal that the flag should be set. ok jsing
Revision 1.286 / (download) - annotate - [select for diffs], Mon Aug 31 14:34:01 2020 UTC (3 years, 9 months ago) by tb
Branch: MAIN
Changes since 1.285: +8 -1 lines
Diff to previous 1.285 (colored)
Return code tweaks for session ticket handlers In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments. ok beck inoguchi
Revision 1.285 / (download) - annotate - [select for diffs], Mon Aug 31 14:04:51 2020 UTC (3 years, 9 months ago) by tb
Branch: MAIN
Changes since 1.284: +4 -3 lines
Diff to previous 1.284 (colored)
Send alert on ssl_get_prev_session failure ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe. Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere. ok beck inoguchi jsing
Revision 1.284 / (download) - annotate - [select for diffs], Sun Aug 30 15:40:20 2020 UTC (3 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.283: +31 -2 lines
Diff to previous 1.283 (colored)
Start replacing the existing TLSv1.2 record layer. This takes the same design/approach used in TLSv1.3 and provides an opaque struct that is self contained and cannot reach back into other layers. For now this just implements/replaces the writing of records for DTLSv1/TLSv1.0/TLSv1.1/TLSv1.2. In doing so we stop copying the plaintext into the same buffer that is used to transmit to the wire. ok inoguchi@ tb@
Revision 1.283 / (download) - annotate - [select for diffs], Tue Aug 11 18:40:24 2020 UTC (3 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.282: +2 -2 lines
Diff to previous 1.282 (colored)
Use SSL3_SEQUENCE_SIZE for last_write_sequence[] rather than hardcoding. ok inoguchi@ tb@
Revision 1.272.4.1 / (download) - annotate - [select for diffs], Mon Aug 10 18:59:47 2020 UTC (3 years, 10 months ago) by tb
Branch: OPENBSD_6_7
Changes since 1.272: +11 -7 lines
Diff to previous 1.272 (colored) next main 1.273 (colored)
LibreSSL 3.1.4 - Interoperability and bug fixes for the TLSv1.3 client: * Improve client certificate selection to allow EC certificates instead of only RSA certificates. * Do not error out if a TLSv1.3 server requests an OCSP response as part of a certificate request. * Fix SSL_shutdown behavior to match the legacy stack. The previous behaviour could cause a hang. * Fix a memory leak and add a missing error check in the handling of the key update message. * Fix a memory leak in tls13_record_layer_set_traffic_key. * Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes. * Ensure that only PSS may be used with RSA in TLSv1.3 in order to avoid using PKCS1-based signatures. * Add the P-521 curve to the list of curves supported by default in the client. This is errata/6.7/019_libssl.patch.sig
Revision 1.282 / (download) - annotate - [select for diffs], Tue Jul 7 19:31:11 2020 UTC (3 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.281: +1 -6 lines
Diff to previous 1.281 (colored)
Remove some unnecessary function pointers from SSL_METHOD_INTERNAL. ssl_version is completely unused and get_timeout is the same everywhere. ok beck@ inoguchi@ tb@
Revision 1.281 / (download) - annotate - [select for diffs], Tue Jul 7 19:24:23 2020 UTC (3 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.280: +2 -1 lines
Diff to previous 1.280 (colored)
Enable TLSv1.3 for the generic TLS_method(). This can be done now that we have both TLSv1.3 client and server. ok beck@ inoguchi@ tb@
Revision 1.280 / (download) - annotate - [select for diffs], Sat Jun 6 01:40:09 2020 UTC (4 years ago) by beck
Branch: MAIN
Changes since 1.279: +7 -1 lines
Diff to previous 1.279 (colored)
Implement a rolling hash of the ClientHello message, Enforce RFC 8446 section 4.1.2 to ensure subsequent ClientHello messages after a HelloRetryRequest messages must be unchanged from the initial ClientHello. ok tb@ jsing@
Revision 1.279 / (download) - annotate - [select for diffs], Sun May 31 18:03:32 2020 UTC (4 years ago) by jsing
Branch: MAIN
Changes since 1.278: +1 -2 lines
Diff to previous 1.278 (colored)
Replace ssl_max_server_version() with ssl_downgrade_max_version() Replace the only occurrence of ssl_max_server_version() with a call to ssl_downgrade_max_version() and remove ssl_max_server_version(). ok beck@ tb@
Revision 1.278 / (download) - annotate - [select for diffs], Sun May 31 16:36:35 2020 UTC (4 years ago) by jsing
Branch: MAIN
Changes since 1.277: +2 -1 lines
Diff to previous 1.277 (colored)
Correct downgrade sentinels when a version pinned method is in use. Previously only the enabled protocol versions were considered, however we also have to consider the method in use which may be version pinned. Found the hard way by danj@ with haproxy and force-tlsv12. ok beck@ inoguchi@ tb@
Revision 1.277 / (download) - annotate - [select for diffs], Fri May 29 18:00:10 2020 UTC (4 years ago) by jsing
Branch: MAIN
Changes since 1.276: +11 -7 lines
Diff to previous 1.276 (colored)
Improve server certificate selection for TLSv1.3. This allows an EC certificate to be selected and used, if the client sigalgs would allow it. With feedback from tb@ ok inoguchi@ tb@
Revision 1.276 / (download) - annotate - [select for diffs], Fri May 29 17:39:42 2020 UTC (4 years ago) by jsing
Branch: MAIN
Changes since 1.275: +1 -7 lines
Diff to previous 1.275 (colored)
Mop up servername_done, which is unused. ok beck@ inoguchi@ tb@
Revision 1.275 / (download) - annotate - [select for diffs], Tue May 19 16:35:20 2020 UTC (4 years ago) by jsing
Branch: MAIN
Changes since 1.274: +5 -7 lines
Diff to previous 1.274 (colored)
Replace SSL_PKEY_RSA_ENC/SSL_PKEY_RSA_SIGN with SSL_PKEY_RSA. Some time prior to SSLeay 0.8.1b, SSL_PKEY_RSA_SIGN got added with the intention of handling RSA sign only certificates... this incomplete code had the following comment: /* check to see if this is a signing only certificate */ /* EAY EAY EAY EAY */ And while the comment was removed in 2005, the incomplete RSA sign-only handling has remained ever since. Remove SSL_PKEY_RSA_SIGN and rename SSL_PKEY_RSA_ENC to SSL_PKEY_RSA. While here also remove the unused SSL_PKEY_DH_RSA. ok tb@
Revision 1.274 / (download) - annotate - [select for diffs], Mon May 11 18:19:19 2020 UTC (4 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.273: +5 -1 lines
Diff to previous 1.273 (colored)
Enable the TLSv1.3 server. ok beck@ tb@
Revision 1.273 / (download) - annotate - [select for diffs], Sun May 10 14:17:47 2020 UTC (4 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.272: +3 -2 lines
Diff to previous 1.272 (colored)
Use size_t for OCSP response length. The OCSP response length is currently an integer, which is overloaded with -1 meaning "unset". Use a size_t for the OCSP response length and infer unset from the OCSP response being NULL. This makes code more readable, simpler and less error prone. ok beck@
Revision 1.272 / (download) - annotate - [select for diffs], Sat Apr 18 14:07:56 2020 UTC (4 years, 1 month ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE
Branch point for: OPENBSD_6_7
Changes since 1.271: +2 -1 lines
Diff to previous 1.271 (colored)
Expose the peer ephemeral public key used for TLSv1.3 key exchange. SSL_get_server_tmp_key() provides the peer ephemeral public key used for key exchange. In the case of TLSv1.3 this is essentially the peer public key from the key share used for TLSv1.3 key exchange, hence make it availaable via SSL_get_server_tmp_key(). ok inoguchi@ tb@
Revision 1.271 / (download) - annotate - [select for diffs], Mon Mar 16 15:25:14 2020 UTC (4 years, 2 months ago) by tb
Branch: MAIN
Changes since 1.270: +6 -6 lines
Diff to previous 1.270 (colored)
Consistently spell 'unsigned' as 'unsigned int', as style(9) seems to prefer that. No binary change except in d1_srtp.c where the generated assembly differs only in line numbers (due to a wrapped long line) and in s3_cbc.c where there is no change in the generated assembly. ok inoguchi jsing
Revision 1.270 / (download) - annotate - [select for diffs], Fri Mar 13 16:40:42 2020 UTC (4 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.269: +1 -2 lines
Diff to previous 1.269 (colored)
Remove dtls1_enc(). Like much of the original DTLS code, dtls1_enc() is effectively a renamed copy of tls1_enc(). Since then tls1_enc() has been modified, however the non-AEAD code remains largely the same. As such, remove dtls1_enc() and instead call tls1_enc() from the DTLS code. The tls1_enc() AEAD code does not currently work correctly with DTLS, however this is a non-issue since we do not support AEAD cipher suites with DTLS currently. ok tb@
Revision 1.269 / (download) - annotate - [select for diffs], Thu Mar 12 17:09:02 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.268: +2 -1 lines
Diff to previous 1.268 (colored)
Stop overloading the record type for padding length. Currently the CBC related code stuffs the padding length in the upper bits of the type field... stop doing that and add a padding_length field to the record struct instead. ok inoguchi@ tb@
Revision 1.268 / (download) - annotate - [select for diffs], Thu Mar 12 17:01:53 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.267: +32 -7 lines
Diff to previous 1.267 (colored)
Use internal versions of SSL3_BUFFER, SSL3_RECORD and DTLS1_RECORD_DATA. SSL3_BUFFER, SSL3_RECORD and DTLS1_RECORD_DATA are currently still in public headers, even though their usage is internal. This moves to using _INTERNAL suffixed versions that are in internal headers, which then allows us to change them without any potential public API fallout. ok inoguchi@ tb@
Revision 1.267 / (download) - annotate - [select for diffs], Tue Mar 10 17:02:21 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.266: +1 -2 lines
Diff to previous 1.266 (colored)
Remove the enc function pointers. The enc function pointers do not serve any purpose these days - remove a layer of indirection and call dtls1_enc()/tls1_enc() directly. ok inoguchi@ tb@
Revision 1.266 / (download) - annotate - [select for diffs], Fri Feb 21 16:18:52 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.265: +1 -4 lines
Diff to previous 1.265 (colored)
Remove the s2n macro now that it is finally unused. ok inoguchi@ tb@
Revision 1.265 / (download) - annotate - [select for diffs], Fri Feb 21 16:07:00 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.264: +1 -15 lines
Diff to previous 1.264 (colored)
Move l2n/l2n8 into s3_cbc.c, since this is the only code that uses it. ok inoguchi@ tb@
Revision 1.264 / (download) - annotate - [select for diffs], Thu Feb 6 17:35:22 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.263: +1 -3 lines
Diff to previous 1.263 (colored)
Re-enable the TLSv1.3 client since the known issues have been addressed. ok tb@
Revision 1.263 / (download) - annotate - [select for diffs], Thu Feb 6 13:14:17 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.262: +2 -1 lines
Diff to previous 1.262 (colored)
Correctly handle key share extensions in a hello retry request. In a hello retry request the server will only send the selected group and not actually provide a key exchange. In this case we need to store the server selected group for further processing. ok tb@
Revision 1.262 / (download) - annotate - [select for diffs], Wed Feb 5 17:30:30 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.261: +4 -1 lines
Diff to previous 1.261 (colored)
Refactor the server hello processing code in the TLSv1.3 client. Use flags to signal the need to switch to the legacy client and to identify a hello retry request. This allows the caller to take appropriate action, rather than trying to do this in the parsing/processing code. Split the key deriviation and record protection engagement code into a separate function, both for readability and reuse. Change handshake states outside of the processing code. ok tb@
Revision 1.261 / (download) - annotate - [select for diffs], Wed Feb 5 16:47:34 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.260: +2 -1 lines
Diff to previous 1.260 (colored)
Provide tls1_transcript_unfreeze() to avoid the need for manual flags mangling. ok tb@
Revision 1.260 / (download) - annotate - [select for diffs], Sat Feb 1 11:38:35 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.259: +3 -1 lines
Diff to previous 1.259 (colored)
Disable TLSv1.3 client while some known issues are being addressed.
Revision 1.259 / (download) - annotate - [select for diffs], Thu Jan 30 17:09:23 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.258: +2 -6 lines
Diff to previous 1.258 (colored)
Provide struct/functions for handling TLSv1.3 key shares. Pull out the key share handling code and provide a clean/self contained interface. This will make it easier to support groups other than X25519. ok beck@ inoguchi@ tb@
Revision 1.258 / (download) - annotate - [select for diffs], Thu Jan 30 16:25:09 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.257: +9 -1 lines
Diff to previous 1.257 (colored)
Factor out/rewrite the ECDHE EC point key exchange code. This reduces replication between the existing TLS client/server and allows the code to soon be reused for TLSv1.3. With feedback from inoguchi@ and tb@ ok inoguchi@ tb@
Revision 1.257 / (download) - annotate - [select for diffs], Wed Jan 29 17:08:49 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.256: +1 -10 lines
Diff to previous 1.256 (colored)
Remove dead prototypes.
Revision 1.256 / (download) - annotate - [select for diffs], Thu Jan 23 10:48:37 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.255: +1 -3 lines
Diff to previous 1.255 (colored)
Remove the ssl_get_message function pointer from SSL_METHOD_INTERNAL. ssl_get_message is essentially a switch between ssl3_get_message and dtls1_get_message, both only used by the legacy stack. Instead, use SSL_IS_DTLS() in ssl3_get_message to call the DTLS function when necessary. ok beck@ inoguchi@ tb@
Revision 1.255 / (download) - annotate - [select for diffs], Thu Jan 23 10:40:59 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.254: +9 -1 lines
Diff to previous 1.254 (colored)
Correctly handle TLSv1.3 ciphers suites in ssl3_choose_cipher(). Currently, TLSv1.3 cipher suites are filtered out by the fact that they have authentication and key exchange algorithms that are not being set in ssl_set_cert_masks(). Fix this so that ssl3_choose_cipher() works for TLSv1.3, however we also now need to ensure that we filter out TLSv1.3 for non-TLSv1.3 and only select TLSv1.3 for TLSv1.3. ok beck@ tb@
Revision 1.254 / (download) - annotate - [select for diffs], Thu Jan 23 06:15:44 2020 UTC (4 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.253: +5 -1 lines
Diff to previous 1.253 (colored)
Save the legacy session id in the client, and enforce that it is returned the same from the server. ok jsing@ tb@
Revision 1.253 / (download) - annotate - [select for diffs], Thu Jan 23 03:17:40 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.252: +4 -3 lines
Diff to previous 1.252 (colored)
Switch back to a function pointer for ssl_pending. This will allow the TLSv1.3 stack to provide its own implementation. Nuke a completely bogus comment from SSL_pending() whilst here. ok beck@
Revision 1.252 / (download) - annotate - [select for diffs], Wed Jan 22 15:47:22 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.251: +2 -1 lines
Diff to previous 1.251 (colored)
Wire up the TLSv1.3 server. This currently only has enough code to handle fallback to the legacy TLS stack for TLSv1.2 or earlier, however allows for further development and testing. ok beck@
Revision 1.251 / (download) - annotate - [select for diffs], Wed Jan 22 13:06:20 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.250: +3 -1 lines
Diff to previous 1.250 (colored)
Fix things so that `make -DTLS1_3` works again.
Revision 1.250 / (download) - annotate - [select for diffs], Wed Jan 22 08:24:25 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.249: +3 -2 lines
Diff to previous 1.249 (colored)
Enable the TLSv1.3 client in libssl. This also makes it available to clients that use libtls, including ftp(1) and nc(1). Note that this does not expose additional defines via public headers, which means that any code conditioning on defines like TLS1_3_VERSION or SSL_OP_NO_TLSv1_3 will not enable or use TLSv1.3. This approach is necessary since too many pieces of software assume that if TLS1_3_VERSION is available, other OpenSSL 1.1 API will also be available, which is not necessarily the case. ok beck@ tb@
Revision 1.249 / (download) - annotate - [select for diffs], Wed Jan 22 07:49:33 2020 UTC (4 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.248: +6 -1 lines
Diff to previous 1.248 (colored)
Move guards from public to internal headers, and fix not use values. reverts previous attempt which would have broken ports ok jsing@
Revision 1.248 / (download) - annotate - [select for diffs], Sun Nov 17 19:07:07 2019 UTC (4 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.247: +2 -1 lines
Diff to previous 1.247 (colored)
Bring back the ssl_shutdown internal method pointer. For now ssl3_shutdown() is called in all cases, however TLSv1.3 will soon get its own version. ok beck@
Revision 1.247 / (download) - annotate - [select for diffs], Mon Apr 22 15:12:20 2019 UTC (5 years, 1 month ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.246: +3 -4 lines
Diff to previous 1.246 (colored)
Pass the session ID down to the session/ticket handling code as a CBS. Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions. ok tb@
Revision 1.246 / (download) - annotate - [select for diffs], Mon Apr 22 14:49:42 2019 UTC (5 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.245: +1 -2 lines
Diff to previous 1.245 (colored)
Inline and remove the tlsext_tick_md macro. There is not much point having a tlsext_tick_md macro that replaces EVP_sha256() in two places, when the cipher is just hardcoded. ok tb@
Revision 1.245 / (download) - annotate - [select for diffs], Thu Apr 4 16:44:24 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.244: +1 -2 lines
Diff to previous 1.244 (colored)
Clean up the cipher/digest table mess. The original implementation allows for libcrypto to be compiled without a given algorithm and libssl then detects that ciphers or digests are unavailable so that it can disable the associated cipher suites. This is unnecessary since we do not compile out algorithms. ok beck@, tb@ (a while back)
Revision 1.244 / (download) - annotate - [select for diffs], Mon Mar 25 17:33:26 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.243: +1 -3 lines
Diff to previous 1.243 (colored)
Strip out all of the pkey to sigalg and sigalg to pkey linkages. These are no longer used now that we defer signature algorithm selection. ok beck@
Revision 1.243 / (download) - annotate - [select for diffs], Mon Mar 25 17:27:31 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.242: +1 -2 lines
Diff to previous 1.242 (colored)
tls1_process_sigalgs() is no longer needed. ok beck@
Revision 1.242 / (download) - annotate - [select for diffs], Mon Mar 25 17:21:18 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.241: +5 -1 lines
Diff to previous 1.241 (colored)
Defer sigalgs selection until the certificate is known. Previously the signature algorithm was selected when the TLS extension was parsed (or the client received a certificate request), however the actual certificate to be used is not known at this stage. This leads to various problems, including the selection of a signature algorithm that cannot be used with the certificate key size (as found by jeremy@ via ruby regress). Instead, store the signature algorithms list and only select a signature algorithm when we're ready to do signature generation. Joint work with beck@.
Revision 1.241 / (download) - annotate - [select for diffs], Mon Mar 25 16:37:52 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.240: +1 -2 lines
Diff to previous 1.240 (colored)
Remove ssl_get_server_send_cert() which is now unused. ok beck@ tb@
Revision 1.240 / (download) - annotate - [select for diffs], Mon Mar 25 16:35:48 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.239: +2 -2 lines
Diff to previous 1.239 (colored)
Rework ssl3_output_cert_chain() to take a CERT_PKEY and consider chains. We will now include the certificates in the chain in the certificate list, or use the existing extra_certs if present. Failing that we fall back to the automatic chain building if not disabled. This also simplifies the code significantly. ok beck@ tb@
Revision 1.239 / (download) - annotate - [select for diffs], Mon Mar 25 16:24:57 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.238: +8 -1 lines
Diff to previous 1.238 (colored)
Add a chain member to CERT_PKEY and provide functions for manipulating it. Note that this is not the full chain, as the leaf certificate currently remains in the x509 member of CERT_PKEY. Unfortunately we've got to contend with the fact that some OpenSSL *_chain_* APIs exclude the leaf certificate while others include it... ok beck@ tb@
Revision 1.238 / (download) - annotate - [select for diffs], Mon Feb 25 19:40:05 2019 UTC (5 years, 3 months ago) by tb
Branch: MAIN
Changes since 1.237: +24 -1 lines
Diff to previous 1.237 (colored)
revert "Move struct ssl_handshake_tls13_st definition", i.e., move SSL_HANDSHAKE_TLS13 back to ssl_locl.h. discussed with jsing and inoguchi
Revision 1.237 / (download) - annotate - [select for diffs], Mon Feb 25 14:36:25 2019 UTC (5 years, 3 months ago) by inoguchi
Branch: MAIN
Changes since 1.236: +1 -24 lines
Diff to previous 1.236 (colored)
Move struct ssl_handshake_tls13_st definition This solves build error on luna88k with gcc3. ok aoyama@ jca@ jsing@ tb@
Revision 1.236 / (download) - annotate - [select for diffs], Thu Feb 14 17:50:07 2019 UTC (5 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.235: +3 -1 lines
Diff to previous 1.235 (colored)
Provide a TLS 1.3 capable client method. ok tb@
Revision 1.235 / (download) - annotate - [select for diffs], Sun Feb 10 13:04:29 2019 UTC (5 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.234: +5 -1 lines
Diff to previous 1.234 (colored)
Preserve the transcript hash at specific stages of the TLSv1.3 handshake. There are various points where we need the hash of all messages prior to the current message. Support this by having the handshake code preserve the transcript hash prior to recording the current message, which avoids the need to sprinkle this throughout multiple handlers. ok inoguchi@ tb@
Revision 1.234 / (download) - annotate - [select for diffs], Sat Feb 9 15:26:15 2019 UTC (5 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.233: +5 -5 lines
Diff to previous 1.233 (colored)
Rename tls1_handshake_hash*() to tls1_transcript_hash*(). While handshake hash is correct (in as far as it is a hash of handshake messages), using tls1_transcript_hash*() aligns them with the naming of the tls1_transcript*() functions. Additionally, the TLSv1.3 specification uses Transcript-Hash and "transcript hash", which this matches. ok inoguchi@ tb@
Revision 1.233 / (download) - annotate - [select for diffs], Thu Jan 24 02:56:41 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.232: +4 -1 lines
Diff to previous 1.232 (colored)
Add server side of versions, keyshare, and client and server of cookie extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@
Revision 1.232 / (download) - annotate - [select for diffs], Thu Jan 24 01:50:41 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.231: +4 -1 lines
Diff to previous 1.231 (colored)
move the extensions_seen into the handshake struct ok jsing@
Revision 1.231 / (download) - annotate - [select for diffs], Wed Jan 23 18:39:28 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.230: +2 -2 lines
Diff to previous 1.230 (colored)
Modify sigalgs extension processing to accomodate TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2. - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 from a 1.3 handshake. ok jsing@ tb@
Revision 1.230 / (download) - annotate - [select for diffs], Wed Jan 23 18:24:40 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.229: +1 -7 lines
Diff to previous 1.229 (colored)
revert previous, accidentally contained another diff in addition to the one I intended to commit
Revision 1.229 / (download) - annotate - [select for diffs], Wed Jan 23 16:46:04 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.228: +8 -2 lines
Diff to previous 1.228 (colored)
Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
Revision 1.228 / (download) - annotate - [select for diffs], Mon Jan 21 10:28:52 2019 UTC (5 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.227: +3 -1 lines
Diff to previous 1.227 (colored)
Add ssl_cipher_is_permitted(), an internal helper function that will be used in a few places shortly, e.g. in ssl_cipher_list_to_bytes(). ok jsing
Revision 1.227 / (download) - annotate - [select for diffs], Mon Jan 21 06:58:44 2019 UTC (5 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.226: +3 -1 lines
Diff to previous 1.226 (colored)
Move struct tls13_ctx into a header since other things need access to it. While here, rename struct handshake to struct handshake_stage to avoid potential ambiguity/conflict with the handshake data struct. Also add forward and back pointers between SSL and struct tls13_ctx. ok tb@
Revision 1.226 / (download) - annotate - [select for diffs], Fri Jan 18 12:09:52 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.225: +19 -1 lines
Diff to previous 1.225 (colored)
Add client side of supported versions and keyshare extensions with basic regress ok jsing@
Revision 1.225 / (download) - annotate - [select for diffs], Wed Nov 21 15:13:29 2018 UTC (5 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.224: +2 -1 lines
Diff to previous 1.224 (colored)
Fix DTLS transcript handling for HelloVerifyRequest. If DTLS sees a HelloVerifyRequest the transcript is reset - the previous tls1_init_finished_mac() function could be called multiple times and would discard any existing state. The replacement tls1_transcript_init() is more strict and fails if a transcript already exists. Provide an explicit tls1_transcript_reset() function and call it from the appropriate places. This also lets us make DTLS less of a special snowflake and call tls1_transcript_init() in the same place as used for TLS. ok beck@ tb@
Revision 1.224 / (download) - annotate - [select for diffs], Sat Nov 10 01:19:09 2018 UTC (5 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.223: +6 -4 lines
Diff to previous 1.223 (colored)
Stop keeping track of sigalgs by guessing it from digest and pkey, just keep the sigalg around so we can remember what we actually decided to use. ok jsing@
Revision 1.223 / (download) - annotate - [select for diffs], Fri Nov 9 00:34:55 2018 UTC (5 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.222: +1 -7 lines
Diff to previous 1.222 (colored)
Reimplement the sigalgs processing code into a new implementation that will be usable with TLS 1.3 with less eye bleed. ok jsing@ tb@
Revision 1.222 / (download) - annotate - [select for diffs], Thu Nov 8 22:28:52 2018 UTC (5 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.221: +10 -7 lines
Diff to previous 1.221 (colored)
Clean up and simplify the handshake transcript code.
This provides a cleaner, simpler and more readable API, with code that uses
a BUF_MEM instead of a BIO.
ok beck@ ("hurry up") and tb@.
Revision 1.221 / (download) - annotate - [select for diffs], Thu Nov 8 20:55:18 2018 UTC (5 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.220: +1 -2 lines
Diff to previous 1.220 (colored)
Stop pretending that a cert member in a SSL and SSL_CTX can be NULL. ok beck@ tb@
Revision 1.220 / (download) - annotate - [select for diffs], Wed Nov 7 01:53:36 2018 UTC (5 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.219: +4 -1 lines
Diff to previous 1.219 (colored)
Add TLSv1.3 cipher suites (with appropriate guards). ok beck@ tb@
Revision 1.219 / (download) - annotate - [select for diffs], Mon Nov 5 20:41:30 2018 UTC (5 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.218: +8 -8 lines
Diff to previous 1.218 (colored)
Rename the TLS Supported Elliptic Curves extension to Supported Groups. RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves. ok beck@ tb@
Revision 1.218 / (download) - annotate - [select for diffs], Mon Nov 5 06:55:37 2018 UTC (5 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.217: +1 -2 lines
Diff to previous 1.217 (colored)
Clean up the code that checks if we can choose an EC cipher suite. The tls1_check_ec_tmp_key() function is now rather misnamed, so just inline the code. Also, rather than running tls1_get_shared_curve() once per EC cipher suite, we can run it once at the start of the ssl3_choose_cipher() function. ok bluhm@ tb@
Revision 1.217 / (download) - annotate - [select for diffs], Mon Nov 5 03:49:44 2018 UTC (5 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.216: +1 -3 lines
Diff to previous 1.216 (colored)
Mop up ecdh_tmp, since it is no longer used. ok bluhm@ tb@
Revision 1.216 / (download) - annotate - [select for diffs], Wed Oct 24 18:04:50 2018 UTC (5 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.215: +11 -1 lines
Diff to previous 1.215 (colored)
Make more of libssl's record layer state internal. In January 2017, we changed large amounts of libssl's data structures to be non-visible/internal, however intentionally left things that the software ecosystem was needing to use. The four or so applications that reached into libssl for record layer related state now implement alternative code. As such, make these data structures internal. ok tb@
Revision 1.215 / (download) - annotate - [select for diffs], Sat Sep 8 14:29:52 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.214: +1 -5 lines
Diff to previous 1.214 (colored)
SSL_MAX_DIGEST is no longer needed.
Revision 1.214 / (download) - annotate - [select for diffs], Thu Sep 6 16:40:45 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.213: +6 -10 lines
Diff to previous 1.213 (colored)
Drop SSL_CIPHER_ALGORITHM2_AEAD flag. All of our algorithm_mac == SSL_AEAD cipher suites use EVP_AEAD, so we can condition on that rather than having a separate redundant flag. ok tb@
Revision 1.213 / (download) - annotate - [select for diffs], Wed Sep 5 16:48:11 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.212: +4 -3 lines
Diff to previous 1.212 (colored)
Correctly clear the current cipher state, when changing cipher state.
When a renegotiation results in a change of cipher suite, the renegotation
would fail if it switched from AEAD to non-AEAD or vice versa. This is due
to the fact that the previous EVP_AEAD or EVP_CIPHER state remained,
resulting in incorrect logic that caused MAC failures.
Rename ssl_clear_cipher_ctx() to ssl_clear_cipher_state() and split it
into separate read/write components, then call these functions from the
appropriate places when a ChangeCipherSpec message is being processed.
Also, remove the separate ssl_clear_hash_ctx() calls and fold these into
the ssl_clear_cipher_{read,write}_state() functions.
Issue reported by Bernard Spil, who also tested this diff.
ok tb@
Revision 1.212 / (download) - annotate - [select for diffs], Thu Aug 30 16:56:16 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.211: +1 -4 lines
Diff to previous 1.211 (colored)
Nuke ssl_pending/ssl_shutdown function pointers. ssl3_pending() is used for all protocols and dtls1_shutdown() just calls ssl3_shutdown(), so just call the appropriate function directly instead. ok beck@ inoguchi@ tb@
Revision 1.211 / (download) - annotate - [select for diffs], Mon Aug 27 17:11:32 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.210: +1 -7 lines
Diff to previous 1.210 (colored)
n2s and l2n3 finally bite the dust!
Revision 1.210 / (download) - annotate - [select for diffs], Mon Aug 27 16:42:48 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.209: +3 -1 lines
Diff to previous 1.209 (colored)
Simplify new session ticket encoding/generation. The original code did a crazy encode/malloc/encode/decode/modify/encode dance, in order to encode a session in the form needed to encrypt then add to a session ticket. By modifying the encoding functions slightly, we can do this entire dance as a single encode. Inspired by similar changes in BoringSSL. ok inoguchi@ tb@
Revision 1.209 / (download) - annotate - [select for diffs], Fri Aug 24 18:10:25 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.208: +7 -6 lines
Diff to previous 1.208 (colored)
Simplify session ticket parsing/handling. The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing. While here standarise on naming for session_id and session_id_len. ok inoguchi@ tb@
Revision 1.208 / (download) - annotate - [select for diffs], Fri Aug 24 17:30:32 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.207: +3 -5 lines
Diff to previous 1.207 (colored)
Clean up handshake message start/finish functions. Now that all handshake messages are created using CBB, remove the non-CBB ssl3_handshake_msg_start()/ssl3_handshake_msg_finish() functions. Rename the CBB variants by dropping the _cbb suffix. ok bcook@ inoguchi@ tb@
Revision 1.207 / (download) - annotate - [select for diffs], Sun Aug 19 15:38:03 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.206: +3 -5 lines
Diff to previous 1.206 (colored)
Rename and collapse tls12_get_sigandhash_cbb(). Now that all callers of tls12_get_sigandhash() have been converted to CBB, collapse tls12_get_sigandhash() and tls12_get_sigandhash_cbb() into a single function. Rename it to tls12_gethashandsig() to be representative of the actual order of the sigalgs parameters, and perform some other clean up. ok inoguchi@ tb@
Revision 1.206 / (download) - annotate - [select for diffs], Thu Aug 16 17:49:48 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.205: +3 -1 lines
Diff to previous 1.205 (colored)
Convert ssl3_send_server_key_exchange() to CBB. ok inoguchi@ tb@
Revision 1.205 / (download) - annotate - [select for diffs], Wed Apr 25 07:10:39 2018 UTC (6 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.204: +3 -3 lines
Diff to previous 1.204 (colored)
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step. this went through a i386 bulk by sthen ok jsing
Revision 1.204 / (download) - annotate - [select for diffs], Sat Apr 7 17:02:34 2018 UTC (6 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.203: +1 -4 lines
Diff to previous 1.203 (colored)
Remove function pointers for ssl_{read,write,peek}.
Now that everything goes through the same code path, we can remove a layer
of indirection and just call ssl3_{read,write,peek} directly.
ok beck@ inoguchi@
Revision 1.203 / (download) - annotate - [select for diffs], Sat Apr 7 16:55:13 2018 UTC (6 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.202: +1 -3 lines
Diff to previous 1.202 (colored)
Nuke SSL3_FLAGS_DELAY_CLIENT_FINISHED and SSL3_FLAGS_POP_BUFFER. These flags enabled experimental behaviour in the write path, which nothing uses. Removing this code greatly simplifies ssl3_write(). ok beck@ inoguchi@ sthen@ tb@
Revision 1.202 / (download) - annotate - [select for diffs], Sat Jan 27 15:30:05 2018 UTC (6 years, 4 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.201: +4 -3 lines
Diff to previous 1.201 (colored)
Complete the TLS extension handling rewrite for the server-side. This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist. The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions). ok inoguchi@
Revision 1.201 / (download) - annotate - [select for diffs], Thu Oct 12 16:06:32 2017 UTC (6 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.200: +2 -2 lines
Diff to previous 1.200 (colored)
Rename ssl3_client_hello() to ssl3_send_client_hello() for consistency.
Revision 1.200 / (download) - annotate - [select for diffs], Thu Oct 12 15:52:50 2017 UTC (6 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.199: +2 -2 lines
Diff to previous 1.199 (colored)
Fold dtls1_accept() into ssl_accept(), removing a lot of duplicated code. With review/feedback from inoguchi@
Revision 1.199 / (download) - annotate - [select for diffs], Thu Oct 12 15:44:18 2017 UTC (6 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.198: +1 -11 lines
Diff to previous 1.198 (colored)
Drop prototypes for ssl23_*() functions, which no longer exist.
Revision 1.198 / (download) - annotate - [select for diffs], Wed Oct 11 17:35:00 2017 UTC (6 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.197: +2 -6 lines
Diff to previous 1.197 (colored)
Convert ssl3_client_hello() to CBB. As part of this, change ssl_cipher_list_to_bytes() to take a CBB argument, rather than a pointer/length. Some additional clean up/renames while here. Based on a diff from doug@
Revision 1.197 / (download) - annotate - [select for diffs], Wed Oct 11 16:51:39 2017 UTC (6 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.196: +1 -4 lines
Diff to previous 1.196 (colored)
Fully convert ssl3_send_server_hello() to CBB. Based on a diff from doug@
Revision 1.196 / (download) - annotate - [select for diffs], Tue Oct 10 16:51:38 2017 UTC (6 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.195: +2 -3 lines
Diff to previous 1.195 (colored)
Make ssl_bytes_to_cipher_list() take a CBS, rather than a pointer and length, since the caller has already been converted to CBS. A small amount of additional clean up whilst here.
Revision 1.195 / (download) - annotate - [select for diffs], Tue Oct 10 15:13:26 2017 UTC (6 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.194: +2 -2 lines
Diff to previous 1.194 (colored)
Merge dtls1_connect() into ssl3_connect(), removing a large amount of duplicated code. For now this is essentially adds a diff of the two functions with 'if (SSL_IS_DTLS(s))' - further clean up and improvement will follow. ok inoguchi@
Revision 1.194 / (download) - annotate - [select for diffs], Sun Oct 8 16:24:02 2017 UTC (6 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.193: +5 -3 lines
Diff to previous 1.193 (colored)
Convert ssl3_send_change_cipher_spec() to use CBB and make it handle DTLS, which allows us to drop dtls1_send_change_cipher_spec() entirely. ok inoguchi@
Revision 1.193 / (download) - annotate - [select for diffs], Mon Aug 28 16:37:04 2017 UTC (6 years, 9 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.192: +1 -2 lines
Diff to previous 1.192 (colored)
Remove the original (pre-IETF) chacha20-poly1305 cipher suites. Support for the IETF standardised chacha20-poly1305 cipher suites was added 16 months ago, which means they exist in both of the currently supported OpenBSD releases. Also prompted by Andreas Bartelt <obsd at bartula dot de>. ok beck@ doug@
Revision 1.192 / (download) - annotate - [select for diffs], Sun Aug 27 02:58:04 2017 UTC (6 years, 9 months ago) by doug
Branch: MAIN
Changes since 1.191: +10 -1 lines
Diff to previous 1.191 (colored)
Rewrite SRTP extension using CBB/CBS and the new extension framework. input + ok beck@, jsing@
Revision 1.191 / (download) - annotate - [select for diffs], Sat Aug 26 20:23:46 2017 UTC (6 years, 9 months ago) by doug
Branch: MAIN
Changes since 1.190: +2 -2 lines
Diff to previous 1.190 (colored)
Rewrite ALPN extension using CBB/CBS and the new extension framework. ok bcook@ beck@ input + ok jsing@
Revision 1.190 / (download) - annotate - [select for diffs], Sat Aug 12 21:47:59 2017 UTC (6 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.189: +4 -3 lines
Diff to previous 1.189 (colored)
Convert TLS signature algorithms extension handling to the new framework. ok beck@ doug@
Revision 1.189 / (download) - annotate - [select for diffs], Sat Aug 12 21:03:08 2017 UTC (6 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.188: +4 -39 lines
Diff to previous 1.188 (colored)
Remove NPN support. NPN was never standardised and the last draft expired in October 2012. ALPN was standardised in July 2014 and has been supported in LibreSSL since December 2014. NPN has also been removed from Chromium in May 2016. TLS clients and servers that try to use/enable NPN will fail gracefully and fallback to the default protocol, since it will essentially appear that the otherside does not support NPN. At some point in the future we will actually remove the NPN related symbols entirely. ok bcook@ beck@ doug@
Revision 1.188 / (download) - annotate - [select for diffs], Sat Aug 12 02:55:22 2017 UTC (6 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.187: +5 -8 lines
Diff to previous 1.187 (colored)
Remove support for DSS/DSA, since we removed the cipher suites a while back. ok guenther@
Revision 1.187 / (download) - annotate - [select for diffs], Fri Aug 11 20:14:13 2017 UTC (6 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.186: +3 -1 lines
Diff to previous 1.186 (colored)
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework. input + ok jsing@
Revision 1.186 / (download) - annotate - [select for diffs], Fri Aug 11 17:54:41 2017 UTC (6 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.185: +2 -2 lines
Diff to previous 1.185 (colored)
Convert ssl3_send_certificate_request() to CBB. ok beck@ doug@
Revision 1.185 / (download) - annotate - [select for diffs], Fri Aug 11 05:06:34 2017 UTC (6 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.184: +4 -1 lines
Diff to previous 1.184 (colored)
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework. input + ok jsing@
Revision 1.184 / (download) - annotate - [select for diffs], Thu Aug 10 17:18:38 2017 UTC (6 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.183: +1 -3 lines
Diff to previous 1.183 (colored)
Clean up the EC key/curve configuration handling.
Over the years OpenSSL grew multiple ways of being able to specify EC keys
(and/or curves) for use with ECDH and ECDHE key exchange. You could specify
a static EC key (SSL{_CTX,}_set_tmp_ecdh()), use that as a curve and
generate ephemeral keys (SSL_OP_SINGLE_ECDH_USE), provide the EC key via
a callback that was provided with insufficient information
(SSL{_CTX,}_set_tmp_ecdh_cb()) or enable automatic selection and generation
of EC keys via SSL{_CTX,}_set_ecdh_auto(). This complexity leads to
problems (like ECDHE not being enabled) and potential weird configuration
(like being able to do ECDHE without the ephemeral part...).
We no longer support ECDH and ECDHE can be disabled by removing ECDHE
ciphers from the cipher list. As such, permanently enable automatic EC
curve selection and generation, effectively disabling all of the
configuration knobs. The only exception is the
SSL{_CTX,}_set_tmp_ecdh() functions, which retain part of their previous
behaviour by configuring the curve of the given EC key as the only curve
being enabled. Everything else becomes a no-op.
ok beck@ doug@
Revision 1.183 / (download) - annotate - [select for diffs], Wed Aug 9 22:24:25 2017 UTC (6 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.182: +3 -1 lines
Diff to previous 1.182 (colored)
Pull out the code that identifies if we have an ECC cipher in the cipher list or if we are negotiating an ECC cipher in the handshake. This dedups some of the existing code and will make the EC extension rewrites easier. ok doug@
Revision 1.182 / (download) - annotate - [select for diffs], Mon Jul 24 17:10:31 2017 UTC (6 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.181: +4 -9 lines
Diff to previous 1.181 (colored)
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework. Feedback from doug@ ok inoguchi@
Revision 1.181 / (download) - annotate - [select for diffs], Sun May 7 04:22:24 2017 UTC (7 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.180: +6 -4 lines
Diff to previous 1.180 (colored)
Move state from ssl->internal to the handshake structure. while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
Revision 1.180 / (download) - annotate - [select for diffs], Sat May 6 22:24:58 2017 UTC (7 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.179: +15 -9 lines
Diff to previous 1.179 (colored)
Bring in an SSL_HANDSHAKE structure and commence the great shovelling ok jsing@, gcc@, regress@
Revision 1.179 / (download) - annotate - [select for diffs], Sat May 6 20:37:25 2017 UTC (7 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.178: +5 -1 lines
Diff to previous 1.178 (colored)
Provide SSL{,_CTX}_set_{min,max}_proto_version() functions.
Rides minor bump.
ok beck@
Revision 1.178 / (download) - annotate - [select for diffs], Fri Mar 10 16:03:27 2017 UTC (7 years, 3 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.177: +1 -7 lines
Diff to previous 1.177 (colored)
Remove the handshake digests and related code, replacing remaining uses with the handshake hash. For now tls1_digest_cached_records() is retained to release the handshake buffer. ok beck@ inoguchi@
Revision 1.177 / (download) - annotate - [select for diffs], Sun Mar 5 14:39:53 2017 UTC (7 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.176: +19 -7 lines
Diff to previous 1.176 (colored)
Provide a rolling handshake hash that commences as soon as the cipher suite has been selected, and convert the final finish MAC to use this handshake hash. This is a first step towards cleaning up the current handshake buffer/digest code. ok beck@ inoguchi@
Revision 1.176 / (download) - annotate - [select for diffs], Sat Mar 4 16:32:00 2017 UTC (7 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.175: +3 -4 lines
Diff to previous 1.175 (colored)
Drop the second argument of dtls1_set_message_header() and make it a void function. Nothing makes use of the return value and the second argument was only used to produce the return value...
Revision 1.175 / (download) - annotate - [select for diffs], Tue Feb 28 14:08:49 2017 UTC (7 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.174: +1 -4 lines
Diff to previous 1.174 (colored)
Stop pretending that MD5 and SHA1 might not exist - rather than locating "ssl3-md5" and "ssl-sha1", call the EVP_md5() and EVP_sha1() functions directly. ok beck@ inoguchi@
Revision 1.174 / (download) - annotate - [select for diffs], Tue Feb 21 15:28:27 2017 UTC (7 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.173: +2 -4 lines
Diff to previous 1.173 (colored)
Remove STREEBOG 512 as a TLS MAC since there are currently no cipher suites that make use of it. ok bcook@ inoguchi@
Revision 1.173 / (download) - annotate - [select for diffs], Tue Feb 7 02:08:38 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.172: +5 -2 lines
Diff to previous 1.172 (colored)
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
Revision 1.172 / (download) - annotate - [select for diffs], Thu Jan 26 10:40:21 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.171: +3 -1 lines
Diff to previous 1.171 (colored)
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
Revision 1.171 / (download) - annotate - [select for diffs], Thu Jan 26 07:20:57 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.170: +5 -1 lines
Diff to previous 1.170 (colored)
Limit the number of sequential empty records that we will process before yielding, and fail if we exceed a maximum. loosely based on what boring and openssl are doing ok jsing@
Revision 1.170 / (download) - annotate - [select for diffs], Thu Jan 26 06:32:58 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.169: +1 -21 lines
Diff to previous 1.169 (colored)
Remove most of SSL3_ENC_METHOD - we can just inline the function calls and defines since they are the same everywhere. ok beck@
Revision 1.169 / (download) - annotate - [select for diffs], Thu Jan 26 05:31:25 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.168: +8 -1 lines
Diff to previous 1.168 (colored)
Merge the client/server version negotiation into the existing (currently fixed version) client/server code. ok beck@
Revision 1.168 / (download) - annotate - [select for diffs], Thu Jan 26 00:42:44 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.167: +1 -2 lines
Diff to previous 1.167 (colored)
Remove ssl3_undef_enc_method - if we have internal bugs we want to segfault so that we can debug it, rather than adding a "should not be called" error to the stack. Discussed with beck@
Revision 1.167 / (download) - annotate - [select for diffs], Wed Jan 25 10:54:23 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.166: +2 -1 lines
Diff to previous 1.166 (colored)
Limit enabled version range by the versions configured on the SSL_CTX/SSL, provide an ssl_supported_versions_range() function which also limits the versions to those supported by the current method. ok beck@
Revision 1.166 / (download) - annotate - [select for diffs], Wed Jan 25 06:38:01 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.165: +2 -5 lines
Diff to previous 1.165 (colored)
Change the SSL_IS_DTLS() macro to check the version, rather than using a flag in the encryption methods. We can do this since there is currently only one DTLS version. This makes upcoming changes easier. ok beck@
Revision 1.165 / (download) - annotate - [select for diffs], Wed Jan 25 06:13:02 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.164: +3 -2 lines
Diff to previous 1.164 (colored)
Provide ssl3_packet_read() and ssl3_packet_extend() functions that improve the awkward API provided by ssl3_read_n(). Call these when we need to read or extend a packet. ok beck@
Revision 1.164 / (download) - annotate - [select for diffs], Tue Jan 24 09:03:21 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.163: +16 -5 lines
Diff to previous 1.163 (colored)
Add support for setting the supported EC curves via
SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and
P-384. If you want others (such a brainpool) you need to configure this
yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
Revision 1.163 / (download) - annotate - [select for diffs], Mon Jan 23 22:34:38 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.162: +1 -7 lines
Diff to previous 1.162 (colored)
move default_passwd_cb and default_passwd_cb_userdata back into the ssl_ctx from internal - these are used directly by python and openvpn and a few other things - we have the set accessors but the get accessors were added in 1.1 and these roll their own caveat OPENSSL_VERSION chickenpluckery
Revision 1.162 / (download) - annotate - [select for diffs], Mon Jan 23 14:35:42 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.161: +7 -1 lines
Diff to previous 1.161 (colored)
Move options and mode from SSL_CTX and SSL to internal, since these can be set and cleared via existing functions.
Revision 1.161 / (download) - annotate - [select for diffs], Mon Jan 23 13:36:13 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.160: +41 -5 lines
Diff to previous 1.160 (colored)
Split most of SSL_METHOD out into an internal variant, which is opaque. Discussed with beck@
Revision 1.160 / (download) - annotate - [select for diffs], Mon Jan 23 08:48:44 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.159: +5 -1 lines
Diff to previous 1.159 (colored)
send state and rstate from ssl_st into internal. There are accessors so these should not be diddled with directly ok jsing@
Revision 1.159 / (download) - annotate - [select for diffs], Mon Jan 23 08:08:06 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.158: +1 -4 lines
Diff to previous 1.158 (colored)
move back read_hash and enc_read_ctx into ssl_st. wpa_supplicant and other perversions touches them sickly and unnaturally.
Revision 1.158 / (download) - annotate - [select for diffs], Mon Jan 23 06:45:30 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.157: +107 -1 lines
Diff to previous 1.157 (colored)
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
Revision 1.157 / (download) - annotate - [select for diffs], Mon Jan 23 05:27:22 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.156: +7 -1 lines
Diff to previous 1.156 (colored)
Move ex_data, next and prev from SSL_SESSION to internal. ok beck@
Revision 1.156 / (download) - annotate - [select for diffs], Mon Jan 23 05:13:02 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.155: +57 -1 lines
Diff to previous 1.155 (colored)
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use. ok beck@
Revision 1.155 / (download) - annotate - [select for diffs], Mon Jan 23 04:55:27 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.154: +32 -1 lines
Diff to previous 1.154 (colored)
move the callbacks from ssl_st to internal ok jsing@
Revision 1.154 / (download) - annotate - [select for diffs], Mon Jan 23 04:15:28 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.153: +60 -1 lines
Diff to previous 1.153 (colored)
Move callback function pointers and argument pointers from SSL_CTX to internal. ok beck@
Revision 1.153 / (download) - annotate - [select for diffs], Mon Jan 23 01:22:08 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.152: +9 -1 lines
Diff to previous 1.152 (colored)
Move not_resumable and sess_cert from SSL_SESSION to internal. ok beck@
Revision 1.152 / (download) - annotate - [select for diffs], Mon Jan 23 00:12:55 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.151: +20 -2 lines
Diff to previous 1.151 (colored)
Move the stats struct from SSL_CTX to internal. ok beck@
Revision 1.151 / (download) - annotate - [select for diffs], Sun Jan 22 09:02:07 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.150: +118 -2 lines
Diff to previous 1.150 (colored)
Move most of the SSL3_STATE fields to internal - the ones that remain are known to be used by ports. ok beck@
Revision 1.150 / (download) - annotate - [select for diffs], Sun Jan 22 07:16:39 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.149: +62 -1 lines
Diff to previous 1.149 (colored)
Move most of DTLS1_STATE to internal. ok jsing@
Revision 1.149 / (download) - annotate - [select for diffs], Sun Jan 22 06:36:49 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.148: +55 -1 lines
Diff to previous 1.148 (colored)
Move ALPN and NPN fields from SSL/SSL_CTX to internal. ok beck@
Revision 1.148 / (download) - annotate - [select for diffs], Sun Jan 22 05:14:42 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.147: +6 -2 lines
Diff to previous 1.147 (colored)
Move internal parts of ssl_session_st to internal ok jsing@
Revision 1.147 / (download) - annotate - [select for diffs], Sun Jan 22 04:07:44 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.146: +5 -3 lines
Diff to previous 1.146 (colored)
Move recently added min_version/max_version from SSL and SSL_CTX to their opaque structs.
Revision 1.146 / (download) - annotate - [select for diffs], Sun Jan 22 03:50:45 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.145: +21 -1 lines
Diff to previous 1.145 (colored)
Convert publically visible structs to translucent structs. This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary. This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified. ok beck@
Revision 1.145 / (download) - annotate - [select for diffs], Sat Jan 21 04:18:18 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.144: +2 -2 lines
Diff to previous 1.144 (colored)
Expand DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN macro. No change in preprocessor output (ignoring whitespace and line numbers).
Revision 1.144 / (download) - annotate - [select for diffs], Tue Jan 3 16:57:15 2017 UTC (7 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.143: +2 -1 lines
Diff to previous 1.143 (colored)
Pull out, rework and dedup the code that determines the highest shared version. ok beck@ doug@
Revision 1.143 / (download) - annotate - [select for diffs], Fri Dec 30 16:57:01 2016 UTC (7 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.142: +2 -1 lines
Diff to previous 1.142 (colored)
Pull out (and largely rewrite) the code that determines the enabled protocol version range. This also fixes a bug whereby if all protocols were disabled, the client would still use TLSv1.2 in the client hello, only to have if fail with unsupported version when it received and processed the server hello. ok doug@
Revision 1.142 / (download) - annotate - [select for diffs], Fri Dec 30 15:12:45 2016 UTC (7 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.141: +1 -51 lines
Diff to previous 1.141 (colored)
Remove now unused c2l, c2ln, l2c, n2l, l2cn and n2l3 macros.
Revision 1.141 / (download) - annotate - [select for diffs], Wed Dec 21 16:44:31 2016 UTC (7 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.140: +2 -1 lines
Diff to previous 1.140 (colored)
Add support for ECDHE with X25519. Testing of an earlier revision by naddy@. ok beck@
Revision 1.140 / (download) - annotate - [select for diffs], Sun Dec 18 13:52:53 2016 UTC (7 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.139: +2 -2 lines
Diff to previous 1.139 (colored)
Convert ssl3_get_server_hello() to CBS. ok doug@
Revision 1.139 / (download) - annotate - [select for diffs], Tue Dec 6 13:38:11 2016 UTC (7 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.138: +1 -5 lines
Diff to previous 1.138 (colored)
Now that ssl3_send_{client,server}_certificate() are using the common
handshake functions, we can remove more copied code from DTLS.
Revision 1.138 / (download) - annotate - [select for diffs], Tue Dec 6 13:17:52 2016 UTC (7 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.137: +7 -2 lines
Diff to previous 1.137 (colored)
Convert certificate handshake message generation to CBB, with some clean
up and restructure.
This also adds CBB based variants of the ssl3_handshake_msg_{start,finish}
functions - for the time being these use a CBB to build the messages, then
copy back into the init_buf.
ok doug@
Revision 1.137 / (download) - annotate - [select for diffs], Sun Dec 4 14:32:30 2016 UTC (7 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.136: +2 -2 lines
Diff to previous 1.136 (colored)
Convert ssl_cipher_list_to_bytes() to CBB, changing the function to return the number of bytes written via an explicit *outlen argument and retaining the return value to indicate success or failure. ok doug@
Revision 1.136 / (download) - annotate - [select for diffs], Sun Nov 6 17:21:04 2016 UTC (7 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.135: +2 -2 lines
Diff to previous 1.135 (colored)
Remove unused SSLv3 from ssl3_cbc_record_digest_supported(). From Markus Uhlin <markus.uhlin at bredband dot net> ok beck@ bcooK@
Revision 1.135 / (download) - annotate - [select for diffs], Sat Nov 5 08:26:36 2016 UTC (7 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.134: +4 -4 lines
Diff to previous 1.134 (colored)
Convert ssl3_get_server_kex_ecdhe() to CBS, simplifying tls1_check_curve() in the process. This also fixes a long standing bug where tls1_ec_curve_id2nid() is called with only one byte of the curve ID. ok beck@ miod@
Revision 1.134 / (download) - annotate - [select for diffs], Fri Nov 4 19:11:43 2016 UTC (7 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.133: +2 -2 lines
Diff to previous 1.133 (colored)
Rename ssl3_get_key_exchange() to ssl3_get_server_key_exchange(), since that's what it really is. ok miod@
Revision 1.133 / (download) - annotate - [select for diffs], Fri Nov 4 18:28:58 2016 UTC (7 years, 7 months ago) by guenther
Branch: MAIN
Changes since 1.132: +5 -1 lines
Diff to previous 1.132 (colored)
Add an explict list of exported symbols with just the functions
declared in the public headers, and use __{BEGIN,END}_HIDDEN_DECLS
in the internal headers to optimize internal functions
ok jsing@
Revision 1.132 / (download) - annotate - [select for diffs], Fri Nov 4 18:00:12 2016 UTC (7 years, 7 months ago) by guenther
Branch: MAIN
Changes since 1.131: +1 -7 lines
Diff to previous 1.131 (colored)
Make do_dtls1_write() static to d1_pkt.c and delete declarations for three functions that were removed a while ago ok jsing@
Revision 1.131 / (download) - annotate - [select for diffs], Thu Nov 3 08:15:22 2016 UTC (7 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.130: +2 -2 lines
Diff to previous 1.130 (colored)
Clean up the TLS handshake digest handling - this refactors some of the code for improved readability, however it also address two issues. The first of these is a hard-to-hit double free that will occur if EVP_DigestInit_ex() fails. To avoid this and to be more robust, ensure that tls1_digest_cached_records() either completes successfully and sets up all of the necessary digests, or it cleans up and frees everything that was allocated. The second issue is that EVP_DigestUpdate() can fail - detect and handle this in tls1_finish_mac() and change the return type to an int so that a failure can be propagated to the caller (the callers still need to be fixed to handle this, in a later diff). The double-free was reported by Matthew Dillon. ok beck@ doug@ miod@
Revision 1.130 / (download) - annotate - [select for diffs], Wed Oct 19 16:38:40 2016 UTC (7 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.129: +1 -5 lines
Diff to previous 1.129 (colored)
Remove support for fixed ECDH cipher suites - these is not widely supported and more importantly they do not provide PFS (if you want to use ECDH, use ECDHE instead). With input from guenther@. ok deraadt@ guenther@
Revision 1.129 / (download) - annotate - [select for diffs], Thu Apr 28 16:39:45 2016 UTC (8 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.128: +4 -2 lines
Diff to previous 1.128 (colored)
Implement the IETF ChaCha20-Poly1305 cipher suites. Rename the existing ChaCha20-Poly1305 cipher suites with an "-OLD" suffix, effectively replaces the original Google implementation. We continue to support both the IETF and Google versions, however the existing names now refer to the ciphers from draft-ietf-tls-chacha20-poly1305-04. Feedback from doug@
Revision 1.128 / (download) - annotate - [select for diffs], Sat Sep 12 15:08:54 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.127: +1 -2 lines
Diff to previous 1.127 (colored)
Uncopy and unpaste dtls1_send_newsession_ticket() - another 111 lines of code deduped.
Revision 1.127 / (download) - annotate - [select for diffs], Sat Sep 12 15:03:39 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.126: +2 -1 lines
Diff to previous 1.126 (colored)
Move handshake message header length determination into a separate ssl3_handshake_msg_hdr_len() function. Use this to correct several places that have magic numbers with header lengths hardcoded as '4'. ok beck@
Revision 1.126 / (download) - annotate - [select for diffs], Sat Sep 12 14:32:24 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.125: +1 -2 lines
Diff to previous 1.125 (colored)
Uncopy and unpaste dtls1_send_certificate_request() - removes another 80 lines of code, while gaining SIGALGs support.
Revision 1.125 / (download) - annotate - [select for diffs], Sat Sep 12 14:28:23 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.124: +1 -2 lines
Diff to previous 1.124 (colored)
Uncopy and unpaste dtls1_send_server_key_exchange(). Removes another 329 lines of code, while gaining bug fixes and SIGALGs support.
Revision 1.124 / (download) - annotate - [select for diffs], Sat Sep 12 13:35:34 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.123: +1 -2 lines
Diff to previous 1.123 (colored)
Uncopy and unpaste dtls1_send_server_done().
Revision 1.123 / (download) - annotate - [select for diffs], Sat Sep 12 13:25:26 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.122: +1 -2 lines
Diff to previous 1.122 (colored)
Uncopy and unpaste dtls1_send_server_hello().
Revision 1.122 / (download) - annotate - [select for diffs], Sat Sep 12 13:09:07 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.121: +1 -2 lines
Diff to previous 1.121 (colored)
Uncopy and unpaste dtls1_send_hello_request().
Revision 1.121 / (download) - annotate - [select for diffs], Sat Sep 12 12:58:15 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.120: +1 -2 lines
Diff to previous 1.120 (colored)
Uncopy and unpaste dtls1_send_client_verify() - the ssl3_send_client_verify() is different, but it correctly supports things like SIGALGS. Another 74 lines of code bites the dust.
Revision 1.120 / (download) - annotate - [select for diffs], Sat Sep 12 12:26:56 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.119: +1 -2 lines
Diff to previous 1.119 (colored)
Uncopy and unpaste dtls1_send_client_key_exchange() - the ssl3_send_client_key_exchange() is effectively identical, in fact it has a number of bug fixes and improvements that never got merged into the DTLS copy of the code. Flenses another 264 lines of code. ok beck@
Revision 1.119 / (download) - annotate - [select for diffs], Fri Sep 11 18:08:21 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.118: +7 -7 lines
Diff to previous 1.118 (colored)
Rename functions that moved to t1_enc.c, with a tls1_ prefix instead of a ssl3_ prefix. ok beck@
Revision 1.118 / (download) - annotate - [select for diffs], Fri Sep 11 17:37:47 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.117: +1 -2 lines
Diff to previous 1.117 (colored)
Nuke ssl_set_peer_cert_type(). ok "flensing knife"
Revision 1.117 / (download) - annotate - [select for diffs], Fri Sep 11 17:35:36 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.116: +1 -2 lines
Diff to previous 1.116 (colored)
Nuke ssl_bad_method(). ok "flensing knife"
Revision 1.116 / (download) - annotate - [select for diffs], Fri Sep 11 17:32:23 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.115: +1 -2 lines
Diff to previous 1.115 (colored)
Nuke ssl3_default_timeout(). ok "flensing knife"
Revision 1.115 / (download) - annotate - [select for diffs], Fri Sep 11 17:29:36 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.114: +1 -2 lines
Diff to previous 1.114 (colored)
Nuke ssl_replace_hash(). ok "flensing knife"
Revision 1.114 / (download) - annotate - [select for diffs], Fri Sep 11 17:17:44 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.113: +1 -3 lines
Diff to previous 1.113 (colored)
Nuke ssl3_cbc_remove_padding(). ok "flensing knife"
Revision 1.113 / (download) - annotate - [select for diffs], Fri Sep 11 17:11:53 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.112: +1 -2 lines
Diff to previous 1.112 (colored)
Nuke ssl3_alert_code(). ok "flensing knife"
Revision 1.112 / (download) - annotate - [select for diffs], Fri Sep 11 17:08:50 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.111: +1 -2 lines
Diff to previous 1.111 (colored)
Nuke ssl3_cert_verify_mac() and ssl3_handshake_mac(). We also no longer need the ssl3_pad_1 and ssl3_pad_2 arrays... ok "flensing knife"
Revision 1.111 / (download) - annotate - [select for diffs], Fri Sep 11 17:04:39 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.110: +1 -3 lines
Diff to previous 1.110 (colored)
Nuke ssl3_final_finish_mac(). ok "flensing knife"
Revision 1.110 / (download) - annotate - [select for diffs], Fri Sep 11 17:03:03 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.109: +1 -2 lines
Diff to previous 1.109 (colored)
Nuke ssl3_change_cipher_state(). ok "flensing knife"
Revision 1.109 / (download) - annotate - [select for diffs], Fri Sep 11 17:01:19 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.108: +1 -3 lines
Diff to previous 1.108 (colored)
Nuke ssl3_generate_master_secret(). ok "flensing knife"
Revision 1.108 / (download) - annotate - [select for diffs], Fri Sep 11 16:59:17 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.107: +1 -2 lines
Diff to previous 1.107 (colored)
Nuke ssl3_setup_key_block() and ssl3_generate_key_block(). ok "flensing knife"
Revision 1.107 / (download) - annotate - [select for diffs], Fri Sep 11 16:56:17 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.106: +1 -2 lines
Diff to previous 1.106 (colored)
Nuke n_ssl3_mac(). ok "flensing knife"
Revision 1.106 / (download) - annotate - [select for diffs], Fri Sep 11 16:53:51 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.105: +1 -2 lines
Diff to previous 1.105 (colored)
Nuke ssl3_enc(). ok "flensing knife"
Revision 1.105 / (download) - annotate - [select for diffs], Fri Sep 11 16:50:46 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.104: +2 -3 lines
Diff to previous 1.104 (colored)
Nuke SSLv3_enc_data. ok "flensing knife"
Revision 1.104 / (download) - annotate - [select for diffs], Fri Sep 11 16:28:37 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.103: +1 -2 lines
Diff to previous 1.103 (colored)
Replace dtls1_send_finished() with ssl3_send_finished() - they're now both essentially the same (in fact DTLS benefits from improvements previously made to the ssl3_send_finished() function). ok beck@
Revision 1.103 / (download) - annotate - [select for diffs], Wed Sep 2 17:59:15 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.102: +1 -2 lines
Diff to previous 1.102 (colored)
Replace dtls1_client_hello() with ssl3_client_hello() - both are basically the same code, with two slight differences for DTLS handling. Also, make use of send_cookie to determine if the client random needs to be preserved, rather than testing if it is zeroed (hopefully your random number generator never returned all zeros, since the existing code would break). Inspired by BoringSSL. ok doug@
Revision 1.102 / (download) - annotate - [select for diffs], Tue Sep 1 13:38:27 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.101: +1 -3 lines
Diff to previous 1.101 (colored)
Remove the ssl_prepare_{client,server}hello_tlsext() functions, which are
now nothing more than noops.
ok bcook@ doug@
Revision 1.101 / (download) - annotate - [select for diffs], Sat Aug 29 17:15:52 2015 UTC (8 years, 9 months ago) by doug
Branch: MAIN
Changes since 1.100: +1 -3 lines
Diff to previous 1.100 (colored)
Now that SSLv3 is going away, TLS_* and SSLv23 are equivalent. Remove the TLS method data and tls_any_* functions. Point to SSLv23. ok jsing@
Revision 1.100 / (download) - annotate - [select for diffs], Fri Jul 24 07:57:48 2015 UTC (8 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.99: +2 -3 lines
Diff to previous 1.99 (colored)
Convert tls1_process_ticket to CBS. ok miod@ jsing@
Revision 1.99 / (download) - annotate - [select for diffs], Sun Jul 19 07:30:06 2015 UTC (8 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.98: +3 -3 lines
Diff to previous 1.98 (colored)
Fix symbol collision with libtls. Pointed out by guenther. ok guenther@
Revision 1.98 / (download) - annotate - [select for diffs], Sun Jul 19 06:31:32 2015 UTC (8 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.97: +3 -1 lines
Diff to previous 1.97 (colored)
Add TLS_method, TLS_client_method and TLS_server_method. Use these instead of SSLv23_*method when you want to make sure TLS is used. By default, we disable SSLv3 but it's still possible for the user to re-enable it. TLS_*method does not allow SSLv3. Both BoringSSL and (next version of) OpenSSL have these methods. However, they have changed the implementation significantly. We will as well, but not right now. Riding the libssl major bump. ok miod@ bcook@
Revision 1.97 / (download) - annotate - [select for diffs], Sat Jul 18 23:00:23 2015 UTC (8 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.96: +2 -2 lines
Diff to previous 1.96 (colored)
Convert dtls1_get_message_header to CBS and change to int. Changed return value from void to int. It should never return an error given that the input length is not checked yet. ok miod@
Revision 1.96 / (download) - annotate - [select for diffs], Fri Jul 17 17:36:24 2015 UTC (8 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.95: +2 -2 lines
Diff to previous 1.95 (colored)
Convert ssl_parse_serverhello_use_srtp_ext to CBS. ok miod@ jsing@
Revision 1.95 / (download) - annotate - [select for diffs], Tue Jul 14 03:38:26 2015 UTC (8 years, 11 months ago) by doug
Branch: MAIN
Changes since 1.94: +2 -2 lines
Diff to previous 1.94 (colored)
Convert ssl_parse_clienthello_use_srtp_ext to CBS. ok miod@ jsing@
Revision 1.94 / (download) - annotate - [select for diffs], Sun Jun 28 00:08:27 2015 UTC (8 years, 11 months ago) by doug
Branch: MAIN
Changes since 1.93: +2 -2 lines
Diff to previous 1.93 (colored)
Convert ssl_bytes_to_cipher_list to CBS. Link in the new 'unit' regress and expand the invalid tests to include some that would fail before the CBS conversion. input + ok miod@ jsing@
Revision 1.93 / (download) - annotate - [select for diffs], Sat Jun 20 16:42:48 2015 UTC (8 years, 11 months ago) by doug
Branch: MAIN
Changes since 1.92: +2 -2 lines
Diff to previous 1.92 (colored)
Convert ssl_parse_serverhello_renegotiate_ext to CBS. ok miod@ jsing@
Revision 1.92 / (download) - annotate - [select for diffs], Sat Jun 20 04:04:35 2015 UTC (8 years, 11 months ago) by doug
Branch: MAIN
Changes since 1.91: +2 -2 lines
Diff to previous 1.91 (colored)
Convert ssl_parse_clienthello_renegotiate_ext to CBS. ok miod@, tweak + ok jsing@
Revision 1.91 / (download) - annotate - [select for diffs], Thu Jun 18 22:51:05 2015 UTC (8 years, 11 months ago) by doug
Branch: MAIN
Changes since 1.90: +1 -2 lines
Diff to previous 1.90 (colored)
Remove Microsoft Server Gated Crypto. Another relic due to the old US crypto policy. From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and 95275599399e277e71d064790a1f828a99fc661a. ok jsing@ miod@
Revision 1.90 / (download) - annotate - [select for diffs], Wed Apr 15 16:25:43 2015 UTC (9 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.89: +2 -2 lines
Diff to previous 1.89 (colored)
Clean up the ssl_bytes_to_cipher_list() API - rather than having the ability to pass or not pass a STACK_OF(SSL_CIPHER) *, which is then either zeroed or if NULL a new one is allocated, always allocate one and return it directly. Inspired by simliar changes in BoringSSL. ok beck@ doug@
Revision 1.89 / (download) - annotate - [select for diffs], Fri Mar 27 12:29:54 2015 UTC (9 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.88: +2 -1 lines
Diff to previous 1.88 (colored)
Factor out the init_buf initialisation code, rather than duplicating it in four different places. ok doug@ guenther@
Revision 1.63.4.1 / (download) - annotate - [select for diffs], Wed Mar 11 19:52:37 2015 UTC (9 years, 3 months ago) by tedu
Changes since 1.63: +2 -2 lines
Diff to previous 1.63 (colored) next main 1.64 (colored)
backport fixes to prevent connections from being downgraded to weak keys. ok bluhm miod
Revision 1.88 / (download) - annotate - [select for diffs], Sun Feb 22 15:54:27 2015 UTC (9 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.87: +2 -1 lines
Diff to previous 1.87 (colored)
Reluctantly add server-side support for TLS_FALLBACK_SCSV. This allows for clients that willingly choose to perform a downgrade and attempt to establish a second connection at a lower protocol after the previous attempt unexpectedly failed, to be notified and have the second connection aborted, if the server does in fact support a higher protocol. TLS has perfectly good version negotiation and client-side fallback is dangerous. Despite this, in order to maintain maximum compatability with broken web servers, most mainstream browsers implement this. Furthermore, TLS_FALLBACK_SCSV only works if both the client and server support it and there is effectively no way to tell if this is the case, unless you control both ends. Unfortunately, various auditors and vulnerability scanners (including certain online assessment websites) consider the presence of a not yet standardised feature to be important for security, even if the clients do not perform client-side downgrade or the server only supports current TLS protocols. Diff is loosely based on OpenSSL with some inspiration from BoringSSL. Discussed with beck@ and miod@. ok bcook@
Revision 1.87 / (download) - annotate - [select for diffs], Thu Feb 12 03:45:25 2015 UTC (9 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.86: +1 -5 lines
Diff to previous 1.86 (colored)
unifdef -m -UOPENSSL_NO_NEXTPROTONEG - NPN is being replaced with ALPN, however it is not likely to be removed any time soon. ok beck@ miod@
Revision 1.86 / (download) - annotate - [select for diffs], Sat Feb 7 04:17:11 2015 UTC (9 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.85: +2 -1 lines
Diff to previous 1.85 (colored)
Provide a SSL_CIPHER_get_by_value() function that allows a cipher to be retrieved via its cipher suite value. A corresponding SSL_CIPHER_by_value() function returns the cipher suite value for a given SSL_CIPHER. These functions should mean that software does not need to resort to put_cipher_by_char()/get_cipher_by_char() in order to locate a cipher. Begrudgingly also provide a SSL_CIPHER_get_by_id() function that locates a cipher via the internal cipher identifier. Unfortunately these have already been leaked outside the library via SSL_CIPHER_by_id() and the various SSL3_CK_* and TLS1_CK_* defines in the ssl3.h/tls1.h headers. ok beck@ miod@
Revision 1.85 / (download) - annotate - [select for diffs], Fri Feb 6 08:30:23 2015 UTC (9 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.84: +3 -1 lines
Diff to previous 1.84 (colored)
Bring back the horrible API that is get_cipher_by_char/put_cipher_by_char. This API was intended to be an internal only, however like many things in OpenSSL, it is exposed externally and parts of the software ecosystem are now using it since there is no real alternative within the public API. ok doug@, tedu@ and reluctantly miod@
Revision 1.84 / (download) - annotate - [select for diffs], Mon Dec 15 00:46:53 2014 UTC (9 years, 5 months ago) by doug
Branch: MAIN
Changes since 1.83: +2 -2 lines
Diff to previous 1.83 (colored)
Add error handling for EVP_DigestInit_ex(). A few EVP_DigestInit_ex() calls were left alone since reporting an error would change the public API. Changed internal ssl3_cbc_digest_record() to return a value due to the above change. It will also now set md_out_size=0 on failure. This is based on part of BoringSSL's commit to fix malloc crashes: https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364 ok miod@
Revision 1.83 / (download) - annotate - [select for diffs], Sun Dec 14 16:19:38 2014 UTC (9 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.82: +5 -1 lines
Diff to previous 1.82 (colored)
Convert all of the straight forward client handshake handling code to use the new handshake functions. ok miod@
Revision 1.82 / (download) - annotate - [select for diffs], Sun Dec 14 15:30:50 2014 UTC (9 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.81: +13 -13 lines
Diff to previous 1.81 (colored)
Remove trailing whitespace.
Revision 1.81 / (download) - annotate - [select for diffs], Wed Dec 10 15:43:31 2014 UTC (9 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.80: +2 -2 lines
Diff to previous 1.80 (colored)
ssl3_init_finished_mac() calls BIO_new() which can fail since it in turn calls malloc(). Instead of silently continuing on failure, check the return value of BIO_new() and propagate failure back to the caller for appropriate handling. ok bcook@
Revision 1.80 / (download) - annotate - [select for diffs], Wed Dec 10 15:36:47 2014 UTC (9 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.79: +3 -5 lines
Diff to previous 1.79 (colored)
Remove support for GOST R 34.10-94 signature authentication, along with the two ciphersuites that use it. GOST94 public/private keys have been long obsoleted and libcrypto does not have support for them anyway. Discussed with Dmitry Eremin-Solenikov.
Revision 1.79 / (download) - annotate - [select for diffs], Sat Dec 6 14:24:26 2014 UTC (9 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.78: +1 -2 lines
Diff to previous 1.78 (colored)
Remove client handling of RSA in ServerKeyExchange messages, along with the associated peer_rsa_tmp goop. This was only needed for export cipher handling and intentional RFC violations. The export cipher suites have already been removed and previous cleanup means that we will never send ServerKeyExchange messages from the server side for RSA.
Revision 1.78 / (download) - annotate - [select for diffs], Sat Dec 6 13:51:06 2014 UTC (9 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.77: +3 -3 lines
Diff to previous 1.77 (colored)
Use appropriate internal types for EC curves and formats, rather than storing and processing in wire encoded form. Inspired by boringssl. ok miod@
Revision 1.77 / (download) - annotate - [select for diffs], Tue Nov 18 05:33:43 2014 UTC (9 years, 6 months ago) by miod
Branch: MAIN
Changes since 1.76: +7 -2 lines
Diff to previous 1.76 (colored)
Update the GOST code in libssl, as contributed by Dmitry Eremin-Solenikov. This causes a libssl major version bump as this affects the layout of some internal-but-unfortunately-made-visible structs.
Revision 1.76 / (download) - annotate - [select for diffs], Sun Nov 16 14:12:47 2014 UTC (9 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.75: +6 -6 lines
Diff to previous 1.75 (colored)
Sort and group includes.
Revision 1.75 / (download) - annotate - [select for diffs], Sat Nov 8 15:21:02 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.74: +1 -2 lines
Diff to previous 1.74 (colored)
Clean up more SSLv2 remnants.
Revision 1.74 / (download) - annotate - [select for diffs], Sun Nov 2 10:42:38 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.73: +11 -13 lines
Diff to previous 1.73 (colored)
Remove remnants from RC2 and SEED - there are no longer any cipher suites that use these algorithms (and SEED was removed from libcrypto some time ago). ok doug@
Revision 1.73 / (download) - annotate - [select for diffs], Fri Oct 31 15:25:55 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.72: +3 -1 lines
Diff to previous 1.72 (colored)
Add support for automatic DH ephemeral keys. This allows an SSL server to enable DHE ciphers with a single setting, which results in an DH key being generated based on the server key length. Partly based on OpenSSL.
Revision 1.72 / (download) - annotate - [select for diffs], Fri Oct 31 14:51:01 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.71: +1 -4 lines
Diff to previous 1.71 (colored)
Remove support for ephemeral/temporary RSA private keys. The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively a standards violation) and for RSA sign-only, should only be possible if you are using an export cipher and have an RSA private key that is more than 512 bits in size (however we no longer support export ciphers). ok bcook@ miod@
Revision 1.71 / (download) - annotate - [select for diffs], Fri Oct 3 13:58:18 2014 UTC (9 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.70: +5 -1 lines
Diff to previous 1.70 (colored)
Add support for automatic ephemeral EC keys. This allows an SSL server to enable ECDHE ciphers with a single setting, which results in an EC key being generated using the first preference shared curve. Based on OpenSSL with inspiration from boringssl. ok miod@
Revision 1.70 / (download) - annotate - [select for diffs], Tue Sep 30 15:40:09 2014 UTC (9 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.69: +4 -1 lines
Diff to previous 1.69 (colored)
Clean up EC cipher handling in ssl3_choose_cipher(). The existing code reaches around into various internals of EC, which it should not know anything about. Replace this with a set of functions that that can correctly extract the necessary details and handle the comparisions. Based on a commit to OpenSSL, with some inspiration from boringssl. ok miod@
Revision 1.69 / (download) - annotate - [select for diffs], Sat Sep 27 11:01:06 2014 UTC (9 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.68: +2 -1 lines
Diff to previous 1.68 (colored)
Check that the specified curve is one of the client preferences. Based on OpenSSL. ok miod@
Revision 1.68 / (download) - annotate - [select for diffs], Sun Sep 7 12:16:23 2014 UTC (9 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.67: +3 -6 lines
Diff to previous 1.67 (colored)
Remove SSL_kDHr, SSL_kDHd and SSL_aDH. No supported ciphersuites use them, nor do we plan on supporting them. ok guenther@
Revision 1.67 / (download) - annotate - [select for diffs], Sun Aug 24 14:36:46 2014 UTC (9 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.66: +3 -2 lines
Diff to previous 1.66 (colored)
Replace the remaining uses of ssl3_put_cipher_by_char() with s2n and a ssl3_cipher_get_value() helper function, which returns the cipher suite value for the given cipher. ok miod@
Revision 1.66 / (download) - annotate - [select for diffs], Sat Aug 23 14:52:41 2014 UTC (9 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.65: +3 -2 lines
Diff to previous 1.65 (colored)
Replace the remaining ssl3_get_cipher_by_char() calls with n2s() and ssl3_get_cipher_by_id(). ok bcook@
Revision 1.65 / (download) - annotate - [select for diffs], Mon Aug 11 01:06:22 2014 UTC (9 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.64: +2 -1 lines
Diff to previous 1.64 (colored)
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char(). ok bcook@ miod@
Revision 1.64 / (download) - annotate - [select for diffs], Sun Aug 10 14:42:56 2014 UTC (9 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.63: +2 -8 lines
Diff to previous 1.63 (colored)
Since we no longer need to support SSLv2-style cipher lists, start
unravelling the maze of function pointers and callbacks by directly
calling ssl3_{get,put}_cipher_by_char() and removing the
ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
Revision 1.63 / (download) - annotate - [select for diffs], Mon Jul 28 04:23:12 2014 UTC (9 years, 10 months ago) by guenther
Branch: MAIN
Changes since 1.62: +7 -1 lines
Diff to previous 1.62 (colored)
The RSA, DH, and ECDH temporary key callbacks expect the number of keybits for the key (expressed in RSA key bits, which makes *no sense* for ECDH) as their second argument, not zero. (jsing@ notes that the RSA callback is only invoked for 'export' ciphers, which have been removed from LibreSSL, and for the SSL_OP_EPHEMERAL_RSA option, which is makes the application non-compliant. More fuel for the tedu fire...) jasper@ noted the breakage and bisected it down to the diff that broke this ok jsing@ miod@
Revision 1.62 / (download) - annotate - [select for diffs], Sat Jul 12 22:33:39 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.61: +4 -4 lines
Diff to previous 1.61 (colored)
The correct name for EDH is DHE, likewise EECDH should be ECDHE. Based on changes to OpenSSL trunk. ok beck@ miod@
Revision 1.61 / (download) - annotate - [select for diffs], Sat Jul 12 19:45:53 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.60: +2 -1 lines
Diff to previous 1.60 (colored)
Provide ssl_version_string() function, which uses one of those modern C constructs (a switch statement) and returns the appropriate string defined by SSL_TXT_* for the given version, including support for DTLSv1 and DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print(). ok beck@
Revision 1.60 / (download) - annotate - [select for diffs], Sat Jul 12 13:11:53 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.59: +2 -7 lines
Diff to previous 1.59 (colored)
Remove remnants from PSK, KRB5 and SRP. ok beck@ miod@
Revision 1.59 / (download) - annotate - [select for diffs], Fri Jul 11 08:17:36 2014 UTC (9 years, 11 months ago) by miod
Branch: MAIN
Changes since 1.58: +1 -4 lines
Diff to previous 1.58 (colored)
No need to keep ssl23_foo() flavours mapping to ssl3_foo(). ok tedu@
Revision 1.58 / (download) - annotate - [select for diffs], Thu Jul 10 10:09:54 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.57: +1 -2 lines
Diff to previous 1.57 (colored)
Remove more compression related code.
Revision 1.57 / (download) - annotate - [select for diffs], Thu Jul 10 08:51:15 2014 UTC (9 years, 11 months ago) by tedu
Branch: MAIN
Changes since 1.56: +1 -15 lines
Diff to previous 1.56 (colored)
decompress libssl. ok beck jsing
Revision 1.56 / (download) - annotate - [select for diffs], Wed Jul 9 11:25:42 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.55: +2 -53 lines
Diff to previous 1.55 (colored)
tedu the SSL export cipher handling - since we do not have enabled export ciphers we no longer need the flags or code to support it. ok beck@ miod@
Revision 1.55 / (download) - annotate - [select for diffs], Tue Jul 8 21:50:40 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.54: +1 -2 lines
Diff to previous 1.54 (colored)
Remove SSL_FIPS. ok deraadt@ miod@
Revision 1.54 / (download) - annotate - [select for diffs], Tue Jul 8 21:31:54 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.53: +1 -2 lines
Diff to previous 1.53 (colored)
Nuke SSL_NOT_EXP since it does nothing. ok deraadt@ miod@
Revision 1.53 / (download) - annotate - [select for diffs], Sat Jun 21 17:02:25 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.52: +5 -2 lines
Diff to previous 1.52 (colored)
Pull the code that builds a DTLS sequence number out into its own function to avoid duplication. Also use fewer magic numbers. ok miod@
Revision 1.52 / (download) - annotate - [select for diffs], Sun Jun 15 15:29:25 2014 UTC (9 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.51: +5 -5 lines
Diff to previous 1.51 (colored)
Rename ssl3_record_sequence_update() to ssl3_record_sequence_increment(), so that it reflects what it is actually doing. Use this function in a number of places that still have the hand rolled version. ok beck@ miod@
Revision 1.51 / (download) - annotate - [select for diffs], Fri Jun 13 13:28:53 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.50: +2 -1 lines
Diff to previous 1.50 (colored)
Add ChaCha20-Poly1305 based ciphersuites. Based on Adam Langley's chromium patches. Tested by and ok sthen@
Revision 1.50 / (download) - annotate - [select for diffs], Fri Jun 13 10:52:24 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.49: +22 -1 lines
Diff to previous 1.49 (colored)
Add an SSL_AEAD_CTX to enable the use of EVP_AEAD with an SSL cipher. Read and write contexts are also added to the SSL_CTX, along with supporting code. Based on Adam Langley's chromium diffs. Rides the recent SSL library bump.
Revision 1.49 / (download) - annotate - [select for diffs], Thu Jun 12 15:49:31 2014 UTC (10 years ago) by deraadt
Branch: MAIN
Changes since 1.48: +1 -1 lines
Diff to previous 1.48 (colored)
tags as requested by miod and tedu
Revision 1.48 / (download) - annotate - [select for diffs], Sun Jun 8 16:24:49 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.47: +19 -0 lines
Diff to previous 1.47 (colored)
Add an SSL_CIPHER_ALGORITHM2_AEAD flag that is used to mark a cipher as using EVP_AEAD. Also provide an EVP_AEAD-only equivalent of ssl_cipher_get_evp().
Revision 1.47 / (download) - annotate - [select for diffs], Sat Jun 7 22:23:12 2014 UTC (10 years ago) by deraadt
Branch: MAIN
Changes since 1.46: +0 -1 lines
Diff to previous 1.46 (colored)
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162ec30718b5e7480add42598158 Don't know the full story, but it looks like a "can't do random perfectly, so do it god awful" problem was found in 2013, and replaced with "only do it badly if a flag is set". New flags (SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old scheme of "use time_t for first 4 bytes of the random buffer". Nothing uses these flags [ecosystem scan by sthen] Fully discourage use of these flags in the future by removing support & definition of them. The buflen < 4 check is also interesting, because no entropy would be returned. No callers passed such small buffers. ok miod sthen
Revision 1.19.4.1 / (download) - annotate - [select for diffs], Thu Jun 5 20:37:47 2014 UTC (10 years ago) by sthen
Changes since 1.19: +6 -0 lines
Diff to previous 1.19 (colored) next main 1.20 (colored)
MFC ChangeCipherSpec fixes (CVE-2014-0224 and additional safeguard), ok jsing@ "Be selective as to when ChangeCipherSpec messages will be accepted. Without this an early ChangeCipherSpec message would result in session keys being generated, along with the Finished hash for the handshake, using an empty master secret." From s3_clnt.c r1.64, s3_pkt.c r1.42, s3_srvr.c r1.59, ssl3.h r1.19 - note that the ssl3.h change has been applied to s3_locl.h instead to simplify patching. "Ensure that we do not process a ChangeCipherSpec with an empty master secret. This is an additional safeguard against early ChangeCipherSpec handling." From s3_pkt.c:1.43
Revision 1.20.4.1 / (download) - annotate - [select for diffs], Thu Jun 5 17:05:16 2014 UTC (10 years ago) by sthen
Changes since 1.20: +6 -0 lines
Diff to previous 1.20 (colored) next main 1.21 (colored)
MFC ChangeCipherSpec fixes (CVE-2014-0224 and additional safeguard), ok jsing@ "Be selective as to when ChangeCipherSpec messages will be accepted. Without this an early ChangeCipherSpec message would result in session keys being generated, along with the Finished hash for the handshake, using an empty master secret." From s3_clnt.c r1.64, s3_pkt.c r1.42, s3_srvr.c r1.59, ssl3.h r1.19 - note that the ssl3.h change has been applied to s3_locl.h instead to simplify patching. "Ensure that we do not process a ChangeCipherSpec with an empty master secret. This is an additional safeguard against early ChangeCipherSpec handling." From s3_pkt.c:1.43
Revision 1.46 / (download) - annotate - [select for diffs], Sat May 31 10:53:39 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.45: +0 -4 lines
Diff to previous 1.45 (colored)
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC. ok tedu@
Revision 1.45 / (download) - annotate - [select for diffs], Sat May 31 10:49:28 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.44: +0 -4 lines
Diff to previous 1.44 (colored)
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT. ok tedu@
Revision 1.44 / (download) - annotate - [select for diffs], Fri May 30 05:27:32 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.43: +1 -1 lines
Diff to previous 1.43 (colored)
While working on another diff I ended up looking to see why on earth the DTLS code had a chunk that checked to see if the SSL version was *not* DTLS. Turns out that this is inside a big #if 0 block with a comment explaining why DTLS will never need this code... The DTLS code was clearly written by wholesale copying the SSLv3 code. Any code not applicable to DTLS was seemingly #if 0'd or commented out and left for others to find. d1_pkt.c is copied from s3_pkt.c and it has a do_dtls1_write() function that has the same function signature as do_ssl3_write(), except that the create_empty_fragement (yes, that is the spelling in ssl_locl.h) argument is unused for DTLS (although there is code that pretends to use it) since it uses explicit IV (as the comment notes). Instead of leaving this turd lying around, nuke the #if 0'd code (along with the check for *not* DTLS) and remove the pointless create_empty_fragment argument given the only two do_dtls1_write() calls specify zero. This kind of thing also makes you wonder how much actual peer review occurred before the code was initially committed... ok beck@
Revision 1.43 / (download) - annotate - [select for diffs], Thu May 29 21:22:54 2014 UTC (10 years ago) by tedu
Branch: MAIN
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)
we no longer care that these aren't used for ssl2
Revision 1.42 / (download) - annotate - [select for diffs], Thu May 29 18:11:13 2014 UTC (10 years ago) by tedu
Branch: MAIN
Changes since 1.41: +0 -10 lines
Diff to previous 1.41 (colored)
unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them. ok deraadt jsing
Revision 1.41 / (download) - annotate - [select for diffs], Thu May 29 16:00:16 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.40: +36 -3 lines
Diff to previous 1.40 (colored)
Make it substantially easier to identify protocol version requirements by adding an enc_flags field to the ssl3_enc_method, specifying four flags that are used with this field and providing macros for evaluating these conditions. Currently the version requirements are identified by continually checking the version number and other criteria. This change also adds separate SSL3_ENC_METHOD data for TLS v1.1 and v1.2, since they have different enc_flags from TLS v1. Based on changes in OpenSSL head. No objection from miod@
Revision 1.40 / (download) - annotate - [select for diffs], Tue May 27 20:22:00 2014 UTC (10 years ago) by miod
Branch: MAIN
Changes since 1.39: +0 -9 lines
Diff to previous 1.39 (colored)
Remove unused defines.
Revision 1.39 / (download) - annotate - [select for diffs], Sun May 25 17:32:20 2014 UTC (10 years ago) by tedu
Branch: MAIN
Changes since 1.38: +0 -13 lines
Diff to previous 1.38 (colored)
remove unused shit. from Alexander Schrijver
Revision 1.38 / (download) - annotate - [select for diffs], Sun May 25 13:27:38 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)
The ssl_ciper_get_evp() function is currently overloaded to also return the compression associated with the SSL session. Based on one of Adam Langley's chromium diffs, factor out the compression handling code into a separate ssl_cipher_get_comp() function. Rewrite the compression handling code to avoid pointless duplication and so that failures are actually returned to and detectable by the caller. ok miod@
Revision 1.37 / (download) - annotate - [select for diffs], Sat May 24 12:44:48 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.36: +2 -153 lines
Diff to previous 1.36 (colored)
DeIMPLEMENT libssl. Expand the IMPLEMENT_* macros since it is far more readable and one less layer of abstraction. Use C99 initialisers for clarity, grepability and to protect from future field reordering/removal. ok miod@ (tedu@ also thought it was a wonderful idea, beck@ also agreed, but ran away squealing since it reminded him of the VOP layer...)
Revision 1.36 / (download) - annotate - [select for diffs], Thu May 22 17:43:52 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.35: +1 -3 lines
Diff to previous 1.35 (colored)
There are two actual uses of e_os2.h in libssl - an OPENSSL_GLOBAL (an empty define) and an OPENSSL_EXTERN (which is defined as, well... extern). The use of OPENSSL_EXTERN is already inconsistent since the lines above and below just use plain old "extern". Expand the two uses of these macros and stop including e_os2.h in libssl. ok miod@
Revision 1.35 / (download) - annotate - [select for diffs], Thu May 22 17:37:06 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.34: +0 -2 lines
Diff to previous 1.34 (colored)
Stop pulling pqueue.h into ssl_locl.h since only a small part of libssl actually needs it. Instead, just include it in the files where it is actually necessary. Also remove standard includes from pqueue.h so that they are not available as a side effect. Just add the two includes that are needed to pqueue.c. ok miod@
Revision 1.34 / (download) - annotate - [select for diffs], Thu May 15 19:39:46 2014 UTC (10 years ago) by miod
Branch: MAIN
Changes since 1.33: +2 -0 lines
Diff to previous 1.33 (colored)
No longer make pqueue.h a public (and installed) header file. Replace its inclusion in <ssl/dtls1.h> by the benign `struct _pqueue; typedef struct _pqueue *pqueue;'. Note that said dtls1.h should probably be considered a private header as well... ok beck@
Revision 1.33 / (download) - annotate - [select for diffs], Sun Apr 27 20:34:33 2014 UTC (10 years, 1 month ago) by miod
Branch: MAIN
Changes since 1.32: +0 -14 lines
Diff to previous 1.32 (colored)
Remove orphaned l2n6 and n2l6 macros.
Revision 1.32 / (download) - annotate - [select for diffs], Sun Apr 27 20:22:32 2014 UTC (10 years, 1 month ago) by miod
Branch: MAIN
Changes since 1.31: +0 -5 lines
Diff to previous 1.31 (colored)
Unifdef -U OPENSSL_BUILD_SHLIBCRYPTO, since all it causes under Unix is to redefine OPENSSL_EXTERN from `extern' to `extern'.
Revision 1.31 / (download) - annotate - [select for diffs], Wed Apr 23 22:26:26 2014 UTC (10 years, 1 month ago) by miod
Branch: MAIN
Changes since 1.30: +0 -2 lines
Diff to previous 1.30 (colored)
Unifdef -UPKCS1_CHECK and remove SSL_OP_PKCS1_CHECK_[12], this is leftover ``debug'' code from a 15+ years old bugfix and the SSL_OP_PKCS1_CHECK_* constants have had a value of zero since ages. No production code should use them. ok beck@
Revision 1.30 / (download) - annotate - [select for diffs], Sat Apr 19 10:59:54 2014 UTC (10 years, 1 month ago) by guenther
Branch: MAIN
Changes since 1.29: +0 -30 lines
Diff to previous 1.29 (colored)
The internal ssl2_* functions and variables are gone
Revision 1.29 / (download) - annotate - [select for diffs], Thu Apr 17 21:37:37 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.28: +0 -8 lines
Diff to previous 1.28 (colored)
always build in RSA and DSA. ok deraadt miod
Revision 1.28 / (download) - annotate - [select for diffs], Thu Apr 17 20:34:24 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.27: +0 -4 lines
Diff to previous 1.27 (colored)
quick pass at removing ability to disable sha256 and sha512. ok miod
Revision 1.27 / (download) - annotate - [select for diffs], Wed Apr 16 21:16:33 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.26: +0 -12 lines
Diff to previous 1.26 (colored)
TANSTAAFL - delete the buf freelist code. if you need a better malloc, get a better malloc. ok beck deraadt
Revision 1.26 / (download) - annotate - [select for diffs], Wed Apr 16 15:10:07 2014 UTC (10 years, 1 month ago) by guenther
Branch: MAIN
Changes since 1.25: +1 -38 lines
Diff to previous 1.25 (colored)
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally. ok tedu@ beck@
Revision 1.25 / (download) - annotate - [select for diffs], Tue Apr 15 12:00:25 2014 UTC (10 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.24: +129 -134 lines
Diff to previous 1.24 (colored)
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5. There is still a huge amount of inconsistency within these headers.
Revision 1.24 / (download) - annotate - [select for diffs], Mon Apr 14 18:45:55 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.23: +0 -7 lines
Diff to previous 1.23 (colored)
make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miod
Revision 1.23 / (download) - annotate - [select for diffs], Sun Apr 13 23:50:02 2014 UTC (10 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.22: +0 -1 lines
Diff to previous 1.22 (colored)
Cope with the removal of openssl/symhacks.h
Revision 1.22 / (download) - annotate - [select for diffs], Sun Apr 13 21:11:19 2014 UTC (10 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.21: +6 -2 lines
Diff to previous 1.21 (colored)
Do not include "e_os.h" anymore. Simply pull in the necessary headers. ok miod@, deraadt@
Revision 1.21 / (download) - annotate - [select for diffs], Sun Apr 13 15:25:34 2014 UTC (10 years, 2 months ago) by miod
Branch: MAIN
Changes since 1.20: +5 -2 lines
Diff to previous 1.20 (colored)
Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.
Revision 1.1.1.12 / (download) - annotate - [select for diffs] (vendor branch), Sun Apr 13 15:16:36 2014 UTC (10 years, 2 months ago) by miod
Changes since 1.1.1.11: +45 -2 lines
Diff to previous 1.1.1.11 (colored)
Import OpenSSL 1.0.1g
Revision 1.20 / (download) - annotate - [select for diffs], Thu Feb 27 21:04:57 2014 UTC (10 years, 3 months ago) by jca
Branch: MAIN
Changes since 1.19: +2 -0 lines
Diff to previous 1.19 (colored)
SECURITY fixes backported from openssl-1.0.1f. ok mikeb@ CVE-2013-4353 NULL pointer dereference with crafted Next Protocol Negotiation record in TLS handshake. Upstream: 197e0ea CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client. Upstream: ca98926, 0294b2b CVE-2013-6450 Fix DTLS retransmission from previous session. Upstream: 3462896
Revision 1.19 / (download) - annotate - [select for diffs], Thu Feb 14 15:11:43 2013 UTC (11 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.18: +38 -0 lines
Diff to previous 1.18 (colored)
cherry pick bugfixes for http://www.openssl.org/news/secadv_20130205.txt from the openssl git (changes between openssl 1.0.1c and 1.0.1d). ok djm@
Revision 1.18 / (download) - annotate - [select for diffs], Sat Oct 13 21:25:14 2012 UTC (11 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.17: +65 -10 lines
Diff to previous 1.17 (colored)
resolve conflicts
Revision 1.1.1.11 / (download) - annotate - [select for diffs] (vendor branch), Sat Oct 13 21:23:50 2012 UTC (11 years, 7 months ago) by djm
Changes since 1.1.1.10: +65 -10 lines
Diff to previous 1.1.1.10 (colored)
import OpenSSL-1.0.1c
Revision 1.17 / (download) - annotate - [select for diffs], Thu Jan 5 23:01:39 2012 UTC (12 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.16: +1 -0 lines
Diff to previous 1.16 (colored)
OpenSSL 1.0.0f: merge
Revision 1.1.1.10 / (download) - annotate - [select for diffs] (vendor branch), Thu Jan 5 22:59:10 2012 UTC (12 years, 5 months ago) by djm
Changes since 1.1.1.9: +1 -0 lines
Diff to previous 1.1.1.9 (colored)
OpenSSL 1.0.0f: import upstream source
Revision 1.16 / (download) - annotate - [select for diffs], Fri Oct 1 22:59:00 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.15: +198 -102 lines
Diff to previous 1.15 (colored)
resolve conflicts, fix local changes
Revision 1.1.1.9 / (download) - annotate - [select for diffs] (vendor branch), Fri Oct 1 22:54:16 2010 UTC (13 years, 8 months ago) by djm
Changes since 1.1.1.8: +198 -102 lines
Diff to previous 1.1.1.8 (colored)
import OpenSSL-1.0.0a
Revision 1.15.6.1 / (download) - annotate - [select for diffs], Tue Nov 17 14:34:52 2009 UTC (14 years, 6 months ago) by sthen
Changes since 1.15: +2 -0 lines
Diff to previous 1.15 (colored) next main 1.16 (colored)
Pull Ben Lauries blind prefix injection fix for CVE-2009-3555 from openssl 0.9.8l. As suggested by markus@, for -stable the header change is being restricted to a private file, so the minor version is not cranked here. Discussed with markus, djm, deraadt.
Revision 1.15.2.1 / (download) - annotate - [select for diffs], Tue Nov 17 14:34:37 2009 UTC (14 years, 6 months ago) by sthen
Changes since 1.15: +2 -0 lines
Diff to previous 1.15 (colored) next main 1.16 (colored)
Pull Ben Lauries blind prefix injection fix for CVE-2009-3555 from openssl 0.9.8l. As suggested by markus@, for -stable the header change is being restricted to a private file, so the minor version is not cranked here. Discussed with markus, djm, deraadt.
Revision 1.15 / (download) - annotate - [select for diffs], Fri Jan 9 12:15:52 2009 UTC (15 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.14: +4 -0 lines
Diff to previous 1.14 (colored)
resolve conflicts
Revision 1.1.1.8 / (download) - annotate - [select for diffs] (vendor branch), Fri Jan 9 12:14:07 2009 UTC (15 years, 5 months ago) by djm
Changes since 1.1.1.7: +7 -1 lines
Diff to previous 1.1.1.7 (colored)
import openssl-0.9.8j
Revision 1.14 / (download) - annotate - [select for diffs], Mon Jan 5 21:36:39 2009 UTC (15 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.13: +3 -1 lines
Diff to previous 1.13 (colored)
update to openssl-0.9.8i; tested by several, especially krw@
Revision 1.13 / (download) - annotate - [select for diffs], Sat Sep 6 12:17:54 2008 UTC (15 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.12: +397 -44 lines
Diff to previous 1.12 (colored)
resolve conflicts
Revision 1.1.1.7 / (download) - annotate - [select for diffs] (vendor branch), Sat Sep 6 12:15:51 2008 UTC (15 years, 9 months ago) by djm
Changes since 1.1.1.6: +397 -44 lines
Diff to previous 1.1.1.6 (colored)
import of OpenSSL 0.9.8h
Revision 1.12 / (download) - annotate - [select for diffs], Tue Jun 27 05:07:03 2006 UTC (17 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.11: +3 -2 lines
Diff to previous 1.11 (colored)
resolve conflicts
Revision 1.1.1.6 / (download) - annotate - [select for diffs] (vendor branch), Tue Jun 27 05:05:39 2006 UTC (17 years, 11 months ago) by djm
Changes since 1.1.1.5: +3 -2 lines
Diff to previous 1.1.1.5 (colored)
import of openssl-0.9.7j
Revision 1.11 / (download) - annotate - [select for diffs], Fri Apr 29 05:39:31 2005 UTC (19 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.10: +7 -5 lines
Diff to previous 1.10 (colored)
resolve conflicts
Revision 1.1.1.5 / (download) - annotate - [select for diffs] (vendor branch), Fri Apr 29 05:37:28 2005 UTC (19 years, 1 month ago) by djm
Changes since 1.1.1.4: +7 -5 lines
Diff to previous 1.1.1.4 (colored)
import of openssl-0.9.7g; tested on platforms from alpha to zaurus, ok deraadt@
Revision 1.10 / (download) - annotate - [select for diffs], Sat Sep 14 11:18:04 2002 UTC (21 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.9: +1 -4 lines
Diff to previous 1.9 (colored)
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
Revision 1.1.1.4 / (download) - annotate - [select for diffs] (vendor branch), Thu Sep 12 20:53:03 2002 UTC (21 years, 9 months ago) by markus
Changes since 1.1.1.3: +1 -1 lines
Diff to previous 1.1.1.3 (colored)
import openssl-0.9.7-stable-SNAP-20020911 (without idea)
Revision 1.9 / (download) - annotate - [select for diffs], Tue Sep 10 16:31:57 2002 UTC (21 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.8: +8 -7 lines
Diff to previous 1.8 (colored)
merge openssl-0.9.7-beta3, tested on vax by miod@
Revision 1.1.1.3 / (download) - annotate - [select for diffs] (vendor branch), Thu Sep 5 22:44:34 2002 UTC (21 years, 9 months ago) by markus
Changes since 1.1.1.2: +8 -7 lines
Diff to previous 1.1.1.2 (colored)
import openssl-0.9.7-beta3
Revision 1.8 / (download) - annotate - [select for diffs], Thu Sep 5 22:12:11 2002 UTC (21 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.7: +1 -1 lines
Diff to previous 1.7 (colored)
merge with 0.9.7-beta1
Revision 1.1.1.2 / (download) - annotate - [select for diffs] (vendor branch), Thu Sep 5 12:51:42 2002 UTC (21 years, 9 months ago) by markus
Changes since 1.1.1.1: +301 -240 lines
Diff to previous 1.1.1.1 (colored)
import openssl-0.9.7-beta1
Revision 1.5.4.1 / (download) - annotate - [select for diffs], Tue Jul 30 15:47:52 2002 UTC (21 years, 10 months ago) by jason
Changes since 1.5: +3 -0 lines
Diff to previous 1.5 (colored) next main 1.6 (colored)
Pull in patch from current: Fix (markus), errata 013: apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
Revision 1.7 / (download) - annotate - [select for diffs], Tue Jul 30 11:08:06 2002 UTC (21 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.6: +3 -0 lines
Diff to previous 1.6 (colored)
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
Revision 1.5.2.1 / (download) - annotate - [select for diffs], Tue Jul 30 11:07:34 2002 UTC (21 years, 10 months ago) by miod
Changes since 1.5: +3 -0 lines
Diff to previous 1.5 (colored) next main 1.6 (colored)
Errata #030 (markus): Fixes for the "OpenSSL Security Advisory [30 July 2002]"
Revision 1.6 / (download) - annotate - [select for diffs], Wed May 15 02:29:20 2002 UTC (22 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.5: +48 -38 lines
Diff to previous 1.5 (colored)
OpenSSL 0.9.7 stable 2002 05 08 merge
Revision 1.5 / (download) - annotate - [select for diffs], Fri Jun 22 00:03:41 2001 UTC (22 years, 11 months ago) by beck
Branch: MAIN
Changes since 1.4: +56 -3 lines
Diff to previous 1.4 (colored)
openssl-engine-0.9.6a merge
Revision 1.4 / (download) - annotate - [select for diffs], Fri Dec 15 02:58:41 2000 UTC (23 years, 6 months ago) by beck
Branch: MAIN
Changes since 1.3: +3 -2 lines
Diff to previous 1.3 (colored)
openssl-engine-0.9.6 merge
Revision 1.3 / (download) - annotate - [select for diffs], Sun Mar 19 11:13:33 2000 UTC (24 years, 2 months ago) by beck
Branch: MAIN
Changes since 1.2: +104 -48 lines
Diff to previous 1.2 (colored)
OpenSSL 0.9.5 merge *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
Revision 1.2 / (download) - annotate - [select for diffs], Wed Sep 29 04:37:30 1999 UTC (24 years, 8 months ago) by beck
Branch: MAIN
Changes since 1.1: +122 -181 lines
Diff to previous 1.1 (colored)
OpenSSL 0.9.4 merge
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Mon Oct 5 20:13:13 1998 UTC (25 years, 8 months ago) by ryker
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
Revision 1.1 / (download) - annotate - [select for diffs], Mon Oct 5 20:13:13 1998 UTC (25 years, 8 months ago) by ryker
Branch: MAIN
Initial revision