![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / lib / libssl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.49 / (download) - annotate - [select for diffs], Sat Feb 3 15:58:34 2024 UTC (4 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.48: +1 -27 lines
Diff to previous 1.48 (colored)
Remove GOST and STREEBOG support from libssl. This version of GOST is old and not anywhere close to compliant with modern GOST standards. It is also very intrusive in libssl and makes a mess everywhere. Efforts to entice a suitably minded anyone to care about it have been unsuccessful. At this point it is probably best to remove this, and if someone ever showed up who truly needed a working version, it should be a clean implementation from scratch, and have it use something closer to the typical API in libcrypto so it would integrate less painfully here. This removes it from libssl in preparation for it's removal from libcrypto with a future major bump ok tb@
Revision 1.48 / (download) - annotate - [select for diffs], Sat Nov 26 16:08:56 2022 UTC (18 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored)
Make internal header file names consistent Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
Revision 1.47 / (download) - annotate - [select for diffs], Sat Jul 2 16:31:04 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.46: +2 -5 lines
Diff to previous 1.46 (colored)
Stop using ssl{_ctx,}_security() outside of ssl_seclevel.c
The API is ugly and we can easily abstract it away. The SSL_SECOP_* stuff
is now confined into ssl_seclevel.c and the rest of the library can make
use of the more straightforward wrappers, which makes it a lot easier on
the eyes.
ok beck jsing
Revision 1.46 / (download) - annotate - [select for diffs], Sat Jul 2 16:00:12 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.45: +7 -7 lines
Diff to previous 1.45 (colored)
Rename uses 'curve' to 'group' and rework tls1 group API. This reworks various tls1_ curve APIs to indicate success via a boolean return value and move the output to an out parameter. This makes the caller code easier and more consistent. Based on a suggestion by jsing ok jsing
Revision 1.45 / (download) - annotate - [select for diffs], Wed Jun 29 07:55:59 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.44: +4 -1 lines
Diff to previous 1.44 (colored)
Check sigalg security level when selecting them. ok beck jsing
Revision 1.44 / (download) - annotate - [select for diffs], Wed Jun 29 07:54:54 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.43: +7 -1 lines
Diff to previous 1.43 (colored)
Check the security bits of the sigalgs' pkey ok beck jsing
Revision 1.43 / (download) - annotate - [select for diffs], Wed Jun 29 07:53:58 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.42: +11 -4 lines
Diff to previous 1.42 (colored)
Check the security level when building sigalgs ok beck jsing
Revision 1.42 / (download) - annotate - [select for diffs], Wed Jun 29 07:53:00 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.41: +21 -1 lines
Diff to previous 1.41 (colored)
Annotate sigalgs with their security level. ok beck jsing
Revision 1.41 / (download) - annotate - [select for diffs], Sat Feb 5 14:54:10 2022 UTC (2 years, 4 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.40: +7 -7 lines
Diff to previous 1.40 (colored)
Bye bye S3I. S3I has served us well, however now that libssl is fully opaque it is time to say goodbye. Aside from removing the calloc/free/memset, the rest is mechanical sed. ok inoguchi@ tb@
Revision 1.40 / (download) - annotate - [select for diffs], Thu Jan 20 20:37:33 2022 UTC (2 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.39: +4 -4 lines
Diff to previous 1.39 (colored)
Remove the remaining three parens in return statements.
Revision 1.39 / (download) - annotate - [select for diffs], Thu Jan 20 20:35:46 2022 UTC (2 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored)
Use correct spelling of NULL.
Revision 1.38 / (download) - annotate - [select for diffs], Fri Nov 26 16:41:42 2021 UTC (2 years, 6 months ago) by tb
Branch: MAIN
Changes since 1.37: +5 -5 lines
Diff to previous 1.37 (colored)
Stop reaching into EVP_PKEY in the rest of libssl. ok inoguchi jsing
Revision 1.37 / (download) - annotate - [select for diffs], Tue Jun 29 19:36:14 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.36: +6 -5 lines
Diff to previous 1.36 (colored)
Pull up and dedup the TLS version check in ssl_sigalg_pkey_ok(). Suggested by tb@
Revision 1.36 / (download) - annotate - [select for diffs], Tue Jun 29 19:33:46 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.35: +2 -5 lines
Diff to previous 1.35 (colored)
Simplify RSA PSS key size comment. Wording provided by tb@
Revision 1.35 / (download) - annotate - [select for diffs], Tue Jun 29 19:29:16 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.34: +6 -7 lines
Diff to previous 1.34 (colored)
Change ssl_sigalg_from_value() to take SSL * instead of a TLS version. This simplifies callers, as only the negotiated TLS version needs to be used here. Requested by tb@
Revision 1.34 / (download) - annotate - [select for diffs], Tue Jun 29 19:25:59 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.33: +4 -4 lines
Diff to previous 1.33 (colored)
Make various sigalg functions static now that they're only used internally.
Revision 1.33 / (download) - annotate - [select for diffs], Tue Jun 29 19:20:39 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.32: +24 -2 lines
Diff to previous 1.32 (colored)
Provide a ssl_sigalg_for_peer() function and use in the TLSv1.3 code. Provide an ssl_sigalg_for_peer() function that knows how to figure out which signature algorithm should be used for a peer provided signature, performing appropriate validation to ensure that the peer provided value is suitable for the protocol version and key in use. In the TLSv1.3 code, this replaces the need for separate calls to lookup the sigalg from the peer provided value, then perform validation. ok inoguchi@ tb@
Revision 1.32 / (download) - annotate - [select for diffs], Tue Jun 29 19:10:08 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.31: +18 -23 lines
Diff to previous 1.31 (colored)
Move the RSA-PSS check for TLSv1.3 to ssl_sigalg_pkey_ok(). Also, rather than passing in a check_curve flag, pass in the SSL * and handle version checks internally to ssl_sigalg_pkey_ok(), simplifying the callers. ok inoguchi@ tb@
Revision 1.31 / (download) - annotate - [select for diffs], Tue Jun 29 18:59:25 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.30: +26 -31 lines
Diff to previous 1.30 (colored)
Factor out handling of legacy default signature algorithms. In the case of TLSv1.0 and TLSv1.1 there is no signature algorithms extension and default signature algorithms are used - similar applies to TLSv1.2 when the signature algorithms extension has been omitted. ok inoguchi@ tb@
Revision 1.30 / (download) - annotate - [select for diffs], Tue Jun 29 18:55:47 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.29: +2 -7 lines
Diff to previous 1.29 (colored)
Mop up now unused variables.
Revision 1.29 / (download) - annotate - [select for diffs], Sun Jun 27 18:15:35 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.28: +14 -10 lines
Diff to previous 1.28 (colored)
Change ssl_sigalgs_from_value() to perform sigalg list selection. Rather that passing in a sigalg list at every call site, pass in the appropriate TLS version and have ssl_sigalgs_from_value() perform the sigalg list selection itself. This allows the sigalg lists to be made internal to the sigalgs code. ok tb@
Revision 1.28 / (download) - annotate - [select for diffs], Sun Jun 27 18:09:07 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.27: +3 -3 lines
Diff to previous 1.27 (colored)
Rename ssl_sigalg() to ssl_sigalg_from_value(). This makes the code more self-documenting and avoids the ambiguity between ssl_sigalg the struct and ssl_sigalg the function. ok tb@
Revision 1.27 / (download) - annotate - [select for diffs], Sun Jun 27 17:59:17 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.26: +19 -2 lines
Diff to previous 1.26 (colored)
Change ssl_sigalgs_build() to perform sigalg list selection. Rather that doing sigalg list selection at every call site, pass in the appropriate TLS version and have ssl_sigalgs_build() perform the sigalg list selection itself. This reduces code duplication, simplifies the calling code and is the first step towards internalising the sigalg lists. ok tb@
Revision 1.26 / (download) - annotate - [select for diffs], Sun Jun 27 17:50:06 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.25: +7 -15 lines
Diff to previous 1.25 (colored)
Tidy some comments and simplify some code. ok tb@
Revision 1.25 / (download) - annotate - [select for diffs], Sun Jun 27 17:45:16 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.24: +18 -18 lines
Diff to previous 1.24 (colored)
Keep sigalg initialiser order consistent - key type, then hash. This matches the order that sigalgs are specified in. ok tb@
Revision 1.24 / (download) - annotate - [select for diffs], Sun May 16 08:24:21 2021 UTC (3 years ago) by jsing
Branch: MAIN
Changes since 1.23: +2 -1 lines
Diff to previous 1.23 (colored)
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_* Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
Revision 1.23 / (download) - annotate - [select for diffs], Wed Mar 10 18:27:02 2021 UTC (3 years, 3 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.22: +4 -4 lines
Diff to previous 1.22 (colored)
Improve internal version handling. Add handshake fields for our minimum TLS version, our maximum TLS version and the TLS version negotiated during the handshake. Initialise our min/max versions at the start of the handshake and leave these unchanged. The negotiated TLS version is set in the client once we receive the ServerHello and in the server at the point we select the highest shared version. Provide an ssl_effective_version() function that returns the negotiated TLS version if known, otherwise our maximum TLS version - this is effectively what is stored in s->version currently. Convert most of the internal code to use one of these three version fields, which greatly simplifies code (especially in the TLS extension handling code). ok tb@
Revision 1.22 / (download) - annotate - [select for diffs], Sun Oct 11 01:13:04 2020 UTC (3 years, 8 months ago) by guenther
Branch: MAIN
Changes since 1.21: +8 -8 lines
Diff to previous 1.21 (colored)
Constipate ssl3_ciphers and tls1[23]_sigalgs*, pushing them into .data.rel.ro and .rodata respectively. ok tb@ jsing@
Revision 1.20.8.1 / (download) - annotate - [select for diffs], Mon Aug 10 18:59:47 2020 UTC (3 years, 10 months ago) by tb
Branch: OPENBSD_6_7
Changes since 1.20: +7 -1 lines
Diff to previous 1.20 (colored) next main 1.21 (colored)
LibreSSL 3.1.4 - Interoperability and bug fixes for the TLSv1.3 client: * Improve client certificate selection to allow EC certificates instead of only RSA certificates. * Do not error out if a TLSv1.3 server requests an OCSP response as part of a certificate request. * Fix SSL_shutdown behavior to match the legacy stack. The previous behaviour could cause a hang. * Fix a memory leak and add a missing error check in the handling of the key update message. * Fix a memory leak in tls13_record_layer_set_traffic_key. * Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes. * Ensure that only PSS may be used with RSA in TLSv1.3 in order to avoid using PKCS1-based signatures. * Add the P-521 curve to the list of curves supported by default in the client. This is errata/6.7/019_libssl.patch.sig
Revision 1.21 / (download) - annotate - [select for diffs], Sat May 9 16:52:15 2020 UTC (4 years, 1 month ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.20: +8 -2 lines
Diff to previous 1.20 (colored)
Forcibly ensure that only PSS may be used with RSA in TLS 1.3. This prevents us from incorrectly choosing a PKCS1 based signature if the client advertises support for them but also prefers them to PSS such as appears to be the case with gnuTLS. ok jsing@
Revision 1.20 / (download) - annotate - [select for diffs], Mon Apr 1 02:09:21 2019 UTC (5 years, 2 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Branch point for: OPENBSD_6_7
Changes since 1.19: +4 -4 lines
Diff to previous 1.19 (colored)
Correct subtle bug in sigalgs, only care about curve_nid if we are checking the curve. ok jsing@ tb@
Revision 1.19 / (download) - annotate - [select for diffs], Mon Mar 25 17:33:26 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.18: +1 -21 lines
Diff to previous 1.18 (colored)
Strip out all of the pkey to sigalg and sigalg to pkey linkages. These are no longer used now that we defer signature algorithm selection. ok beck@
Revision 1.18 / (download) - annotate - [select for diffs], Mon Mar 25 17:21:18 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.17: +79 -5 lines
Diff to previous 1.17 (colored)
Defer sigalgs selection until the certificate is known. Previously the signature algorithm was selected when the TLS extension was parsed (or the client received a certificate request), however the actual certificate to be used is not known at this stage. This leads to various problems, including the selection of a signature algorithm that cannot be used with the certificate key size (as found by jeremy@ via ruby regress). Instead, store the signature algorithms list and only select a signature algorithm when we're ready to do signature generation. Joint work with beck@.
Revision 1.17 / (download) - annotate - [select for diffs], Tue Mar 19 16:56:04 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.16: +2 -7 lines
Diff to previous 1.16 (colored)
Avoid an internal 2 byte overread in ssl_sigalgs(). Found by oss-fuzz, fixes issue #13797. ok beck@ tb@
Revision 1.16 / (download) - annotate - [select for diffs], Thu Jan 24 00:07:58 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.15: +1 -6 lines
Diff to previous 1.15 (colored)
Remove SHA224 based sigalgs from use in TLS 1.2 as SHA224 is deprecated. Remove GOST based sigalgs from TLS 1.2 since they don't work with TLS 1.2. ok jsing@
Revision 1.15 / (download) - annotate - [select for diffs], Wed Jan 23 23:47:13 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.14: +4 -4 lines
Diff to previous 1.14 (colored)
Correct ECDSA_SECP512R1 typo to ECDSA_SECP521R1 spotted by naddy@
Revision 1.14 / (download) - annotate - [select for diffs], Wed Jan 23 18:39:28 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.13: +19 -2 lines
Diff to previous 1.13 (colored)
Modify sigalgs extension processing to accomodate TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2. - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 from a 1.3 handshake. ok jsing@ tb@
Revision 1.13 / (download) - annotate - [select for diffs], Wed Jan 23 18:24:40 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.12: +1 -18 lines
Diff to previous 1.12 (colored)
revert previous, accidentally contained another diff in addition to the one I intended to commit
Revision 1.12 / (download) - annotate - [select for diffs], Wed Jan 23 16:46:04 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.11: +19 -2 lines
Diff to previous 1.11 (colored)
Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
Revision 1.11 / (download) - annotate - [select for diffs], Fri Nov 16 02:41:16 2018 UTC (5 years, 6 months ago) by beck
Branch: MAIN
Changes since 1.10: +12 -3 lines
Diff to previous 1.10 (colored)
Unbreak legacy ciphers for prior to 1.1 by setting having a legacy sigalg for MD5_SHA1 and using it as the non sigalgs default ok jsing@
Revision 1.10 / (download) - annotate - [select for diffs], Wed Nov 14 02:27:15 2018 UTC (5 years, 6 months ago) by beck
Branch: MAIN
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)
In TLS1.2 we use evp_sha1 if we fall back this far, not evp_md5_sha1 as in 1.1 Makes connections to outlook.office365.com work
Revision 1.9 / (download) - annotate - [select for diffs], Tue Nov 13 15:50:54 2018 UTC (5 years, 6 months ago) by beck
Branch: MAIN
Changes since 1.8: +4 -3 lines
Diff to previous 1.8 (colored)
Temporary workaround for breakage seen in www.videolan.org with curve mismatch
Revision 1.8 / (download) - annotate - [select for diffs], Tue Nov 13 01:19:48 2018 UTC (5 years, 6 months ago) by beck
Branch: MAIN
Changes since 1.7: +26 -9 lines
Diff to previous 1.7 (colored)
Fix pkey_ok to be less strange, and add cuve checks required for the EC ones ok tb@
Revision 1.7 / (download) - annotate - [select for diffs], Sun Nov 11 21:54:47 2018 UTC (5 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.6: +17 -1 lines
Diff to previous 1.6 (colored)
Add check function to verify that pkey is usable with a sigalg. Include check for appropriate RSA key size when used with PSS. ok tb@
Revision 1.6 / (download) - annotate - [select for diffs], Sun Nov 11 02:03:23 2018 UTC (5 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.5: +1 -3 lines
Diff to previous 1.5 (colored)
Convert signatures and verifcation to use the EVP_DigestXXX api to allow for adding PSS, Nuke the now unneejded guard around the PSS algorithms in the sigalgs table ok jsing@ tb@
Revision 1.5 / (download) - annotate - [select for diffs], Sat Nov 10 08:42:39 2018 UTC (5 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.4: +1 -14 lines
Diff to previous 1.4 (colored)
Remove dead code ok jsing@
Revision 1.4 / (download) - annotate - [select for diffs], Sat Nov 10 01:19:09 2018 UTC (5 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.3: +5 -16 lines
Diff to previous 1.3 (colored)
Stop keeping track of sigalgs by guessing it from digest and pkey, just keep the sigalg around so we can remember what we actually decided to use. ok jsing@
Revision 1.3 / (download) - annotate - [select for diffs], Fri Nov 9 05:43:39 2018 UTC (5 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.2: +11 -4 lines
Diff to previous 1.2 (colored)
Ensure we only choose sigalgs from our prefernce list, not the whole list ok jsing@
Revision 1.2 / (download) - annotate - [select for diffs], Fri Nov 9 05:02:53 2018 UTC (5 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.1: +34 -6 lines
Diff to previous 1.1 (colored)
Add the ability to have a separate priority list for sigalgs. Add a priority list for tls 1.2 ok jsing@
Revision 1.1 / (download) - annotate - [select for diffs], Fri Nov 9 00:34:55 2018 UTC (5 years, 7 months ago) by beck
Branch: MAIN
Reimplement the sigalgs processing code into a new implementation that will be usable with TLS 1.3 with less eye bleed. ok jsing@ tb@