![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / lib / libssl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.34 / (download) - annotate - [select for diffs], Tue Mar 26 03:44:11 2024 UTC (2 months, 1 week ago) by beck
Branch: MAIN
CVS Tags: HEAD
Changes since 1.33: +2 -1 lines
Diff to previous 1.33 (colored)
Add an indicator that an extension has been processed. ok jsing@
Revision 1.33 / (download) - annotate - [select for diffs], Sun Apr 23 18:51:53 2023 UTC (13 months, 1 week ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.32: +2 -1 lines
Diff to previous 1.32 (colored)
Randomize the order of TLS extensions On creation of an SSL using SSL_new(), randomize the order in which the extensions will be sent. There are several constraints: the PSK extension must always come last. The order cannot be randomized on a per-message basis as the strict interpretation of the standard chosen in the CH hashing doesn't allow changing the order between first and second ClientHello. Another constraint is that the current code calls callbacks directly on parsing an extension, which means that the order callbacks are called depends on the order in which the peer sent the extensions. This results in breaking apache-httpd setups using virtual hosts with full ranomization because virtual hosts don't work if the SNI is unknown at the time the ALPN callback is called. So for the time being, we ensure that SNI always precedes ALPN to avoid issues until this issue is fixed. This is based on an idea by David Benjamin https://boringssl-review.googlesource.com/c/boringssl/+/48045 Input & ok jsing
Revision 1.32 / (download) - annotate - [select for diffs], Thu Aug 4 09:27:36 2022 UTC (21 months, 4 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.31: +2 -124 lines
Diff to previous 1.31 (colored)
Make tlsext_*_{build,needs,parse}() functions static
None of these functions are used outside of ssl_tlsext.c. The only reason
they are prototyped in the header is for the use of tlsexttest.c. Rather
than having a big pile of useless copy-paste in the header, we can adapt
the test to avoid using these functions directly.
ok jsing
Revision 1.31 / (download) - annotate - [select for diffs], Wed Jul 20 13:35:05 2022 UTC (22 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.30: +2 -1 lines
Diff to previous 1.30 (colored)
Factor out ALPN extension format check The ALPN extension must contain a non-empty list of protocol names. Split a check of this out of tlsext_alpn_server_parse() so that it can be reused elsewhere in the library. ok jsing
Revision 1.30 / (download) - annotate - [select for diffs], Wed Jun 29 17:39:20 2022 UTC (23 months ago) by beck
Branch: MAIN
Changes since 1.29: +12 -1 lines
Diff to previous 1.29 (colored)
Add support for sending QUIC transport parameters This is the start of adding the boringssl API for QUIC support, and the TLS extensions necessary to send and receive QUIC transport data. Inspired by boringssl's https://boringssl-review.googlesource.com/24464 ok jsing@ tb@
Revision 1.29 / (download) - annotate - [select for diffs], Fri Jun 3 13:31:49 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.28: +7 -0 lines
Diff to previous 1.28 (colored)
Add stubbed out handlers for the pre_shared_key extension ok jsing
Revision 1.28 / (download) - annotate - [select for diffs], Fri Jun 3 13:29:39 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.27: +10 -1 lines
Diff to previous 1.27 (colored)
Implement handlers for the psk_key_exchange_modes extensions. ok jsing
Revision 1.27 / (download) - annotate - [select for diffs], Mon Nov 1 16:37:17 2021 UTC (2 years, 7 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)
Improve SNI hostname validation. For some time now we've validated the hostname provided to the server in the SNI extension. Per RFC 6066, an IP literal is invalid as a hostname - the current code rejects IPv6 literals, but allows IPv4 literals through. Improve this check to explicitly detect both IPv4 and IPv6 literals. Some software has been historically known to include IP literals in SNI, so rather than rejecting this outright (and failing with a decode error), pretend that the SNI extension does not exist (such that we do not break some older clients). ok inoguchi@ tb@
Revision 1.26 / (download) - annotate - [select for diffs], Sun Oct 11 01:13:04 2020 UTC (3 years, 7 months ago) by guenther
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)
Constipate ssl3_ciphers and tls1[23]_sigalgs*, pushing them into .data.rel.ro and .rodata respectively. ok tb@ jsing@
Revision 1.25 / (download) - annotate - [select for diffs], Fri Jul 3 04:51:59 2020 UTC (3 years, 11 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.24: +92 -82 lines
Diff to previous 1.24 (colored)
Make the message type available to the extension functions Some TLS extensions need to be treated differently depending on the handshake message they appear in. Over time, various workarounds and hacks were used to deal with the unavailability of the message type in these functions, but this is getting fragile and unwieldy. Having the message type available will enable us to clean this code up and will allow simple fixes for a number of bugs in our handling of the status_request extension reported by Michael Forney. This approach was suggested a while ago by jsing. ok beck jsing
Revision 1.24 / (download) - annotate - [select for diffs], Fri Jul 3 04:12:51 2020 UTC (3 years, 11 months ago) by tb
Branch: MAIN
Changes since 1.23: +5 -5 lines
Diff to previous 1.23 (colored)
Improve argument order for the internal tlsext API Move is_server and msg_type right after the SSL object so that CBS and CBB and alert come last. This brings these functions more in line with other internal functions and separates state from data. requested by jsing
Revision 1.23 / (download) - annotate - [select for diffs], Sat May 23 17:13:24 2020 UTC (4 years ago) by beck
Branch: MAIN
Changes since 1.22: +2 -1 lines
Diff to previous 1.22 (colored)
Enforce that SNI hostnames be correct as per rfc 6066 and 5980. Correct SNI alerts to differentiate between illegal parameter and an unknown name. ok tb@`
Revision 1.22 / (download) - annotate - [select for diffs], Sat Jan 25 12:58:27 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)
Correct value for SSL_TLSEXT_MSG_HRR. ok beck@ tb@
Revision 1.21 / (download) - annotate - [select for diffs], Mon Jan 28 15:44:33 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.20: +2 -1 lines
Diff to previous 1.20 (colored)
Add tls_extension_seen(), a utility to know if a particular extension has been seen in the handshake so far. Use it for keyshare. ok tb@
Revision 1.20 / (download) - annotate - [select for diffs], Thu Jan 24 02:56:41 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.19: +9 -1 lines
Diff to previous 1.19 (colored)
Add server side of versions, keyshare, and client and server of cookie extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@
Revision 1.19 / (download) - annotate - [select for diffs], Wed Jan 23 18:24:40 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.18: +0 -8 lines
Diff to previous 1.18 (colored)
revert previous, accidentally contained another diff in addition to the one I intended to commit
Revision 1.18 / (download) - annotate - [select for diffs], Wed Jan 23 16:46:04 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.17: +9 -1 lines
Diff to previous 1.17 (colored)
Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
Revision 1.17 / (download) - annotate - [select for diffs], Fri Jan 18 12:18:10 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.16: +2 -1 lines
Diff to previous 1.16 (colored)
copyright
Revision 1.16 / (download) - annotate - [select for diffs], Fri Jan 18 12:09:52 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.15: +15 -1 lines
Diff to previous 1.15 (colored)
Add client side of supported versions and keyshare extensions with basic regress ok jsing@
Revision 1.15 / (download) - annotate - [select for diffs], Fri Jan 18 00:54:42 2019 UTC (5 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.14: +75 -66 lines
Diff to previous 1.14 (colored)
Rename TLS extension handling to use less "hello".
When the TLS extension code was rewritten, TLS extensions could only exist
in ClientHello and ServerHello messages - as such, they were named in pairs
of *_clienthello_{needs,build} which would be called by the client and
*_clienthello_parse. Likewise for *_serverhello_{needs,build} which would
be called by a server and *_serverhello_parse, which would be called by a
client.
Enter TLSv1.3 - TLS extensions can now exist in one of seven messages,
with only certain types being allowed to appear in each, meaning the naming
scheme no longer works. Instead, rename them to indicate the caller rather
than the message type - this effectively means:
clienthello_needs -> client_needs
clienthello_build -> client_build
clienthello_parse -> server_parse
serverhello_needs -> server_needs
serverhello_build -> server_build
serverhello_parse -> client_parse
ok beck@ tb@
Revision 1.14 / (download) - annotate - [select for diffs], Fri Nov 9 03:17:24 2018 UTC (5 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.13: +10 -1 lines
Diff to previous 1.13 (colored)
Add header guards and hidden declarations.
Revision 1.13 / (download) - annotate - [select for diffs], Mon Nov 5 20:41:30 2018 UTC (5 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.12: +7 -7 lines
Diff to previous 1.12 (colored)
Rename the TLS Supported Elliptic Curves extension to Supported Groups. RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves. ok beck@ tb@
Revision 1.12 / (download) - annotate - [select for diffs], Thu Feb 8 11:30:30 2018 UTC (6 years, 3 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.11: +2 -3 lines
Diff to previous 1.11 (colored)
Complete the TLS extension rewrite on the client-side. The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down. This also deduplicates the tlsext_client_build() and tlsext_server_build() code. ok beck@
Revision 1.11 / (download) - annotate - [select for diffs], Sat Jan 27 15:30:05 2018 UTC (6 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.10: +2 -3 lines
Diff to previous 1.10 (colored)
Complete the TLS extension handling rewrite for the server-side. This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist. The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions). ok inoguchi@
Revision 1.10 / (download) - annotate - [select for diffs], Sun Aug 27 02:58:04 2017 UTC (6 years, 9 months ago) by doug
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.9: +10 -1 lines
Diff to previous 1.9 (colored)
Rewrite SRTP extension using CBB/CBS and the new extension framework. input + ok beck@, jsing@
Revision 1.9 / (download) - annotate - [select for diffs], Sat Aug 26 20:23:46 2017 UTC (6 years, 9 months ago) by doug
Branch: MAIN
Changes since 1.8: +8 -1 lines
Diff to previous 1.8 (colored)
Rewrite ALPN extension using CBB/CBS and the new extension framework. ok bcook@ beck@ input + ok jsing@
Revision 1.8 / (download) - annotate - [select for diffs], Sat Aug 12 23:38:12 2017 UTC (6 years, 9 months ago) by beck
Branch: MAIN
Changes since 1.7: +8 -1 lines
Diff to previous 1.7 (colored)
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
Revision 1.7 / (download) - annotate - [select for diffs], Sat Aug 12 21:47:59 2017 UTC (6 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.6: +8 -1 lines
Diff to previous 1.6 (colored)
Convert TLS signature algorithms extension handling to the new framework. ok beck@ doug@
Revision 1.6 / (download) - annotate - [select for diffs], Sat Aug 12 21:17:03 2017 UTC (6 years, 9 months ago) by doug
Branch: MAIN
Changes since 1.5: +7 -1 lines
Diff to previous 1.5 (colored)
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework. ok jsing@ beck@
Revision 1.5 / (download) - annotate - [select for diffs], Fri Aug 11 20:14:13 2017 UTC (6 years, 9 months ago) by doug
Branch: MAIN
Changes since 1.4: +9 -1 lines
Diff to previous 1.4 (colored)
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework. input + ok jsing@
Revision 1.4 / (download) - annotate - [select for diffs], Fri Aug 11 06:30:41 2017 UTC (6 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.3: +2 -1 lines
Diff to previous 1.3 (colored)
Add doug@'s copyright since he just added code to these two files.
Revision 1.3 / (download) - annotate - [select for diffs], Fri Aug 11 05:06:34 2017 UTC (6 years, 9 months ago) by doug
Branch: MAIN
Changes since 1.2: +8 -1 lines
Diff to previous 1.2 (colored)
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework. input + ok jsing@
Revision 1.2 / (download) - annotate - [select for diffs], Mon Jul 24 17:10:31 2017 UTC (6 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.1: +7 -0 lines
Diff to previous 1.1 (colored)
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework. Feedback from doug@ ok inoguchi@
Revision 1.1 / (download) - annotate - [select for diffs], Sun Jul 16 18:14:37 2017 UTC (6 years, 10 months ago) by jsing
Branch: MAIN
Start rewriting TLS extension handling. Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code. Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process. Discussed with beck@ ok inoguchi@