![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / lib / libssl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.198 / (download) - annotate - [select for diffs], Sat Nov 18 10:51:09 2023 UTC (6 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.197: +8 -6 lines
Diff to previous 1.197 (colored)
Check for negative EVP_CIPHER_CTX_iv_length() return in libssl ok beck
Revision 1.197 / (download) - annotate - [select for diffs], Sat Nov 26 16:08:56 2022 UTC (18 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.196: +2 -2 lines
Diff to previous 1.196 (colored)
Make internal header file names consistent Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
Revision 1.196 / (download) - annotate - [select for diffs], Sun Oct 2 16:36:42 2022 UTC (20 months ago) by jsing
Branch: MAIN
Changes since 1.195: +53 -53 lines
Diff to previous 1.195 (colored)
Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL. These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL. Prompted by tb@
Revision 1.195 / (download) - annotate - [select for diffs], Wed Aug 17 18:45:25 2022 UTC (21 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.194: +95 -28 lines
Diff to previous 1.194 (colored)
Refactor tls1_get_supported_group() This splits tls1_get_supported_group() into a few helper functions to be able to count shared groups and to return the n-th shared group since someone thought it is a great idea to expose that in a single API and some others thought it is useful to add this info to log noise. This is all made a bit more complicated thanks to the security level having its tentacles everywhere and because a user-provided security callback can influence the list of groups shared by the peers. ok jsing
Revision 1.194 / (download) - annotate - [select for diffs], Wed Aug 17 18:42:13 2022 UTC (21 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.193: +3 -3 lines
Diff to previous 1.193 (colored)
Make tls1_get_{format,group_}list() take a const SSL
ok jsing
Revision 1.193 / (download) - annotate - [select for diffs], Sun Jul 3 08:15:52 2022 UTC (23 months ago) by tb
Branch: MAIN
Changes since 1.192: +9 -97 lines
Diff to previous 1.192 (colored)
Simplify tls1_ec_nid2group_id() Replace long switch statement duplicating data from nid_list[] with a linear scan. requested by and ok jsing
Revision 1.192 / (download) - annotate - [select for diffs], Sun Jul 3 08:13:45 2022 UTC (23 months ago) by tb
Branch: MAIN
Changes since 1.191: +9 -9 lines
Diff to previous 1.191 (colored)
Simplify tls1_ec_group_id2{bits,nid}()
Instead of a nonsensical NULL check, check nid_list[group_id].{bits,nid}
is not 0. This way we can drop the group_id < 1 check.
ok jsing
Revision 1.191 / (download) - annotate - [select for diffs], Sat Jul 2 16:00:12 2022 UTC (23 months ago) by tb
Branch: MAIN
Changes since 1.190: +157 -115 lines
Diff to previous 1.190 (colored)
Rename uses 'curve' to 'group' and rework tls1 group API. This reworks various tls1_ curve APIs to indicate success via a boolean return value and move the output to an out parameter. This makes the caller code easier and more consistent. Based on a suggestion by jsing ok jsing
Revision 1.190 / (download) - annotate - [select for diffs], Sat Jul 2 15:53:37 2022 UTC (23 months ago) by tb
Branch: MAIN
Changes since 1.189: +3 -3 lines
Diff to previous 1.189 (colored)
Fix off-by-one in length check. Spotted by jsing
Revision 1.189 / (download) - annotate - [select for diffs], Sat Jul 2 09:33:20 2022 UTC (23 months ago) by tb
Branch: MAIN
Changes since 1.188: +3 -3 lines
Diff to previous 1.188 (colored)
Make tls1_ec_curve_id2nid() return explicit NID_undef instead of 0 on error and adjust the only caller that didn't check for NID_undef already. ok beck jsing
Revision 1.188 / (download) - annotate - [select for diffs], Thu Jun 30 16:18:03 2022 UTC (23 months ago) by tb
Branch: MAIN
Changes since 1.187: +30 -30 lines
Diff to previous 1.187 (colored)
Remove redundant comments discussed with jsing
Revision 1.187 / (download) - annotate - [select for diffs], Thu Jun 30 16:05:07 2022 UTC (23 months ago) by tb
Branch: MAIN
Changes since 1.186: +149 -32 lines
Diff to previous 1.186 (colored)
Check security level for supported groups. ok jsing
Revision 1.186 / (download) - annotate - [select for diffs], Mon Jan 24 13:47:53 2022 UTC (2 years, 4 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.185: +2 -3 lines
Diff to previous 1.185 (colored)
Garbage collect the unused rv in tls1_check_ec_server_key() and convert to usual form of error checking. ok inoguchi jsing
Revision 1.185 / (download) - annotate - [select for diffs], Sat Jan 8 12:43:44 2022 UTC (2 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.184: +3 -3 lines
Diff to previous 1.184 (colored)
Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY. Nearly all structs in libssl start with an SSL_ suffix, rename CERT and CERT_PKEY for consistency. ok inoguchi@ tb@
Revision 1.184 / (download) - annotate - [select for diffs], Fri Nov 26 16:41:42 2021 UTC (2 years, 6 months ago) by tb
Branch: MAIN
Changes since 1.183: +6 -5 lines
Diff to previous 1.183 (colored)
Stop reaching into EVP_PKEY in the rest of libssl. ok inoguchi jsing
Revision 1.183 / (download) - annotate - [select for diffs], Mon Oct 25 10:01:46 2021 UTC (2 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.182: +5 -5 lines
Diff to previous 1.182 (colored)
Fold SSL_SESSION_INTERNAL back into SSL_SESSION. ok beck@ tb@
Revision 1.182 / (download) - annotate - [select for diffs], Thu Jul 1 17:53:39 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.181: +3 -3 lines
Diff to previous 1.181 (colored)
Merge SSL_METHOD_INTERNAL into SSL_METHOD. Now that SSL_METHOD is opaque and in internal headers, we can remove SSL_METHOD_INTERNAL by merging it back into SSL_METHOD. ok tb@
Revision 1.181 / (download) - annotate - [select for diffs], Fri Jun 11 11:13:53 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.180: +2 -2 lines
Diff to previous 1.180 (colored)
Indent all labels with a single space. This ensures that diff reports the correct function prototype. Prompted by tb@
Revision 1.180 / (download) - annotate - [select for diffs], Sun May 16 14:10:43 2021 UTC (3 years ago) by jsing
Branch: MAIN
Changes since 1.179: +2 -3 lines
Diff to previous 1.179 (colored)
Make local header inclusion consistent. Consistently include local headers in the same location, using the same grouping/sorting across all files.
Revision 1.179 / (download) - annotate - [select for diffs], Sat Dec 5 19:33:38 2020 UTC (3 years, 5 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.178: +2 -2 lines
Diff to previous 1.178 (colored)
Mark nid_list[] const. This moves 116 bytes to .rodata. ok jsing kn
Revision 1.178 / (download) - annotate - [select for diffs], Sun Oct 11 12:45:52 2020 UTC (3 years, 7 months ago) by guenther
Branch: MAIN
Changes since 1.177: +1 -14 lines
Diff to previous 1.177 (colored)
SSL3_ENC_METHOD is just a flag word; merge it into SSL_METHOD_INTERNAL with #defines for the per-version initializers instead of extern globals. Add SSL_USE_SHA256_PRF() to complete the abstraction. ok tb@ jsing@
Revision 1.177 / (download) - annotate - [select for diffs], Wed Oct 7 08:43:34 2020 UTC (3 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.176: +4 -4 lines
Diff to previous 1.176 (colored)
Mop up various things that are now unused with the new record layer. ok inoguchi@ tb@
Revision 1.176 / (download) - annotate - [select for diffs], Sat Sep 12 17:25:11 2020 UTC (3 years, 8 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.175: +19 -24 lines
Diff to previous 1.175 (colored)
Simplify tls1_set_ec_id() a bit Use more descriptive variable names, explain why NID_undef is fine and simplify the logic. ok beck jsing
Revision 1.175 / (download) - annotate - [select for diffs], Mon Sep 7 08:04:29 2020 UTC (3 years, 8 months ago) by tb
Branch: MAIN
Changes since 1.174: +5 -8 lines
Diff to previous 1.174 (colored)
Garbage collect renew_ticket in tls_decrypt_ticket This is only set in one place and read in one place to set the badly named tlsext_ticket_expected flag. It seems preferable to set this flag directly, thus simplifying the logic. This slightly changes the behavior in that this flag is now set earlier, but this seems preferable anyway. Any error between the old and the new position where the flag is set is either fatal (so the connection will be closed) or a decrypt error (so the flag will be set). discussed with jsing
Revision 1.174 / (download) - annotate - [select for diffs], Tue Sep 1 12:40:53 2020 UTC (3 years, 9 months ago) by tb
Branch: MAIN
Changes since 1.173: +5 -21 lines
Diff to previous 1.173 (colored)
copy session id directly in ssl_get_prev_session ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session(). Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so. ok inoguchi jsing
Revision 1.173 / (download) - annotate - [select for diffs], Tue Sep 1 05:38:48 2020 UTC (3 years, 9 months ago) by tb
Branch: MAIN
Changes since 1.172: +2 -4 lines
Diff to previous 1.172 (colored)
Hoist ERR_clear_error() call into the derr: label The only path that sets TLS1_TICKET_NOT_DECRPYTED is through this label and the ERR_clear_error() is called conditionally on this. We clear the errors to make decrypt errors non-fatal. The free functions should not set the errors and if they do, we don't want to hide that. discussed with jsing
Revision 1.172 / (download) - annotate - [select for diffs], Tue Sep 1 05:32:11 2020 UTC (3 years, 9 months ago) by tb
Branch: MAIN
Changes since 1.171: +6 -17 lines
Diff to previous 1.171 (colored)
simplify tls1_process_ticket() exit path tls1_process_ticket() - the only caller of tls_decrypt_ticket() - ends in a switch over the return value of tls_decrypt_ticket() to decide whether or not to set s->internal->tlsext_ticket_expected = 1. Since tls_decrypt_ticket() already knows what it will return and partly bases its decision on what to return on whether or not the ticket needs to be renewed, it can also take care of setting this flag. This way we don't need to have a confusing switch that conflates some return values and sets this flag. Moreover, we can get rid of the ugly TLS1_TICKET_DECRYPTED_RENEW whose only purpose is to signal that the flag should be set. ok jsing
Revision 1.171 / (download) - annotate - [select for diffs], Mon Aug 31 14:34:01 2020 UTC (3 years, 9 months ago) by tb
Branch: MAIN
Changes since 1.170: +36 -37 lines
Diff to previous 1.170 (colored)
Return code tweaks for session ticket handlers In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments. ok beck inoguchi
Revision 1.170 / (download) - annotate - [select for diffs], Mon Aug 31 14:04:51 2020 UTC (3 years, 9 months ago) by tb
Branch: MAIN
Changes since 1.169: +18 -8 lines
Diff to previous 1.169 (colored)
Send alert on ssl_get_prev_session failure ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe. Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere. ok beck inoguchi jsing
Revision 1.165.4.1 / (download) - annotate - [select for diffs], Mon Aug 10 18:59:47 2020 UTC (3 years, 9 months ago) by tb
Branch: OPENBSD_6_7
Changes since 1.165: +18 -5 lines
Diff to previous 1.165 (colored) next main 1.166 (colored)
LibreSSL 3.1.4 - Interoperability and bug fixes for the TLSv1.3 client: * Improve client certificate selection to allow EC certificates instead of only RSA certificates. * Do not error out if a TLSv1.3 server requests an OCSP response as part of a certificate request. * Fix SSL_shutdown behavior to match the legacy stack. The previous behaviour could cause a hang. * Fix a memory leak and add a missing error check in the handling of the key update message. * Fix a memory leak in tls13_record_layer_set_traffic_key. * Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes. * Ensure that only PSS may be used with RSA in TLSv1.3 in order to avoid using PKCS1-based signatures. * Add the P-521 curve to the list of curves supported by default in the client. This is errata/6.7/019_libssl.patch.sig
Revision 1.169 / (download) - annotate - [select for diffs], Sun Aug 9 16:25:54 2020 UTC (3 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.168: +18 -5 lines
Diff to previous 1.168 (colored)
Add P-521 to the list of curves supported by default in the client. A certain VPN provider appears to have configured their servers to only accept P-521 for TLSv1.3 key exchange. The particular VPN software in use also does not currently allow for the TLSv1.3 key share groups to be configured, which means that there is no way to easily use LibreSSL in this situation. Include P-521 in the list of curves that are supported by default in the client, in order to increase interoperability. Discussed at length with beck@, inoguchi@ and tb@. ok tb@
Revision 1.168 / (download) - annotate - [select for diffs], Tue Jul 7 19:31:11 2020 UTC (3 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.167: +1 -9 lines
Diff to previous 1.167 (colored)
Remove some unnecessary function pointers from SSL_METHOD_INTERNAL. ssl_version is completely unused and get_timeout is the same everywhere. ok beck@ inoguchi@ tb@
Revision 1.167 / (download) - annotate - [select for diffs], Fri May 29 17:39:42 2020 UTC (4 years ago) by jsing
Branch: MAIN
Changes since 1.166: +1 -5 lines
Diff to previous 1.166 (colored)
Mop up servername_done, which is unused. ok beck@ inoguchi@ tb@
Revision 1.166 / (download) - annotate - [select for diffs], Sun May 10 14:17:48 2020 UTC (4 years ago) by jsing
Branch: MAIN
Changes since 1.165: +4 -5 lines
Diff to previous 1.165 (colored)
Use size_t for OCSP response length. The OCSP response length is currently an integer, which is overloaded with -1 meaning "unset". Use a size_t for the OCSP response length and infer unset from the OCSP response being NULL. This makes code more readable, simpler and less error prone. ok beck@
Revision 1.165 / (download) - annotate - [select for diffs], Tue Mar 10 17:02:21 2020 UTC (4 years, 2 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE
Branch point for: OPENBSD_6_7
Changes since 1.164: +1 -4 lines
Diff to previous 1.164 (colored)
Remove the enc function pointers. The enc function pointers do not serve any purpose these days - remove a layer of indirection and call dtls1_enc()/tls1_enc() directly. ok inoguchi@ tb@
Revision 1.164 / (download) - annotate - [select for diffs], Thu Apr 25 04:57:36 2019 UTC (5 years, 1 month ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.163: +5 -3 lines
Diff to previous 1.163 (colored)
Use calloc/freezero when allocating and freeing the session ticket data. The decrypted session ticket contains key material. ok tb@
Revision 1.163 / (download) - annotate - [select for diffs], Thu Apr 25 04:54:35 2019 UTC (5 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.162: +28 -23 lines
Diff to previous 1.162 (colored)
Use EVP_CIPHER_CTX_{new,free}() and HMAC_CTX_{new,free}() instead of
allocating on stack.
While here also check the return values from EVP_DecryptInit_ex() and
HMAC_Init_ex().
ok tb@
Revision 1.162 / (download) - annotate - [select for diffs], Thu Apr 25 04:48:56 2019 UTC (5 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.161: +18 -18 lines
Diff to previous 1.161 (colored)
Rename some variables in tls_decrypt_ticket(). Rename mlen to hlen since it is a hmac (and this matches hctx and hmac). Rename ctx to cctx since it is a cipher context and ctx is usually used to mean SSL_CTX in this code. ok tb@
Revision 1.161 / (download) - annotate - [select for diffs], Tue Apr 23 17:02:45 2019 UTC (5 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.160: +72 -44 lines
Diff to previous 1.160 (colored)
Convert tls_decrypt_ticket() to CBS. This removes various pointer arithmetic and manual length checks. ok tb@
Revision 1.160 / (download) - annotate - [select for diffs], Mon Apr 22 16:03:54 2019 UTC (5 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.159: +29 -41 lines
Diff to previous 1.159 (colored)
Provide a derr label (decode/decrypt error) in tls1_decrypt_ticket(). This handles the ret = 2 case and makes the code more readable. ok tb@
Revision 1.159 / (download) - annotate - [select for diffs], Mon Apr 22 15:12:20 2019 UTC (5 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.158: +19 -17 lines
Diff to previous 1.158 (colored)
Pass the session ID down to the session/ticket handling code as a CBS. Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions. ok tb@
Revision 1.158 / (download) - annotate - [select for diffs], Mon Apr 22 14:49:42 2019 UTC (5 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.157: +2 -2 lines
Diff to previous 1.157 (colored)
Inline and remove the tlsext_tick_md macro. There is not much point having a tlsext_tick_md macro that replaces EVP_sha256() in two places, when the cipher is just hardcoded. ok tb@
Revision 1.157 / (download) - annotate - [select for diffs], Sun Apr 21 14:41:30 2019 UTC (5 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.156: +43 -39 lines
Diff to previous 1.156 (colored)
Clean up tls1_process_ticket(). We only have to find one extension, so do that first then proceed with processing and decryption. This makes the code more readable and drops two levels of indent. ok tb@
Revision 1.156 / (download) - annotate - [select for diffs], Sun Apr 21 14:38:32 2019 UTC (5 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.155: +9 -5 lines
Diff to previous 1.155 (colored)
Cleanup more of tls_decrypt_ticket(). Separate the malloc() check and EVP_DecryptUpdate() - the malloc() failure is fatal while a EVP_DecryptUpdate() is a decryption failure. Also ensure that we clear the error stack in all cases where we are indicating a failure to decrypt or decode the ticket - otherwise SSL_error() while later return failure when it should not. ok tb@
Revision 1.155 / (download) - annotate - [select for diffs], Sun Apr 21 10:17:25 2019 UTC (5 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.154: +64 -59 lines
Diff to previous 1.154 (colored)
Start cleaning up tls_decrypt_ticket(). Rather than returning from multiple places and trying to clean up as we go, move to a single exit point and clean/free in one place. Also invert the logic that handles NULL sessions - fail early, rather than having an indented if test for success. ok tb@
Revision 1.154 / (download) - annotate - [select for diffs], Mon Mar 25 17:27:31 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.153: +1 -55 lines
Diff to previous 1.153 (colored)
tls1_process_sigalgs() is no longer needed. ok beck@
Revision 1.153 / (download) - annotate - [select for diffs], Wed Jan 23 18:39:28 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.152: +5 -5 lines
Diff to previous 1.152 (colored)
Modify sigalgs extension processing to accomodate TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2. - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 from a 1.3 handshake. ok jsing@ tb@
Revision 1.152 / (download) - annotate - [select for diffs], Wed Jan 23 18:24:40 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.151: +4 -4 lines
Diff to previous 1.151 (colored)
revert previous, accidentally contained another diff in addition to the one I intended to commit
Revision 1.151 / (download) - annotate - [select for diffs], Wed Jan 23 16:46:04 2019 UTC (5 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.150: +5 -5 lines
Diff to previous 1.150 (colored)
Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
Revision 1.150 / (download) - annotate - [select for diffs], Sat Nov 10 01:19:09 2018 UTC (5 years, 6 months ago) by beck
Branch: MAIN
Changes since 1.149: +23 -19 lines
Diff to previous 1.149 (colored)
Stop keeping track of sigalgs by guessing it from digest and pkey, just keep the sigalg around so we can remember what we actually decided to use. ok jsing@
Revision 1.149 / (download) - annotate - [select for diffs], Fri Nov 9 00:34:55 2018 UTC (5 years, 6 months ago) by beck
Branch: MAIN
Changes since 1.148: +18 -173 lines
Diff to previous 1.148 (colored)
Reimplement the sigalgs processing code into a new implementation that will be usable with TLS 1.3 with less eye bleed. ok jsing@ tb@
Revision 1.148 / (download) - annotate - [select for diffs], Thu Nov 8 20:55:18 2018 UTC (5 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.147: +1 -5 lines
Diff to previous 1.147 (colored)
Stop pretending that a cert member in a SSL and SSL_CTX can be NULL. ok beck@ tb@
Revision 1.147 / (download) - annotate - [select for diffs], Mon Nov 5 20:41:30 2018 UTC (5 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.146: +29 -29 lines
Diff to previous 1.146 (colored)
Rename the TLS Supported Elliptic Curves extension to Supported Groups. RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves. ok beck@ tb@
Revision 1.146 / (download) - annotate - [select for diffs], Mon Nov 5 06:55:37 2018 UTC (5 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.145: +1 -12 lines
Diff to previous 1.145 (colored)
Clean up the code that checks if we can choose an EC cipher suite. The tls1_check_ec_tmp_key() function is now rather misnamed, so just inline the code. Also, rather than running tls1_get_shared_curve() once per EC cipher suite, we can run it once at the start of the ssl3_choose_cipher() function. ok bluhm@ tb@
Revision 1.145 / (download) - annotate - [select for diffs], Mon Nov 5 03:49:44 2018 UTC (5 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.144: +2 -11 lines
Diff to previous 1.144 (colored)
Mop up ecdh_tmp, since it is no longer used. ok bluhm@ tb@
Revision 1.144 / (download) - annotate - [select for diffs], Fri Aug 24 18:10:25 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.143: +21 -44 lines
Diff to previous 1.143 (colored)
Simplify session ticket parsing/handling. The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing. While here standarise on naming for session_id and session_id_len. ok inoguchi@ tb@
Revision 1.143 / (download) - annotate - [select for diffs], Sun Aug 19 15:38:03 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.142: +21 -29 lines
Diff to previous 1.142 (colored)
Rename and collapse tls12_get_sigandhash_cbb(). Now that all callers of tls12_get_sigandhash() have been converted to CBB, collapse tls12_get_sigandhash() and tls12_get_sigandhash_cbb() into a single function. Rename it to tls12_gethashandsig() to be representative of the actual order of the sigalgs parameters, and perform some other clean up. ok inoguchi@ tb@
Revision 1.142 / (download) - annotate - [select for diffs], Thu Aug 16 17:49:48 2018 UTC (5 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.141: +23 -2 lines
Diff to previous 1.141 (colored)
Convert ssl3_send_server_key_exchange() to CBB. ok inoguchi@ tb@
Revision 1.141 / (download) - annotate - [select for diffs], Thu Feb 8 11:30:30 2018 UTC (6 years, 3 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.140: +1 -74 lines
Diff to previous 1.140 (colored)
Complete the TLS extension rewrite on the client-side. The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down. This also deduplicates the tlsext_client_build() and tlsext_server_build() code. ok beck@
Revision 1.140 / (download) - annotate - [select for diffs], Sat Jan 27 15:30:05 2018 UTC (6 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.139: +1 -70 lines
Diff to previous 1.139 (colored)
Complete the TLS extension handling rewrite for the server-side. This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist. The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions). ok inoguchi@
Revision 1.139 / (download) - annotate - [select for diffs], Wed Oct 11 17:35:00 2017 UTC (6 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.138: +1 -24 lines
Diff to previous 1.138 (colored)
Convert ssl3_client_hello() to CBB. As part of this, change ssl_cipher_list_to_bytes() to take a CBB argument, rather than a pointer/length. Some additional clean up/renames while here. Based on a diff from doug@
Revision 1.138 / (download) - annotate - [select for diffs], Wed Oct 11 16:51:39 2017 UTC (6 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.137: +1 -24 lines
Diff to previous 1.137 (colored)
Fully convert ssl3_send_server_hello() to CBB. Based on a diff from doug@
Revision 1.137 / (download) - annotate - [select for diffs], Wed Aug 30 16:44:37 2017 UTC (6 years, 9 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.136: +9 -34 lines
Diff to previous 1.136 (colored)
Move the full extension building into tlsext_{client,server}hello_build(),
leaving ssl_add_{client,server}hello_tlsext() as pointer to CBB wrappers.
ok doug@
Revision 1.136 / (download) - annotate - [select for diffs], Sun Aug 27 02:58:04 2017 UTC (6 years, 9 months ago) by doug
Branch: MAIN
Changes since 1.135: +1 -57 lines
Diff to previous 1.135 (colored)
Rewrite SRTP extension using CBB/CBS and the new extension framework. input + ok beck@, jsing@
Revision 1.135 / (download) - annotate - [select for diffs], Sat Aug 26 20:23:46 2017 UTC (6 years, 9 months ago) by doug
Branch: MAIN
Changes since 1.134: +1 -139 lines
Diff to previous 1.134 (colored)
Rewrite ALPN extension using CBB/CBS and the new extension framework. ok bcook@ beck@ input + ok jsing@
Revision 1.134 / (download) - annotate - [select for diffs], Sun Aug 13 21:10:42 2017 UTC (6 years, 9 months ago) by bcook
Branch: MAIN
Changes since 1.133: +2 -2 lines
Diff to previous 1.133 (colored)
match function implementation with declaration, ok beck@, doug@
Revision 1.133 / (download) - annotate - [select for diffs], Sun Aug 13 16:28:45 2017 UTC (6 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.132: +1 -35 lines
Diff to previous 1.132 (colored)
Remove support for the TLS padding extension. This was added as a workaround for broken F5 TLS termination, which then created issues talking to broken IronPorts. The size of the padding is hardcoded so it cannot be used in any generic sense. ok bcook@ beck@ doug@
Revision 1.132 / (download) - annotate - [select for diffs], Sun Aug 13 16:25:19 2017 UTC (6 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.131: +1 -18 lines
Diff to previous 1.131 (colored)
Nuke SSL_OP_CRYPTOPRO_TLSEXT_BUG. This was a workaround for a server that needed to talk GOST to old/broken CryptoPro clients. This has no impact on TLS clients that are using GOST. ok bcook@ beck@ doug@
Revision 1.131 / (download) - annotate - [select for diffs], Sat Aug 12 23:38:12 2017 UTC (6 years, 9 months ago) by beck
Branch: MAIN
Changes since 1.130: +3 -173 lines
Diff to previous 1.130 (colored)
Rewrite the TLS status request extension to use the new TLS extension framework. ok jsing@
Revision 1.130 / (download) - annotate - [select for diffs], Sat Aug 12 21:47:59 2017 UTC (6 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.129: +13 -50 lines
Diff to previous 1.129 (colored)
Convert TLS signature algorithms extension handling to the new framework. ok beck@ doug@
Revision 1.129 / (download) - annotate - [select for diffs], Sat Aug 12 21:17:03 2017 UTC (6 years, 9 months ago) by doug
Branch: MAIN
Changes since 1.128: +3 -63 lines
Diff to previous 1.128 (colored)
Rewrite session ticket TLS extension handling using CBB/CBS and the new extension framework. ok jsing@ beck@
Revision 1.128 / (download) - annotate - [select for diffs], Sat Aug 12 21:03:08 2017 UTC (6 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.127: +3 -110 lines
Diff to previous 1.127 (colored)
Remove NPN support. NPN was never standardised and the last draft expired in October 2012. ALPN was standardised in July 2014 and has been supported in LibreSSL since December 2014. NPN has also been removed from Chromium in May 2016. TLS clients and servers that try to use/enable NPN will fail gracefully and fallback to the default protocol, since it will essentially appear that the otherside does not support NPN. At some point in the future we will actually remove the NPN related symbols entirely. ok bcook@ beck@ doug@
Revision 1.127 / (download) - annotate - [select for diffs], Sat Aug 12 02:55:22 2017 UTC (6 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.126: +1 -13 lines
Diff to previous 1.126 (colored)
Remove support for DSS/DSA, since we removed the cipher suites a while back. ok guenther@
Revision 1.126 / (download) - annotate - [select for diffs], Fri Aug 11 20:14:13 2017 UTC (6 years, 9 months ago) by doug
Branch: MAIN
Changes since 1.125: +3 -73 lines
Diff to previous 1.125 (colored)
Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new extension framework. input + ok jsing@
Revision 1.125 / (download) - annotate - [select for diffs], Fri Aug 11 05:06:34 2017 UTC (6 years, 9 months ago) by doug
Branch: MAIN
Changes since 1.124: +6 -144 lines
Diff to previous 1.124 (colored)
Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the new extension framework. input + ok jsing@
Revision 1.124 / (download) - annotate - [select for diffs], Thu Aug 10 17:18:38 2017 UTC (6 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.123: +6 -11 lines
Diff to previous 1.123 (colored)
Clean up the EC key/curve configuration handling.
Over the years OpenSSL grew multiple ways of being able to specify EC keys
(and/or curves) for use with ECDH and ECDHE key exchange. You could specify
a static EC key (SSL{_CTX,}_set_tmp_ecdh()), use that as a curve and
generate ephemeral keys (SSL_OP_SINGLE_ECDH_USE), provide the EC key via
a callback that was provided with insufficient information
(SSL{_CTX,}_set_tmp_ecdh_cb()) or enable automatic selection and generation
of EC keys via SSL{_CTX,}_set_ecdh_auto(). This complexity leads to
problems (like ECDHE not being enabled) and potential weird configuration
(like being able to do ECDHE without the ephemeral part...).
We no longer support ECDH and ECDHE can be disabled by removing ECDHE
ciphers from the cipher list. As such, permanently enable automatic EC
curve selection and generation, effectively disabling all of the
configuration knobs. The only exception is the
SSL{_CTX,}_set_tmp_ecdh() functions, which retain part of their previous
behaviour by configuring the curve of the given EC key as the only curve
being enabled. Everything else becomes a no-op.
ok beck@ doug@
Revision 1.123 / (download) - annotate - [select for diffs], Wed Aug 9 22:24:25 2017 UTC (6 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.122: +7 -32 lines
Diff to previous 1.122 (colored)
Pull out the code that identifies if we have an ECC cipher in the cipher list or if we are negotiating an ECC cipher in the handshake. This dedups some of the existing code and will make the EC extension rewrites easier. ok doug@
Revision 1.122 / (download) - annotate - [select for diffs], Mon Jul 24 17:39:43 2017 UTC (6 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.121: +2 -28 lines
Diff to previous 1.121 (colored)
Rewrite and move the last remnants of the ServerHello SNI handling into tlsext_sni_serverhello_parse(). This also adds a check to ensure that if we have an existing session, the name matches what we specified via SNI. ok doug@
Revision 1.121 / (download) - annotate - [select for diffs], Mon Jul 24 17:10:31 2017 UTC (6 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.120: +5 -58 lines
Diff to previous 1.120 (colored)
Rewrite the TLS Renegotiation Indication extension handling using CBB/CBS and the new extension framework. Feedback from doug@ ok inoguchi@
Revision 1.120 / (download) - annotate - [select for diffs], Sun Jul 23 16:27:44 2017 UTC (6 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.119: +6 -1 lines
Diff to previous 1.119 (colored)
Hook the TLS extension parsing framework into the serverhello parsing. Missed in the original commit.
Revision 1.119 / (download) - annotate - [select for diffs], Wed Jul 19 17:45:31 2017 UTC (6 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.118: +5 -3 lines
Diff to previous 1.118 (colored)
Check the return value of CBB_init_fixed(), since it can fail.
Revision 1.118 / (download) - annotate - [select for diffs], Sun Jul 16 18:14:37 2017 UTC (6 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.117: +36 -141 lines
Diff to previous 1.117 (colored)
Start rewriting TLS extension handling. Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code. Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process. Discussed with beck@ ok inoguchi@
Revision 1.117 / (download) - annotate - [select for diffs], Sun May 7 04:22:24 2017 UTC (7 years ago) by beck
Branch: MAIN
Changes since 1.116: +2 -2 lines
Diff to previous 1.116 (colored)
Move state from ssl->internal to the handshake structure. while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
Revision 1.116 / (download) - annotate - [select for diffs], Sat May 6 22:24:58 2017 UTC (7 years ago) by beck
Branch: MAIN
Changes since 1.115: +7 -7 lines
Diff to previous 1.115 (colored)
Bring in an SSL_HANDSHAKE structure and commence the great shovelling ok jsing@, gcc@, regress@
Revision 1.115 / (download) - annotate - [select for diffs], Tue Feb 7 02:08:38 2017 UTC (7 years, 3 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.114: +13 -13 lines
Diff to previous 1.114 (colored)
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
Revision 1.114 / (download) - annotate - [select for diffs], Thu Jan 26 12:16:13 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.113: +12 -23 lines
Diff to previous 1.113 (colored)
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
Revision 1.113 / (download) - annotate - [select for diffs], Thu Jan 26 10:40:21 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.112: +13 -13 lines
Diff to previous 1.112 (colored)
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
Revision 1.112 / (download) - annotate - [select for diffs], Thu Jan 26 06:32:58 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.111: +1 -40 lines
Diff to previous 1.111 (colored)
Remove most of SSL3_ENC_METHOD - we can just inline the function calls and defines since they are the same everywhere. ok beck@
Revision 1.111 / (download) - annotate - [select for diffs], Tue Jan 24 14:57:31 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.110: +3 -5 lines
Diff to previous 1.110 (colored)
sk_pop_free() checks for NULL so do not bother doing it from the callers.
Revision 1.110 / (download) - annotate - [select for diffs], Tue Jan 24 12:24:07 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.109: +5 -2 lines
Diff to previous 1.109 (colored)
#if 0 the ecformats_list and eccurves_list - these are currently unused but will be revisited at some point in the near future.
Revision 1.109 / (download) - annotate - [select for diffs], Tue Jan 24 09:03:21 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.108: +96 -13 lines
Diff to previous 1.108 (colored)
Add support for setting the supported EC curves via
SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and
P-384. If you want others (such a brainpool) you need to configure this
yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
Revision 1.108 / (download) - annotate - [select for diffs], Tue Jan 24 08:41:53 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.107: +3 -3 lines
Diff to previous 1.107 (colored)
Correct bounds checks used when generating the EC curves extension. ok beck@
Revision 1.107 / (download) - annotate - [select for diffs], Tue Jan 24 03:41:43 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.106: +2 -2 lines
Diff to previous 1.106 (colored)
Fix typo in brainpool curve name within a comment.
Revision 1.106 / (download) - annotate - [select for diffs], Mon Jan 23 14:35:42 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.105: +5 -4 lines
Diff to previous 1.105 (colored)
Move options and mode from SSL_CTX and SSL to internal, since these can be set and cleared via existing functions.
Revision 1.105 / (download) - annotate - [select for diffs], Mon Jan 23 13:36:13 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.104: +3 -3 lines
Diff to previous 1.104 (colored)
Split most of SSL_METHOD out into an internal variant, which is opaque. Discussed with beck@
Revision 1.104 / (download) - annotate - [select for diffs], Mon Jan 23 08:48:45 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.103: +2 -2 lines
Diff to previous 1.103 (colored)
send state and rstate from ssl_st into internal. There are accessors so these should not be diddled with directly ok jsing@
Revision 1.103 / (download) - annotate - [select for diffs], Mon Jan 23 06:45:30 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.102: +70 -70 lines
Diff to previous 1.102 (colored)
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
Revision 1.102 / (download) - annotate - [select for diffs], Mon Jan 23 05:13:02 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.101: +6 -5 lines
Diff to previous 1.101 (colored)
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use. ok beck@
Revision 1.101 / (download) - annotate - [select for diffs], Mon Jan 23 04:55:27 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.100: +15 -15 lines
Diff to previous 1.100 (colored)
move the callbacks from ssl_st to internal ok jsing@
Revision 1.100 / (download) - annotate - [select for diffs], Mon Jan 23 04:15:28 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.99: +22 -16 lines
Diff to previous 1.99 (colored)
Move callback function pointers and argument pointers from SSL_CTX to internal. ok beck@
Revision 1.99 / (download) - annotate - [select for diffs], Sun Jan 22 09:02:07 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.98: +39 -39 lines
Diff to previous 1.98 (colored)
Move most of the SSL3_STATE fields to internal - the ones that remain are known to be used by ports. ok beck@
Revision 1.98 / (download) - annotate - [select for diffs], Sun Jan 22 06:36:49 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.97: +29 -23 lines
Diff to previous 1.97 (colored)
Move ALPN and NPN fields from SSL/SSL_CTX to internal. ok beck@
Revision 1.97 / (download) - annotate - [select for diffs], Sun Jan 22 05:14:42 2017 UTC (7 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.96: +24 -24 lines
Diff to previous 1.96 (colored)
Move internal parts of ssl_session_st to internal ok jsing@
Revision 1.96 / (download) - annotate - [select for diffs], Wed Dec 21 16:44:31 2016 UTC (7 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.95: +6 -2 lines
Diff to previous 1.95 (colored)
Add support for ECDHE with X25519. Testing of an earlier revision by naddy@. ok beck@
Revision 1.95 / (download) - annotate - [select for diffs], Sun Dec 18 13:52:53 2016 UTC (7 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.94: +4 -5 lines
Diff to previous 1.94 (colored)
Convert ssl3_get_server_hello() to CBS. ok doug@
Revision 1.94 / (download) - annotate - [select for diffs], Sat Nov 5 08:26:37 2016 UTC (7 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.93: +4 -16 lines
Diff to previous 1.93 (colored)
Convert ssl3_get_server_kex_ecdhe() to CBS, simplifying tls1_check_curve() in the process. This also fixes a long standing bug where tls1_ec_curve_id2nid() is called with only one byte of the curve ID. ok beck@ miod@
Revision 1.93 / (download) - annotate - [select for diffs], Wed Oct 19 16:38:40 2016 UTC (7 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.92: +4 -6 lines
Diff to previous 1.92 (colored)
Remove support for fixed ECDH cipher suites - these is not widely supported and more importantly they do not provide PFS (if you want to use ECDH, use ECDHE instead). With input from guenther@. ok deraadt@ guenther@
Revision 1.92 / (download) - annotate - [select for diffs], Sun Oct 2 21:18:08 2016 UTC (7 years, 8 months ago) by guenther
Branch: MAIN
Changes since 1.91: +11 -5 lines
Diff to previous 1.91 (colored)
Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate()
based on openssl commit a5184a6c89ff954261e73d1e8691ab73b9b4b2d4
ok bcook@
Revision 1.91 / (download) - annotate - [select for diffs], Sun Oct 2 21:05:44 2016 UTC (7 years, 8 months ago) by guenther
Branch: MAIN
Changes since 1.90: +2 -2 lines
Diff to previous 1.90 (colored)
Detect zero-length encrypted session data early, instead of when malloc(0) fails or the HMAC check fails. Noted independently by jsing@ and Kurt Cancemi (kurt (at) x64architecture.com) ok bcook@
Revision 1.90 / (download) - annotate - [select for diffs], Thu Sep 22 12:33:50 2016 UTC (7 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.89: +20 -9 lines
Diff to previous 1.89 (colored)
Avoid unbounded memory growth, which can be triggered by a client repeatedly renegotiating and sending OCSP Status Request TLS extensions. Fix based on OpenSSL.
Revision 1.89 / (download) - annotate - [select for diffs], Thu Sep 22 06:57:40 2016 UTC (7 years, 8 months ago) by guenther
Branch: MAIN
Changes since 1.88: +25 -4 lines
Diff to previous 1.88 (colored)
Improve ticket validity checking when tlsext_ticket_key_cb() callback chooses a different HMAC algorithm. Avert memory leaks if the callback preps the HMAC in some way. Based on openssl commit 1bbe48ab149893a78bf99c8eb8895c928900a16f but retaining a pre-callback length check to guarantee the callback is provided the buffer that the API claims. ok bcook@ jsing@
Revision 1.88 / (download) - annotate - [select for diffs], Sat Aug 27 15:58:06 2016 UTC (7 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.87: +37 -17 lines
Diff to previous 1.87 (colored)
Be more strict when parsing TLS extensions. Based on a diff from Kinichiro Inoguchi. ok beck@
Revision 1.87 / (download) - annotate - [select for diffs], Mon May 30 13:42:54 2016 UTC (8 years ago) by beck
Branch: MAIN
Changes since 1.86: +2 -2 lines
Diff to previous 1.86 (colored)
deprecate internal use of EVP_[Cipher|Encrypt|Decrypt]_Final. 14 years ago these were changed in OpenSSL to be the same as the _ex functions. We use the _ex functions only internally to ensure it is obvious the ctx must be cleared. ok bcook@
Revision 1.86 / (download) - annotate - [select for diffs], Thu Mar 10 23:21:46 2016 UTC (8 years, 2 months ago) by mmcc
Branch: MAIN
Changes since 1.85: +2 -2 lines
Diff to previous 1.85 (colored)
http -> https for a few more IETF URLs in comments or man pages
Revision 1.85 / (download) - annotate - [select for diffs], Sat Sep 12 16:10:08 2015 UTC (8 years, 8 months ago) by doug
Branch: MAIN
Changes since 1.84: +2 -11 lines
Diff to previous 1.84 (colored)
Remove most of the SSLv3 version checks and a few TLS v1.0. We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and DTLS1_BAD_VER support was removed. "reads ok" miod@
Revision 1.84 / (download) - annotate - [select for diffs], Tue Sep 1 13:38:27 2015 UTC (8 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.83: +1 -13 lines
Diff to previous 1.83 (colored)
Remove the ssl_prepare_{client,server}hello_tlsext() functions, which are
now nothing more than noops.
ok bcook@ doug@
Revision 1.82.4.1 / (download) - annotate - [select for diffs], Fri Aug 28 16:31:42 2015 UTC (8 years, 9 months ago) by jsing
Changes since 1.82: +3 -1 lines
Diff to previous 1.82 (colored) next main 1.83 (colored)
MFC: Correctly handle a ClientHello that contains no TLS extensions, rather than treating it as invalid and aborting the handshake.
Revision 1.83 / (download) - annotate - [select for diffs], Wed Aug 19 23:34:34 2015 UTC (8 years, 9 months ago) by bcook
Branch: MAIN
Changes since 1.82: +3 -1 lines
Diff to previous 1.82 (colored)
Properly handle missing TLS extensions in client hello as a non-failure. Noticed by @Ligushka from github. ok miod@, doug@
Revision 1.82 / (download) - annotate - [select for diffs], Fri Jul 24 07:57:48 2015 UTC (8 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.81: +36 -28 lines
Diff to previous 1.81 (colored)
Convert tls1_process_ticket to CBS. ok miod@ jsing@
Revision 1.81 / (download) - annotate - [select for diffs], Fri Jul 24 03:50:12 2015 UTC (8 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.80: +14 -5 lines
Diff to previous 1.80 (colored)
Convert tls1_process_sigalgs to CBS. ok miod@ jsing@
Revision 1.80 / (download) - annotate - [select for diffs], Sun Jul 19 20:32:18 2015 UTC (8 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.79: +4 -1 lines
Diff to previous 1.79 (colored)
Allow *_free() functions in libssl to handle NULL input. This mimics free()'s behavior which makes error handling simpler. ok bcook@ miod@
Revision 1.79 / (download) - annotate - [select for diffs], Fri Jul 17 15:50:37 2015 UTC (8 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.78: +1 -85 lines
Diff to previous 1.78 (colored)
Remove compat hack that disabled ECDHE-ECDSA on OS X. For a few old releases, ECDHE-ECDSA was broken on OS X. This option cannot differentiate between working and broken OS X so it disabled ECDHE-ECDSA support on all OS X >= 10.6. 10.8-10.8.3 were the faulty releases but these are no longer relevant. Tested on OS X 10.10 by jsing. ok jsing@
Revision 1.78 / (download) - annotate - [select for diffs], Fri Jun 19 01:38:54 2015 UTC (8 years, 11 months ago) by doug
Branch: MAIN
Changes since 1.77: +14 -20 lines
Diff to previous 1.77 (colored)
Convert tls1_alpn_handle_client_hello() to CBS. tweak + ok miod@ jsing@
Revision 1.77 / (download) - annotate - [select for diffs], Wed Jun 17 07:52:22 2015 UTC (8 years, 11 months ago) by doug
Branch: MAIN
Changes since 1.76: +12 -11 lines
Diff to previous 1.76 (colored)
Convert ssl_next_proto_validate to CBS. ok miod@, tweak + ok jsing@
Revision 1.76 / (download) - annotate - [select for diffs], Wed Jun 17 07:36:30 2015 UTC (8 years, 11 months ago) by doug
Branch: MAIN
Changes since 1.75: +10 -4 lines
Diff to previous 1.75 (colored)
Convert tls1_check_curve to CBS. ok miod@ jsing@
Revision 1.75 / (download) - annotate - [select for diffs], Mon Mar 2 13:43:09 2015 UTC (9 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.74: +2 -2 lines
Diff to previous 1.74 (colored)
Fix a minor information leak that was introduced in t1_lib.c r1.71, whereby an additional 28 bytes of .rodata (or .data) is provided to the network. In most cases this is a non-issue since the memory content is already public. Issue found and reported by Felix Groebert of the Google Security Team. ok bcook@ beck@
Revision 1.74 / (download) - annotate - [select for diffs], Sun Dec 14 14:34:43 2014 UTC (9 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.73: +1 -17 lines
Diff to previous 1.73 (colored)
unifdef OPENSSL_NO_NEXTPROTONEG, which is one of the last standing #ifndef mazes in libssl. NPN is being replaced by ALPN, however it is still going to be around for a while yet. ok miod@
Revision 1.73 / (download) - annotate - [select for diffs], Wed Dec 10 15:36:47 2014 UTC (9 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.72: +1 -4 lines
Diff to previous 1.72 (colored)
Remove support for GOST R 34.10-94 signature authentication, along with the two ciphersuites that use it. GOST94 public/private keys have been long obsoleted and libcrypto does not have support for them anyway. Discussed with Dmitry Eremin-Solenikov.
Revision 1.72 / (download) - annotate - [select for diffs], Wed Dec 10 14:58:56 2014 UTC (9 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.71: +152 -3 lines
Diff to previous 1.71 (colored)
Add support for ALPN. Based on OpenSSL and BoringSSL. ok bcook@
Revision 1.71 / (download) - annotate - [select for diffs], Sat Dec 6 13:51:06 2014 UTC (9 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.70: +115 -103 lines
Diff to previous 1.70 (colored)
Use appropriate internal types for EC curves and formats, rather than storing and processing in wire encoded form. Inspired by boringssl. ok miod@
Revision 1.70 / (download) - annotate - [select for diffs], Sat Dec 6 13:28:56 2014 UTC (9 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.69: +3 -2 lines
Diff to previous 1.69 (colored)
Ensure that the client specified EC curve list length is a multiple of two. The EC curve handling code assumes this to be the case and will read one byte off the end of the curve list during processing, in the case where it is not. ok miod@
Revision 1.69 / (download) - annotate - [select for diffs], Sat Dec 6 13:21:14 2014 UTC (9 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.68: +15 -3 lines
Diff to previous 1.68 (colored)
Fix two cases where it is possible to read one or two bytes past the end of the buffer. The later size check would catch this, however reading first and checking later is less than ideal. ok miod@
Revision 1.68 / (download) - annotate - [select for diffs], Tue Dec 2 20:46:19 2014 UTC (9 years, 6 months ago) by miod
Branch: MAIN
Changes since 1.67: +5 -2 lines
Diff to previous 1.67 (colored)
Add brainpool curves to eccurves_default[], accidentally missing from 1.32; from OpenSSL HEAD via Thomas Jakobi.
Revision 1.67 / (download) - annotate - [select for diffs], Tue Nov 18 05:33:43 2014 UTC (9 years, 6 months ago) by miod
Branch: MAIN
Changes since 1.66: +36 -3 lines
Diff to previous 1.66 (colored)
Update the GOST code in libssl, as contributed by Dmitry Eremin-Solenikov. This causes a libssl major version bump as this affects the layout of some internal-but-unfortunately-made-visible structs.
Revision 1.66 / (download) - annotate - [select for diffs], Mon Nov 3 17:21:30 2014 UTC (9 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.65: +5 -5 lines
Diff to previous 1.65 (colored)
only call SRTP (whatever that is) functions when the connection type is DTLS (whatever that is) instead of for TLS too. ok jsing.
Revision 1.12.4.3 / (download) - annotate - [select for diffs], Sun Oct 19 16:21:56 2014 UTC (9 years, 7 months ago) by tedu
Changes since 1.12.4.2: +3 -1 lines
Diff to previous 1.12.4.2 (colored) next main 1.13 (colored)
fix two remotely triggerable memory leaks. tested by jasper
Revision 1.12.8.3 / (download) - annotate - [select for diffs], Sun Oct 19 16:21:04 2014 UTC (9 years, 7 months ago) by tedu
Changes since 1.12.8.2: +3 -1 lines
Diff to previous 1.12.8.2 (colored) next main 1.13 (colored)
fix two remotely triggerable memory leaks. tested by jasper
Revision 1.65 / (download) - annotate - [select for diffs], Sat Oct 18 16:13:16 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.64: +1 -2 lines
Diff to previous 1.64 (colored)
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes(). arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
Revision 1.64 / (download) - annotate - [select for diffs], Wed Oct 15 14:02:16 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.63: +4 -4 lines
Diff to previous 1.63 (colored)
Only require an EC public key in tls1_set_ec_id(), if we need to provide a compression identifier. In the case of a server using ephemeral EC keys, the supplied key is unlikely to have a public key where SSL_CTX_set_tmp_ecdh() is called after SSL_OP_SINGLE_ECDH_USE has been set. This makes ECDHE ciphers work again for this use case.
Revision 1.63 / (download) - annotate - [select for diffs], Sun Oct 5 14:56:32 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.62: +28 -30 lines
Diff to previous 1.62 (colored)
Use more specific curves/formats naming for local variables in ssl_add_clienthello_tlsext() and ssl_add_serverhello_tlsext(), rather than the current generic naming. ok miod@
Revision 1.62 / (download) - annotate - [select for diffs], Sun Oct 5 14:53:06 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.61: +2 -11 lines
Diff to previous 1.61 (colored)
Use tls1_get_curvelist() in ssl_add_clienthello_tlsext(), rather than hand rolling the same code. ok miod@
Revision 1.61 / (download) - annotate - [select for diffs], Sun Oct 5 14:47:30 2014 UTC (9 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.60: +29 -21 lines
Diff to previous 1.60 (colored)
Make tls1_get_formatlist() behave the same as tls1_get_curvelist() and return the client format list if the client_formats flag is specified. Use tls1_get_formatlist()/tls1_get_curvelist() in tls1_check_ec_key(), simplifying the code. ok miod@
Revision 1.60 / (download) - annotate - [select for diffs], Fri Oct 3 13:58:18 2014 UTC (9 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.59: +37 -2 lines
Diff to previous 1.59 (colored)
Add support for automatic ephemeral EC keys. This allows an SSL server to enable ECDHE ciphers with a single setting, which results in an EC key being generated using the first preference shared curve. Based on OpenSSL with inspiration from boringssl. ok miod@
Revision 1.59 / (download) - annotate - [select for diffs], Tue Sep 30 15:40:09 2014 UTC (9 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.58: +132 -3 lines
Diff to previous 1.58 (colored)
Clean up EC cipher handling in ssl3_choose_cipher(). The existing code reaches around into various internals of EC, which it should not know anything about. Replace this with a set of functions that that can correctly extract the necessary details and handle the comparisions. Based on a commit to OpenSSL, with some inspiration from boringssl. ok miod@
Revision 1.58 / (download) - annotate - [select for diffs], Sat Sep 27 11:01:06 2014 UTC (9 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.57: +44 -1 lines
Diff to previous 1.57 (colored)
Check that the specified curve is one of the client preferences. Based on OpenSSL. ok miod@
Revision 1.57 / (download) - annotate - [select for diffs], Fri Sep 26 14:58:42 2014 UTC (9 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.56: +44 -47 lines
Diff to previous 1.56 (colored)
Now that we have a static version of the default EC formats, also use it for the server hello. From OpenSSL. ok miod@
Revision 1.56 / (download) - annotate - [select for diffs], Mon Sep 22 14:26:22 2014 UTC (9 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.55: +97 -101 lines
Diff to previous 1.55 (colored)
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with. From OpenSSL (part of a larger commit). ok miod@
Revision 1.55 / (download) - annotate - [select for diffs], Sun Sep 21 17:11:04 2014 UTC (9 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.54: +13 -8 lines
Diff to previous 1.54 (colored)
Move the TLS padding extension under an SSL_OP_TLSEXT_PADDING option, which is off by default (instead of being enabled unconditionally). The TLS padding extension was added as a workaround for a bug in F5 SSL terminators, however appears to trigger bugs in IronPort SMTP appliances. Now the SSL client gets to choose which of these devices it wants to trigger bugs in... Ported from OpenSSL. Discussed with many. ok miod@
Revision 1.12.4.2 / (download) - annotate - [select for diffs], Sat Aug 9 16:55:55 2014 UTC (9 years, 9 months ago) by tedu
Changes since 1.12.4.1: +34 -35 lines
Diff to previous 1.12.4.1 (colored)
backport relevant security fixes from openssl 1.0.1i tested by bcook jsg
Revision 1.12.8.2 / (download) - annotate - [select for diffs], Sat Aug 9 16:54:58 2014 UTC (9 years, 9 months ago) by tedu
Changes since 1.12.8.1: +34 -35 lines
Diff to previous 1.12.8.1 (colored)
backport relevant security fixes from openssl 1.0.1i tested by bcook jsg
Revision 1.54 / (download) - annotate - [select for diffs], Thu Aug 7 22:27:28 2014 UTC (9 years, 9 months ago) by guenther
Branch: MAIN
Changes since 1.53: +2 -2 lines
Diff to previous 1.53 (colored)
Correct test reversed during merge of fix for CVE-2014-3509 pointed out by Watson Ladd (watson (at) matasano.com) ok deraadt@
Revision 1.53 / (download) - annotate - [select for diffs], Wed Aug 6 23:16:16 2014 UTC (9 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.52: +13 -9 lines
Diff to previous 1.52 (colored)
merge fix for CVE-2014-3509 -- basically a missing s->hit check; ok guenther
Revision 1.52 / (download) - annotate - [select for diffs], Sun Jul 13 16:33:01 2014 UTC (9 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.51: +22 -19 lines
Diff to previous 1.51 (colored)
Expand the tlsext_sigalg macros. The end result is about the same number of lines and much more readable. ok miod@
Revision 1.51 / (download) - annotate - [select for diffs], Sun Jul 13 16:03:10 2014 UTC (9 years, 10 months ago) by beck
Branch: MAIN
Changes since 1.50: +3 -2 lines
Diff to previous 1.50 (colored)
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
Revision 1.50 / (download) - annotate - [select for diffs], Sat Jul 12 22:33:39 2014 UTC (9 years, 10 months ago) by jsing
Branch: MAIN
Changes since 1.49: +4 -4 lines
Diff to previous 1.49 (colored)
The correct name for EDH is DHE, likewise EECDH should be ECDHE. Based on changes to OpenSSL trunk. ok beck@ miod@
Revision 1.49 / (download) - annotate - [select for diffs], Wed Jul 9 11:10:51 2014 UTC (9 years, 10 months ago) by bcook
Branch: MAIN
Changes since 1.48: +1 -3 lines
Diff to previous 1.48 (colored)
remove unused, private version strings except SSL_version_str Also remove unused des_ver.h, which exports some of these strings, but is not installed. ok miod@ tedu@
Revision 1.48 / (download) - annotate - [select for diffs], Thu Jun 19 21:29:51 2014 UTC (9 years, 11 months ago) by tedu
Branch: MAIN
Changes since 1.47: +3 -3 lines
Diff to previous 1.47 (colored)
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
Revision 1.47 / (download) - annotate - [select for diffs], Wed Jun 18 04:49:40 2014 UTC (9 years, 11 months ago) by miod
Branch: MAIN
Changes since 1.46: +10 -4 lines
Diff to previous 1.46 (colored)
Make sure to always invoke EVP_CIPHER_CTX_cleanup() before returning in the error paths from tls_decrypt_ticket(). ok tedu@
Revision 1.46 / (download) - annotate - [select for diffs], Fri Jun 13 04:29:13 2014 UTC (9 years, 11 months ago) by miod
Branch: MAIN
Changes since 1.45: +1 -213 lines
Diff to previous 1.45 (colored)
Remove support for the `opaque PRF input' extension, which draft has expired 7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
Revision 1.45 / (download) - annotate - [select for diffs], Thu Jun 12 15:49:31 2014 UTC (9 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.44: +1 -1 lines
Diff to previous 1.44 (colored)
tags as requested by miod and tedu
Revision 1.44 / (download) - annotate - [select for diffs], Wed Jun 4 21:05:30 2014 UTC (10 years ago) by miod
Branch: MAIN
Changes since 1.43: +22 -18 lines
Diff to previous 1.43 (colored)
Sanitize use of client_opaque_prf_input: set it to NULL immediately after free()ing it, rather than in conditional code. Also do not bother setting server_opaque_prf_input (server, not client) to NULL in conditional code 10 lines after explicitely free()ing it and setting it to NULL (were the developers afraid of zombie pointers?) ok guenther@
Revision 1.43 / (download) - annotate - [select for diffs], Wed Jun 4 14:10:23 2014 UTC (10 years ago) by tedu
Branch: MAIN
Changes since 1.42: +1 -1 lines
Diff to previous 1.42 (colored)
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
Revision 1.42 / (download) - annotate - [select for diffs], Sat May 31 10:53:39 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.41: +0 -22 lines
Diff to previous 1.41 (colored)
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC. ok tedu@
Revision 1.41 / (download) - annotate - [select for diffs], Sat May 31 10:49:28 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.40: +0 -6 lines
Diff to previous 1.40 (colored)
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT. ok tedu@
Revision 1.40 / (download) - annotate - [select for diffs], Fri May 30 14:30:50 2014 UTC (10 years ago) by tedu
Branch: MAIN
Changes since 1.39: +0 -36 lines
Diff to previous 1.39 (colored)
remove some #if 0 code. we don't need any more reminders that we're using a not quite appropriate data structure. ok jsing
Revision 1.39 / (download) - annotate - [select for diffs], Fri May 30 14:01:11 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.38: +4 -3 lines
Diff to previous 1.38 (colored)
Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS and SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
Revision 1.38 / (download) - annotate - [select for diffs], Thu May 29 18:11:13 2014 UTC (10 years ago) by tedu
Branch: MAIN
Changes since 1.37: +0 -10 lines
Diff to previous 1.37 (colored)
unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them. ok deraadt jsing
Revision 1.37 / (download) - annotate - [select for diffs], Thu May 29 16:00:16 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.36: +38 -0 lines
Diff to previous 1.36 (colored)
Make it substantially easier to identify protocol version requirements by adding an enc_flags field to the ssl3_enc_method, specifying four flags that are used with this field and providing macros for evaluating these conditions. Currently the version requirements are identified by continually checking the version number and other criteria. This change also adds separate SSL3_ENC_METHOD data for TLS v1.1 and v1.2, since they have different enc_flags from TLS v1. Based on changes in OpenSSL head. No objection from miod@
Revision 1.36 / (download) - annotate - [select for diffs], Wed May 28 13:03:25 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.35: +18 -32 lines
Diff to previous 1.35 (colored)
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
Revision 1.35 / (download) - annotate - [select for diffs], Mon May 26 20:54:06 2014 UTC (10 years ago) by miod
Branch: MAIN
Changes since 1.34: +39 -26 lines
Diff to previous 1.34 (colored)
Replace the following logic:
if (nothing to allocate)
ptr = malloc(1)
else {
if ((ptr = malloc(size to allocate))
memcpy(ptr, data to copy, size to allocate)
}
if (ptr == NULL)
OMG ERROR
with a saner logic where the NULL pointer check if moved to the actual
malloc branch, so that we do not need to malloc a single byte, just to avoid
having a NULL pointer.
Whoever thought allocating a single byte was a smart idea was obviously
not taking his meds.
ok beck@ guenther@
Revision 1.34 / (download) - annotate - [select for diffs], Mon May 26 20:11:27 2014 UTC (10 years ago) by miod
Branch: MAIN
Changes since 1.33: +4 -1 lines
Diff to previous 1.33 (colored)
tls_decrypt_ticket(): memory leak and uncleaned EVP_CIPHER_CTX upon error.
Revision 1.33 / (download) - annotate - [select for diffs], Sat May 24 16:06:28 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.32: +14 -12 lines
Diff to previous 1.32 (colored)
Use C99 initialisers for SSL3_ENC_METHOD structs. ok miod@
Revision 1.32 / (download) - annotate - [select for diffs], Sat May 24 15:21:40 2014 UTC (10 years ago) by miod
Branch: MAIN
Changes since 1.31: +13 -1 lines
Diff to previous 1.31 (colored)
Enable three brainpool elliptic curves for TLS, as specified in RFC 7027; from OpenSSL HEAD. ok beck@ deraadt@ jsing@
Revision 1.31 / (download) - annotate - [select for diffs], Sat May 24 15:18:58 2014 UTC (10 years ago) by miod
Branch: MAIN
Changes since 1.30: +4 -4 lines
Diff to previous 1.30 (colored)
Use sizeof(cryptopro_ext) instead of 36 when applicable. ok jsing@
Revision 1.30 / (download) - annotate - [select for diffs], Thu May 22 11:48:49 2014 UTC (10 years ago) by jsing
Branch: MAIN
Changes since 1.29: +194 -184 lines
Diff to previous 1.29 (colored)
More KNF.
Revision 1.29 / (download) - annotate - [select for diffs], Mon May 19 20:09:15 2014 UTC (10 years ago) by miod
Branch: MAIN
Changes since 1.28: +39 -34 lines
Diff to previous 1.28 (colored)
Fix several bounds checks in ssl_add_clienthello_tlsext() and ssl_add_serverhello_tlsext(), and convert all of them to the same idiom, for easier review. Math is hard, let's go webshopping. Help and ok guenther@
Revision 1.28 / (download) - annotate - [select for diffs], Mon May 5 15:03:22 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.27: +0 -50 lines
Diff to previous 1.27 (colored)
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
Revision 1.27 / (download) - annotate - [select for diffs], Sat Apr 26 22:54:54 2014 UTC (10 years, 1 month ago) by miod
Branch: MAIN
Changes since 1.26: +1 -1 lines
Diff to previous 1.26 (colored)
Appease gcc3 -Wuninitialized.
Revision 1.26 / (download) - annotate - [select for diffs], Mon Apr 21 16:34:43 2014 UTC (10 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.25: +9 -6 lines
Diff to previous 1.25 (colored)
more malloc/realloc/calloc cleanups; ok beck kettenis
Revision 1.25 / (download) - annotate - [select for diffs], Sat Apr 19 08:52:32 2014 UTC (10 years, 1 month ago) by guenther
Branch: MAIN
Changes since 1.24: +6 -6 lines
Diff to previous 1.24 (colored)
More KNF and style consistency tweaks
Revision 1.24 / (download) - annotate - [select for diffs], Fri Apr 18 21:19:20 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.23: +91 -91 lines
Diff to previous 1.23 (colored)
now that knf carpet bombing is finished, switch to hand to hand combat.
still not sure what to make of mysteries like this:
for (i = 7; i >= 0; i--) { /* increment */
Revision 1.23 / (download) - annotate - [select for diffs], Thu Apr 17 21:37:37 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.22: +0 -20 lines
Diff to previous 1.22 (colored)
always build in RSA and DSA. ok deraadt miod
Revision 1.22 / (download) - annotate - [select for diffs], Thu Apr 17 21:15:37 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.21: +0 -8 lines
Diff to previous 1.21 (colored)
SHA and AES (and sadly MD5) can't be considered optional. ok beck miod
Revision 1.21 / (download) - annotate - [select for diffs], Thu Apr 17 20:34:24 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.20: +0 -12 lines
Diff to previous 1.20 (colored)
quick pass at removing ability to disable sha256 and sha512. ok miod
Revision 1.20 / (download) - annotate - [select for diffs], Thu Apr 17 13:37:50 2014 UTC (10 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.19: +28 -28 lines
Diff to previous 1.19 (colored)
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
Revision 1.19 / (download) - annotate - [select for diffs], Wed Apr 16 20:39:09 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.18: +50 -0 lines
Diff to previous 1.18 (colored)
add back SRP. i was being too greedy.
Revision 1.18 / (download) - annotate - [select for diffs], Wed Apr 16 18:05:55 2014 UTC (10 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.17: +2 -4 lines
Diff to previous 1.17 (colored)
Thanks to the knobs in http://tools.ietf.org/html/rfc5746, we have a knob to say "allow this connection to negotiate insecurely". de-fang the code that respects this option to ignore it. ok miod@
Revision 1.17 / (download) - annotate - [select for diffs], Wed Apr 16 17:59:17 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.16: +0 -50 lines
Diff to previous 1.16 (colored)
disentangle SRP code from TLS
Revision 1.16 / (download) - annotate - [select for diffs], Mon Apr 14 18:45:55 2014 UTC (10 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.15: +0 -214 lines
Diff to previous 1.15 (colored)
make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miod
Revision 1.15 / (download) - annotate - [select for diffs], Mon Apr 14 13:30:33 2014 UTC (10 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.14: +938 -1070 lines
Diff to previous 1.14 (colored)
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
Revision 1.14 / (download) - annotate - [select for diffs], Sun Apr 13 15:25:34 2014 UTC (10 years, 1 month ago) by miod
Branch: MAIN
Changes since 1.13: +208 -61 lines
Diff to previous 1.13 (colored)
Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.
Revision 1.1.1.9 / (download) - annotate - [select for diffs] (vendor branch), Sun Apr 13 15:16:36 2014 UTC (10 years, 1 month ago) by miod
Changes since 1.1.1.8: +217 -66 lines
Diff to previous 1.1.1.8 (colored)
Import OpenSSL 1.0.1g
Revision 1.12.8.1 / (download) - annotate - [select for diffs], Tue Apr 8 00:55:39 2014 UTC (10 years, 1 month ago) by djm
Changes since 1.12: +9 -5 lines
Diff to previous 1.12 (colored)
MFC: cherrypick fix for CVE-2014-0160 "heartbleed" vulnerability from OpenSSL git; ok sthen@
Revision 1.12.4.1 / (download) - annotate - [select for diffs], Tue Apr 8 00:55:23 2014 UTC (10 years, 1 month ago) by djm
Changes since 1.12: +9 -5 lines
Diff to previous 1.12 (colored)
MFC: cherrypick fix for CVE-2014-0160 "heartbleed" vulnerability from OpenSSL git; ok sthen@
Revision 1.12.2.1 / (download) - annotate - [select for diffs], Tue Apr 8 00:55:03 2014 UTC (10 years, 1 month ago) by djm
Changes since 1.12: +9 -5 lines
Diff to previous 1.12 (colored) next main 1.13 (colored)
MFC: cherrypick fix for CVE-2014-0160 "heartbleed" vulnerability from OpenSSL git; ok sthen@
Revision 1.13 / (download) - annotate - [select for diffs], Mon Apr 7 23:57:27 2014 UTC (10 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.12: +9 -5 lines
Diff to previous 1.12 (colored)
cherrypick fix for CVE-2014-0160 "heartbleed" vulnerability from OpenSSL git; ok sthen@
Revision 1.12 / (download) - annotate - [select for diffs], Thu Feb 14 15:11:44 2013 UTC (11 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.11: +1 -1 lines
Diff to previous 1.11 (colored)
cherry pick bugfixes for http://www.openssl.org/news/secadv_20130205.txt from the openssl git (changes between openssl 1.0.1c and 1.0.1d). ok djm@
Revision 1.11 / (download) - annotate - [select for diffs], Sat Oct 13 21:25:14 2012 UTC (11 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.10: +883 -58 lines
Diff to previous 1.10 (colored)
resolve conflicts
Revision 1.1.1.8 / (download) - annotate - [select for diffs] (vendor branch), Sat Oct 13 21:23:50 2012 UTC (11 years, 7 months ago) by djm
Changes since 1.1.1.7: +883 -58 lines
Diff to previous 1.1.1.7 (colored)
import OpenSSL-1.0.1c
Revision 1.10 / (download) - annotate - [select for diffs], Thu Jan 5 23:01:39 2012 UTC (12 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.9: +6 -0 lines
Diff to previous 1.9 (colored)
OpenSSL 1.0.0f: merge
Revision 1.1.1.7 / (download) - annotate - [select for diffs] (vendor branch), Thu Jan 5 22:59:10 2012 UTC (12 years, 4 months ago) by djm
Changes since 1.1.1.6: +6 -0 lines
Diff to previous 1.1.1.6 (colored)
OpenSSL 1.0.0f: import upstream source
Revision 1.9 / (download) - annotate - [select for diffs], Thu Nov 3 02:34:33 2011 UTC (12 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.8: +11 -9 lines
Diff to previous 1.8 (colored)
openssl-1.0.0e: resolve conflicts
Revision 1.1.1.6 / (download) - annotate - [select for diffs] (vendor branch), Thu Nov 3 02:32:21 2011 UTC (12 years, 7 months ago) by djm
Changes since 1.1.1.5: +60 -28 lines
Diff to previous 1.1.1.5 (colored)
import OpenSSL 1.0.0e
Revision 1.5.8.2 / (download) - annotate - [select for diffs], Fri Feb 11 03:24:28 2011 UTC (13 years, 3 months ago) by djm
Changes since 1.5.8.1: +7 -1 lines
Diff to previous 1.5.8.1 (colored) next main 1.6 (colored)
MFC:
Revision 1.5.4.2 / (download) - annotate - [select for diffs], Fri Feb 11 03:23:38 2011 UTC (13 years, 3 months ago) by djm
Changes since 1.5.4.1: +7 -1 lines
Diff to previous 1.5.4.1 (colored) next main 1.6 (colored)
MFC:
Revision 1.8 / (download) - annotate - [select for diffs], Thu Feb 10 22:40:27 2011 UTC (13 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.7: +7 -1
lines
Diff to previous 1.7 (colored)
fix for CVE-2011-0014 "OCSP stapling vulnerability"; ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected. fix for CVE-2011-0014 "OCSP stapling vulnerability"; ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected. fix for CVE-2011-0014 "OCSP stapling vulnerability"; ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected.
Revision 1.8 / (download) - annotate - [select for diffs], Thu Feb 10 22:40:27 2011 UTC (13 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.7: +7 -1
lines
Diff to previous 1.7 (colored)
fix for CVE-2011-0014 "OCSP stapling vulnerability"; ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected. fix for CVE-2011-0014 "OCSP stapling vulnerability"; ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected. fix for CVE-2011-0014 "OCSP stapling vulnerability"; ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected.
Revision 1.8 / (download) - annotate - [select for diffs], Thu Feb 10 22:40:27 2011 UTC (13 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.7: +7 -1
lines
Diff to previous 1.7 (colored)
fix for CVE-2011-0014 "OCSP stapling vulnerability"; ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected. fix for CVE-2011-0014 "OCSP stapling vulnerability"; ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected. fix for CVE-2011-0014 "OCSP stapling vulnerability"; ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected.
Revision 1.5.4.1 / (download) - annotate - [select for diffs], Wed Nov 17 19:14:21 2010 UTC (13 years, 6 months ago) by jasper
Changes since 1.5: +14 -4 lines
Diff to previous 1.5 (colored)
- Apply security fix for CVE-2010-3864. ok djm@ deraadt@
Revision 1.5.8.1 / (download) - annotate - [select for diffs], Wed Nov 17 19:12:56 2010 UTC (13 years, 6 months ago) by jasper
Changes since 1.5: +14 -4 lines
Diff to previous 1.5 (colored)
- Apply security fix for CVE-2010-3864. ok djm@ deraadt@
Revision 1.7 / (download) - annotate - [select for diffs], Wed Nov 17 19:09:32 2010 UTC (13 years, 6 months ago) by jasper
Branch: MAIN
Changes since 1.6: +42 -18 lines
Diff to previous 1.6 (colored)
- Apply security fix for CVE-2010-3864 (+commit 19998 which fixes the fix). ok djm@ deraadt@
Revision 1.6 / (download) - annotate - [select for diffs], Fri Oct 1 22:59:00 2010 UTC (13 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.5: +877 -40 lines
Diff to previous 1.5 (colored)
resolve conflicts, fix local changes
Revision 1.1.1.5 / (download) - annotate - [select for diffs] (vendor branch), Fri Oct 1 22:54:16 2010 UTC (13 years, 8 months ago) by djm
Changes since 1.1.1.4: +877 -40 lines
Diff to previous 1.1.1.4 (colored)
import OpenSSL-1.0.0a
Revision 1.1.1.4 / (download) - annotate - [select for diffs] (vendor branch), Fri Jan 9 12:14:07 2009 UTC (15 years, 4 months ago) by djm
Changes since 1.1.1.3: +8 -6 lines
Diff to previous 1.1.1.3 (colored)
import openssl-0.9.8j
Revision 1.5 / (download) - annotate - [select for diffs], Mon Jan 5 21:36:39 2009 UTC (15 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.4: +8 -6 lines
Diff to previous 1.4 (colored)
update to openssl-0.9.8i; tested by several, especially krw@
Revision 1.4 / (download) - annotate - [select for diffs], Sat Sep 6 12:17:54 2008 UTC (15 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.3: +763 -36 lines
Diff to previous 1.3 (colored)
resolve conflicts
Revision 1.1.1.3 / (download) - annotate - [select for diffs] (vendor branch), Sat Sep 6 12:15:51 2008 UTC (15 years, 8 months ago) by djm
Changes since 1.1.1.2: +763 -36 lines
Diff to previous 1.1.1.2 (colored)
import of OpenSSL 0.9.8h
Revision 1.1.1.2 / (download) - annotate - [select for diffs] (vendor branch), Thu Sep 5 12:51:44 2002 UTC (21 years, 9 months ago) by markus
Changes since 1.1.1.1: +17 -19 lines
Diff to previous 1.1.1.1 (colored)
import openssl-0.9.7-beta1
Revision 1.3 / (download) - annotate - [select for diffs], Sun Mar 19 11:13:35 2000 UTC (24 years, 2 months ago) by beck
Branch: MAIN
Changes since 1.2: +9 -5 lines
Diff to previous 1.2 (colored)
OpenSSL 0.9.5 merge *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
Revision 1.2 / (download) - annotate - [select for diffs], Wed Sep 29 04:37:31 1999 UTC (24 years, 8 months ago) by beck
Branch: MAIN
Changes since 1.1: +9 -15 lines
Diff to previous 1.1 (colored)
OpenSSL 0.9.4 merge
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Mon Oct 5 20:13:12 1998 UTC (25 years, 8 months ago) by ryker
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
Revision 1.1 / (download) - annotate - [select for diffs], Mon Oct 5 20:13:12 1998 UTC (25 years, 8 months ago) by ryker
Branch: MAIN
Initial revision