| Age | Commit message (Collapse) | Author |
|---|
|
Before the TLSv1.3 stack grew client certificate support, it fell back
to the legacy stack. Proper client certificate support was added in a2k20
with a TLS13_USE_LEGACY_CLIENT_AUTH knob to provide an easy fallback in
case the new code should have a problem. This was never needed.
As ifdefed code is wont to do, this bitrotted a few months later when
the client and server methods were merged.
discussed with jsing
|
|
ok tb@
|
|
These will be used in libcrypto.
With input from and ok tb@
|
|
This will be used in the libcrypto certificate transparency code.
ok tb@
|
|
This will be used in the TLSv1.3 record layer.
From BoringSSL.
ok tb@
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
Provide ssl_kex_generate_dhe_params_auto() which handles DHE key generation
based on parameters determined by the specified key bits. Convert the
existing DHE auto parameter selection code into a function that just tells
us how many key bits to use.
Untangle and rework the server side DHE key exchange to use the ssl_kex_*
functions.
ok inoguchi@ tb@
|
|
ok inoguchi@ tb@
|
|
Call DH_check_pub_key() after decoding the peer public key - this will be
needed for the server DHE key exchange, but also benefits the client.
ok inoguchi@ tb@
|
|
sk is commonly used for a STACK_OF(), so call the shared key simply key.
ok jsing
|
|
If we can provide an EC key that is used, then it is by definition
non-ephemeral.
ok tb@
|
|
Assign the result of BN_dup() and BN_bn2bin() to local BIGNUMs, then
set the factors and pubkey on the dh using DH_set0_{pqg,key}().
A second pass will be done during the upcoming bump.
ok jsing
|
|
BIO_s_file_internal() should never have leaked out of libcrypto,
but it did. As a first step of getting rid of it, stop using it
internally.
ok jsing
|
|
ok inoguchi@ tb@
|
|
This follows what was done previously for ECDHE EC point key exchange and
will allow for deduplication and further code improvement.
Convert the TLSv1.2 client to use the new DHE key exchange functions.
ok inoguchi@ tb@
|
|
ok inoguchi jsing
|
|
reaching into the EVP_PKEY struct.
ok inoguchi jsing
|
|
ok schwarze@
|
|
from beck
|
|
For some strange historical reason ECDSA_sign() and ECDSA_verify}() have
a type argument that they ignore. For another strange historical reason,
the type passed to them from libssl is pkey->save_type, which is used to
avoid expensive engine lookups when setting the pkey type... Whatever the
aforementioned reasons were, we can't access pkey->save_type with the
OpenSSL 1.1 API, and this is thus in the way of making EVP_PKEY opaque.
Simply pass in 0 instead.
ok jsing
|
|
The code assumes that the server certificate has an RSA key and bases
the calculation of the size of the ephemeral DH key on this assumption.
So instead of checking whether we have any key by inspecting the dh
part of the union, let's check that we actually have an RSA key.
While here, make sure that its length is non-negative.
ok jsing
|
|
ok tb@
|
|
ok tb@
|
|
Found the hard way by sthen.
ok sthen
|
|
ok inoguchi@ tb@
|
|
For some time now we've validated the hostname provided to the server in
the SNI extension. Per RFC 6066, an IP literal is invalid as a hostname -
the current code rejects IPv6 literals, but allows IPv4 literals through.
Improve this check to explicitly detect both IPv4 and IPv6 literals. Some
software has been historically known to include IP literals in SNI, so
rather than rejecting this outright (and failing with a decode error),
pretend that the SNI extension does not exist (such that we do not break
some older clients).
ok inoguchi@ tb@
|
|
no longer needed.
ok jsing
|
|
addition.
|
|
|
|
using X509_get_key_usage().
ok beck jsing
|
|
If the CBS data contains a zero byte, then CBS_strdup() is only going to
return part of the data - add an explicit CBS_contains_zero_byte() and
treat such data as an error case.
ok tb@
|
|
|
|
|
|
libssl bump.
|
|
This is effectively the same record processing limit that was previously
added to the legacy TLS stack - without this a single session can be made
to spin on a stream of alerts or other similar records.
ok beck@ tb@
|
|
Also mop up some mostly unhelpful comments while here.
ok beck@ tb@
|
|
ok beck@ tb@
|
|
from the OpenSSL 1.1.1 branch, which is still under a free license
|
|
spotted by and ok jsing@
|
|
symbol will be exposed with tb@'s forthcoming bump
ok tb@
|
|
while here, also apply some minor wording improvements
|
|
Since we don't support session tickets in LibreSSL at the moment
these functions currently do not have any effect.
Again, symbols will appear with tb@'s reptar sized bump..
ok tb@
|
|
ok beck jsing
|
|
pointed out by schwarze
|
|
As these still meet the usual expectations for special, I will leave
it up to ingo to decide to either document separately or in one man
page like OpenSSL did.
Will also need Symbols.list additions by tb@ when he starts the rapture
ok tb@ jsing@
|
|
X509_get_extended_key_usage from OpenSSL. Will be linked to the build
after the bump.
input/lgtm schwarze
|
|
to the build after the bump.
tweak & lgtm schwarze
|
