| Age | Commit message (Collapse) | Author |
|---|
|
ok jsing@
|
|
This removes ssl_parse_clienthello_tlsext() and allows the CBS to be
passed all the way through from ssl3_get_client_hello(). The renegotation
check gets pulled up into ssl3_get_client_hello() which is where other
such checks exist.
The TLS extension parsing now also ensures that we do not get duplicates
of any known extensions (the old pre-rewrite code only did this for some
extensions).
ok inoguchi@
|
|
Also reference the knowledge base article instead of a discussion thread.
|
|
While here make the CBS usage in ssl3_get_cipher_by_char() more consistent
with other code.
ok inoguchi@
|
|
If no TLS extensions are present in a client hello or server hello, omit
the entire extensions block, rather than including it with a length of
zero.
ok beck@ inoguchi@
|
|
Based on BoringSSL.
|
|
|
|
With review/feedback from inoguchi@
|
|
|
|
As part of this, change ssl_cipher_list_to_bytes() to take a CBB argument,
rather than a pointer/length. Some additional clean up/renames while here.
Based on a diff from doug@
|
|
Based on a diff from doug@
|
|
length, since the caller has already been converted to CBS. A small amount
of additional clean up whilst here.
|
|
Part of a diff from doug@
|
|
duplicated code. For now this is essentially adds a diff of the two
functions with 'if (SSL_IS_DTLS(s))' - further clean up and improvement
will follow.
ok inoguchi@
|
|
ssl3_accept() - synchronise comments, whitespace, line wrapping, etc.
|
|
ssl3_connect() - synchronise comments, whitespace, line wrapping, etc.
|
|
|
|
|
|
which allows us to drop dtls1_send_change_cipher_spec() entirely.
ok inoguchi@
|
|
|
|
- When parsing the OCSP extension we can have multiple responder IDs - pull
these out correctly.
- Stop using CBS_stow() - it's unnecessary since we just need access to the
data and length (which we can get via CBS_data() and CBS_len()).
- Use a temporary pointer when calling d2i_*() functions, since it will
increment the pointer by the number of bytes it consumed when decoding.
The original code incorrectly passes the pointer allocated via CBS_stow()
(using malloc()) to a d2i_*() function and then calls free() on the now
incremented pointer, most likely resulting in a crash. This issue was
reported by Robert Swiecki who found the issue using honggfuzz.
ok beck@
|
|
after we finish building the responder ID list. Otherwise adding to the
responder ID list fails.
ok beck@
|
|
leaving ssl_add_{client,server}hello_tlsext() as pointer to CBB wrappers.
ok doug@
|
|
|
|
Several pieces of software make use of these based on a conditional around
OPENSSL_NPN_NEGOTIATED, rather than using the presence of the symbols, the
non-existence of a OPENSSL_NO_NEXTPROTONEG define or even the existence of
the TLS extension type.
Unfortunately we cannot remove OPENSSL_NPN_NEGOTIATED since the API for
ALPN was effectively botched and reuses two parts from the NPN
implementation, rather than providing ALPN specific or generic versions.
|
|
This needs to skip past the CBS data or it will be treated as a decode
error even though it returns 1.
ok jsing@
|
|
callback has been installed. This ensures that the ALPN extension is valid
and avoids leaving unprocessed extension data, which leads to a decode
error.
Found the hard way by jsg@
|
|
Spotted by Andreas Bartelt <obsd at bartula dot de>
|
|
|
|
Based on a diff from doug@, similar diff from inoguchi@
|
|
Support for the IETF standardised chacha20-poly1305 cipher suites was
added 16 months ago, which means they exist in both of the currently
supported OpenBSD releases.
Also prompted by Andreas Bartelt <obsd at bartula dot de>.
ok beck@ doug@
|
|
input + ok beck@, jsing@
|
|
ok bcook@ beck@
input + ok jsing@
|
|
RFC 4492 only defines elliptic_curves for ClientHello. However, F5 is
sending it in ServerHello. We need to skip over it since our TLS extension
parsing code is now more strict.
Thanks to Armin Wolfermann and WJ Liu for reporting the issue.
input + ok jsing@
|
|
|
|
from Paul Yang <yang dot yang at baishancloud dot com>
via OpenSSL commit 190b9a03 Jun 28 15:46:13 2017 +0800
|
|
from Matt Caswell <matt at openssl dot org>.
In particular, stop talking about SSL 2.0 and SSL 3.0,
but do not start talking about TLS 1.3 just yet.
|
|
that are deprecated no-ops in LibreSSL, but that OpenSSL explicitly
documented on April 19, 2017, without deprecating them.
|
|
from Rich Salz <rsalz at openssl dot org>
via OpenSSL commit 1722496f Jun 8 15:18:38 2017 -0400.
|
|
clarify that SSL_CTX_remove_session(3) marks the session as non-resumable.
From Rich Salz <rsalz at openssl dot org>
via OpenSSL commit 1722496f Jun 8 15:18:38 2017 -0400
and from Matt Caswell <matt at openssl dot org>
via OpenSSL commit b8964668 Apr 26 15:16:18 2017 +0100.
|
|
from the OpenSSL manual and from code inspection.
Use my own Copyright and license because no Copyright-worthy amount
of text from OpenSSL remains.
And, no, these functions do *NOT* check private keys, not at all.
|
|
from Beat Bolli <dev at drbeat dot li>
via OpenSSL commit 7a67a3ba Jan 18 23:49:43 2017 +0100
|
|
|
|
While importing:
* Fix the prototypes, they all contained wrong datatypes.
* Delete SSL3_VERSION which is no longer supported.
* Delete TLS1_3_VERSION and DTLS1_2_VERSION, not yet supported.
* Delete the lie that these would be macros.
* Improve SEE ALSO and HISTORY sections.
|
|
both pointed out by jsing@
|
|
|
|
Discussed with beck@ and jsing@
ok beck@
|
|
Previously, the code would accept NULL and 0 length and try to
malloc/memcpy it. On OpenBSD, malloc(0) does not return NULL. It could
also fail in malloc and leave the old length.
Also, add a note that this public API has backwards semantics of what you
would expect where 0 is success and 1 is failure.
input + ok jsing@ beck@
|
|
This was added as a workaround for broken F5 TLS termination, which then
created issues talking to broken IronPorts. The size of the padding is
hardcoded so it cannot be used in any generic sense.
ok bcook@ beck@ doug@
|
|
This was a workaround for a server that needed to talk GOST to old/broken
CryptoPro clients. This has no impact on TLS clients that are using GOST.
ok bcook@ beck@ doug@
|
