| Age | Commit message (Collapse) | Author |
|---|
|
ok jsing@
|
|
This will allow us to know the client preferences for an upcoming
change to key share processing.
ok jsing@
|
|
Rather than having a separate parse and process step for each TLS
extension, do a first pass that parses all of the TLS outer extensions and
retains the extension data, before running a second pass that calls the TLS
extension processing code.
ok beck@ tb@
|
|
from jsing
|
|
The TLS extension parsing and processing order is currently dependent on
the order of the extensions in the handshake message. This means that the
processing order (and callback order) is not under our control. Split the
parsing from the processing such that the processing (and callbacks) are
run in a defined order.
Convert ALPN to the new model - other extensions will be split into
separate parse/process in following diffs.
ok beck@ tb@
|
|
The PSK extension must be the last extension in the client hello. This is
currently implemented by relying on the fact that it is the last extension
in the TLS extension table. Remove this dependency so that we can reorder
the table as needed.
ok tb@
|
|
same bump as libcrypto; symbol removal and addition
|
|
The garbage truck is quite full by now. Collect the last symbol
straggler for this bump.
ok jsing
|
|
And here goes another weird-ass thing of dubious pedigree.
ok jsing
|
|
And here goes a bunch of unused macros that just had to be in two
headers so they could get out of sync. Three of these constants
are used in a single function...
ok jsing
|
|
While this undocumented API would have been much nicer and saner than
SSL_CIPHER_find(), nothing used this except for the exporter test.
Let's get rid of it again. libssl uses ssl3_get_cipher_by_{id,value}()
directly.
ok jsing
|
|
Also move the prototypes to the correct header.
Oversight reported by Frank Lichtenheld, thanks!
Fixes https://github.com/libressl/openbsd/issues/147
ok jsing
|
|
From Christian Andersen
|
|
If an error occurs in action->recv() for a handshake that needs to
downgrade to legacy TLS, the artistic exit path led to hiding the
error under TLS13_IO_USE_LEGACY. Rework the exit path to be easier
to follow, preserving behavior except that the error can no longer
be masked.
Detailed analysis and initial diff by Masaru Masuda.
Fixes https://github.com/libressl/openbsd/issues/146
ok beck
|
|
This was used for some GOST weirdness. The flag is unused in ports and
there is no user in Debian's codesearch.
ok beck
|
|
|
|
This version of GOST is old and not anywhere close to compliant with
modern GOST standards. It is also very intrusive in libssl and
makes a mess everywhere. Efforts to entice a suitably minded anyone
to care about it have been unsuccessful.
At this point it is probably best to remove this, and if someone
ever showed up who truly needed a working version, it should be
a clean implementation from scratch, and have it use something
closer to the typical API in libcrypto so it would integrate less
painfully here.
This removes it from libssl in preparation for it's removal from
libcrypto with a future major bump
ok tb@
|
|
Change SSL_shutdown() such that it will return 0 after sending a
close-notify, before potentially returning 1 (indicating that a
close-notify has been sent and received) on a subsequent call. Some
software depends on this behaviour, even though there are cases where
the first call could immediately return 1 (for example, when the peer
has already sent a close-notify prior to SSL_shutdown() being called).
ok tb@
|
|
Respect the ssl->shutdown flags rather than what has actually happened,
return -1 for all EOF errors and completely ignore the return value when
attempting to read a close-notify from the wire.
ok tb@
|
|
|
|
This will make it easier to regress test shutdown behaviour in the TLSv1.3
stack. Additionally, `openssl -msg` now shows alerts for TLSv1.3
connections.
ok tb@
|
|
It is now safe to call delete from an lhash doall callback - stop fiddling
wit hash table internals from lhash doall callers that previously has to
workaround this themselves.
ok tb@
|
|
EVP_CIPHER_type() will never return NID_gost89_cnt since it has no
associated ASN1_OBJECT. Switching to EVP_CIPHER_nid() has a slight
chance of working. Do that before beck applies the flensing knife.
ok beck
|
|
Said bug was fixed in OpenSSL 1.0.0, released 14 years ago. It is of course
unsurprising that you may accidentally increment the refcount if your idiom
for decrementing it is CRYPTO_add(&bio-references, -1, CRYPTO_LOCK_BIO)).
|
|
|
|
In order to determine whether GOST is properly enabled, libssl has various
weird dances. In this specific case, it calls EVP_PKEY_meth_find() to see
whether the relevant cipher is around. Check the same thing with an #ifdef
instead.
ok jsing
|
|
In SSL{_CTX}_use_RSAPrivateKey() switch from EVP_PKEY_assign_RSA() to
EVP_PKEY_set1_RSA() and hold on to the reference of the the pkey for
the duration of ssl_set_pkey(). Use single exit and other minor style
cleanups.
ok joshua jsing
|
|
The TLSv1.3 stack didn't support this in the first place, and in the legacy
stack it only added some dubious BIO_flush(3) calls. The sleep call between
SSL_read(3) and SSL_write(3) advertised in the comment next to the flag has
been a sleep call in the s_server since time immemorial, nota bene between
calls to BIO_gets(3). Anyway. This can all go and what remains will go with
the next major bump.
ok jsing
|
|
This was previously the only user of OBJ_bsearch_ssl_cipher_id(), which
in turn is the one remaining user of OBJ_bsearch_() outside of libcrypto.
OBJ_bsearch_() is OpenSSL's idiosyncratic reimplementation of ANSI C89's
bsearch(). Since this used to be hidden behind macro insanity, the result
was three inscrutable layers of comparison functions.
It is much simpler and cleaner to use the standard API. Move all the code
to s3_lib.c, since it's ony used there.
In a few further diffs, OBJ_bsearch_() will be removed from libcrypto.
Unfortunately, we'll need to keep OBJ_bsearch_ex(), because it is
exposed via sk_find_ex(), which is exposed by M2Crypto...
ok jsing
|
|
While the cipher id is effectively a 32-bit value, someone decided that
it should be represented by a long in various internal structs, whose
mameber is passed as id. So use a long because of this and also to make
an upcoming diff simpler.
ok jsing
|
|
If memory allocation of s->init_buf fails in ssl3_setup_init_buffer()
during downgrade to the legacy stack, the legacy state machine would
resume with an incorrectly set up SSL, resulting in a NULL dereference.
The fix is to switch to the legacy method only after the SSL is fully
set up. There is a second part to this fix, which will be committed
once we manage to agree on the color of the bikeshed.
Detailed analysis and patch from Masaru Masuda, many thanks!
https://github.com/libressl/openbsd/issues/146
ok jsing
|
|
It was left alone and forlorn in the middle of other nonsense. Since there
is only one caller (the OBJ_bsearch_ stupidity), it can be static and there
is no need to prototype it in ssl_local.h.
|
|
ok jsing
|
|
This way it doesn't do nonsensical work for all those who cargo culted an
init sequence. There's no point in having SSL_library_init() as a cheaper
version of OPENSSL_init_ssl(): once you do crypto, you'll init crypto...
Also move the now trivial implementation to ssl_init.c which has a good
license.
ok jsing
|
|
It's pointless: all the ciphers and digests added by SSL_library_init()
are already added by OPENSSL_init_crypto(), which was already called at
that point.
ok jsing
|
|
Its current position makes no sense and it will become a wrapper of the
latter in a subsequent commit.
ok jsing
|
|
As usual, a few manual fixes to avoid duplicate lines.
ok jsing
|
|
This allows us to simplify ssl_do_client_cert_cb() a bit.
ok jsing
|
|
ok beck
|
|
It's relevant not only for the example, but also because the functions
documented here use PEM_def_callback(3) by default, and that exhibits
surprising and potentially dangerous behaviour by not NUL-terminating.
OK tb@
|
|
While here, also:
* Avoid the misleading term "default password callback" because none of
the functions in SSL_CTX_use_certificate(3) support overriding it.
* Do not talk about "storing", "writing", and "encryption" since the cb
passed to SSL_CTX_set_default_passwd_cb(3) is never used for any of that.
* List the functions using cb.
* Document what happens by default.
* Remove the misleading words "which must be provided by the application"
because all this is actually optional.
* Make several wordings more precise.
* Below EXAMPLES, fix argument naming to agree with pem_password_cb(3),
clarify the description of what the example does, and, as suggested by tb@,
use strlcpy(3).
OK tb@
|
|
|
|
|
|
|
|
|
|
ENGINE was special. It's horrible code even by the low standards of this
library. Some ports may now try to use the stubs which will fail, but
the fallout from this should be minimal. Of course there are various
language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE
by default will likely help fixing this at some point.
ok jsing
|
|
ok jsing
|
|
F5 is well-known for needing workaround (go read RFC 8446). In this
particular case, it required implementation sending CHs larger than
255 bytes to 0x0300 otherwise their server would hang. This is the
same hang that required the CH padding extension which broke other
implementations. The CH padding extension was removed ~6 years ago,
so hopefully this kludge will no longer needed either.
ok jsing
|
|
ok tb@ krw@
|
|
With the guentherizer 9000
ok tb@
|
