| Age | Commit message (Collapse) | Author |
|---|
|
Make this process more readable by having specific client/server functions,
calling the correct one based on s->server. This allows to remove various
SSL_ST_ACCEPT/SSL_ST_CONNECT checks, along with duplicate code.
ok inoguchi@ tb@
|
|
Fix is the same as OpenSSL commit ffbf304d4832bd51bb0618f8ca5b7c26647ee664
Found by Alex Gaynor with a new pyca cryptography regress test.
ok inoguchi
|
|
out in this release cycles.
discussed with deraadt and jsing
|
|
|
|
RFC 4.1.2 specifies the ways in which the extensions in the first and
the second ClientHello may differ. It basically says that extensions
not known to a server must not change. This in turn makes it impossible
to introduce new extensions that do change. It makes little sense to
enforce that extensions we don't know and care about aren't modified,
so make the hashing more lenient and restrict it to the extensions we
do care about. Arguably, enforcing no change in an unknown extension
is incompatible with the requirement that it be ignored.
ok bcook jsing
|
|
When an existing EVFILT_TIMER filter is re-added, cancel the existing
timer and any pending event, and restart the timer using the new timeout
period. This makes the new timeout period take effect immediately and
matches the behaviour of FreeBSD. Previously, the new setting was
applied only after the existing timer expired.
The timer rescheduling is done by using an f_modify callback. The
reading of timer events is moved from f_event to f_process. f_event of
timer_filtops becomes redundant. Unlike most other event sources, timers
activate knotes directly without using a klist and knote(9).
OK mpi@
|
|
Currently cert_req is used by clients and cert_request is used by servers.
Replace this by a single cert_request used by either client or server.
Remove the certificate types as they are currently unused. This also fixes
a bug whereby if the number of certificate types exceeds SSL3_CT_NUMBER
the number of bytes read in is insufficient, which will break decoding.
ok inoguchi@ tb@
|
|
While there zap trailing whitespace from a KNF approximation gone wrong.
|
|
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
Similar to part of OpenSSL commit 8e3cced75fb5fee5da59ebef9605d403a999391b
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
There are numerous functions in ec/ that exist with _GF2m and _GFp
variants for no good reason. The code of both variants is the same.
The EC_METHODs contain a pointer to the appropriate version. This
commit hides the _GF2m and _GFp variants from internal use and
provides versions that work for both curve types. These will be made
public in an upcoming library bump.
Similar to part of OpenSSL commit 8e3cced75fb5fee5da59ebef9605d403a999391b
ok jsing
|
|
These can be replaced with accessors that allow this information to be
retrieved from the new record layer.
ok inoguchi@ tb@
|
|
In hybrid and compressed point encodings, the form octet contains a bit
of information allowing to calculate y from x. For a point on a binary
curve, this bit is zero if x is zero, otherwise it must match the
rightmost bit of of the field element y / x. The existing code only
considers the second possibility. It could thus fail with a division by
zero error as found by Guido Vranken's cryptofuzz.
This commit adds a few explanatory comments to oct2point and fixes some
KNF issues. The only actual code change is in the last hunk which adds a
BN_is_zero(x) check to avoid the division by zero.
ok jsing
|
|
Drop the 'new_' prefix in the process.
ok inoguchi@ tb@
|
|
TLSv1.2 handshake struct.
ok inoguchi@ tb@
|
|
This is not strictly necessary since we proceed to zero the entire struct,
however it keeps the code consistent and easily auditable.
ok tb@
|
|
|
|
|
|
|
|
|
|
|
|
This is disappointing as a lot of work was put into the new verifier
during this cycle. However, there are still too many known bugs and
incompatibilities. It is better to be faced with known broken behavior
than with new broken behavior and to switch now rather than via errata.
This way we have another cycle to iron out the kinks and to fix some of
the remaining bugs.
ok jsing
|
|
|
|
|
|
of pages anymore, but also cache larger regions; ok tb@
|
|
In order to fail gracefully on encountering a self-signed cert, curl looks
at the top-most error on the stack and needs specific SSL_R_ error codes.
This mechanism was broken when the tls13_alert_sent_cb() was added after
people complained about unhelpful unknown errors. Fix this by only setting
the error code from a fatal alert if no error has been set previously.
Issue reported by Christopher Reid
ok jsing
|
|
Shared semaphores were reverted with lib/librthread/rthread_sem.c r1.18
in 2013 but corresponding manual bits were not; revert sem_init.3 r1.6
(modulo the unrelated "named semaphores" hunk).
Reported by Rubén Llorente, thanks.
Prodding OK jmc
|
|
For dynamically allocated verify parameters, param->name is only ever set
in X509_VERIFY_set1_name() where the old one is freed and the new one is
assigned via strdup(). Setting it to NULL without freeing it beforehand is
a leak.
looks correct to millert, ok inoguchi
|
|
from Boudewijn Dijkstra
|
|
which will satisfy the toughest compiler options
|
|
and avoid an over-long source line while here;
OK martijn@ jmc@
|
|
|
|
the first byte of the imsg they belong to.
idea, tweaks and ok claudio@
|
|
|
|
ok bcook inoguchi jsing
|
|
ok bcook inoguchi jsing
|
|
ok bcook inoguchi jsing
|
|
ok bcook inoguchi jsing
|
|
ok bcook inoguchi jsing
|
|
ok bcook inoguchi jsing
|
|
ok bcook inoguchi jsing
|
|
ok bcook inoguchi jsing
|
|
|
