summaryrefslogtreecommitdiffstats
path: root/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Split the TLSv1.3 guards into separate client and server guards.jsing2020-01-223-6/+13
| | | | ok beck@ tb@
* Implement close-notify and SSL_shutdown() handling for the TLSv1.3 client.jsing2020-01-223-9/+76
| | | | ok beck@ inoguchi@ tb@
* Correct legacy fallback for TLSv1.3 client.jsing2020-01-213-9/+30
| | | | | | | | | When falling back to the legacy TLS client, in the case where a server has sent a TLS record that contains more than one handshake message, we also need to stash the unprocessed record data for later processing. Otherwise we end up with missing handshake data. ok beck@ tb@
* Provide SSL_R_UNKNOWN.jsing2020-01-213-5/+7
| | | | | | | This allows us to indicate that the cause of the failure is unknown, rather than implying that it was an internal error when it was not. ok beck@
* Clear and free the tls13_ctx that hangs off an SSL *s fromtb2020-01-212-2/+8
| | | | | | | | | SSL_{clear,free}(3). Make sure the handshake context is cleaned up completely: the hs_tls13 reacharound is taken care of by ssl3_{clear,free}(3). Add a missing tls13_handshake_msg_free() call to tls13_ctx_free(). ok beck jsing
* Add alert processing in tls client code, by adding alert to thebeck2020-01-213-19/+30
| | | | | | | tls13 context, and emiting the alert at the upper layers when the lower level code fails ok jsing@, tb@
* Add alerts to the tls 1.3 record layer and handshake layerbeck2020-01-202-49/+29
| | | | ok jsing@, inoguchi@, tb@
* Provide an error framework for use with the TLSv1.3 code.jsing2020-01-205-7/+151
| | | | | | | This is based on the libtls error handling code, but adds machine readable codes and subcodes. We then map these codes back to libssl error codes. ok beck@ inoguchi@
* In ssl.h rev. 1.167 and s3_lib.c rev. 1.188, jsing@ providedschwarze2020-01-021-4/+21
| | | | | | | | the new function SSL_CTX_get_extra_chain_certs_only(3) and changed the semantics of the existing SSL_CTX_get_extra_chain_certs(3) API from the former OpenSSL 1.0.1 behaviour to the new, incompatible OpenSSL 1.0.2 behaviour. Adjust the documentation. OK jsing@ beck@ inoguchi@
* Revise SSL_CTX_get_extra_chain_certs() to match OpenSSL behaviour.jsing2020-01-022-8/+23
| | | | | | | | | | | | | | In OpenSSL, SSL_CTX_get_extra_chain_certs() really means return extra certs, unless there are none, in which case return the chain associated with the certificate. If you really just want the extra certs, including knowing if there are no extra certs, then you need to call SSL_CTX_get_extra_chain_certs_only()! And to make this even more entertaining, these functions are not documented in any OpenSSL release. Reported by sephiroth-j on github, since the difference in behaviour apparently breaks OCSP stapling with nginx. ok beck@ inoguchi@ tb@
* Provide TLSEXT_TYPE_* aliases for TLS 1.3.jsing2020-01-021-1/+10
| | | | | | | | | | | OpenSSL decided to use their own names for two of the TLS 1.3 extensions, rather than using the names given in the RFC. Provide aliases for these so that code written to work with OpenSSL also works with LibreSSL (otherwise everyone gets to provide their own workarounds). Issue noted by d3x0r on github. ok inoguchi@ tb@
* spelling; from bryan stensonjmc2019-12-191-3/+3
|
* Fix typo: ECHD -> ECDH.tb2019-12-031-4/+4
| | | | From Michael Forney, thanks!
* Add support for TLS 1.3 post handshake messages and key updating.beck2019-11-263-20/+217
| | | | | | tested against openssl 1.1's server. ok jsing@ tb@
* Add accessors to change the buffer in a handshake message.beck2019-11-203-3/+20
| | | | | | Needed for doing TLS 1.3 Post Handshake Handshake messages. ok jsing@
* Add prototypes for the functions that update application secretsbeck2019-11-181-1/+3
| | | | so that the regress tests will work for them
* Provide a clean interface for sending TLSv1.3 alerts.jsing2019-11-182-5/+17
| | | | ok beck@
* Change tls13_record_layer_phh() to take a CBS as this avoids ownershipjsing2019-11-172-8/+6
| | | | | | issues and makes call sites cleaner. ok beck@
* Correct update of application traffic secrets to use an empty contextbeck2019-11-171-3/+7
| | | | | | rather than the hash of an empty context ok jsing@
* Bring back the ssl_shutdown internal method pointer.jsing2019-11-173-4/+21
| | | | | | | For now ssl3_shutdown() is called in all cases, however TLSv1.3 will soon get its own version. ok beck@
* Add a reference for the non-standard post-handshake handshake (PHH).tb2019-11-171-2/+2
| | | | ok beck, jsing
* Ensure that we are never operating in plaintext mode once the handshakejsing2019-11-171-1/+7
| | | | | | is complete, which should never occur. ok beck@
* Provide framework for sending alerts and post-handshake handshake messages.jsing2019-11-172-15/+174
| | | | | | Discussed at length with beck@ ok beck@ tb@
* indent with a tab instead of 8 spacestb2019-11-171-2/+2
|
* Move the TLSv1.3 server message handling stubs.jsing2019-11-172-125/+125
|
* Add the initial framework for the TLSv1.3 server.jsing2019-11-173-3/+84
| | | | ok beck@
* tls13_connect() should be static.jsing2019-11-171-2/+2
|
* Fix backoff to legacy when in client auth mode.beck2019-11-171-2/+2
| | | | ok jsing@
* Drop back to the legacy tls method if we are doing client authenticaitonbeck2019-11-171-1/+7
| | | | | | from a tls 1.3 connection, for now. ok jsing@
* Separate the callbacks for recieved and completed post handshake messagesbeck2019-11-173-10/+22
| | | | | | from the record layer ok jsing@
* Revert previous deduplication diff, I broke portable in a strange way.beck2019-11-161-47/+58
| | | | | I'll figure it out a bit later. Found and diagnosed by inoguchi@
* Deduplicate some extension processing code.beck2019-11-151-58/+47
| | | | ok tb@ inoguchi@
* Add missing cross-reference to NOTES section.millert2019-11-141-3/+3
| | | | OK kn@ tb@
* Allow ip addresses as argument to SSL_set1_host() but be careful to nototto2019-11-041-2/+14
| | | | poison the context. ok and help jsing@ tb@
* Bump libcrypto, libssl and libtls minors due to symbol additions.jsing2019-11-021-1/+1
|
* Bump libcrypto, libssl and libtls majors due to changes in struct sizesjsing2019-10-241-2/+2
| | | | and symbol addition.
* Use a valid curve when constructing an EC_KEY that looks like X25519.jsing2019-10-041-2/+3
| | | | | | | | | The recent EC group cofactor change results in stricter validation, which causes the EC_GROUP_set_generator() call to fail. Issue reported and fix tested by rsadowski@ ok tb@
* Further improve the documentation of library initialization and configuration.schwarze2019-06-143-37/+37
| | | | | | | | | Among other improvements: * Use a uniform wording at the top of the DECSRIPTION for obsolete pages. * Better explain how to use a non-standard configuration file. * Remove obsolete functions from SEE ALSO. Triggered by some suggestions from tb@. Tweaks and OK tb@.
* add missing backlinks to ssl(3)schwarze2019-06-1231-64/+100
|
* List all 17 SSL pages that were missing.schwarze2019-06-121-51/+89
| | | | | | Split some excessively long lists into useful sub-categories. Add a new, very short subsection "Obsolete functions" at the end. OK tb@ jmc@
* remove pointless NOTES section header linesschwarze2019-06-089-27/+27
|
* provide getters and setters for the RSA_METHOD interfacegilles2019-06-051-1/+1
| | | | ok tb@, jsing@, sthen@
* Relax parsing of TLS key share extensions on the server.jsing2019-05-291-5/+2
| | | | | | | | | | | The RFC does not require X25519 and it also allows clients to send an empty key share when the want the server to select a group. The current behaviour results in handshake failures where the client supports TLS 1.3 and sends a TLS key share extension that does not contain X25519. Issue reported by Hubert Kario via github. ok tb@
* Do not send an SNI extension when resuming a session that contains a serverjsing2019-05-291-1/+4
| | | | | | | | name (which means the client sent SNI during the initial handshake). Issue reported by Renaud Allard. ok tb@
* Fix typo and label indent.jsing2019-05-281-3/+3
|
* Tidy up some names/structures following the renaming of TLS extensionjsing2019-05-281-35/+35
| | | | | | | | | functions based on message type (clienthello/serverhello), to which side is handling the processing. No intended functional change. ok beck@
* *an* RSA;jmc2019-05-202-6/+6
|
* s3 is never NULL since s2 (formerly used for SSLv2) does not exist, so there isbcook2019-05-153-29/+20
| | | | | | | no need to check for it. Fixes COV-165788, identified with help from Alex Bumstead. ok jsing@
* Remove unused pad check, which is handled by tls1_cbc_remove_padding() now.bcook2019-05-131-4/+2
| | | | | | Fixes COV-174858 ok tb@
* In DTLS, use_srtp is part of the extended server hello while in TLSv1.3,tb2019-05-081-2/+3
| | | | | | | | | | it is an encrypted extension. Include it in the server hello for now. This will have to be revisited once TLSv1.3 gets there. Fixes SRTP negotiation. Problem found by two rust-openssl regress failures reported by mikeb. with & ok beck
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.