CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/09 09:30:06
Modified files:
regress/lib/libcrypto/asn1: Makefile
Added files:
regress/lib/libcrypto/asn1: asn1basic.c
Log message:
Add initial tests for coverage of ASN.1 basic/primitive typ
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/05 06:01:08
Modified files:
regress/lib/libcrypto: Makefile
Added files:
regress/lib/libcrypto/ct: Makefile cttest.c libressl.org.crt
Log message:
Add initial regress for CT.
This provides
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/05 05:57:56
src/regress/lib/libcrypto/ct
Update of /cvs/src/regress/lib/libcrypto/ct
In directory cvs.openbsd.org:/tmp/cvs-serv8/ct
Log Message:
Directory /cvs/src/regress/lib/libcrypto/ct added to the r
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/04 08:38:10
Modified files:
lib/libcrypto : Makefile
Added files:
lib/libcrypto/asn1: a_pkey.c a_pubkey.c
Removed files:
lib/libcrypto/asn1: d2i_pr.c d2i_pu.c i2d_pr.c i2d_pu.c
Log
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/04 07:03:22
Modified files:
lib/libssl : ssl_kex.c ssl_lib.c ssl_locl.h ssl_srvr.c
Log message:
Clean up and refactor server side DHE key exchange.
Provide ssl_kex_generate_dhe_params_auto() whi
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/04 06:50:36
Modified files:
lib/libssl : ssl_clnt.c ssl_kex.c ssl_locl.h
Log message:
Move the minimum DHE key size check into ssl_kex_peer_params_dhe()
ok inoguchi@ tb@
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/04 06:15:11
Modified files:
lib/libssl : ssl_clnt.c ssl_kex.c ssl_locl.h
Log message:
Check DH public key in ssl_kex_peer_public_dhe().
Call DH_check_pub_key() after decoding the peer public key
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/03 22:15:09
Modified files:
regress/lib/libcrypto/ec: Makefile
Added files:
regress/lib/libcrypto/ec: ec_asn1_test.c
Log message:
Add regress for ECPKParameters ASN.1 encoding/decoding.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/03 10:27:34
Modified files:
lib/libcrypto/asn1: tasn_dec.c
Log message:
Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a function.
Call the replacement asn1_tlc_invalidate() since it does
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/03 10:23:16
Modified files:
lib/libcrypto/asn1: tasn_dec.c
Log message:
Group and sort includes.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/03 10:22:10
Modified files:
lib/libcrypto/asn1: tasn_dec.c
Log message:
Call asn1_item_ex_d2i() directly from ASN1_item_d2i()
ASN1_item_ex_d2i() is just a wrapper around the internal asn1_item_ex_d2
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/03 10:10:49
Modified files:
lib/libcrypto/asn1: tasn_prn.c
Log message:
Convert ASN1_PCTX_new() to calloc().
Rather than using malloc() and then initialising all struct members to zero
values, use c
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/03 10:07:53
Modified files:
lib/libcrypto/asn1: x_crl.c
Log message:
Use calloc() for X509_CRL_METHOD_new() instead of malloc().
This ensures that if any members are added to this struct, they will
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/03 10:03:54
Modified files:
lib/libcrypto/asn1: asn1_lib.c
Log message:
Rewrite ASN1_STRING_cmp().
This removes nested ifs and uses more sensible variable names.
ok schwarze@ tb@
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/03 10:01:07
Modified files:
lib/libcrypto/asn1: asn1_lib.c
Log message:
Convert ASN1_STRING_type_new() to calloc().
Rather than using malloc() and then initialising all struct members, use
calloc()
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/03 09:58:11
Modified files:
lib/libcrypto/asn1: a_object.c
Log message:
Convert ASN1_OBJECT_new() to calloc().
Rather than using malloc() and then initialising all struct members, use
calloc() and o
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/03 09:46:50
Modified files:
lib/libcrypto/asn1: x_pubkey.c
lib/libcrypto/x509: x_all.c
Log message:
Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated ASN1
These functions p
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/12/01 02:06:30
Modified files:
lib/libcrypto/evp: bio_enc.c
Log message:
Remove dead code.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/11/30 08:58:08
Modified files:
lib/libssl/man : SSL_set_tmp_ecdh.3
Log message:
s/ECDHE/ECDH/
If we can provide an EC key that is used, then it is by definition
non-ephemeral.
ok tb@
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/11/30 00:34:29
Modified files:
regress/lib/libcrypto/asn1: Makefile
Added files:
regress/lib/libcrypto/asn1: asn1x509.c
Log message:
Add regress for {d2i,i2d}_{,DSA_,EC_,RSA_}PUBKEY{,_bio}().
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/11/29 09:03:56
Modified files:
lib/libssl : ssl_srvr.c
Log message:
Convert server serialisation of DHE parameters/public key to new functions.
ok inoguchi@ tb@
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/11/29 09:00:32
Modified files:
lib/libssl : ssl_clnt.c ssl_kex.c ssl_locl.h
Log message:
Factor out/rewrite DHE key exchange.
This follows what was done previously for ECDHE EC point key exchange a
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/11/20 11:10:52
Modified files:
lib/libcrypto : Makefile
Added files:
lib/libcrypto/bytestring: bs_ber.c bs_cbb.c bs_cbs.c
bytestring.h
Log message:
Provide t
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/11/20 11:04:10
src/lib/libcrypto/bytestring
Update of /cvs/src/lib/libcrypto/bytestring
In directory cvs.openbsd.org:/tmp/cvs-serv77258/bytestring
Log Message:
Directory /cvs/src/lib/libcrypto/bytestring added
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/11/14 01:21:47
Modified files:
lib/libcrypto/x509: x509_verify.c
Log message:
Put curly brace on the correct line.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/11/06 01:52:22
Modified files:
lib/libcrypto/asn1: a_time.c
Log message:
Fix indent.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/11/02 08:39:09
Modified files:
regress/lib/libssl/tlsext: tlsexttest.c
Log message:
Add regress that calls SSL_set_tlsext_host_name() with a NULL host name.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/11/01 10:45:56
Modified files:
lib/libssl : s3_lib.c
Log message:
Ensure SSL_set_tlsext_host_name() is given a valid hostname.
ok inoguchi@ tb@
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/11/01 10:39:01
Modified files:
regress/lib/libssl/tlsext: tlsexttest.c
Log message:
Rework SNI hostname regress to be table driven.
Also adjust for the changes to tlsext_sni_is_valid_hostname() and inc
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/11/01 10:37:17
Modified files:
lib/libssl : ssl_tlsext.c ssl_tlsext.h
Log message:
Improve SNI hostname validation.
For some time now we've validated the hostname provided to the server in
the SNI
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/31 00:48:54
Modified files:
lib/libssl : bs_cbs.c
Log message:
Add explicit CBS_contains_zero_byte() check in CBS_strdup().
If the CBS data contains a zero byte, then CBS_strdup() is only going
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/26 00:24:47
Modified files:
regress/lib/libssl/tlsext: tlsexttest.c
Log message:
Revise regress for removal of SSL_SESSION_INTERNAL.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/25 04:14:48
Modified files:
lib/libssl : d1_pkt.c ssl_pkt.c
Log message:
Add record processing limit to DTLS code.
This is effectively the same record processing limit that was previously
added
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/25 04:09:28
Modified files:
lib/libssl : d1_pkt.c ssl_locl.h ssl_pkt.c
Log message:
Use ssl_force_want_read() in the DTLS code.
Also mop up some mostly unhelpful comments while here.
ok beck@ t
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/25 04:01:46
Modified files:
lib/libssl : s3_lib.c ssl_clnt.c ssl_lib.c ssl_locl.h
ssl_sess.c ssl_srvr.c ssl_tlsext.c t1_lib.c
tls13_client.c tls1
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/23 09:02:27
Modified files:
lib/libssl : ssl_lib.c ssl_locl.h t1_enc.c
tls12_record_layer.c
Log message:
Mop up enc_read_ctx and read_hash.
These are no longer public,
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/23 08:40:54
Modified files:
lib/libssl : ssl_clnt.c ssl_locl.h ssl_srvr.c ssl_versions.c
tls13_client.c tls13_legacy.c tls13_server.c
Log message:
Provide a way to deter
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/23 08:34:10
Modified files:
regress/lib/libssl: Makefile
Added files:
regress/lib/libssl/tls: Makefile tlstest.c
Log message:
Add a regress test for TLS client/server.
This currently exerci
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/23 07:47:09
src/regress/lib/libssl/tls
Update of /cvs/src/regress/lib/libssl/tls
In directory cvs.openbsd.org:/tmp/cvs-serv27176/tls
Log Message:
Directory /cvs/src/regress/lib/libssl/tls added to the reposi
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/23 07:45:44
Modified files:
lib/libssl : dtls_locl.h
Log message:
Remove unused fields from struct dtls1_retransmit_state.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/23 07:36:03
Modified files:
lib/libssl : d1_both.c d1_lib.c d1_pkt.c dtls_locl.h
ssl_both.c ssl_clnt.c ssl_lib.c ssl_srvr.c
Log message:
Fold DTLS1_STATE_INTERNAL into D
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/23 07:12:45
Modified files:
regress/lib/libssl/buffer: buffertest.c
Log message:
Revise regress test for tls13_buffer rename.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/23 07:12:14
Modified files:
lib/libssl : Makefile tls13_handshake_msg.c tls13_internal.h
tls13_record.c tls13_record.h
Added files:
lib/libssl : tls_buffer.c
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/23 02:34:36
Modified files:
lib/libssl : d1_both.c dtls_locl.h ssl_both.c ssl_clnt.c
ssl_locl.h ssl_srvr.c
Log message:
Untangle ssl3_get_message() return values.
This
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/23 02:13:52
Modified files:
regress/lib/libssl/asn1: asn1test.c
Log message:
Revise regress for tlsext_tick_lifetime_hint changing type.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/23 02:13:02
Modified files:
lib/libssl : ssl_asn1.c ssl_clnt.c ssl_locl.h ssl_txt.c
Log message:
Change tlsext_tick_lifetime_hint to uint32_t.
Now that SSL_SESSION is opaque, change tlsext_tick_
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/15 10:49:12
Modified files:
regress/lib/libssl/ssl: Makefile ssltest.c
Log message:
Pull in ssl_locl.h so that we can keep reaching into libssl internals.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/15 10:48:47
Modified files:
lib/libssl : ssl.h ssl_locl.h tls1.h
Log message:
Move various structs from ssl.h/tls1.h to ssl_locl.h.
These were already under LIBRESSL_INTERNAL hence no ABI change
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/10/02 03:46:48
Modified files:
lib/libtls : tls.c
Log message:
Use SSL_CTX_get0_param() rather than reaching into the SSL_CTX.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/09/30 12:28:38
Modified files:
regress/lib/libcrypto/x509: callback.c verify.c
Log message:
Mark another test as failing with the legacy verifier.
This test now fails with the legacy verifier, due to
X
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/09/30 12:23:46
Modified files:
lib/libcrypto/x509: x509_vpm.c
Log message:
Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier.
In order to work around the expired DST Root CA X3 certfic
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/09/23 09:49:48
Modified files:
lib/libcrypto/x509: x509_constraints.c
Log message:
Avoid a potential overread in x509_constraints_parse_mailbox()
The length checks need to be >= rather than > in order
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/09/16 13:25:30
Modified files:
lib/libssl : tls13_handshake.c tls13_internal.h
tls13_legacy.c tls13_lib.c tls13_record_layer.c
Log message:
Implement flushing for TLSv1.3 h
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/09/04 10:26:12
Modified files:
lib/libssl : Makefile tls13_internal.h tls13_legacy.c
tls13_record_layer.c
Added files:
lib/libssl : tls_content.c tls_content.h
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/09/04 08:31:54
Modified files:
lib/libssl : d1_pkt.c
Log message:
Improve DTLS hello request handling code.
Rather than manually checking multiple bytes, actually parse the DTLS
handshake message h
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/09/04 08:24:28
Modified files:
lib/libssl : d1_both.c d1_pkt.c dtls_locl.h
Log message:
Change dtls1_get_message_header() to take a CBS.
The callers know the actual length and can initialise a CBS
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/09/04 08:15:52
Modified files:
lib/libssl : d1_pkt.c
Log message:
Improve DTLS record header parsing.
Rather than pulling out the epoch and then six bytes of sequence number,
pull out SSL3_SEQUENCE
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/09/03 07:19:12
Modified files:
lib/libssl : ssl_both.c
Log message:
Use SSL3_HM_HEADER_LENGTH instead of the magic number 4.
ok beck@
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/09/03 07:18:17
Modified files:
lib/libssl : ssl_clnt.c
Log message:
Ensure that a server hello does not have trailing data.
Found by tlsfuzzer.
ok beck@
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/09/03 07:18:01
Modified files:
lib/libssl : ssl_srvr.c
Log message:
Ensure that a client hello does not have trailing data.
Found by tlsfuzzer.
ok beck@
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/09/03 07:16:54
Modified files:
lib/libssl : tls13_legacy.c
Log message:
Set message_size correctly when switching to the legacy stack.
The message_size variable is not actually the handshake messag
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/08/31 07:34:55
Modified files:
lib/libssl : d1_pkt.c dtls_locl.h
Log message:
Defragment DTLS.
In normal TLS, it is possible for record fragments to be sent that contain
one byte of alert or handsh
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/08/31 07:14:44
Modified files:
lib/libssl : d1_pkt.c
Log message:
Remove a nonsensical s->version == TLS1_VERSION from DTLS code.
ok inoguchi@ tb@ (as part of a larger diff)
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/08/30 13:25:43
Modified files:
lib/libssl : d1_pkt.c ssl_both.c ssl_clnt.c ssl_lib.c
ssl_locl.h ssl_pkt.c ssl_srvr.c tls13_lib.c
Log message:
Clean up and simplify info and
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/08/30 13:12:25
Modified files:
lib/libssl : d1_lib.c d1_pkt.c dtls_locl.h ssl_locl.h
tls12_record_layer.c
Log message:
Replace DTLS r_epoch with the read epoch from the TLS
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/08/30 13:00:49
Modified files:
lib/libssl : tls12_record_layer.c
Log message:
Move to an AEAD nonce allocated in the TLSv1.2 record layer.
There is little to gain by mallocing and freeing the AEAD
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/08/28 09:20:58
Modified files:
lib/libssl : ssl_pkt.c
Log message:
Clean up and simplify ssl3_dispatch_alert() and ssl3_send_alert().
ok inoguchi@ tb@
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/08/04 06:41:25
Modified files:
lib/libssl : ssl_pkt.c
Log message:
SSL_CTX_remove_session() checks for a NULL session, avoid doing it twice.
Noted by tb@ during review of a larger change.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/07/31 03:31:04
Modified files:
lib/libssl : d1_pkt.c ssl_pkt.c
Log message:
We have defines for alert levels - use them instead of magic numbers.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/07/25 21:17:38
Modified files:
lib/libssl : d1_pkt.c dtls_locl.h s3_lib.c ssl_locl.h
ssl_methods.c ssl_pkt.c
Log message:
Dedup dtls1_dispatch_alert()/ssl3_dispatch_alert()
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/07/21 02:42:14
Modified files:
lib/libssl : d1_lib.c d1_pkt.c dtls_locl.h
Log message:
Remove DTLS processed_rcds queue.
When DTLS handshake records are received from the next epoch, we will
potent
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/07/21 01:51:12
Modified files:
lib/libssl : d1_pkt.c
Log message:
Silently discard invalid DTLS records.
Per RFC 6347 section 4.1.2.1, DTLS should silently discard invalid records,
including those
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/07/19 02:42:24
Modified files:
lib/libssl : d1_both.c d1_pkt.c dtls_locl.h
Log message:
Mop up dtls1_get_ccs_header() and struct ccs_header_st.
All this code does is read one byte from memory with
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/07/19 02:39:28
Modified files:
lib/libssl : d1_pkt.c
Log message:
Inline DTLS1_CCS_HEADER_LENGTH rather than having a single use variable.
ok tb@
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/07/03 10:06:45
Modified files:
lib/libssl : s3_lib.c ssl_ciph.c ssl_locl.h ssl_methods.c
Log message:
Do a first pass clean up of SSL_METHOD.
The num_ciphers, get_cipher_by_char and put_cipher_by_c
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/07/03 10:04:29
Modified files:
regress/lib/libssl/ssl: ssltest.c
Log message:
Garbage collect do_test_cipherlist().
This code no longer compiles and the equivalent test coverage has been
added to regre
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/07/03 09:54:41
Modified files:
regress/lib/libssl/ciphers: cipherstest.c
Log message:
Add test that ensures ssl3_ciphers[] is sorted by cipher id.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/07/03 08:52:12
Modified files:
regress/lib/libssl/ciphers: cipherstest.c
Log message:
Rewrite get_put_test() as cipher_find_test().
The get_cipher_by_char() and put_cipher_by_char() pointers are no lon
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/07/01 11:53:39
Modified files:
lib/libssl : bio_ssl.c d1_both.c d1_lib.c s3_lib.c
ssl_both.c ssl_lib.c ssl_locl.h ssl_methods.c
ssl_packet.c ssl_ver
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/30 12:11:47
Modified files:
regress/lib/libssl/ssl: ssltest.c
Log message:
Disable some code that reaches into libssl internals.
This should be moved to a dedicated regress test.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/30 12:10:42
Modified files:
regress/lib/libssl/ciphers: cipherstest.c
Log message:
Disable some tests that probably no longer make sense.
We'll either fix these or remove them in the near future.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/30 12:09:46
Modified files:
regress/lib/libssl/asn1: Makefile asn1test.c
Log message:
Pull in ssl_locl.h to allow for move of struct ssl_session_st.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/30 12:07:51
Modified files:
lib/libssl : s3_lib.c ssl.h
Log message:
Prepare to provide SSL_get_signature_nid() and friends.
This adds functionality for SSL_get_signature_nid(),
SSL_get_peer_sig
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/30 12:04:06
Modified files:
lib/libssl : ssl.h ssl3.h ssl_locl.h
Log message:
Move some structs from public to private headers.
Move struct ssl_cipher_st, struct ssl_method_st, struct ssl_sessio
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/30 03:59:07
Modified files:
lib/libssl : ssl_clnt.c
Log message:
Correct sigalg hash usage when signing content for client verify.
This was inadvertently broken during sigalgs refactoring.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/29 13:56:11
Modified files:
lib/libssl : ssl_clnt.c
Log message:
Pull sigalg selection up into ssl3_send_client_verify().
This means that we do sigalg selection for all cases, including those
wh
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/29 13:43:15
Modified files:
lib/libssl : ssl_clnt.c ssl_srvr.c
Log message:
Track sigalg used by ourselves and our peer in the legacy stack.
This is needed for upcoming API additions.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/29 13:36:14
Modified files:
lib/libssl : ssl_sigalgs.c
Log message:
Pull up and dedup the TLS version check in ssl_sigalg_pkey_ok().
Suggested by tb@
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/29 13:33:46
Modified files:
lib/libssl : ssl_sigalgs.c
Log message:
Simplify RSA PSS key size comment.
Wording provided by tb@
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/29 13:31:16
Modified files:
lib/libssl : ssl_tlsext.c
Log message:
Use appropriate TLS version when building client sigalg extensions.
Only use the minimum TLS version to when building a signatu
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/29 13:29:16
Modified files:
lib/libssl : ssl_sigalgs.c
Log message:
Change ssl_sigalg_from_value() to take SSL * instead of a TLS version.
This simplifies callers, as only the negotiated TLS ver
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/29 13:25:59
Modified files:
lib/libssl : ssl_sigalgs.c ssl_sigalgs.h
Log message:
Make various sigalg functions static now that they're only used internally.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/29 13:24:07
Modified files:
lib/libssl : ssl_srvr.c
Log message:
Convert legacy stack server to ssl_sigalg_for_peer().
ok inoguchi@ tb@
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/29 13:23:36
Modified files:
lib/libssl : ssl_clnt.c
Log message:
Convert legacy stack client to ssl_sigalg_for_peer().
ok inoguchi@ tb@
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/29 13:20:39
Modified files:
lib/libssl : ssl_sigalgs.c ssl_sigalgs.h tls13_client.c
tls13_server.c
Log message:
Provide a ssl_sigalg_for_peer() function and use in the T
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/29 13:10:08
Modified files:
lib/libssl : ssl_clnt.c ssl_sigalgs.c ssl_sigalgs.h
ssl_srvr.c tls13_client.c tls13_server.c
Log message:
Move the RSA-PSS check for TLSv1.3
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/29 12:59:25
Modified files:
lib/libssl : ssl_sigalgs.c
Log message:
Factor out handling of legacy default signature algorithms.
In the case of TLSv1.0 and TLSv1.1 there is no signature algorithm
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/29 12:55:47
Modified files:
lib/libssl : ssl_sigalgs.c
Log message:
Mop up now unused variables.
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/29 12:47:15
Modified files:
lib/libssl : tls13_client.c
Log message:
Require a ServerHello following a HelloRetryRequest to use the same cipher.
RFC 8446 section 4.1.4 requires that the client e
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org 2021/06/29 12:43:49
Modified files:
lib/libssl : ssl_pkt.c
Log message:
Reject zero-length non-application data fragments in the legacy stack.
Per RFC 5246 section 6.2.1, zero-length fragments are only
901 - 1000 of 4235 matches
Mail list logo
