#
1.125 |
|
27-Mar-2024 |
tb |
Unify up_ref implementations in libssl
ok jsing
|
Revision tags: OPENBSD_7_5_BASE
|
#
1.124 |
|
24-Jan-2024 |
jsing |
Stop fiddling with hash table internals from lhash doall callers.
It is now safe to call delete from an lhash doall callback - stop fiddling wit hash table internals from lhash doall callers that previously has to workaround this themselves.
ok tb@
|
#
1.123 |
|
19-Nov-2023 |
tb |
Unifdef OPENSSL_NO_ENGINE in libssl
As usual, a few manual fixes to avoid duplicate lines.
ok jsing
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.122 |
|
08-Jul-2023 |
beck |
Hide all public symbols in libssl
With the guentherizer 9000
ok tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.121 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
#
1.120 |
|
20-Oct-2022 |
tb |
Provide ssl_session_dup()
SSL_SESSION_dup() is a currently essentially unused public OpenSSL 1.1.1 API. Add a version that does not duplicate the secrets for internal use. If the public API should be needed, we can easily make it a wrapper.
ok jsing
|
#
1.119 |
|
20-Oct-2022 |
tb |
Clean up resumption master secret in SSL_SESSION_free()
ok jsing
|
#
1.118 |
|
02-Oct-2022 |
jsing |
Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.
These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL.
Prompted by tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.117 |
|
17-Aug-2022 |
jsing |
Deduplicate peer certificate chain processing code.
Rather than reimplement this in each TLS client and server, deduplicate it into a single function. Furthermore, rather than dealing with the API hazard that is SSL_get_peer_cert_chain() in this code, simply produce two chains - one that has the leaf and one that does not. SSL_get_peer_cert_chain() can then return the appropriate one.
This also moves the peer cert chain from the SSL_SESSION to the SSL_HANDSHAKE, which makes more sense since it is not available on resumption.
ok tb@
|
#
1.116 |
|
07-Jun-2022 |
tb |
Use CBS_write_bytes() instead of manual unpacking of a CBS and assigning length and using memcpy(). This also provides a missing overflow check (which is done by the only caller, however).
ok jsing
|
#
1.115 |
|
07-Jun-2022 |
tb |
Simplify various CBS_write_bytes() calls
Now that session_id_length is a size_t, we can pass it directly to CBS_write_bytes() instead of using a temporary variable.
ok jsing
|
#
1.114 |
|
07-Jun-2022 |
tb |
Tweak readability of a test: compare tmp explicitly against 0 and drop redundant parentheses.
ok jsing
|
#
1.113 |
|
07-Jun-2022 |
tb |
Add a cast to SSL_SESSION_get_id() to indicate that session_id_length is deliberately reduced to an unsigned int. Since the session_id is at most 32 bytes, this is not a concern.
ok jsing
|
#
1.112 |
|
07-Jun-2022 |
tb |
fix indent
|
#
1.111 |
|
07-Jun-2022 |
tb |
Unindent and simplify remove_session_lock()
ok jsing (who informs me he had the same diff in his jungle)
|
#
1.110 |
|
06-Jun-2022 |
tb |
Fix comment + spacing.
Apparently 60 * 5 + 4 seconds is 5 minutes. Presumably this is the case with sufficiently potent crack, which would explain a few things in here.
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.109 |
|
11-Jan-2022 |
jsing |
Remove peer_pkeys from SSL_SESSION.
peer_pkeys comes from some world where peers can send multiple certificates - in fact, one of each known type. Since we do not live in such a world, get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2 and TLSv1.3, both clients and servers can only send a single leaf (aka end-entity) certificate).
ok inoguchi@ tb@
|
#
1.108 |
|
11-Jan-2022 |
jsing |
Rename 'peer' to 'peer_cert' in SSL_SESSION.
The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful.
ok inoguchi@ tb@
|
#
1.107 |
|
08-Jan-2022 |
jsing |
Merge SESS_CERT into SSL_SESSION.
There is no reason for SESS_CERT to exist - remove it and merge its members into SSL_SESSION for the time being. More clean up to follow.
ok inoguchi@ tb@
|
#
1.106 |
|
25-Oct-2021 |
jsing |
Fold SSL_SESSION_INTERNAL back into SSL_SESSION.
ok beck@ tb@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.105 |
|
08-Sep-2021 |
tb |
Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs
ok jsing
|
#
1.104 |
|
16-May-2021 |
jsing |
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*
Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
|
#
1.103 |
|
10-May-2021 |
tb |
Provide SSL_SESSION_get0_cipher(3)
ok jsing
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.102 |
|
20-Feb-2021 |
jsing |
Handle DTLS1_2_VERSION in various places.
ok tb@
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.124 |
|
24-Jan-2024 |
jsing |
Stop fiddling with hash table internals from lhash doall callers.
It is now safe to call delete from an lhash doall callback - stop fiddling wit hash table internals from lhash doall callers that previously has to workaround this themselves.
ok tb@
|
#
1.123 |
|
19-Nov-2023 |
tb |
Unifdef OPENSSL_NO_ENGINE in libssl
As usual, a few manual fixes to avoid duplicate lines.
ok jsing
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.122 |
|
08-Jul-2023 |
beck |
Hide all public symbols in libssl
With the guentherizer 9000
ok tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.121 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
#
1.120 |
|
20-Oct-2022 |
tb |
Provide ssl_session_dup()
SSL_SESSION_dup() is a currently essentially unused public OpenSSL 1.1.1 API. Add a version that does not duplicate the secrets for internal use. If the public API should be needed, we can easily make it a wrapper.
ok jsing
|
#
1.119 |
|
20-Oct-2022 |
tb |
Clean up resumption master secret in SSL_SESSION_free()
ok jsing
|
#
1.118 |
|
02-Oct-2022 |
jsing |
Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.
These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL.
Prompted by tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.117 |
|
17-Aug-2022 |
jsing |
Deduplicate peer certificate chain processing code.
Rather than reimplement this in each TLS client and server, deduplicate it into a single function. Furthermore, rather than dealing with the API hazard that is SSL_get_peer_cert_chain() in this code, simply produce two chains - one that has the leaf and one that does not. SSL_get_peer_cert_chain() can then return the appropriate one.
This also moves the peer cert chain from the SSL_SESSION to the SSL_HANDSHAKE, which makes more sense since it is not available on resumption.
ok tb@
|
#
1.116 |
|
07-Jun-2022 |
tb |
Use CBS_write_bytes() instead of manual unpacking of a CBS and assigning length and using memcpy(). This also provides a missing overflow check (which is done by the only caller, however).
ok jsing
|
#
1.115 |
|
07-Jun-2022 |
tb |
Simplify various CBS_write_bytes() calls
Now that session_id_length is a size_t, we can pass it directly to CBS_write_bytes() instead of using a temporary variable.
ok jsing
|
#
1.114 |
|
07-Jun-2022 |
tb |
Tweak readability of a test: compare tmp explicitly against 0 and drop redundant parentheses.
ok jsing
|
#
1.113 |
|
07-Jun-2022 |
tb |
Add a cast to SSL_SESSION_get_id() to indicate that session_id_length is deliberately reduced to an unsigned int. Since the session_id is at most 32 bytes, this is not a concern.
ok jsing
|
#
1.112 |
|
07-Jun-2022 |
tb |
fix indent
|
#
1.111 |
|
07-Jun-2022 |
tb |
Unindent and simplify remove_session_lock()
ok jsing (who informs me he had the same diff in his jungle)
|
#
1.110 |
|
06-Jun-2022 |
tb |
Fix comment + spacing.
Apparently 60 * 5 + 4 seconds is 5 minutes. Presumably this is the case with sufficiently potent crack, which would explain a few things in here.
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.109 |
|
11-Jan-2022 |
jsing |
Remove peer_pkeys from SSL_SESSION.
peer_pkeys comes from some world where peers can send multiple certificates - in fact, one of each known type. Since we do not live in such a world, get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2 and TLSv1.3, both clients and servers can only send a single leaf (aka end-entity) certificate).
ok inoguchi@ tb@
|
#
1.108 |
|
11-Jan-2022 |
jsing |
Rename 'peer' to 'peer_cert' in SSL_SESSION.
The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful.
ok inoguchi@ tb@
|
#
1.107 |
|
08-Jan-2022 |
jsing |
Merge SESS_CERT into SSL_SESSION.
There is no reason for SESS_CERT to exist - remove it and merge its members into SSL_SESSION for the time being. More clean up to follow.
ok inoguchi@ tb@
|
#
1.106 |
|
25-Oct-2021 |
jsing |
Fold SSL_SESSION_INTERNAL back into SSL_SESSION.
ok beck@ tb@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.105 |
|
08-Sep-2021 |
tb |
Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs
ok jsing
|
#
1.104 |
|
16-May-2021 |
jsing |
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*
Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
|
#
1.103 |
|
10-May-2021 |
tb |
Provide SSL_SESSION_get0_cipher(3)
ok jsing
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.102 |
|
20-Feb-2021 |
jsing |
Handle DTLS1_2_VERSION in various places.
ok tb@
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.123 |
|
19-Nov-2023 |
tb |
Unifdef OPENSSL_NO_ENGINE in libssl
As usual, a few manual fixes to avoid duplicate lines.
ok jsing
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.122 |
|
08-Jul-2023 |
beck |
Hide all public symbols in libssl
With the guentherizer 9000
ok tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.121 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
#
1.120 |
|
20-Oct-2022 |
tb |
Provide ssl_session_dup()
SSL_SESSION_dup() is a currently essentially unused public OpenSSL 1.1.1 API. Add a version that does not duplicate the secrets for internal use. If the public API should be needed, we can easily make it a wrapper.
ok jsing
|
#
1.119 |
|
20-Oct-2022 |
tb |
Clean up resumption master secret in SSL_SESSION_free()
ok jsing
|
#
1.118 |
|
02-Oct-2022 |
jsing |
Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.
These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL.
Prompted by tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.117 |
|
17-Aug-2022 |
jsing |
Deduplicate peer certificate chain processing code.
Rather than reimplement this in each TLS client and server, deduplicate it into a single function. Furthermore, rather than dealing with the API hazard that is SSL_get_peer_cert_chain() in this code, simply produce two chains - one that has the leaf and one that does not. SSL_get_peer_cert_chain() can then return the appropriate one.
This also moves the peer cert chain from the SSL_SESSION to the SSL_HANDSHAKE, which makes more sense since it is not available on resumption.
ok tb@
|
#
1.116 |
|
07-Jun-2022 |
tb |
Use CBS_write_bytes() instead of manual unpacking of a CBS and assigning length and using memcpy(). This also provides a missing overflow check (which is done by the only caller, however).
ok jsing
|
#
1.115 |
|
07-Jun-2022 |
tb |
Simplify various CBS_write_bytes() calls
Now that session_id_length is a size_t, we can pass it directly to CBS_write_bytes() instead of using a temporary variable.
ok jsing
|
#
1.114 |
|
07-Jun-2022 |
tb |
Tweak readability of a test: compare tmp explicitly against 0 and drop redundant parentheses.
ok jsing
|
#
1.113 |
|
07-Jun-2022 |
tb |
Add a cast to SSL_SESSION_get_id() to indicate that session_id_length is deliberately reduced to an unsigned int. Since the session_id is at most 32 bytes, this is not a concern.
ok jsing
|
#
1.112 |
|
07-Jun-2022 |
tb |
fix indent
|
#
1.111 |
|
07-Jun-2022 |
tb |
Unindent and simplify remove_session_lock()
ok jsing (who informs me he had the same diff in his jungle)
|
#
1.110 |
|
06-Jun-2022 |
tb |
Fix comment + spacing.
Apparently 60 * 5 + 4 seconds is 5 minutes. Presumably this is the case with sufficiently potent crack, which would explain a few things in here.
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.109 |
|
11-Jan-2022 |
jsing |
Remove peer_pkeys from SSL_SESSION.
peer_pkeys comes from some world where peers can send multiple certificates - in fact, one of each known type. Since we do not live in such a world, get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2 and TLSv1.3, both clients and servers can only send a single leaf (aka end-entity) certificate).
ok inoguchi@ tb@
|
#
1.108 |
|
11-Jan-2022 |
jsing |
Rename 'peer' to 'peer_cert' in SSL_SESSION.
The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful.
ok inoguchi@ tb@
|
#
1.107 |
|
08-Jan-2022 |
jsing |
Merge SESS_CERT into SSL_SESSION.
There is no reason for SESS_CERT to exist - remove it and merge its members into SSL_SESSION for the time being. More clean up to follow.
ok inoguchi@ tb@
|
#
1.106 |
|
25-Oct-2021 |
jsing |
Fold SSL_SESSION_INTERNAL back into SSL_SESSION.
ok beck@ tb@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.105 |
|
08-Sep-2021 |
tb |
Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs
ok jsing
|
#
1.104 |
|
16-May-2021 |
jsing |
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*
Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
|
#
1.103 |
|
10-May-2021 |
tb |
Provide SSL_SESSION_get0_cipher(3)
ok jsing
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.102 |
|
20-Feb-2021 |
jsing |
Handle DTLS1_2_VERSION in various places.
ok tb@
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.122 |
|
08-Jul-2023 |
beck |
Hide all public symbols in libssl
With the guentherizer 9000
ok tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.121 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
#
1.120 |
|
20-Oct-2022 |
tb |
Provide ssl_session_dup()
SSL_SESSION_dup() is a currently essentially unused public OpenSSL 1.1.1 API. Add a version that does not duplicate the secrets for internal use. If the public API should be needed, we can easily make it a wrapper.
ok jsing
|
#
1.119 |
|
20-Oct-2022 |
tb |
Clean up resumption master secret in SSL_SESSION_free()
ok jsing
|
#
1.118 |
|
02-Oct-2022 |
jsing |
Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.
These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL.
Prompted by tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.117 |
|
17-Aug-2022 |
jsing |
Deduplicate peer certificate chain processing code.
Rather than reimplement this in each TLS client and server, deduplicate it into a single function. Furthermore, rather than dealing with the API hazard that is SSL_get_peer_cert_chain() in this code, simply produce two chains - one that has the leaf and one that does not. SSL_get_peer_cert_chain() can then return the appropriate one.
This also moves the peer cert chain from the SSL_SESSION to the SSL_HANDSHAKE, which makes more sense since it is not available on resumption.
ok tb@
|
#
1.116 |
|
07-Jun-2022 |
tb |
Use CBS_write_bytes() instead of manual unpacking of a CBS and assigning length and using memcpy(). This also provides a missing overflow check (which is done by the only caller, however).
ok jsing
|
#
1.115 |
|
07-Jun-2022 |
tb |
Simplify various CBS_write_bytes() calls
Now that session_id_length is a size_t, we can pass it directly to CBS_write_bytes() instead of using a temporary variable.
ok jsing
|
#
1.114 |
|
07-Jun-2022 |
tb |
Tweak readability of a test: compare tmp explicitly against 0 and drop redundant parentheses.
ok jsing
|
#
1.113 |
|
07-Jun-2022 |
tb |
Add a cast to SSL_SESSION_get_id() to indicate that session_id_length is deliberately reduced to an unsigned int. Since the session_id is at most 32 bytes, this is not a concern.
ok jsing
|
#
1.112 |
|
07-Jun-2022 |
tb |
fix indent
|
#
1.111 |
|
07-Jun-2022 |
tb |
Unindent and simplify remove_session_lock()
ok jsing (who informs me he had the same diff in his jungle)
|
#
1.110 |
|
06-Jun-2022 |
tb |
Fix comment + spacing.
Apparently 60 * 5 + 4 seconds is 5 minutes. Presumably this is the case with sufficiently potent crack, which would explain a few things in here.
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.109 |
|
11-Jan-2022 |
jsing |
Remove peer_pkeys from SSL_SESSION.
peer_pkeys comes from some world where peers can send multiple certificates - in fact, one of each known type. Since we do not live in such a world, get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2 and TLSv1.3, both clients and servers can only send a single leaf (aka end-entity) certificate).
ok inoguchi@ tb@
|
#
1.108 |
|
11-Jan-2022 |
jsing |
Rename 'peer' to 'peer_cert' in SSL_SESSION.
The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful.
ok inoguchi@ tb@
|
#
1.107 |
|
08-Jan-2022 |
jsing |
Merge SESS_CERT into SSL_SESSION.
There is no reason for SESS_CERT to exist - remove it and merge its members into SSL_SESSION for the time being. More clean up to follow.
ok inoguchi@ tb@
|
#
1.106 |
|
25-Oct-2021 |
jsing |
Fold SSL_SESSION_INTERNAL back into SSL_SESSION.
ok beck@ tb@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.105 |
|
08-Sep-2021 |
tb |
Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs
ok jsing
|
#
1.104 |
|
16-May-2021 |
jsing |
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*
Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
|
#
1.103 |
|
10-May-2021 |
tb |
Provide SSL_SESSION_get0_cipher(3)
ok jsing
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.102 |
|
20-Feb-2021 |
jsing |
Handle DTLS1_2_VERSION in various places.
ok tb@
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.121 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
#
1.120 |
|
20-Oct-2022 |
tb |
Provide ssl_session_dup()
SSL_SESSION_dup() is a currently essentially unused public OpenSSL 1.1.1 API. Add a version that does not duplicate the secrets for internal use. If the public API should be needed, we can easily make it a wrapper.
ok jsing
|
#
1.119 |
|
20-Oct-2022 |
tb |
Clean up resumption master secret in SSL_SESSION_free()
ok jsing
|
#
1.118 |
|
02-Oct-2022 |
jsing |
Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.
These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL.
Prompted by tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.117 |
|
17-Aug-2022 |
jsing |
Deduplicate peer certificate chain processing code.
Rather than reimplement this in each TLS client and server, deduplicate it into a single function. Furthermore, rather than dealing with the API hazard that is SSL_get_peer_cert_chain() in this code, simply produce two chains - one that has the leaf and one that does not. SSL_get_peer_cert_chain() can then return the appropriate one.
This also moves the peer cert chain from the SSL_SESSION to the SSL_HANDSHAKE, which makes more sense since it is not available on resumption.
ok tb@
|
#
1.116 |
|
07-Jun-2022 |
tb |
Use CBS_write_bytes() instead of manual unpacking of a CBS and assigning length and using memcpy(). This also provides a missing overflow check (which is done by the only caller, however).
ok jsing
|
#
1.115 |
|
07-Jun-2022 |
tb |
Simplify various CBS_write_bytes() calls
Now that session_id_length is a size_t, we can pass it directly to CBS_write_bytes() instead of using a temporary variable.
ok jsing
|
#
1.114 |
|
07-Jun-2022 |
tb |
Tweak readability of a test: compare tmp explicitly against 0 and drop redundant parentheses.
ok jsing
|
#
1.113 |
|
07-Jun-2022 |
tb |
Add a cast to SSL_SESSION_get_id() to indicate that session_id_length is deliberately reduced to an unsigned int. Since the session_id is at most 32 bytes, this is not a concern.
ok jsing
|
#
1.112 |
|
07-Jun-2022 |
tb |
fix indent
|
#
1.111 |
|
07-Jun-2022 |
tb |
Unindent and simplify remove_session_lock()
ok jsing (who informs me he had the same diff in his jungle)
|
#
1.110 |
|
06-Jun-2022 |
tb |
Fix comment + spacing.
Apparently 60 * 5 + 4 seconds is 5 minutes. Presumably this is the case with sufficiently potent crack, which would explain a few things in here.
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.109 |
|
11-Jan-2022 |
jsing |
Remove peer_pkeys from SSL_SESSION.
peer_pkeys comes from some world where peers can send multiple certificates - in fact, one of each known type. Since we do not live in such a world, get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2 and TLSv1.3, both clients and servers can only send a single leaf (aka end-entity) certificate).
ok inoguchi@ tb@
|
#
1.108 |
|
11-Jan-2022 |
jsing |
Rename 'peer' to 'peer_cert' in SSL_SESSION.
The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful.
ok inoguchi@ tb@
|
#
1.107 |
|
08-Jan-2022 |
jsing |
Merge SESS_CERT into SSL_SESSION.
There is no reason for SESS_CERT to exist - remove it and merge its members into SSL_SESSION for the time being. More clean up to follow.
ok inoguchi@ tb@
|
#
1.106 |
|
25-Oct-2021 |
jsing |
Fold SSL_SESSION_INTERNAL back into SSL_SESSION.
ok beck@ tb@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.105 |
|
08-Sep-2021 |
tb |
Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs
ok jsing
|
#
1.104 |
|
16-May-2021 |
jsing |
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*
Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
|
#
1.103 |
|
10-May-2021 |
tb |
Provide SSL_SESSION_get0_cipher(3)
ok jsing
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.102 |
|
20-Feb-2021 |
jsing |
Handle DTLS1_2_VERSION in various places.
ok tb@
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.120 |
|
20-Oct-2022 |
tb |
Provide ssl_session_dup()
SSL_SESSION_dup() is a currently essentially unused public OpenSSL 1.1.1 API. Add a version that does not duplicate the secrets for internal use. If the public API should be needed, we can easily make it a wrapper.
ok jsing
|
#
1.119 |
|
20-Oct-2022 |
tb |
Clean up resumption master secret in SSL_SESSION_free()
ok jsing
|
#
1.118 |
|
02-Oct-2022 |
jsing |
Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.
These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL.
Prompted by tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.117 |
|
17-Aug-2022 |
jsing |
Deduplicate peer certificate chain processing code.
Rather than reimplement this in each TLS client and server, deduplicate it into a single function. Furthermore, rather than dealing with the API hazard that is SSL_get_peer_cert_chain() in this code, simply produce two chains - one that has the leaf and one that does not. SSL_get_peer_cert_chain() can then return the appropriate one.
This also moves the peer cert chain from the SSL_SESSION to the SSL_HANDSHAKE, which makes more sense since it is not available on resumption.
ok tb@
|
#
1.116 |
|
07-Jun-2022 |
tb |
Use CBS_write_bytes() instead of manual unpacking of a CBS and assigning length and using memcpy(). This also provides a missing overflow check (which is done by the only caller, however).
ok jsing
|
#
1.115 |
|
07-Jun-2022 |
tb |
Simplify various CBS_write_bytes() calls
Now that session_id_length is a size_t, we can pass it directly to CBS_write_bytes() instead of using a temporary variable.
ok jsing
|
#
1.114 |
|
07-Jun-2022 |
tb |
Tweak readability of a test: compare tmp explicitly against 0 and drop redundant parentheses.
ok jsing
|
#
1.113 |
|
07-Jun-2022 |
tb |
Add a cast to SSL_SESSION_get_id() to indicate that session_id_length is deliberately reduced to an unsigned int. Since the session_id is at most 32 bytes, this is not a concern.
ok jsing
|
#
1.112 |
|
07-Jun-2022 |
tb |
fix indent
|
#
1.111 |
|
07-Jun-2022 |
tb |
Unindent and simplify remove_session_lock()
ok jsing (who informs me he had the same diff in his jungle)
|
#
1.110 |
|
06-Jun-2022 |
tb |
Fix comment + spacing.
Apparently 60 * 5 + 4 seconds is 5 minutes. Presumably this is the case with sufficiently potent crack, which would explain a few things in here.
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.109 |
|
11-Jan-2022 |
jsing |
Remove peer_pkeys from SSL_SESSION.
peer_pkeys comes from some world where peers can send multiple certificates - in fact, one of each known type. Since we do not live in such a world, get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2 and TLSv1.3, both clients and servers can only send a single leaf (aka end-entity) certificate).
ok inoguchi@ tb@
|
#
1.108 |
|
11-Jan-2022 |
jsing |
Rename 'peer' to 'peer_cert' in SSL_SESSION.
The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful.
ok inoguchi@ tb@
|
#
1.107 |
|
08-Jan-2022 |
jsing |
Merge SESS_CERT into SSL_SESSION.
There is no reason for SESS_CERT to exist - remove it and merge its members into SSL_SESSION for the time being. More clean up to follow.
ok inoguchi@ tb@
|
#
1.106 |
|
25-Oct-2021 |
jsing |
Fold SSL_SESSION_INTERNAL back into SSL_SESSION.
ok beck@ tb@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.105 |
|
08-Sep-2021 |
tb |
Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs
ok jsing
|
#
1.104 |
|
16-May-2021 |
jsing |
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*
Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
|
#
1.103 |
|
10-May-2021 |
tb |
Provide SSL_SESSION_get0_cipher(3)
ok jsing
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.102 |
|
20-Feb-2021 |
jsing |
Handle DTLS1_2_VERSION in various places.
ok tb@
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.118 |
|
02-Oct-2022 |
jsing |
Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.
These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL.
Prompted by tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.117 |
|
17-Aug-2022 |
jsing |
Deduplicate peer certificate chain processing code.
Rather than reimplement this in each TLS client and server, deduplicate it into a single function. Furthermore, rather than dealing with the API hazard that is SSL_get_peer_cert_chain() in this code, simply produce two chains - one that has the leaf and one that does not. SSL_get_peer_cert_chain() can then return the appropriate one.
This also moves the peer cert chain from the SSL_SESSION to the SSL_HANDSHAKE, which makes more sense since it is not available on resumption.
ok tb@
|
#
1.116 |
|
07-Jun-2022 |
tb |
Use CBS_write_bytes() instead of manual unpacking of a CBS and assigning length and using memcpy(). This also provides a missing overflow check (which is done by the only caller, however).
ok jsing
|
#
1.115 |
|
07-Jun-2022 |
tb |
Simplify various CBS_write_bytes() calls
Now that session_id_length is a size_t, we can pass it directly to CBS_write_bytes() instead of using a temporary variable.
ok jsing
|
#
1.114 |
|
07-Jun-2022 |
tb |
Tweak readability of a test: compare tmp explicitly against 0 and drop redundant parentheses.
ok jsing
|
#
1.113 |
|
07-Jun-2022 |
tb |
Add a cast to SSL_SESSION_get_id() to indicate that session_id_length is deliberately reduced to an unsigned int. Since the session_id is at most 32 bytes, this is not a concern.
ok jsing
|
#
1.112 |
|
07-Jun-2022 |
tb |
fix indent
|
#
1.111 |
|
07-Jun-2022 |
tb |
Unindent and simplify remove_session_lock()
ok jsing (who informs me he had the same diff in his jungle)
|
#
1.110 |
|
06-Jun-2022 |
tb |
Fix comment + spacing.
Apparently 60 * 5 + 4 seconds is 5 minutes. Presumably this is the case with sufficiently potent crack, which would explain a few things in here.
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.109 |
|
11-Jan-2022 |
jsing |
Remove peer_pkeys from SSL_SESSION.
peer_pkeys comes from some world where peers can send multiple certificates - in fact, one of each known type. Since we do not live in such a world, get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2 and TLSv1.3, both clients and servers can only send a single leaf (aka end-entity) certificate).
ok inoguchi@ tb@
|
#
1.108 |
|
11-Jan-2022 |
jsing |
Rename 'peer' to 'peer_cert' in SSL_SESSION.
The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful.
ok inoguchi@ tb@
|
#
1.107 |
|
08-Jan-2022 |
jsing |
Merge SESS_CERT into SSL_SESSION.
There is no reason for SESS_CERT to exist - remove it and merge its members into SSL_SESSION for the time being. More clean up to follow.
ok inoguchi@ tb@
|
#
1.106 |
|
25-Oct-2021 |
jsing |
Fold SSL_SESSION_INTERNAL back into SSL_SESSION.
ok beck@ tb@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.105 |
|
08-Sep-2021 |
tb |
Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs
ok jsing
|
#
1.104 |
|
16-May-2021 |
jsing |
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*
Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
|
#
1.103 |
|
10-May-2021 |
tb |
Provide SSL_SESSION_get0_cipher(3)
ok jsing
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.102 |
|
20-Feb-2021 |
jsing |
Handle DTLS1_2_VERSION in various places.
ok tb@
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.117 |
|
17-Aug-2022 |
jsing |
Deduplicate peer certificate chain processing code.
Rather than reimplement this in each TLS client and server, deduplicate it into a single function. Furthermore, rather than dealing with the API hazard that is SSL_get_peer_cert_chain() in this code, simply produce two chains - one that has the leaf and one that does not. SSL_get_peer_cert_chain() can then return the appropriate one.
This also moves the peer cert chain from the SSL_SESSION to the SSL_HANDSHAKE, which makes more sense since it is not available on resumption.
ok tb@
|
#
1.116 |
|
07-Jun-2022 |
tb |
Use CBS_write_bytes() instead of manual unpacking of a CBS and assigning length and using memcpy(). This also provides a missing overflow check (which is done by the only caller, however).
ok jsing
|
#
1.115 |
|
07-Jun-2022 |
tb |
Simplify various CBS_write_bytes() calls
Now that session_id_length is a size_t, we can pass it directly to CBS_write_bytes() instead of using a temporary variable.
ok jsing
|
#
1.114 |
|
07-Jun-2022 |
tb |
Tweak readability of a test: compare tmp explicitly against 0 and drop redundant parentheses.
ok jsing
|
#
1.113 |
|
07-Jun-2022 |
tb |
Add a cast to SSL_SESSION_get_id() to indicate that session_id_length is deliberately reduced to an unsigned int. Since the session_id is at most 32 bytes, this is not a concern.
ok jsing
|
#
1.112 |
|
07-Jun-2022 |
tb |
fix indent
|
#
1.111 |
|
07-Jun-2022 |
tb |
Unindent and simplify remove_session_lock()
ok jsing (who informs me he had the same diff in his jungle)
|
#
1.110 |
|
06-Jun-2022 |
tb |
Fix comment + spacing.
Apparently 60 * 5 + 4 seconds is 5 minutes. Presumably this is the case with sufficiently potent crack, which would explain a few things in here.
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.109 |
|
11-Jan-2022 |
jsing |
Remove peer_pkeys from SSL_SESSION.
peer_pkeys comes from some world where peers can send multiple certificates - in fact, one of each known type. Since we do not live in such a world, get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2 and TLSv1.3, both clients and servers can only send a single leaf (aka end-entity) certificate).
ok inoguchi@ tb@
|
#
1.108 |
|
11-Jan-2022 |
jsing |
Rename 'peer' to 'peer_cert' in SSL_SESSION.
The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful.
ok inoguchi@ tb@
|
#
1.107 |
|
08-Jan-2022 |
jsing |
Merge SESS_CERT into SSL_SESSION.
There is no reason for SESS_CERT to exist - remove it and merge its members into SSL_SESSION for the time being. More clean up to follow.
ok inoguchi@ tb@
|
#
1.106 |
|
25-Oct-2021 |
jsing |
Fold SSL_SESSION_INTERNAL back into SSL_SESSION.
ok beck@ tb@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.105 |
|
08-Sep-2021 |
tb |
Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs
ok jsing
|
#
1.104 |
|
16-May-2021 |
jsing |
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*
Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
|
#
1.103 |
|
10-May-2021 |
tb |
Provide SSL_SESSION_get0_cipher(3)
ok jsing
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.102 |
|
20-Feb-2021 |
jsing |
Handle DTLS1_2_VERSION in various places.
ok tb@
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.116 |
|
07-Jun-2022 |
tb |
Use CBS_write_bytes() instead of manual unpacking of a CBS and assigning length and using memcpy(). This also provides a missing overflow check (which is done by the only caller, however).
ok jsing
|
#
1.115 |
|
07-Jun-2022 |
tb |
Simplify various CBS_write_bytes() calls
Now that session_id_length is a size_t, we can pass it directly to CBS_write_bytes() instead of using a temporary variable.
ok jsing
|
#
1.114 |
|
07-Jun-2022 |
tb |
Tweak readability of a test: compare tmp explicitly against 0 and drop redundant parentheses.
ok jsing
|
#
1.113 |
|
07-Jun-2022 |
tb |
Add a cast to SSL_SESSION_get_id() to indicate that session_id_length is deliberately reduced to an unsigned int. Since the session_id is at most 32 bytes, this is not a concern.
ok jsing
|
#
1.112 |
|
07-Jun-2022 |
tb |
fix indent
|
#
1.111 |
|
07-Jun-2022 |
tb |
Unindent and simplify remove_session_lock()
ok jsing (who informs me he had the same diff in his jungle)
|
#
1.110 |
|
06-Jun-2022 |
tb |
Fix comment + spacing.
Apparently 60 * 5 + 4 seconds is 5 minutes. Presumably this is the case with sufficiently potent crack, which would explain a few things in here.
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.109 |
|
11-Jan-2022 |
jsing |
Remove peer_pkeys from SSL_SESSION.
peer_pkeys comes from some world where peers can send multiple certificates - in fact, one of each known type. Since we do not live in such a world, get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2 and TLSv1.3, both clients and servers can only send a single leaf (aka end-entity) certificate).
ok inoguchi@ tb@
|
#
1.108 |
|
11-Jan-2022 |
jsing |
Rename 'peer' to 'peer_cert' in SSL_SESSION.
The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful.
ok inoguchi@ tb@
|
#
1.107 |
|
08-Jan-2022 |
jsing |
Merge SESS_CERT into SSL_SESSION.
There is no reason for SESS_CERT to exist - remove it and merge its members into SSL_SESSION for the time being. More clean up to follow.
ok inoguchi@ tb@
|
#
1.106 |
|
25-Oct-2021 |
jsing |
Fold SSL_SESSION_INTERNAL back into SSL_SESSION.
ok beck@ tb@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.105 |
|
08-Sep-2021 |
tb |
Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs
ok jsing
|
#
1.104 |
|
16-May-2021 |
jsing |
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*
Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
|
#
1.103 |
|
10-May-2021 |
tb |
Provide SSL_SESSION_get0_cipher(3)
ok jsing
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.102 |
|
20-Feb-2021 |
jsing |
Handle DTLS1_2_VERSION in various places.
ok tb@
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.110 |
|
06-Jun-2022 |
tb |
Fix comment + spacing.
Apparently 60 * 5 + 4 seconds is 5 minutes. Presumably this is the case with sufficiently potent crack, which would explain a few things in here.
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.109 |
|
11-Jan-2022 |
jsing |
Remove peer_pkeys from SSL_SESSION.
peer_pkeys comes from some world where peers can send multiple certificates - in fact, one of each known type. Since we do not live in such a world, get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2 and TLSv1.3, both clients and servers can only send a single leaf (aka end-entity) certificate).
ok inoguchi@ tb@
|
#
1.108 |
|
11-Jan-2022 |
jsing |
Rename 'peer' to 'peer_cert' in SSL_SESSION.
The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful.
ok inoguchi@ tb@
|
#
1.107 |
|
08-Jan-2022 |
jsing |
Merge SESS_CERT into SSL_SESSION.
There is no reason for SESS_CERT to exist - remove it and merge its members into SSL_SESSION for the time being. More clean up to follow.
ok inoguchi@ tb@
|
#
1.106 |
|
25-Oct-2021 |
jsing |
Fold SSL_SESSION_INTERNAL back into SSL_SESSION.
ok beck@ tb@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.105 |
|
08-Sep-2021 |
tb |
Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs
ok jsing
|
#
1.104 |
|
16-May-2021 |
jsing |
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*
Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
|
#
1.103 |
|
10-May-2021 |
tb |
Provide SSL_SESSION_get0_cipher(3)
ok jsing
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.102 |
|
20-Feb-2021 |
jsing |
Handle DTLS1_2_VERSION in various places.
ok tb@
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.109 |
|
11-Jan-2022 |
jsing |
Remove peer_pkeys from SSL_SESSION.
peer_pkeys comes from some world where peers can send multiple certificates - in fact, one of each known type. Since we do not live in such a world, get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2 and TLSv1.3, both clients and servers can only send a single leaf (aka end-entity) certificate).
ok inoguchi@ tb@
|
#
1.108 |
|
11-Jan-2022 |
jsing |
Rename 'peer' to 'peer_cert' in SSL_SESSION.
The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful.
ok inoguchi@ tb@
|
#
1.107 |
|
08-Jan-2022 |
jsing |
Merge SESS_CERT into SSL_SESSION.
There is no reason for SESS_CERT to exist - remove it and merge its members into SSL_SESSION for the time being. More clean up to follow.
ok inoguchi@ tb@
|
#
1.106 |
|
25-Oct-2021 |
jsing |
Fold SSL_SESSION_INTERNAL back into SSL_SESSION.
ok beck@ tb@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.105 |
|
08-Sep-2021 |
tb |
Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs
ok jsing
|
#
1.104 |
|
16-May-2021 |
jsing |
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*
Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
|
#
1.103 |
|
10-May-2021 |
tb |
Provide SSL_SESSION_get0_cipher(3)
ok jsing
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.102 |
|
20-Feb-2021 |
jsing |
Handle DTLS1_2_VERSION in various places.
ok tb@
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.107 |
|
08-Jan-2022 |
jsing |
Merge SESS_CERT into SSL_SESSION.
There is no reason for SESS_CERT to exist - remove it and merge its members into SSL_SESSION for the time being. More clean up to follow.
ok inoguchi@ tb@
|
#
1.106 |
|
25-Oct-2021 |
jsing |
Fold SSL_SESSION_INTERNAL back into SSL_SESSION.
ok beck@ tb@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.105 |
|
08-Sep-2021 |
tb |
Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs
ok jsing
|
#
1.104 |
|
16-May-2021 |
jsing |
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*
Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
|
#
1.103 |
|
10-May-2021 |
tb |
Provide SSL_SESSION_get0_cipher(3)
ok jsing
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.102 |
|
20-Feb-2021 |
jsing |
Handle DTLS1_2_VERSION in various places.
ok tb@
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.106 |
|
25-Oct-2021 |
jsing |
Fold SSL_SESSION_INTERNAL back into SSL_SESSION.
ok beck@ tb@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.105 |
|
08-Sep-2021 |
tb |
Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs
ok jsing
|
#
1.104 |
|
16-May-2021 |
jsing |
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*
Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
|
#
1.103 |
|
10-May-2021 |
tb |
Provide SSL_SESSION_get0_cipher(3)
ok jsing
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.102 |
|
20-Feb-2021 |
jsing |
Handle DTLS1_2_VERSION in various places.
ok tb@
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.105 |
|
08-Sep-2021 |
tb |
Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs
ok jsing
|
#
1.104 |
|
16-May-2021 |
jsing |
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*
Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
|
#
1.103 |
|
10-May-2021 |
tb |
Provide SSL_SESSION_get0_cipher(3)
ok jsing
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.102 |
|
20-Feb-2021 |
jsing |
Handle DTLS1_2_VERSION in various places.
ok tb@
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.104 |
|
16-May-2021 |
jsing |
Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*
Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
|
#
1.103 |
|
10-May-2021 |
tb |
Provide SSL_SESSION_get0_cipher(3)
ok jsing
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.102 |
|
20-Feb-2021 |
jsing |
Handle DTLS1_2_VERSION in various places.
ok tb@
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.103 |
|
10-May-2021 |
tb |
Provide SSL_SESSION_get0_cipher(3)
ok jsing
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.102 |
|
20-Feb-2021 |
jsing |
Handle DTLS1_2_VERSION in various places.
ok tb@
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.102 |
|
20-Feb-2021 |
jsing |
Handle DTLS1_2_VERSION in various places.
ok tb@
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.101 |
|
11-Oct-2020 |
jsing |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does.
ok tb@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.100 |
|
19-Sep-2020 |
tb |
Prepare to provide SSL_SESSION_{set,get}_max_early_data()
Since we do not support 0-RTT, these are noops. Some software expects this API to be available if TLS1_3_VERSION is defined.
ok beck jsing
|
#
1.99 |
|
17-Sep-2020 |
jsing |
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types.
ok inoguchi@ millert@
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.98 |
|
14-Sep-2020 |
jsing |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so we do not need to do this check in three different places. Switch to dtls1_get_client_method()/tls1_get_client_method() to find the method - this is a slight change in behaviour, however there is not much point trying to resume a session on something other than a client.
ok beck@
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.97 |
|
02-Sep-2020 |
tb |
KNF and comment tweaks
|
#
1.96 |
|
01-Sep-2020 |
tb |
Zero out data to avoid leaving stack garbage in the tail of the session id in case the copied session id is shorter than SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
|
#
1.95 |
|
01-Sep-2020 |
tb |
The bumping of sess_cb_hit stats can wait until handling of get_session_cb is completed.
|
#
1.94 |
|
01-Sep-2020 |
tb |
In the explanatory comment of ssl_get_prev_session fix the spelling of the function name, document alert and make it fit into 80 columns.
|
#
1.93 |
|
01-Sep-2020 |
tb |
Split session retrieval out of ssl_get_prev_session()
In case the session ticket was empty or missing, an attempt is made to retrieve the session from the internal cache or via a callback. This code can easily be flattened a bit and factored into two functions. I decided to wrap those into a third function to make the call from the switch easier on the eye.
I could have kept the try_session_cache flag, but it now seems rather pointless and awkwardly named anyway, so I took its negation and named it ticket_decrypted.
To top things off, a little bit of polish in the exit path.
ok beck inoguchi jsing (with the usual healthy dose of nits)
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.92 |
|
01-Sep-2020 |
tb |
copy session id directly in ssl_get_prev_session
ssl_get_prev_session() hands the session id down to tls_decrypt_ticket() which then copies it into the session pointer that it is about to return. It's a lot simpler to retrieve the session pointer and copy the session id inside ssl_get_prev_session().
Also, 'goto err' directly in TLS1_TICKET_NOT_DECRYPTED instead of skipping a couple of long if clauses before doing so.
ok inoguchi jsing
|
#
1.91 |
|
01-Sep-2020 |
tb |
indent the only other label in this file
|
#
1.90 |
|
01-Sep-2020 |
tb |
Indent label and remove dangling else
|
#
1.89 |
|
01-Sep-2020 |
tb |
Zap NULL check before SSL_SESSION_free()
|
#
1.88 |
|
01-Sep-2020 |
tb |
Rename the session pointer ret to sess
ret is a confusing name for a pointer in a function that returns int. ret is only returned in the sense that it ultimately replaces the current s->session on success.
|
#
1.87 |
|
31-Aug-2020 |
tb |
Return code tweaks for session ticket handlers
In tls1_process_ticket() and tls_decrypt_ticket() use #defines with descriptive names instead of hardcoding -1 1 2 3 4 and occasionally explaining the magic numbers with comments.
ok beck inoguchi
|
#
1.86 |
|
31-Aug-2020 |
tb |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which may be internal_error others decode_error alerts. Propagate the appropriate alert up to the caller so we can abort the handshake by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass. With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.85 |
|
22-Apr-2019 |
jsing |
Pass the session ID down to the session/ticket handling code as a CBS.
Convert ssl_get_prev_session(), tls1_process_ticket() and tls1_decrypt_ticket() to handle the session ID from the client hello as a CBS. While here also swap the order of arguments for tls1_decrypt_ticket() so that it is consistent with the other functions.
ok tb@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.84 |
|
04-Apr-2019 |
jsing |
This case also needs to be fatal.
|
#
1.83 |
|
01-Apr-2019 |
deraadt |
mark ERR_R_INTERNAL_ERROR instead of assert or _exit, sigh
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.82 |
|
24-Mar-2019 |
deraadt |
do not call assert(), which has a tendency to leave traces of stuff in corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.81 |
|
24-Aug-2018 |
jsing |
Simplify session ticket parsing/handling.
The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.80 |
|
25-Apr-2018 |
tb |
OpenSSL started adding const to functions all over the place. Make all our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step.
this went through a i386 bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.79 |
|
20-Mar-2018 |
tb |
Provide SSL_SESSION_set1_id()
ok jsing
|
#
1.78 |
|
17-Mar-2018 |
beck |
Bring in compatibility for OpenSSL 1.1 style init functions.
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
#
1.77 |
|
17-Mar-2018 |
tb |
Provide SSL_SESSION_get_ticket_lifetime_hint() and SSL_SESSION_has_ticket()
ok jsing
|
#
1.76 |
|
17-Mar-2018 |
tb |
SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *. Noted by schwarze@
ok jsing@
|
#
1.75 |
|
17-Mar-2018 |
jsing |
Provide SSL_SESSION_get0_id_context().
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.74 |
|
22-Feb-2018 |
jsing |
Provide SSL_SESSION_up_ref().
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.73 |
|
20-Feb-2018 |
tb |
Provide SSL_SESSION_get_protocol_version()
ok jsing
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.72 |
|
17-Feb-2018 |
jsing |
Provide SSL_SESSION_get_master_key()
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.71 |
|
10-Apr-2017 |
jsing |
Use freezero() for the internal opaque structures, instead of the current explicit_bzero()/free(). Less code and potentially less overhead.
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.70 |
|
07-Feb-2017 |
beck |
Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
#
1.69 |
|
26-Jan-2017 |
beck |
Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly line wraps that resulted
|
#
1.68 |
|
26-Jan-2017 |
beck |
Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
|
#
1.67 |
|
24-Jan-2017 |
jsing |
Add support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
|
#
1.66 |
|
24-Jan-2017 |
jsing |
sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from the callers.
|
#
1.65 |
|
24-Jan-2017 |
jsing |
ssl_sess_cert_free() checks for NULL, so do not bother doing it at the call sites.
|
#
1.64 |
|
24-Jan-2017 |
jsing |
There is no point in zeroing fields that exist within a struct that is about to be explicit_bzero'd and freed.
|
#
1.63 |
|
23-Jan-2017 |
jsing |
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
|
#
1.62 |
|
23-Jan-2017 |
beck |
Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@
|
#
1.61 |
|
23-Jan-2017 |
jsing |
Move ex_data, next and prev from SSL_SESSION to internal.
ok beck@
|
#
1.60 |
|
23-Jan-2017 |
jsing |
Move most of the fields in SSL_CTX to internal - the ones that remain are known to be in use.
ok beck@
|
#
1.59 |
|
23-Jan-2017 |
beck |
move the callbacks from ssl_st to internal ok jsing@
|
#
1.58 |
|
23-Jan-2017 |
jsing |
Move callback function pointers and argument pointers from SSL_CTX to internal.
ok beck@
|
#
1.57 |
|
23-Jan-2017 |
jsing |
Move not_resumable and sess_cert from SSL_SESSION to internal.
ok beck@
|
#
1.56 |
|
23-Jan-2017 |
jsing |
Move the stats struct from SSL_CTX to internal.
ok beck@
|
#
1.55 |
|
22-Jan-2017 |
beck |
Move internal parts of ssl_session_st to internal ok jsing@
|
#
1.54 |
|
22-Jan-2017 |
jsing |
Convert publically visible structs to translucent structs.
This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary.
This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified.
ok beck@
|
#
1.53 |
|
02-Nov-2016 |
jsing |
Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FN macros. Only change in generated assembly is due to line numbering.
|
#
1.52 |
|
02-Nov-2016 |
jsing |
Wrap some >80 char lines.
|
#
1.51 |
|
04-Sep-2016 |
jsing |
Sort and group functions.
|
#
1.50 |
|
04-Sep-2016 |
jsing |
Expand IMPLEMENT_PEM macros.
No change in generated assembly.
|
#
1.49 |
|
11-Mar-2016 |
mmcc |
X509_free(3) is NULL-safe, so remove NULL checks before its calls.
ok doug@
|
#
1.48 |
|
10-Sep-2015 |
jsing |
Remove support for DTLS_BAD_VER. We do not support non-standard and incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
#
1.47 |
|
10-Sep-2015 |
jsing |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
1.46 |
|
27-Aug-2015 |
doug |
Remove SSLv3 support from LibreSSL.
This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
#
1.45 |
|
21-Jul-2015 |
doug |
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687.
ok bcook@
|
#
1.44 |
|
14-Dec-2014 |
jsing |
Remove trailing whitespace.
|
#
1.43 |
|
08-Nov-2014 |
jsing |
Clean up more SSLv2 remnants.
|
#
1.42 |
|
18-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
#
1.41 |
|
22-Sep-2014 |
jsing |
Refactor and simplify the ECC extension handling. The existing code effectively built two "static" data structures - instead of doing this, just use static data structures to start with.
From OpenSSL (part of a larger commit).
ok miod@
|
#
1.40 |
|
11-Aug-2014 |
jsing |
Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the cipher value is manually written into a buffer, just so the cipher can be located using ssl3_get_cipher_by_char().
ok bcook@ miod@
|
#
1.39 |
|
10-Aug-2014 |
jsing |
Since we no longer need to support SSLv2-style cipher lists, start unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros.
Prompted by similar changes in boringssl.
ok guenther.
|
#
1.38 |
|
13-Jul-2014 |
beck |
The bell tolls for BUF_strdup - Start the migration to using intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
|
#
1.37 |
|
12-Jul-2014 |
jsing |
Apply a large dose of KNF.
|
#
1.36 |
|
11-Jul-2014 |
beck |
Remove the PSK code. We don't need to drag around this baggage. ok miod@ jsing@
|
#
1.35 |
|
10-Jul-2014 |
tedu |
decompress libssl. ok beck jsing
|
#
1.34 |
|
21-Jun-2014 |
tedu |
always compare memcmp against 0, for clarity.
|
#
1.33 |
|
19-Jun-2014 |
tedu |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
|
#
1.32 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.31 |
|
04-Jun-2014 |
tedu |
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry.
|
#
1.30 |
|
31-May-2014 |
jsing |
ECDH and ECDSA will not work overly well if there is no EC, so unifdef OPENSSL_NO_EC.
ok tedu@
|
#
1.29 |
|
31-May-2014 |
jsing |
TLS would not be entirely functional without extensions, so unifdef OPENSSL_NO_TLSEXT.
ok tedu@
|
#
1.28 |
|
28-May-2014 |
jsing |
There is no point in checking if a pointer is non-NULL before calling free, since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable.
ok miod@
|
#
1.27 |
|
05-May-2014 |
tedu |
Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
|
#
1.26 |
|
23-Apr-2014 |
tedu |
whitespace
|
#
1.25 |
|
21-Apr-2014 |
deraadt |
more malloc/realloc/calloc cleanups; ok beck kettenis
|
#
1.24 |
|
20-Apr-2014 |
guenther |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl.
ok tedu@
|
#
1.23 |
|
19-Apr-2014 |
guenther |
More KNF and style consistency tweaks
|
#
1.22 |
|
17-Apr-2014 |
deraadt |
kill REF_PRINT/REF_CHECK debugging framework noone would use ok miod
|
#
1.21 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.20 |
|
16-Apr-2014 |
tedu |
add back SRP. i was being too greedy.
|
#
1.19 |
|
16-Apr-2014 |
tedu |
disentangle SRP code from TLS
|
#
1.18 |
|
16-Apr-2014 |
guenther |
Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally.
ok tedu@ beck@
|
#
1.17 |
|
14-Apr-2014 |
jsing |
First pass at applying KNF to the OpenSSL code, which almost makes it readable. This pass is whitespace only and can readily be verified using tr and md5.
|
#
1.16 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.15 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.14 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.13 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.12 |
|
27-Jun-2006 |
djm |
resolve conflicts
|
#
1.11 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.10 |
|
11-Nov-2003 |
markus |
merge 0.9.7c; minor bugsfixes; API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
|
#
1.9 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.8 |
|
14-Sep-2002 |
markus |
merge with openssl-0.9.7-stable-SNAP-20020911, new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
|
#
1.7 |
|
30-Jul-2002 |
markus |
apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
22-Jun-2001 |
beck |
branches: 1.5.2; 1.5.4; openssl-engine-0.9.6a merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|