#
689a9b7e |
| 03-Feb-2024 |
beck <beck@openbsd.org> |
Remove GOST and STREEBOG support from libssl.
This version of GOST is old and not anywhere close to compliant with modern GOST standards. It is also very intrusive in libssl and makes a mess everywh
Remove GOST and STREEBOG support from libssl.
This version of GOST is old and not anywhere close to compliant with modern GOST standards. It is also very intrusive in libssl and makes a mess everywhere. Efforts to entice a suitably minded anyone to care about it have been unsuccessful.
At this point it is probably best to remove this, and if someone ever showed up who truly needed a working version, it should be a clean implementation from scratch, and have it use something closer to the typical API in libcrypto so it would integrate less painfully here.
This removes it from libssl in preparation for it's removal from libcrypto with a future major bump
ok tb@
show more ...
|
#
8afa8197 |
| 18-Jan-2024 |
tb <tb@openbsd.org> |
Switch from EVP_CIPHER_type() to EVP_CIPHER_nid()
EVP_CIPHER_type() will never return NID_gost89_cnt since it has no associated ASN1_OBJECT. Switching to EVP_CIPHER_nid() has a slight chance of work
Switch from EVP_CIPHER_type() to EVP_CIPHER_nid()
EVP_CIPHER_type() will never return NID_gost89_cnt since it has no associated ASN1_OBJECT. Switching to EVP_CIPHER_nid() has a slight chance of working. Do that before beck applies the flensing knife.
ok beck
show more ...
|
#
56f24513 |
| 08-Jul-2023 |
beck <beck@openbsd.org> |
fix comment to unbreak things that care about warnings ok tb@ krw@
|
#
71e04849 |
| 08-Jul-2023 |
beck <beck@openbsd.org> |
Hide all public symbols in libssl
With the guentherizer 9000
ok tb@
|
#
c9675a23 |
| 26-Nov-2022 |
tb <tb@openbsd.org> |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_l
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
show more ...
|
#
ee4250f6 |
| 11-Nov-2022 |
jsing <jsing@openbsd.org> |
Convert the legacy TLS stack to tls_content.
This converts the legacy TLS stack to tls_content - records are now opened into a tls_content structure, rather than being written back into the same buf
Convert the legacy TLS stack to tls_content.
This converts the legacy TLS stack to tls_content - records are now opened into a tls_content structure, rather than being written back into the same buffer that the sealed record was read into.
This will allow for further clean up of the legacy record layer.
ok tb@
show more ...
|
#
f9a06750 |
| 14-Jan-2022 |
tb <tb@openbsd.org> |
Convert the new record layers to opaque EVP_AEAD_CTX
ok jsing
|
#
a0f5591d |
| 23-Oct-2021 |
jsing <jsing@openbsd.org> |
Mop up enc_read_ctx and read_hash.
These are no longer public, so we can mop them up along with the machinery needed to set/clear them.
ok beck@ tb@
|
#
44aae0c1 |
| 30-Aug-2021 |
jsing <jsing@openbsd.org> |
Replace DTLS r_epoch with the read epoch from the TLSv1.2 record layer.
ok inoguchi@ tb@
|
#
609ec8b1 |
| 30-Aug-2021 |
jsing <jsing@openbsd.org> |
Move to an AEAD nonce allocated in the TLSv1.2 record layer.
There is little to gain by mallocing and freeing the AEAD nonce for each record - move to an AEAD nonce allocated for the record layer, w
Move to an AEAD nonce allocated in the TLSv1.2 record layer.
There is little to gain by mallocing and freeing the AEAD nonce for each record - move to an AEAD nonce allocated for the record layer, which matches what we do for TLSv1.3.
ok inoguchi@ tb@
show more ...
|
#
c8e2fc2b |
| 19-Jun-2021 |
jsing <jsing@openbsd.org> |
Provide the ability to set the initial DTLS epoch value.
This allows for regress to test edge cases for epoch handling.
ok tb@
|
#
60ac916a |
| 14-Jun-2021 |
jsing <jsing@openbsd.org> |
Simplify nonce handling in the TLSv1.2 record layer.
Pass the CBS for the sequence number through, which also allows us to do more sensible length checks. Also, add a missing length check while here
Simplify nonce handling in the TLSv1.2 record layer.
Pass the CBS for the sequence number through, which also allows us to do more sensible length checks. Also, add a missing length check while here.
ok inoguchi@ tb@
show more ...
|
#
7b133c71 |
| 16-May-2021 |
jsing <jsing@openbsd.org> |
Absorb SSL_AEAD_CTX into struct tls12_record_protection.
The information contained in SSL_AEAD_CTX really belongs in the tls12_record_protection struct. Absorb SSL_AEAD_CTX, using more appropriate t
Absorb SSL_AEAD_CTX into struct tls12_record_protection.
The information contained in SSL_AEAD_CTX really belongs in the tls12_record_protection struct. Absorb SSL_AEAD_CTX, using more appropriate types in the process.
ok tb@
show more ...
|
#
60497c21 |
| 16-May-2021 |
jsing <jsing@openbsd.org> |
Zero the tls12_record_protection struct instead of individual fields.
In tls12_record_protection_clear(), rather than zeroing or NULLing individual fields once a pointer has been freed, zero the ent
Zero the tls12_record_protection struct instead of individual fields.
In tls12_record_protection_clear(), rather than zeroing or NULLing individual fields once a pointer has been freed, zero the entire struct once the pointers have been dealt with.
ok tb@
show more ...
|
#
2f4e7cfa |
| 05-May-2021 |
jsing <jsing@openbsd.org> |
Replace DTLS w_epoch with epoch from TLSv1.2 record layer.
ok inoguchi@ tb@
|
#
d7351ddf |
| 05-May-2021 |
jsing <jsing@openbsd.org> |
Rewrite TLSv1.2 key block handling.
For TLSv1.2 a single key block is generated, then partitioned into individual secrets for use as IVs and keys. The previous implementation splits this across two
Rewrite TLSv1.2 key block handling.
For TLSv1.2 a single key block is generated, then partitioned into individual secrets for use as IVs and keys. The previous implementation splits this across two functions tls1_setup_key_block() and tls1_change_cipher_state(), which means that the IV and key sizes have to be known in multiple places.
This implementation generates and partitions the key block in a single step, meaning that the secrets are then simply handed out when requested.
ok inoguchi@ tb@
show more ...
|
#
9576522b |
| 19-Apr-2021 |
jsing <jsing@openbsd.org> |
Remove new_sym_enc and new_aead.
These can be replaced with accessors that allow this information to be retrieved from the new record layer.
ok inoguchi@ tb@
|
#
e3ae3cd6 |
| 29-Mar-2021 |
jsing <jsing@openbsd.org> |
Move the TLSv1.2 record number increment into the new record layer.
This adds checks (based on the TLSv1.3 implementation) to ensure that the TLS/DTLS sequence numbers do not wrap, as required by th
Move the TLSv1.2 record number increment into the new record layer.
This adds checks (based on the TLSv1.3 implementation) to ensure that the TLS/DTLS sequence numbers do not wrap, as required by the respective RFCs.
ok inoguchi@ tb@
show more ...
|
#
27e46ee6 |
| 21-Mar-2021 |
tb <tb@openbsd.org> |
Fully initialize rrec in tls12_record_layer_open_record_protected
The CBC code path initializes rrec.padding_length in an indirect fashion and later makes use of it for copying the MAC. This is conf
Fully initialize rrec in tls12_record_layer_open_record_protected
The CBC code path initializes rrec.padding_length in an indirect fashion and later makes use of it for copying the MAC. This is confusing some static analyzers as well as people investigating the whining. Avoid this confusion and add a bit of robustness by clearing the stack variable up front.
ok jsing
show more ...
|
#
2261fe79 |
| 02-Mar-2021 |
jsing <jsing@openbsd.org> |
Separate variable declaration and assignment.
Requested by tb@
|
#
23d98bd4 |
| 02-Mar-2021 |
jsing <jsing@openbsd.org> |
Replace two handrolled tls12_record_protection_engaged().
Noted by tb@
|
#
ffd1a0d4 |
| 02-Mar-2021 |
jsing <jsing@openbsd.org> |
Move key/IV length checks closer to usage sites.
Also add explicit checks against EVP_CIPHER_iv_length() and EVP_CIPHER_key_length().
Requested by tb@ during review.
ok tb@
|
#
747682f9 |
| 02-Mar-2021 |
jsing <jsing@openbsd.org> |
Add tls12_record_protection_unused() and call from CCS functions.
This moves the check closer to where a leak could occur and checks all pointers in the struct.
Suggested by tb@ during review.
ok
Add tls12_record_protection_unused() and call from CCS functions.
This moves the check closer to where a leak could occur and checks all pointers in the struct.
Suggested by tb@ during review.
ok tb@
show more ...
|
#
2935b8f4 |
| 27-Feb-2021 |
jsing <jsing@openbsd.org> |
Move handling of cipher/hash based cipher suites into the new record layer.
ok tb@
|
#
fe0929e2 |
| 27-Feb-2021 |
jsing <jsing@openbsd.org> |
Identify DTLS based on the version major value.
This avoids the need to match specific DTLS version numbers.
|