Changes in Makefile

Changes in Makefile en Copyright 2015 Java 121bba80cd77ff192f4cb1a26d54aedc0dbc9e2d - Add include path for crypto_arch.h. http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#121bba80cd77ff192f4cb1a26d54aedc0dbc9e2d Add include path for crypto_arch.h. List of files: /openbsd-src/lib/libssl/Makefile Sun, 11 Aug 2024 13:04:46 +0000 jsing <jsing@openbsd.org> 21053144ca097708b2df6de089d7a5607277670c - ssl2.h and ssl23.h join the party in the attic http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#21053144ca097708b2df6de089d7a5607277670c ssl2.h and ssl23.h join the party in the atticNow that the SSL2 client hello support is gone, nothing uses this anymore,except that a few ports still need SSL2_VERSION.ok beck List of files: /openbsd-src/lib/libssl/Makefile Sat, 13 Jul 2024 18:33:18 +0000 tb <tb@openbsd.org> 35058f2b19effcc21f3a702b2a2403ceb98d7e71 - Actually enable namespaced builds in both libcrypto and libssl http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#35058f2b19effcc21f3a702b2a2403ceb98d7e71 Actually enable namespaced builds in both libcrypto and libssl(instead of commiting only one part) List of files: /openbsd-src/lib/libssl/Makefile Tue, 09 Jul 2024 09:39:14 +0000 beck <beck@openbsd.org> b9e57b4b81ec7fe86a6dbf7b3b1bd36cdc3b0190 - Implement RSA key exchange in constant time. http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#b9e57b4b81ec7fe86a6dbf7b3b1bd36cdc3b0190 Implement RSA key exchange in constant time.RSA key exchange is known to have multiple security weaknesses,including being potentially susceptible to padding oracle and timingattacks.The RSA key exchange code that we inherited from OpenSSL was riddledwith timing leaks, many of which we fixed (or minimised) early on.However, a number of issues still remained, particularly thoserelated to libcrypto's RSA decryption and padding checks.Rework the RSA key exchange code such that we decrypt withRSA_NO_PADDING and then check the padding ourselves in constanttime. In this case, the pre-master secret is of a known length,hence the padding is also a known length based on the size of theRSA key. This makes it easy to implement a check that is much saferthan having RSA_private_decrypt() depad for us.Regardless, we still strongly recommend disabling RSA key exchangeand using other key exchange methods that provide perfect forwardsecrecy and do not depend on client generated keys.Thanks to Marcel Maehren, Nurullah Erinola, Robert Merget, JurajSomorovsky, Joerg Schwenk and Hubert Kario for raising these issueswith us at various points in time.ok tb@ List of files: /openbsd-src/lib/libssl/Makefile Tue, 25 Jun 2024 14:10:45 +0000 jsing <jsing@openbsd.org> dfbca035452d51eeca37535ac2612896a0290b66 - Unhook and remove the now even more useless ssl_algs.c than it was before. http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#dfbca035452d51eeca37535ac2612896a0290b66 Unhook and remove the now even more useless ssl_algs.c than it was before.ok jsing List of files: /openbsd-src/lib/libssl/Makefile Wed, 22 Nov 2023 15:55:28 +0000 tb <tb@openbsd.org> 2c1045770ff31e9c42c93f720b2dd8dcd289e017 - unifdef the LIBRESSL_HAS_TLS1_3_[CLIENT|SERVER] goo http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#2c1045770ff31e9c42c93f720b2dd8dcd289e017 unifdef the LIBRESSL_HAS_TLS1_3_[CLIENT|SERVER] gooAnd remove the tendrils. This was useful for transition but we are nowwell past this. List of files: /openbsd-src/lib/libssl/Makefile Thu, 06 Jul 2023 07:56:32 +0000 beck <beck@openbsd.org> 90edf538b0aa19362f9fc79de7e982bb58b15ff3 - Use -Wshadow with clang http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#90edf538b0aa19362f9fc79de7e982bb58b15ff3 Use -Wshadow with clangok jsing (a very long time ago) List of files: /openbsd-src/lib/libssl/Makefile Fri, 05 May 2023 21:23:02 +0000 tb <tb@openbsd.org> ec6848bc68497924e9fc9ce8881742eba4e842d5 - Add support for symbol hiding disabled by default. http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#ec6848bc68497924e9fc9ce8881742eba4e842d5 Add support for symbol hiding disabled by default.Fully explained in libcrypto/README. TL;DR make sure libcryptoand libssl's function calls internally and to each other are viasymbol names that won't get overridden by linking other libraries.Mostly work by guenther@, which will currently be gated behind abuild setting NAMESPACE=yes. once we convert all the symbols tothis method we will do a major bump and pick up the changes.ok tb@ jsing@ List of files: /openbsd-src/lib/libssl/Makefile Fri, 11 Nov 2022 11:25:18 +0000 beck <beck@openbsd.org> ad61876728b30189ae0c1e5139bcb91061b10673 - Deduplicate peer certificate chain processing code. http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#ad61876728b30189ae0c1e5139bcb91061b10673 Deduplicate peer certificate chain processing code.Rather than reimplement this in each TLS client and server, deduplicate itinto a single function. Furthermore, rather than dealing with the APIhazard that is SSL_get_peer_cert_chain() in this code, simply produce twochains - one that has the leaf and one that does not.SSL_get_peer_cert_chain() can then return the appropriate one.This also moves the peer cert chain from the SSL_SESSION to theSSL_HANDSHAKE, which makes more sense since it is not available onresumption.ok tb@ List of files: /openbsd-src/lib/libssl/Makefile Wed, 17 Aug 2022 07:39:19 +0000 jsing <jsing@openbsd.org> f7e8f89fb91b338377370418c53b6831a0023151 - Provide record layer callbacks for QUIC. http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#f7e8f89fb91b338377370418c53b6831a0023151 Provide record layer callbacks for QUIC.QUIC uses TLS to complete the handshake, however unlike normal TLS it doesnot use the TLS record layer, rather it provides its own transport. Thismeans that we need to intercept all communication between the TLS handshakeand the record layer. This allows TLS handshake message writes to bedirected to QUIC, likewise for TLS handshake message reads. Alerts alsoneed to be sent via QUIC, plus it needs to be provided with the traffickeys that are derived by TLS.ok tb@ List of files: /openbsd-src/lib/libssl/Makefile Sun, 24 Jul 2022 14:28:16 +0000 jsing <jsing@openbsd.org> 6638350c69ec4d32e547d28c848067cefd4b31db - Implement the default security level callback http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#6638350c69ec4d32e547d28c848067cefd4b31db Implement the default security level callbackAnd here is where the fun starts. The tentacles will grow everywhere.ok beck jsing sthen List of files: /openbsd-src/lib/libssl/Makefile Tue, 28 Jun 2022 20:40:24 +0000 tb <tb@openbsd.org> a366758fd3d411e3470f56eb3f92718adc0900ac - bio_ssl.c needs to peek into bio_local.h http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#a366758fd3d411e3470f56eb3f92718adc0900ac bio_ssl.c needs to peek into bio_local.h List of files: /openbsd-src/lib/libssl/Makefile Fri, 14 Jan 2022 09:09:30 +0000 tb <tb@openbsd.org> b8e3503d5a72fa2dd94bf4dfb3676d7ef2762ce5 - Rename tls13_key_share to tls_key_share. http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#b8e3503d5a72fa2dd94bf4dfb3676d7ef2762ce5 Rename tls13_key_share to tls_key_share.In preparation to use the key share code in both the TLSv1.3 and legacystacks, rename tls13_key_share to tls_key_share, moving it into the sharedhandshake struct. Further changes will then allow the legacy stack to makeuse of the same code for ephemeral key exchange.ok inoguchi@ tb@ List of files: /openbsd-src/lib/libssl/Makefile Wed, 05 Jan 2022 17:10:02 +0000 jsing <jsing@openbsd.org> f6184395af2f5b642126a6179ade04cb296eea00 - Rename tls13_buffer to tls_buffer. http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#f6184395af2f5b642126a6179ade04cb296eea00 Rename tls13_buffer to tls_buffer.This code will soon be used in the DTLSv1.2 and TLSv1.2 stack. Alsointroduce tls_internal.h and move/rename the read/write/flush callbacks.ok beck@ tb@ List of files: /openbsd-src/lib/libssl/Makefile Sat, 23 Oct 2021 13:12:14 +0000 jsing <jsing@openbsd.org> 8ccc394472c04770d6b419b298c71feb8a152a24 - Factor out the TLSv1.3 code that handles content from TLS records. http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#8ccc394472c04770d6b419b298c71feb8a152a24 Factor out the TLSv1.3 code that handles content from TLS records.Currently, the plaintext content from opened TLS records is handled viathe rbuf code in the TLSv1.3 record layer. Factor this out and provide aseparate struct tls_content, which knows how to track and manipulate thecontent.This makes the TLSv1.3 code cleaner, however it will also soon also be usedto untangle parts of the legacy record layer.ok beck@ tb@ List of files: /openbsd-src/lib/libssl/Makefile Sat, 04 Sep 2021 16:26:12 +0000 jsing <jsing@openbsd.org> d7351ddfc56d8f8db39b9cfe7f04be7eee6b033a - Rewrite TLSv1.2 key block handling. http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#d7351ddfc56d8f8db39b9cfe7f04be7eee6b033a Rewrite TLSv1.2 key block handling.For TLSv1.2 a single key block is generated, then partitioned intoindividual secrets for use as IVs and keys. The previous implementationsplits this across two functions tls1_setup_key_block() andtls1_change_cipher_state(), which means that the IV and key sizes have tobe known in multiple places.This implementation generates and partitions the key block in a singlestep, meaning that the secrets are then simply handed out when requested.ok inoguchi@ tb@ List of files: /openbsd-src/lib/libssl/Makefile Wed, 05 May 2021 10:05:27 +0000 jsing <jsing@openbsd.org> 643d65b6e9fb780188211b156383980513f491f7 - Clean up derivation of finished/peer finished. http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#643d65b6e9fb780188211b156383980513f491f7 Clean up derivation of finished/peer finished.Make this process more readable by having specific client/server functions,calling the correct one based on s->server. This allows to remove variousSSL_ST_ACCEPT/SSL_ST_CONNECT checks, along with duplicate code.ok inoguchi@ tb@ List of files: /openbsd-src/lib/libssl/Makefile Sun, 25 Apr 2021 13:15:22 +0000 jsing <jsing@openbsd.org> f6d60a7a6b9ef5101c7a8c94dcbd7fd0a89488c9 - Merge d1_{clnt,srvr}.c into ssl_{clnt,srvr}.c http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#f6d60a7a6b9ef5101c7a8c94dcbd7fd0a89488c9 Merge d1_{clnt,srvr}.c into ssl_{clnt,srvr}.cThe d1_{clnt,srvr}.c contain a single function each - merge these into thessl_{clnt,srvr}.c, renaming them with an ssl3_ prefix for consistency.ok beck@ tb@ List of files: /openbsd-src/lib/libssl/Makefile Sat, 03 Oct 2020 18:01:55 +0000 jsing <jsing@openbsd.org> acef91a04bad05a857d0fd8af28c5795c0afc5ec - Start replacing the existing TLSv1.2 record layer. http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#acef91a04bad05a857d0fd8af28c5795c0afc5ec Start replacing the existing TLSv1.2 record layer.This takes the same design/approach used in TLSv1.3 and provides anopaque struct that is self contained and cannot reach back into otherlayers. For now this just implements/replaces the writing of recordsfor DTLSv1/TLSv1.0/TLSv1.1/TLSv1.2. In doing so we stop copying theplaintext into the same buffer that is used to transmit to the wire.ok inoguchi@ tb@ List of files: /openbsd-src/lib/libssl/Makefile Sun, 30 Aug 2020 15:40:19 +0000 jsing <jsing@openbsd.org> 4d97159af714fa3a4da75400501d3840d07e13c2 - The check_includes step is incorrect dependency management model for http://src.rcs.uwaterloo.ca:8080/history/openbsd-src/lib/libssl/Makefile#4d97159af714fa3a4da75400501d3840d07e13c2 The check_includes step is incorrect dependency management model forhow our tree gets built. If this was done in all the libraries (imaginesys/dev), it would disrupt the development process hugely. So it shouldnot be done here either. use 'make includes' by hand instead. List of files: /openbsd-src/lib/libssl/Makefile Tue, 09 Jun 2020 16:53:52 +0000 deraadt <deraadt@openbsd.org>