Check-in [fefb351fd9]
Not logged in

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:update libressl to version 3.1.2
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: fefb351fd9b4591c923f3910acb82a9c0d964559
User & Date: chw 2020-05-23 09:40:23
Context
2020-05-24
10:10
add tip 574 impl to sdl2tk subdir check-in: 0e7a502a88 user: chw tags: trunk
2020-05-23
11:08
merge with trunk check-in: 0ec1a1a671 user: chw tags: wtf-8-experiment
09:40
update libressl to version 3.1.2 check-in: fefb351fd9 user: chw tags: trunk
09:20
update sqlite to version 3.32.0 check-in: 5b89190272 user: chw tags: trunk
Changes

Changes to jni/libressl/CMakeLists.txt.

295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
		elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "arm")
			set(HOST_ASM_ELF_ARMV4 true)
		elseif(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "i386")
			set(HOST_ASM_ELF_X86_64 true)
		endif()
	elseif(APPLE AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64")
		set(HOST_ASM_MACOSX_X86_64 true)
	elseif(MSVC AND "${CMAKE_GENERATOR}" MATCHES "Win64")
		set(HOST_ASM_MASM_X86_64 true)
		ENABLE_LANGUAGE(ASM_MASM)
	elseif(CMAKE_SYSTEM_NAME MATCHES "MINGW" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64")
		set(HOST_ASM_MINGW64_X86_64 true)
	endif()
endif()








|







295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
		elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "arm")
			set(HOST_ASM_ELF_ARMV4 true)
		elseif(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "i386")
			set(HOST_ASM_ELF_X86_64 true)
		endif()
	elseif(APPLE AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64")
		set(HOST_ASM_MACOSX_X86_64 true)
	elseif(MSVC AND ("${CMAKE_GENERATOR}" MATCHES "Win64" OR "${CMAKE_GENERATOR_PLATFORM}" STREQUAL "x64"))
		set(HOST_ASM_MASM_X86_64 true)
		ENABLE_LANGUAGE(ASM_MASM)
	elseif(CMAKE_SYSTEM_NAME MATCHES "MINGW" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64")
		set(HOST_ASM_MINGW64_X86_64 true)
	endif()
endif()

Changes to jni/libressl/ChangeLog.

24
25
26
27
28
29
30





31
32
33
34
35
36
37
The portable bits of the project are largely maintained out-of-tree, and their
history is also available from Git.

	https://github.com/libressl-portable/portable

LibreSSL Portable Release Notes:






3.1.1 - Stable release

	* Improved cipher suite handling to automatically include TLSv1.3
	  cipher suites when they are not explicitly referred to in the
	  cipher string.

	* Improved handling of TLSv1.3 HelloRetryRequests, simplifying







>
>
>
>
>







24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
The portable bits of the project are largely maintained out-of-tree, and their
history is also available from Git.

	https://github.com/libressl-portable/portable

LibreSSL Portable Release Notes:

3.1.2 - Bug fix

	* A TLS client with peer verification disabled may crash when
	  contacting a server that sends an empty certificate list.

3.1.1 - Stable release

	* Improved cipher suite handling to automatically include TLSv1.3
	  cipher suites when they are not explicitly referred to in the
	  cipher string.

	* Improved handling of TLSv1.3 HelloRetryRequests, simplifying

Changes to jni/libressl/VERSION.

1
2
3.1.1

|

1
2
3.1.2

Changes to jni/libressl/configure.

1
2
3
4
5
6
7
8
9
10
...
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
....
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
....
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
....
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
....
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
....
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
.....
14883
14884
14885
14886
14887
14888
14889
14890
14891
14892
14893
14894
14895
14896
14897
.....
14940
14941
14942
14943
14944
14945
14946
14947
14948
14949
14950
14951
14952
14953
14954
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for libressl 3.1.1.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
#
#
# This configure script is free software; the Free Software Foundation
# gives unlimited permission to copy, distribute and modify it.
................................................................................
subdirs=
MFLAGS=
MAKEFLAGS=

# Identity of this package.
PACKAGE_NAME='libressl'
PACKAGE_TARNAME='libressl'
PACKAGE_VERSION='3.1.1'
PACKAGE_STRING='libressl 3.1.1'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''

# Factoring default headers for most tests.
ac_includes_default="\
#include <stdio.h>
#ifdef HAVE_SYS_TYPES_H
................................................................................
#
# Report the --help message.
#
if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
\`configure' configures libressl 3.1.1 to adapt to many kinds of systems.

Usage: $0 [OPTION]... [VAR=VALUE]...

To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE.  See below for descriptions of some of the useful variables.

Defaults for the options are specified in brackets.
................................................................................
  --build=BUILD     configure for building on BUILD [guessed]
  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
_ACEOF
fi

if test -n "$ac_init_help"; then
  case $ac_init_help in
     short | recursive ) echo "Configuration of libressl 3.1.1:";;
   esac
  cat <<\_ACEOF

Optional Features:
  --disable-option-checking  ignore unrecognized --enable/--with options
  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
................................................................................
    cd "$ac_pwd" || { ac_status=$?; break; }
  done
fi

test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
  cat <<\_ACEOF
libressl configure 3.1.1
generated by GNU Autoconf 2.69

Copyright (C) 2012 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
_ACEOF
  exit
................................................................................
  as_fn_set_status $ac_retval

} # ac_fn_c_compute_int
cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

It was created by libressl $as_me 3.1.1, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  $ $0 $@

_ACEOF
exec 5>>config.log
{
................................................................................
    CYGPATH_W=echo
  fi
fi


# Define the identity of the package.
 PACKAGE='libressl'
 VERSION='3.1.1'


cat >>confdefs.h <<_ACEOF
#define PACKAGE "$PACKAGE"
_ACEOF


................................................................................
test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1

cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# Save the log message, to keep $0 and so on meaningful, and to
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by libressl $as_me 3.1.1, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  CONFIG_FILES    = $CONFIG_FILES
  CONFIG_HEADERS  = $CONFIG_HEADERS
  CONFIG_LINKS    = $CONFIG_LINKS
  CONFIG_COMMANDS = $CONFIG_COMMANDS
  $ $0 $@
................................................................................

Report bugs to the package provider."

_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
libressl config.status 3.1.1
configured by $0, generated by GNU Autoconf 2.69,
  with options \\"\$ac_cs_config\\"

Copyright (C) 2012 Free Software Foundation, Inc.
This config.status script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it."



|







 







|
|







 







|







 







|







 







|







 







|







 







|







 







|







 







|







1
2
3
4
5
6
7
8
9
10
...
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
....
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
....
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
....
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
....
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
....
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
.....
14883
14884
14885
14886
14887
14888
14889
14890
14891
14892
14893
14894
14895
14896
14897
.....
14940
14941
14942
14943
14944
14945
14946
14947
14948
14949
14950
14951
14952
14953
14954
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for libressl 3.1.2.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
#
#
# This configure script is free software; the Free Software Foundation
# gives unlimited permission to copy, distribute and modify it.
................................................................................
subdirs=
MFLAGS=
MAKEFLAGS=

# Identity of this package.
PACKAGE_NAME='libressl'
PACKAGE_TARNAME='libressl'
PACKAGE_VERSION='3.1.2'
PACKAGE_STRING='libressl 3.1.2'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''

# Factoring default headers for most tests.
ac_includes_default="\
#include <stdio.h>
#ifdef HAVE_SYS_TYPES_H
................................................................................
#
# Report the --help message.
#
if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
\`configure' configures libressl 3.1.2 to adapt to many kinds of systems.

Usage: $0 [OPTION]... [VAR=VALUE]...

To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE.  See below for descriptions of some of the useful variables.

Defaults for the options are specified in brackets.
................................................................................
  --build=BUILD     configure for building on BUILD [guessed]
  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
_ACEOF
fi

if test -n "$ac_init_help"; then
  case $ac_init_help in
     short | recursive ) echo "Configuration of libressl 3.1.2:";;
   esac
  cat <<\_ACEOF

Optional Features:
  --disable-option-checking  ignore unrecognized --enable/--with options
  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
................................................................................
    cd "$ac_pwd" || { ac_status=$?; break; }
  done
fi

test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
  cat <<\_ACEOF
libressl configure 3.1.2
generated by GNU Autoconf 2.69

Copyright (C) 2012 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
_ACEOF
  exit
................................................................................
  as_fn_set_status $ac_retval

} # ac_fn_c_compute_int
cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

It was created by libressl $as_me 3.1.2, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  $ $0 $@

_ACEOF
exec 5>>config.log
{
................................................................................
    CYGPATH_W=echo
  fi
fi


# Define the identity of the package.
 PACKAGE='libressl'
 VERSION='3.1.2'


cat >>confdefs.h <<_ACEOF
#define PACKAGE "$PACKAGE"
_ACEOF


................................................................................
test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1

cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# Save the log message, to keep $0 and so on meaningful, and to
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by libressl $as_me 3.1.2, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  CONFIG_FILES    = $CONFIG_FILES
  CONFIG_HEADERS  = $CONFIG_HEADERS
  CONFIG_LINKS    = $CONFIG_LINKS
  CONFIG_COMMANDS = $CONFIG_COMMANDS
  $ $0 $@
................................................................................

Report bugs to the package provider."

_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
libressl config.status 3.1.2
configured by $0, generated by GNU Autoconf 2.69,
  with options \\"\$ac_cs_config\\"

Copyright (C) 2012 Free Software Foundation, Inc.
This config.status script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it."

Changes to jni/libressl/crypto/CMakeLists.txt.

932
933
934
935
936
937
938
939

940
941
942
943
944
945
946
	set(EXTRA_EXPORT ${EXTRA_EXPORT} timingsafe_memcmp)
endif()

if(NOT ENABLE_ASM)
	add_definitions(-DOPENSSL_NO_ASM)
else()
	if(MSVC)
		if(NOT "${CMAKE_GENERATOR}" MATCHES "Win64")

			add_definitions(-DOPENSSL_NO_ASM)
		endif()
	elseif(WIN32)
		add_definitions(-DOPENSSL_NO_ASM)
	endif()
endif()








|
>







932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
	set(EXTRA_EXPORT ${EXTRA_EXPORT} timingsafe_memcmp)
endif()

if(NOT ENABLE_ASM)
	add_definitions(-DOPENSSL_NO_ASM)
else()
	if(MSVC)
		if((NOT "${CMAKE_GENERATOR}" MATCHES "Win64") AND
		   (NOT "${CMAKE_GENERATOR_PLATFORM}" STREQUAL "x64"))
			add_definitions(-DOPENSSL_NO_ASM)
		endif()
	elseif(WIN32)
		add_definitions(-DOPENSSL_NO_ASM)
	endif()
endif()

Changes to jni/libressl/include/openssl/opensslv.h.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
/* $OpenBSD: opensslv.h,v 1.57 2020/05/06 15:45:22 tb Exp $ */
#ifndef HEADER_OPENSSLV_H
#define HEADER_OPENSSLV_H

/* These will change with each release of LibreSSL-portable */
#define LIBRESSL_VERSION_NUMBER 0x3010100fL
/*                                    ^ Patch starts here   */
#define LIBRESSL_VERSION_TEXT   "LibreSSL 3.1.1"

/* These will never change */
#define OPENSSL_VERSION_NUMBER	0x20000000L
#define OPENSSL_VERSION_TEXT	LIBRESSL_VERSION_TEXT
#define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT

#define SHLIB_VERSION_HISTORY ""
#define SHLIB_VERSION_NUMBER "1.0.0"

#endif /* HEADER_OPENSSLV_H */
|




|

|










1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
/* $OpenBSD: opensslv.h,v 1.57.4.1 2020/05/21 02:27:34 bcook Exp $ */
#ifndef HEADER_OPENSSLV_H
#define HEADER_OPENSSLV_H

/* These will change with each release of LibreSSL-portable */
#define LIBRESSL_VERSION_NUMBER 0x3010200fL
/*                                    ^ Patch starts here   */
#define LIBRESSL_VERSION_TEXT   "LibreSSL 3.1.2"

/* These will never change */
#define OPENSSL_VERSION_NUMBER	0x20000000L
#define OPENSSL_VERSION_TEXT	LIBRESSL_VERSION_TEXT
#define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT

#define SHLIB_VERSION_HISTORY ""
#define SHLIB_VERSION_NUMBER "1.0.0"

#endif /* HEADER_OPENSSLV_H */

Changes to jni/libressl/ssl/Makefile.in.

705
706
707
708
709
710
711

712
713
714
715
716
717
718
	-rm -f ./$(DEPDIR)/ssl_both.Plo
	-rm -f ./$(DEPDIR)/ssl_cert.Plo
	-rm -f ./$(DEPDIR)/ssl_ciph.Plo
	-rm -f ./$(DEPDIR)/ssl_ciphers.Plo
	-rm -f ./$(DEPDIR)/ssl_clnt.Plo
	-rm -f ./$(DEPDIR)/ssl_err.Plo
	-rm -f ./$(DEPDIR)/ssl_init.Plo

	-rm -f ./$(DEPDIR)/ssl_lib.Plo
	-rm -f ./$(DEPDIR)/ssl_methods.Plo
	-rm -f ./$(DEPDIR)/ssl_packet.Plo
	-rm -f ./$(DEPDIR)/ssl_pkt.Plo
	-rm -f ./$(DEPDIR)/ssl_rsa.Plo
	-rm -f ./$(DEPDIR)/ssl_sess.Plo
	-rm -f ./$(DEPDIR)/ssl_sigalgs.Plo







>







705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
	-rm -f ./$(DEPDIR)/ssl_both.Plo
	-rm -f ./$(DEPDIR)/ssl_cert.Plo
	-rm -f ./$(DEPDIR)/ssl_ciph.Plo
	-rm -f ./$(DEPDIR)/ssl_ciphers.Plo
	-rm -f ./$(DEPDIR)/ssl_clnt.Plo
	-rm -f ./$(DEPDIR)/ssl_err.Plo
	-rm -f ./$(DEPDIR)/ssl_init.Plo
	-rm -f ./$(DEPDIR)/ssl_kex.Plo
	-rm -f ./$(DEPDIR)/ssl_lib.Plo
	-rm -f ./$(DEPDIR)/ssl_methods.Plo
	-rm -f ./$(DEPDIR)/ssl_packet.Plo
	-rm -f ./$(DEPDIR)/ssl_pkt.Plo
	-rm -f ./$(DEPDIR)/ssl_rsa.Plo
	-rm -f ./$(DEPDIR)/ssl_sess.Plo
	-rm -f ./$(DEPDIR)/ssl_sigalgs.Plo

Changes to jni/libressl/ssl/tls13_client.c.

1
2
3
4
5
6
7
8
...
582
583
584
585
586
587
588








589
590
591
592
593
594
595
/* $OpenBSD: tls13_client.c,v 1.54 2020/04/28 20:37:22 jsing Exp $ */
/*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
................................................................................
			goto err;

		if (!sk_X509_push(certs, cert))
			goto err;

		cert = NULL;
	}









	/*
	 * At this stage we still have no proof of possession. As such, it would
	 * be preferable to keep the chain and verify once we have successfully
	 * processed the CertificateVerify message.
	 */
	if (ssl_verify_cert_chain(s, certs) <= 0 &&
|







 







>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
...
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
/* $OpenBSD: tls13_client.c,v 1.54.4.1 2020/05/19 20:22:33 tb Exp $ */
/*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
................................................................................
			goto err;

		if (!sk_X509_push(certs, cert))
			goto err;

		cert = NULL;
	}

	/* A server must always provide a non-empty certificate list. */
	if (sk_X509_num(certs) < 1) {
		ctx->alert = SSL_AD_DECODE_ERROR;
		tls13_set_errorx(ctx, TLS13_ERR_NO_PEER_CERTIFICATE, 0,
		    "peer failed to provide a certificate", NULL);
		goto err;
	}

	/*
	 * At this stage we still have no proof of possession. As such, it would
	 * be preferable to keep the chain and verify once we have successfully
	 * processed the CertificateVerify message.
	 */
	if (ssl_verify_cert_chain(s, certs) <= 0 &&

Changes to jni/libressl/ssl/tls13_internal.h.

1
2
3
4
5
6
7
8
..
39
40
41
42
43
44
45

46
47
48
49
50
51
52
/* $OpenBSD: tls13_internal.h,v 1.67 2020/04/28 20:37:22 jsing Exp $ */
/*
 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
................................................................................
#define TLS13_IO_WANT_RETRY	-5 /* Retry the previous call immediately. */
#define TLS13_IO_USE_LEGACY	-6

#define TLS13_ERR_VERIFY_FAILED		16
#define TLS13_ERR_HRR_FAILED		17
#define TLS13_ERR_TRAILING_DATA		18
#define TLS13_ERR_NO_SHARED_CIPHER	19


typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg);
typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *_cbs);
typedef void (*tls13_phh_sent_cb)(void *_cb_arg);
typedef ssize_t (*tls13_read_cb)(void *_buf, size_t _buflen, void *_cb_arg);
typedef ssize_t (*tls13_write_cb)(const void *_buf, size_t _buflen,
    void *_cb_arg);
|







 







>







1
2
3
4
5
6
7
8
..
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
/* $OpenBSD: tls13_internal.h,v 1.67.4.1 2020/05/19 20:22:33 tb Exp $ */
/*
 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
................................................................................
#define TLS13_IO_WANT_RETRY	-5 /* Retry the previous call immediately. */
#define TLS13_IO_USE_LEGACY	-6

#define TLS13_ERR_VERIFY_FAILED		16
#define TLS13_ERR_HRR_FAILED		17
#define TLS13_ERR_TRAILING_DATA		18
#define TLS13_ERR_NO_SHARED_CIPHER	19
#define TLS13_ERR_NO_PEER_CERTIFICATE	21

typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg);
typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *_cbs);
typedef void (*tls13_phh_sent_cb)(void *_cb_arg);
typedef ssize_t (*tls13_read_cb)(void *_buf, size_t _buflen, void *_cb_arg);
typedef ssize_t (*tls13_write_cb)(const void *_buf, size_t _buflen,
    void *_cb_arg);

Changes to jni/libressl/ssl/tls13_legacy.c.

1
2
3
4
5
6
7
8
...
115
116
117
118
119
120
121



122
123
124
125
126
127
128
/*	$OpenBSD: tls13_legacy.c,v 1.3 2020/04/28 20:37:22 jsing Exp $ */
/*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
................................................................................
		break;
	case TLS13_ERR_TRAILING_DATA:
		reason = SSL_R_EXTRA_DATA_IN_MESSAGE;
		break;
	case TLS13_ERR_NO_SHARED_CIPHER:
		reason = SSL_R_NO_SHARED_CIPHER;
		break;



	}

	/* Something (probably libcrypto) already pushed an error on the stack. */
	if (reason == SSL_R_UNKNOWN && ERR_peek_error() != 0)
		return;

	ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file,
|







 







>
>
>







1
2
3
4
5
6
7
8
...
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
/*	$OpenBSD: tls13_legacy.c,v 1.3.4.1 2020/05/19 20:22:33 tb Exp $ */
/*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
................................................................................
		break;
	case TLS13_ERR_TRAILING_DATA:
		reason = SSL_R_EXTRA_DATA_IN_MESSAGE;
		break;
	case TLS13_ERR_NO_SHARED_CIPHER:
		reason = SSL_R_NO_SHARED_CIPHER;
		break;
	case TLS13_ERR_NO_PEER_CERTIFICATE:
		reason = SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE;
		break;
	}

	/* Something (probably libcrypto) already pushed an error on the stack. */
	if (reason == SSL_R_UNKNOWN && ERR_peek_error() != 0)
		return;

	ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file,