summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Factor out a bit of ugly code that truncates the digest to the order_bitstb2018-07-101-32/+32
| | | | | | | | leftmost bits of a longer digest, according to FIPS 183-6, 6.4. Eliminate a microoptimization that only converts the relevant part of the digest to a bignum. ok beck, jsing
* $OpenBSD$tb2018-07-102-1/+2
|
* Now that all *_free() functions are NULL safe, we can generate thetb2018-07-105-239/+123
| | | | | | freenull test from Symbols.list. Suggested by jsing, discussed with beck and bluhm.
* +addsubtb2018-07-101-1/+2
|
* Add simple regression tests for BN_{,u}{add,sub}(3). With input from jcatb2018-07-102-0/+248
|
* Move a detail on tls_connect(3) to its documentation and be a bit moretb2018-07-091-5/+7
| | | | | | explicit about the servername argument of tls_connect_servername(3). input & ok jsing, input & ok schwarze on earlier version
* wording tweak for tls_init() from jsingtb2018-07-091-4/+4
| | | | ok jsing, schwarze
* sync with const changes in x509.h r1.68.tb2018-07-091-4/+4
|
* sync with const changes in evp.h r1.64.tb2018-07-091-3/+3
|
* sync with const changes in bio.h r1.44.tb2018-07-091-3/+3
|
* sync with const changes in bio.h r1.45.tb2018-07-091-10/+10
|
* import the relevant parts of a new ASN1_INTEGER_get(3) manual pageschwarze2018-07-082-1/+240
| | | | from OpenSSL, fixing many bugs and polishing many details
* Simplify and shorten the description of tls_init(3),schwarze2018-07-081-4/+4
| | | | | fixing an awkward wording noticed by tb@. OK tb@
* This code is already painful enough to look at. Putting the braces at thetb2018-06-161-74/+64
| | | | right spot helps this a bit. Other whitespace and typo fixes while there.
* Tiny tweak to the blinding comment.tb2018-06-161-2/+4
|
* Basic cleanup. Handle the possibly NULL ctx_in in ecdsa_sign_setup() withtb2018-06-151-67/+62
| | | | | | | | | | | | the usual idiom. All the allocations are now handled inside conditionals as is usually done in this part of the tree. Turn a few comments into actual sentences and remove a few self-evident ones. Change outdated or cryptic comments into more helpful annotations. In ecdsa_do_verify(), start calculating only after properly truncating the message digest. More consistent variable names: prefer 'order_bits' and 'point' over 'i' and 'tmp_point'. ok jsing
* Clean up some whitespace and polish a few comments. Reduces noise intb2018-06-151-24/+21
| | | | an upcoming diff.
* Use a blinding value when generating an ECDSA signature, in order totb2018-06-141-14/+65
| | | | | | | | reduce the possibility of a side-channel attack leaking the private key. Suggested by Keegan Ryan at NCC Group. With input from and ok jsing
* Use a blinding value when generating a DSA signature, in order to reducejsing2018-06-141-9/+39
| | | | | | | | the possibility of a side-channel attack leaking the private key. Suggested by Keegan Ryan at NCC Group. With input from and ok tb@
* Clarify the digest truncation comment in DSA signature generation.jsing2018-06-141-3/+4
| | | | Requested by and ok tb@
* Pull up the code that converts the digest to a BIGNUM - this only needsjsing2018-06-141-10/+10
| | | | | | | to occur once and not be repeated if the signature generation has to be repeated. ok tb@
* Fix a potential leak/incorrect return value in DSA signature generation.jsing2018-06-141-4/+6
| | | | | | | | | | In the very unlikely case where we have to repeat the signature generation, the DSA_SIG return value has already been allocated. This will either result in a leak when we allocate again on the next iteration, or it will give a false success (with missing signature values) if any error occurs on the next iteration. ok tb@
* Call DSA_SIG_new() instead of hand rolling the same.jsing2018-06-141-5/+2
| | | | ok beck@ tb@
* DSA_SIG_new() amounts to a single calloc() call.jsing2018-06-141-10/+3
| | | | ok beck@ tb@
* style(9), comments and whitespace.jsing2018-06-131-30/+32
|
* Avoid a timing side-channel leak when generating DSA and ECDSA signatures.jsing2018-06-132-7/+4
| | | | | | | | | This is caused by an attempt to do fast modular arithmetic, which introduces branches that leak information regarding secret values. Issue identified and reported by Keegan Ryan of NCC Group. ok beck@ tb@
* zap stray tabsthen2018-06-121-2/+2
|
* Reject excessively large primes in DH key generation. Problem reportedsthen2018-06-121-1/+6
| | | | | | | | | | | by Guido Vranken to OpenSSL (https://github.com/openssl/openssl/pull/6457) and based on his diff. suggestions from tb@, ok tb@ jsing@ "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack."
* fix odd whitespacetb2018-06-101-3/+3
|
* Remove a handrolled GOST_le2bn().jsing2018-06-101-8/+4
| | | | From Dmitry Eremin-Solenikov <dbaryshkov at gmail dot com>.
* Now that all of the server-side client key exchange processing functionsjsing2018-06-101-53/+40
| | | | | | have been converted to CBS, pull it up a level. ok inoguchi@ tb@
* Allocate a dedicated buffer for use when deriving a shared key duringjsing2018-06-031-10/+18
| | | | | | | client KEX DHE processing, rather than reusing the buffer that is used to send/receive handshake messages. ok beck@ inoguchi@
* Check the return value from DH_size() in ssl3_send_client_kex_dhe().jsing2018-06-031-4/+6
| | | | ok beck@ inoguchi@
* Convert ssl3_get_client_kex_ecdhe_ecp() to CBS.jsing2018-06-021-44/+42
| | | | | | | Also allocate a dedicated buffer to hold the shared secret, rather than reusing init_buf. ok inoguchi@ tb@
* Update regress for DES cipher suite removal.jsing2018-06-022-49/+41
|
* Remove the three remaining single DES cipher suites.jsing2018-06-021-49/+1
| | | | | | | | | These are insecure and should not be used - furthermore, we would should not have been allowing their negotiation with TLSv1.2 (as noted by Robert Merget, Juraj Somorovsky and Simon Friedberger). Removing these cipher suites also fixes this issue. ok beck@ inoguchi@
* Zero the client random so that it is easier to spot unintended differences.jsing2018-06-021-0/+1
|
* Add a const qualifier to the argument of UI_method_get_closer(),tb2018-06-022-14/+14
| | | | | | | | | UI_method_get_flusher(), UI_method_get_opener(), UI_method_get_prompt_constructor(), UI_method_get_reader(), and UI_method_get_writer(). tested in a bulk build by sthen ok jsing
* Add const to the argument of the following callback getters:tb2018-06-022-18/+18
| | | | | | | | BIO_meth_get_callback_ctrl, BIO_meth_get_create, BIO_meth_get_ctrl, BIO_meth_get_destroy, BIO_meth_get_gets, BIO_meth_get_puts, BIO_meth_get_read, and BIO_meth_get_write. ok jsing
* Add const to both arguments of X509_certificate_type() and clean uptb2018-05-302-17/+10
| | | | | | | | | | | | | a little: Use X509_get0_pubkey() in place of X509_get_pubkey() and EVP_PKEY_free(). Check return value of the former in the appropriate place and simplify the logic for dealing with the potentially NULL pkey argument (includes a neat tweak from jsing). Finally, kill an ugly comment that has been rotting for twenty years and merge the lines around it. tested in a bulk build by sthen ok jsing
* Add a const qualifier to the argument of EVP_PKEY_size().tb2018-05-302-4/+4
| | | | | tested in a bulk build by sthen ok jsing
* Add a const qualifier to the `name' argument oftb2018-05-302-6/+8
| | | | | | | X509_NAME_get_index_by_{OBJ,NID}(). tested in a bulk build by sthen suggested by & ok jsing
* Add a const qualifier to the `uni' argument of OPENSSL_uni2asc().tb2018-05-302-4/+4
| | | | | tested in a bulk build by sthen ok jsing
* Add a const qualifier to the return value of BIO_s_file().tb2018-05-302-5/+5
| | | | | tested in a bulk build by sthen ok bcook, jsing
* minor markup improvement: .Fa *cctx -> .Pf * Fa cctxschwarze2018-05-261-3/+3
|
* Quote .Fa arguments containing blanks.schwarze2018-05-261-4/+4
| | | | Diff from Jack Burton <jack at saosce dot com dot au>.
* As calloc does the zeroing for us in EVP_PKEY_asn1_new() already, no needtb2018-05-241-42/+10
| | | | | | | | to do it a second time by hand, badly. While here, do some style cleanup. This incomplete list of function pointers appears in EVP_PKEY_asn1_copy() as well, fix it by adding sig_print to the members copied over. ok bcook
* In ui.h rev. 1.10 2018/05/19 11:03:33, tb@ added a const qualifierschwarze2018-05-191-3/+3
| | | | to the argument of UI_create_method(3). Adjust the manual.
* In x509.h rev. 1.67 2018/05/19 10:58:08, tb@ added a const qualifierschwarze2018-05-191-2/+2
| | | | | to the ASN1_OBJECT argment of X509_NAME_add_entry_by_OBJ(3). Adjust the manual.
* In asn1.h rev. 1.49 2018/05/19 10:46:28, tb@ added a const qualifierschwarze2018-05-191-3/+3
| | | | to the input argument of ASN1_STRING_to_UTF8(3). Adjust the manual.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-24 15:11:07 +0000