summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix asn1x509 build with opaque structures. Link statically for now.tb2022-01-122-20/+25
|
* Rework Makefile to use regress framework and link asn1basic statically.tb2022-01-122-14/+16
| | | | | It will need this for testing {d2i,i2d}_ASN1_BOOLEAN which will be moved to internal-only in the upcoming bump.
* forgot to zap some dead assignmentstb2022-01-111-4/+4
|
* Add regress for EVP_PKEY_{,public_,param_}check()tb2022-01-112-7/+415
|
* Revise for peer_cert.jsing2022-01-111-6/+6
|
* Remove peer_pkeys from SSL_SESSION.jsing2022-01-116-96/+58
| | | | | | | | | | peer_pkeys comes from some world where peers can send multiple certificates - in fact, one of each known type. Since we do not live in such a world, get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2 and TLSv1.3, both clients and servers can only send a single leaf (aka end-entity) certificate). ok inoguchi@ tb@
* Simplify SSL_get_peer_certificate()jsing2022-01-111-10/+8
| | | | ok inoguchi@ tb@
* Rename 'peer' to 'peer_cert' in SSL_SESSION.jsing2022-01-118-37/+37
| | | | | | | The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful. ok inoguchi@ tb@
* Revise for changes to tls_key_share_peer_public()jsing2022-01-111-2/+4
|
* Plumb decode errors through key share parsing code.jsing2022-01-117-48/+106
| | | | | | | | | | | | Distinguish between decode errors and other errors, so that we can send a SSL_AD_DECODE_ERROR alert when appropriate. Fixes a tlsfuzzer failure, due to it expecting a decode error alert and not receiving one. Prompted by anton@ ok tb@
* Use SSL_AD_INTERNAL_ERROR for non-decoding alerts when parsing keyshares.jsing2022-01-111-4/+10
| | | | ok tb@
* Simplify tlsext_keyshare_server_parse()jsing2022-01-111-9/+5
| | | | | | | SSL_AD_DECODE_ERROR is the default alert for a TLS extension parsing failure - remove the various gotos and simply return 0 instead. ok tb@
* Wrap long linesinoguchi2022-01-111-42/+74
|
* Check function return valueinoguchi2022-01-111-32/+57
|
* Suppress warninginoguchi2022-01-111-1/+3
|
* Compare pointer variable with NULLinoguchi2022-01-111-44/+44
|
* Remove space between '*' and pointer variable.inoguchi2022-01-111-11/+9
|
* Convert openssl(1) smime option handlinginoguchi2022-01-111-357/+744
| | | | | | Apply new option handling to openssl(1) smime and no functional changes. input and ok jsing@
* Convert tls_bio_cb for opaque BIOtb2022-01-101-19/+46
| | | | joint with jsing
* Document EVP_AEAD_CTX_{new,free}() and adjust example code.tb2022-01-101-6/+45
| | | | looks good to jsing
* Unbreak tree. Sorry about that.tb2022-01-101-7/+7
|
* NULL out pointers after transferring them to the DSA object.tb2022-01-101-1/+9
|
* Dedup get_dsa*() code.tb2022-01-101-91/+60
| | | | Pointed out by jsing
* Convert testdsa to accessors for opaque DSAtb2022-01-101-30/+90
| | | | ok inoguchi jsing
* Remove a few unused defines from x509.htb2022-01-101-6/+1
| | | | | | | | As suggested by schwarze, this removes X509_EX_V_{INIT,NETSCAPE_HACK} and X509_EXT_PACK_{STRING,UNKNOWN} ok inoguchi jsing
* Prepare to provide the EVP_MD_meth_* APItb2022-01-102-2/+130
| | | | | | | | | This allows implementations to add their own EVP_MD_METHODs. Only the setters are provided. This is used by erlang for the otp_test_engine. ok inoguchi jsing
* Document openssl pkey -check,-pubcheck and param -checktb2022-01-101-2/+12
|
* Implement openssl pkey -{,pub}check and pkeyparam -checktb2022-01-104-10/+79
| | | | | | | These expose EVP_PKEY_{,public_,param_}check() to the command line. They are currently noops and will be enabled in the upcoming bump. ok inoguchi jsing
* Prepare to provide EVP_PKEY_{public,param}_checktb2022-01-108-8/+146
| | | | | | | | | | | | | | This implements checking of a public key and of key generation parameters for DH and EC keys. With the same logic and setters and const quirks as for EVP_PKEY_check(). There are a couple of quirks: For DH no default EVP_PKEY_check() is implemented, instead EVP_PKEY_param_check() calls DH_check_ex() even though DH_param_check_ex() was added for this purpose. EVP_PKEY_public_check() for EC curves also checks the private key if present. ok inoguchi jsing
* Provide DH_check*_ex and many error codestb2022-01-104-4/+102
| | | | | | | | | | | | | | | | | | | | | DH_check{,_pub_key}_ex() wrap their non-ex versions to translate the flags argument of the original functions into OpenSSL errors. For this almost a dozen new error codes need to be added. DH_params_check{,_ex}() is a new version of DH_check that only performs a cheap subset of the checks. They are needed to implement EVP_PKEY_{public,param}_check() (observe the consistent naming) although the actual implementation of EVP_PKEY_param_check() chose to use DH_check_ex(). As far as I can tell, the only raison d'ĂȘtre of the _ex functions and error codes is to spew them to stderr in a couple of openssl(1) commands. This couldn't have been solved differently... These functions will not be exposed publicly. ok inoguchi jsing
* Prepare to provide EVP_PKEY_check()tb2022-01-108-12/+89
| | | | | | | | | | | | | | | | | | This allows checking the validity of an EVP_PKEY. Only RSA and EC keys are supported. If a check function is set the EVP_PKEY_METHOD, it will be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is used. The default ASN.1 methods wrap RSA_check_key() and EC_KEY_check_key(), respectively. The corresponding setters are EVP_PKEY_{asn1,meth}_set_check(). It is unclear why the PKEY method has no const while the ASN.1 method has const. Requested by tobhe and used by PHP 8.1. Based on OpenSSL commit 2aee35d3 ok inoguchi jsing
* Prevent a double free in EVP_MD_CTX_copy_ex()tb2022-01-101-1/+3
| | | | | | | | NULL out two pointer values after memcpy() to avoid a double free. In the event that both in->pctx and in->md_data are non-NULL and the calloc() of out->md_data fails, a double free could occur. ok inoguchi jsing
* zap trailing whitespacetb2022-01-101-5/+5
|
* Check that the RSA exponent is neither even nor 1 in RSA_check_key()tb2022-01-101-1/+10
| | | | | | Part of OpenSSL commit 464d59a5 ok inoguchi jsing
* Use C99 initializers for test_sha_mdtb2022-01-091-13/+12
| | | | ok inoguchi jsing
* Add an essentially empty comp_local.h and include it where it willtb2022-01-095-4/+22
| | | | | | be needed. discussed with jsing
* ssl_check_srvr_ecc_cert_and_alg() only returns 0/1 - test accordingly.jsing2022-01-091-3/+3
|
* Swap arguments to ssl_check_srvr_ecc_cert_and_alg()jsing2022-01-093-9/+9
| | | | | If a libssl function takes an SSL *, it should normally be the first argument.
* Clean up ssl3_{send,get}_client_kex_gost()jsing2022-01-092-41/+46
| | | | | | | | Fix leaks, use sizeof() instead of hardcoded sizes, actually check return codes, explicit_bzero() the premaster secret on the server side and generally try to kick the GOST kex code into some sort of shape. ok inoguchi@ tb@
* Return 0/1 from ssl3_{send,get}_client_kex_gost()jsing2022-01-092-7/+7
| | | | | | | Like other KEX handling functions, there is no need to return anything other than failure/success here. ok inoguchi@ tb@
* Remove a comment from Captain Obvious.jsing2022-01-091-4/+2
|
* Fix GOST skip certificate verify handling.jsing2022-01-091-19/+11
| | | | | | | | | | | GOST skip certificate verify handling got broken in r1.132 of s3_srvr.c circa 2016. Prior to this, ssl3_get_client_key_exchange() returned an 'extra special' value to indicate that the state machine should skip certificate verify. Fix this by setting and checking the TLS1_FLAGS_SKIP_CERT_VERIFY flag, which is the same as is done in the client. ok inoguchi@ tb@
* Prepare to provide EVP_MD_CTX{,_set}_pkey_ctx()tb2022-01-094-5/+55
| | | | | | | | | | | | | This API with very strange ownership handling is used by Ruby 3.1, unfortunately. For unclear reasons, it was decided that the caller retains ownership of the pctx passed in. EVP_PKEY_CTX aren't refcounted, so a flag was added to make sure that md_ctx->pctx is not freed in EVP_MD_CTX_{cleanup,reset}(). Since EVP_MD_CTX_copy_ex() duplicates the md_ctx->pctx, the flag also needs to be unset on the duplicated EVP_MD_CTX. ok inoguchi jsing
* Clean up pkey handling in ssl3_get_server_key_exchange()jsing2022-01-091-42/+22
| | | | | | | | | | With TLSv1.2 and earlier, the authentication algorithm used to sign the ServerKeyExchange message is dependent on the cipher suite in use and has nothing to do with the key exchange algorithm. As such, check the authentication algorithm based on the cipher suite in ssl3_get_server_key_exchange() and handle things accordingly. ok inoguchi@ tb@
* Increase the max size of allocations, in prep for a large cache implementation.otto2022-01-091-3/+3
|
* Prepare to provide OBJ_length() and OBJ_get0_data()tb2022-01-082-2/+28
| | | | | | | | OBJ_length() turns the int obj->length into a size_t, so add an overflow check. While obj->length should never be negative, who knows... ok jsing
* tiny whitespace tweaktb2022-01-081-2/+2
|
* Merge SESS_CERT into SSL_SESSION.jsing2022-01-088-171/+76
| | | | | | | There is no reason for SESS_CERT to exist - remove it and merge its members into SSL_SESSION for the time being. More clean up to follow. ok inoguchi@ tb@
* Remove commented out CERT_* defines.jsing2022-01-081-7/+1
|
* Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY.jsing2022-01-0810-101/+101
| | | | | | | Nearly all structs in libssl start with an SSL_ suffix, rename CERT and CERT_PKEY for consistency. ok inoguchi@ tb@