summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Tell testers which packages to install right away (and why)kn2021-12-023-3/+7
| | | | | | | Other regress tests do it differently; just fix/thouch those that did not mention any package name at all. This helps grepping logs for SKIPPED to find instructions for the next run.
* Remove dead code.jsing2021-12-011-21/+1
|
* Add missing const qualifiers in a number of BN_* manuals.tb2021-11-308-52/+52
| | | | ok schwarze
* last whitespace diff for now.tb2021-11-301-57/+62
|
* KNF for BF_KEYtb2021-11-301-4/+3
|
* Fix some annoying whitespace inconsistencies.tb2021-11-301-20/+20
|
* Provide EVP_CTRL_AEAD_* defines.tb2021-11-301-7/+10
| | | | | | | | | This commit adds generic EVP_CTRL_AEAD_{SET,GET}_TAG and _SET_IVLEN defines and aliases the GCM and CCM versions to those. This is the publicly visible part of OpenSSL's e640fa02005. ok inoguchi jsing
* Align ssl_kex_derive_ecdhe_ecp() with ssl_kex_derive_dhe()tb2021-11-301-10/+10
| | | | | | sk is commonly used for a STACK_OF(), so call the shared key simply key. ok jsing
* s/ECDHE/ECDH/jsing2021-11-301-3/+3
| | | | | | | If we can provide an EC key that is used, then it is by definition non-ephemeral. ok tb@
* Add regress for {d2i,i2d}_{,DSA_,EC_,RSA_}PUBKEY{,_bio}().jsing2021-11-302-1/+570
|
* Crank the number of rounds of Miller-Rabin from 50 to 64tb2021-11-291-4/+7
| | | | | | | | for DSA key generation. From Kurt Roeckx, OpenSSL 74ee3796 ok bcook inoguchi jsing
* Clean up DH_check_pub_key() and ensure that y^q (mod p) == 1.tb2021-11-291-18/+53
| | | | | | | | | | This aligns our behavior with OpenSSL 1.1.1 which includes a mitigation for small subgroup attacks. This did not affect LibreSSL since we do not support X9.42 style parameter files or RFC 5114. The meat of this commit is from Matt Caswell, OpenSSL b128abc3 ok inoguchi jsing
* Increase number of iterations in Miller-Rabin checks for DH.tb2021-11-291-4/+9
| | | | | | | | | | BN_prime_checks is only to be used for random input. Here, the input isn't random, so increase the number of checks. According to https://eprint.iacr.org/2019/032, 64 rounds is suitable. From Jake Massimo, OpenSSL 1.1.1, af6ce3b4 ok inoguchi jsing
* Synchronize DH_check() mostly with OpenSSL 1.1.1 with sometb2021-11-291-32/+47
| | | | | | | | | | | | simplifications and readability tweaks. This ensures in particular that dh->q is suitable if present. Based on work by Stephen Henson and Bernd Edlinger in OpenSSL. Issues with the current implementation found via regression tests in py-cryptography. ok inoguchi jsing
* Provide a version of DH_check_params() for internal use.tb2021-11-291-1/+43
| | | | | | Based on the version in OpenSSL 1.1.1l with minor tweaks. ok inoguchi jsing
* Provide a number of flags for DH_check and DH_check_pubkeytb2021-11-291-1/+5
| | | | | | that will be used in subsequent commits. ok inoguchi jsing
* First pass of converting ssl_kex.c to opaque DH.tb2021-11-291-30/+58
| | | | | | | | | Assign the result of BN_dup() and BN_bn2bin() to local BIGNUMs, then set the factors and pubkey on the dh using DH_set0_{pqg,key}(). A second pass will be done during the upcoming bump. ok jsing
* Hide BIO_s_file_internal() from internal view.tb2021-11-291-2/+4
| | | | ok jsing
* Stop using BIO_s_file_inernal() in libssl.tb2021-11-293-13/+13
| | | | | | | | BIO_s_file_internal() should never have leaked out of libcrypto, but it did. As a first step of getting rid of it, stop using it internally. ok jsing
* Convert server serialisation of DHE parameters/public key to new functions.jsing2021-11-291-24/+3
| | | | ok inoguchi@ tb@
* Factor out/rewrite DHE key exchange.jsing2021-11-293-66/+173
| | | | | | | | | This follows what was done previously for ECDHE EC point key exchange and will allow for deduplication and further code improvement. Convert the TLSv1.2 client to use the new DHE key exchange functions. ok inoguchi@ tb@
* A few sys/param.h annotations lacked ALIGNBYTESderaadt2021-11-291-2/+2
|
* Niels agreed to remove the advertising clause; switching thesedjm2021-11-292-11/+5
| | | | to 3-term BSD license.
* document ASN1_tag2bit(3)schwarze2021-11-281-5/+66
|
* Document ASN1_object_size(3).schwarze2021-11-281-17/+53
| | | | | | | | | While here, * call the function arguments "content_length" rather than just "length" to make it less likely that the reader confuses them with the total length returned by ASN1_object_size(3); * state that only the short form is supported for content_length <= 127; * add the missing STANDARDS section.
* mark ASN1_check_infinite_end() and ASN1_const_check_infinite_end()schwarze2021-11-281-2/+5
| | | | as intentionally undocumented
* new manual page BIO_f_asn1(3)schwarze2021-11-273-3/+233
|
* Fix incomplete initialization bug: BIO_new(BIO_f_asn1()) neglectedschwarze2021-11-271-23/+10
| | | | | | | | | | | | | | | | initializing five of the fields in BIO_ASN1_BUF_CTX (prefix, prefix_free, suffix, suffix_free, ex_arg), inviting a segfault in a subsequent call from the application program to BIO_write(3) because subroutines of that function assume that the function pointers are either NULL or valid. Fix this by using the less error-prone calloc(3) idiom. While here, inline asn1_bio_init() at the only call site in asn1_bio_new() to simplify the code and make it easier to read. Bug found and initial patch by me, this version (with inlining) by and OK tb@.
* make the bn/mont test compile with opaque DH.tb2021-11-261-4/+12
|
* Stop reaching into EVP_PKEY in the rest of libssl.tb2021-11-266-38/+55
| | | | ok inoguchi jsing
* Simplify two weirdly formatted pieces of code in ssl_rsa.c and stoptb2021-11-261-27/+25
| | | | | | reaching into the EVP_PKEY struct. ok inoguchi jsing
* openssl(1): drop support for netscape certificates and server gated keys.tb2021-11-265-138/+12
| | | | ok inoguchi jsing
* spellingjsg2021-11-268-25/+25
| | | | ok schwarze@
* after the bugfix in x509_vfy.c rev. 1.100,schwarze2021-11-261-16/+12
| | | | replace the BUGS section with a shorter CAVEATS section
* Bugfix in X509_get_pubkey_parameters(3):schwarze2021-11-261-3/+5
| | | | | | | | | | If EVP_PKEY_copy_parameters(3) fails - among other reasons, this may happen when out of memory - the pkey argument and/or the chain argument will not contain all the desired parameters after returning. Consequently, report the failure to the caller rather than silently ignoring it. OK tb@
* Simplify the code in X509_get_pubkey_parameters(3)schwarze2021-11-261-8/+4
| | | | | | | | | | | | | | | by using X509_get0_pubkey(3) instead of X509_get_pubkey(3); no functional change. OK tb@ This is similar to the relevant part of the follwoing commit from the OpenSSL 1.1.1 branch, which is still under a free licence, but without the bug that commit introduced into this function in OpenSSL: commit c01ff880d47392b82cce2f93ac4a9bb8c68f8cc7 Author: Dr. Stephen Henson <steve@openssl.org> Date: Mon Dec 14 13:13:32 2015 +0000
* We know how to print a size_t now. Drop a comment and a cast.tb2021-11-251-6/+4
| | | | ok bluhm inoguchi
* Rework this test to compile with opaque RSAtb2021-11-251-282/+427
|
* Document BIO_method_name(3).schwarze2021-11-251-48/+97
| | | | | | | | | | | While here, also improve the rest of the page: * add missing BIO_TYPE_* constants * describe BIO_TYPE_START * better function argument names * more precision in the descriptions and regarding the RETURN VALUES * lots of wording improvements * improve the coding style below EXAMPLES * delete a BUGS section describing cretaceous behaviour
* Resolve last issue with opaque BIGNUM in this test.tb2021-11-251-3/+3
|
* Describe what RES_USE_DNSSEC does and how it's affected by trust-adjca2021-11-241-2/+15
| | | | ok florian@
* Fix OCSP_basic_verify() cert chain construction in case thetb2021-11-241-2/+5
| | | | | | | | OCSP_BASICRESP bs contains no certificates. From David von Oheimb (OpenSSL 121738d1) ok beck
* Simplify slightly by using X509_get0_pubkey() thus eliminating thetb2021-11-241-3/+2
| | | | | | need for EVP_PKEY_free(). ok beck
* Fix a whitespace error that has annoyed me for way too longtb2021-11-241-2/+2
|
* Fix timestamp printing in Signed Certificate Timestampstb2021-11-241-2/+1
| | | | | | | | | Our ASN1_GENERALIZEDTIME_set() doesn't accept time strings with fractional seconds, so don't feed it milliseconds, but only seconds. Ensures that openssl x509 -text prints timestamps instead of skipping them. ok beck jsing
* Add certificate transparency methods to the standard extensions.tb2021-11-241-1/+7
| | | | | | | | This way, CT extensions in certs will be parsed by the new CT code when they are encountered. This gets rid of a lot of gibberish when looking at a cert with 'openssl x509 -text -noout -in server.pem' ok beck jsing
* add the missing const qualifiers below EXAMPLES;schwarze2021-11-241-8/+11
| | | | | | from <Malgorzata dot Olszowka at stunnel dot org> via OpenSSL commit 256989ce in the OpenSSL 1.1.1 branch, which is still under a free license
* document ASN1_item_ndef_i2d(3)schwarze2021-11-241-4/+22
|
* In some situations, the verifier would discard the error on an unvalidatedbeck2021-11-243-50/+91
| | | | | | certificte chain. This would happen when the verification callback was in use, instructing the verifier to continue unconditionally. This could lead to incorrect decisions being made in software.
* Make the certificate transparency code build with the rest of the librarybeck2021-11-248-7/+86
| | | | | | Do not expose it yet, this will wait for an upcoming bump ok tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-26 03:43:23 +0000