summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Enable CMS in LibreSSL.jsing2019-11-023-2/+135
| | | | ok bcook@ deraadt@ inoguchi@ job@ tb@
* Provide tls_conn_cipher_strength().jsing2019-11-024-3/+15
| | | | | | | | | This returns the strength in bits of the symmetric cipher used for the connection. Diff from gilles@ ok tb@
* In evp/pmeth_lib.c rev. 1.16, jsing@ enabled EVP_PKEY_RSA_PSS.schwarze2019-11-011-3/+5
| | | | Document it.
* In rsa.h rev. 1.45, jsing@ providedschwarze2019-11-011-8/+16
| | | | | | the three macro constants RSA_PSS_SALTLEN_*; document them. The wording is a combination of our existing text and the wording in the OpenSSL 1.1.1 branch, which is still under a free license.
* Add DSA CMS support.jsing2019-11-011-1/+25
| | | | | | From OpenSSL 1.1.1d. ok tb@
* Add RSA CMS support.jsing2019-11-013-5/+262
| | | | | | From OpenSSL 1.1.1d. ok tb@
* Provide NID for pSpecified.jsing2019-11-012-0/+2
| | | | ok tb@
* Wire up PKEY methods for RSA-PSS.jsing2019-11-011-2/+6
| | | | ok tb@
* Wire up ASN.1 methods for RSA-PSS.jsing2019-11-011-1/+5
| | | | ok tb@
* In rsa.h rev. 1.45, jsing@ provided the threeschwarze2019-11-012-6/+64
| | | | | | macros EVP_PKEY_CTX_set_rsa_pss_keygen_*(3); document them. Text mostly taken from the OpenSSL 1.1.1 branch, which is still under a free license, but rearranged to fit the structure of our manual pages.
* move the PSS macros to the end in preparation for adding more macros,schwarze2019-11-011-50/+45
| | | | | reduce text duplication by forming subsections, and some minor corrections
* The EVP_PKEY_CTX_ctrl(3) manual page requires additions for RSA-PSSschwarze2019-11-014-267/+358
| | | | but it is growing to excessive size, so split out RSA_pkey_ctx_ctrl(3).
* Update RSA ASN.1 code to handle RSA-PSS.jsing2019-11-014-302/+389
| | | | | | From OpenSSL 1.1.1d. ok tb@
* Clean up RSA_new_method().jsing2019-11-011-40/+24
| | | | | | | | | | Use calloc() instead of malloc() for initialisation and remove explicit zero initialisation of members. This ensures that new members always get initialised. Also use a single error return path, simplifying code. ok tb@
* Add RSA OAEP test for pkeyutl in appstest.shinoguchi2019-10-311-1/+21
|
* In rsa_pmeth.c rev. 1.30, jsing@ set the minimum RSA key lengthschwarze2019-10-311-2/+3
| | | | for RSA key generation to 512 bits. Document that minimum.
* Add CMS controls for RSA.jsing2019-10-311-1/+8
|
* Add support for RSA-PSS.jsing2019-10-315-65/+370
| | | | | | From OpenSSL 1.1.1d. ok inoguchi@
* Move RSA min modulus to a define and increase from 256 to 512 bits.jsing2019-10-312-4/+6
| | | | | | From OpenSSL 1.1.1d. ok inoguchi@
* Fix indent and indent before labels.jsing2019-10-311-5/+5
|
* Use braces where a statement has both multi-line and single-line blocks.jsing2019-10-311-8/+13
| | | | | | Makes code more robust and reduces differences with OpenSSL. ok inoguchi@
* Add additional validation of key size, message digest size and publicjsing2019-10-311-3/+17
| | | | | | | | exponent. From OpenSSL 1.1.1d. ok inoguchi@
* Clean up some code.jsing2019-10-311-11/+13
| | | | | | | Assign and test, explicitly test against NULL and use calloc() rather than malloc. ok inoguchi@
* Avoid potentially leaking pub_exp in pkey_rsa_copy().jsing2019-10-311-4/+4
| | | | ok inoguchi@
* In rsa.h rev. 1.41, jsing@ provided RSA_pkey_ctx_ctrl(3).schwarze2019-10-291-1/+26
| | | | Write the documentation from scratch.
* merge documentation for several macros EVP_PKEY_CTX_*_rsa_oaep_*(3)schwarze2019-10-291-4/+239
| | | | | | and EVP_PKEY_CTX_*_ecdh_*(3); from Antoine Salon <asalon at vmware dot com> via OpenSSL commit 87103969 Oct 1 14:11:57 2018 -0700 from the OpenSSL 1.1.1 branch, which is still under a free license
* merge documentation for EVP_PKEY_CTX_set1_id(3), EVP_PKEY_CTX_get1_id(3),schwarze2019-10-291-2/+57
| | | | | | and EVP_PKEY_CTX_get1_id_len(3), but make it sound more like English text; from Paul Yang via OpenSSL commit f922dac8 Sep 6 10:36:11 2018 +0800 from the OpenSSL 1.1.1 branch, which is still under a free license
* merge documentation of EVP_PKEY_CTX_set_ec_param_enc(3)schwarze2019-10-291-6/+23
| | | | from Stephen Henson via OpenSSL commit 146ca72c Feb 19 14:35:43 2015 +0000
* correct HISTORY of some RSA control macrosschwarze2019-10-291-5/+26
|
* list supported algorithm ids and clarify how the engine argument is usedschwarze2019-10-291-10/+50
|
* Add two controls that were missed in the previous commit.jsing2019-10-291-1/+13
|
* Update RSA OAEP code.jsing2019-10-292-21/+124
| | | | | | | This syncs the RSA OAEP code with OpenSSL 1.1.1d, correctly handling OAEP padding and providing various OAEP related controls. ok inoguchi@ tb@
* Provide EVP_PKEY_CTX_md().jsing2019-10-292-8/+18
| | | | | | | | | | | | This handles controls with a message digest by name, looks up the message digest and then proxies the control through with the EVP_MD *. This is internal only for now and will be used in upcoming RSA related changes. Based on OpenSSL 1.1.1d. ok inoguchi@ tb@
* Free maskHash when RSA_PSS_PARAMS is freed.jsing2019-10-251-3/+23
| | | | ok tb@
* Service names are still resolved with -nkn2019-10-241-4/+4
| | | | | | | | | Just like pfctl(8)'s -N, this flag only avoid DNS; "nc -vz ::1 socks" still works. Fix documentation by copying pfctl's wording. OK deraadt
* Provide ASN1_TYPE_{,un}pack_sequence().jsing2019-10-242-2/+36
| | | | | | | | These are internal only for now. Based on OpenSSL 1.1.1d. ok inoguchi@
* Provide RSA_OAEP_PARAMS along with ASN.1 encoding/decoding.jsing2019-10-242-2/+97
| | | | | | | | For now these are internal only. From OpenSSL 1.1.1d. ok inoguchi@
* Bump libcrypto, libssl and libtls majors due to changes in struct sizesjsing2019-10-243-6/+6
| | | | and symbol addition.
* Add RSA_PSS_PARAMS pointer to RSA struct.jsing2019-10-241-1/+8
| | | | | | This will be used by upcoming RSA-PSS code. ok tb@
* Add maskHash field to RSA_PSS_PARAMS.jsing2019-10-241-1/+4
| | | | | | | This will be soon used as an optimisation and reduces the differences between OpenSSL. ok tb@
* Provide RSA_pkey_ctx_ctrl().jsing2019-10-243-2/+20
| | | | | | | | | This is a wrapper around EVP_PKEY_CTX_ctrl() which requires the key to be either RSA or RSA-PSS. From OpenSSL 1.1.1d. ok tb@
* Add EVP_PKEY_RSA_PSS.jsing2019-10-241-1/+2
| | | | ok tb@
* Print IP address in verbose modejob2019-10-241-12/+34
| | | | OK kn@
* Revert previous, which works for -N case but causes regress failuresbeck2019-10-231-18/+1
| | | | | | | for tls, since the socket is shut down without calling tls_close(). Since nc appears to have a problem with this in other shutdown() cases I am simply going to bake a new diff for this. noticed by bluhm@.
* Sync RSA_padding_check_PKCS1_OAEP_mgf1().jsing2019-10-171-64/+111
| | | | | | | | | Update RSA_padding_check_PKCS1_OAEP_mgf1() with code from OpenSSL 1.1.1d (with some improvements/corrections to comments). This brings in code to make the padding check constant time. ok inoguchi@ tb@
* Fix -N flag to actually shut down the (entire) socket when the inputbeck2019-10-171-1/+18
| | | | | | | | | | | | | goes away. This allows for using nc in cases where the network server will no longer expect anything after eof, instead of hanging waiting for more input from our end. Additionaly, shut down if tls is in use if either side of the socket goes away, since we higher level TLS operations (tls_read and write) will require the socket to be both readable and writable as we can get TLS_WANT_POLLIN or TLS_WANT_POLLOUT on either operation. deraadt@ buying it. found by sthen@
* Provide err_clear_last_constant_time() as a way of clearing an error fromjsing2019-10-172-1/+24
| | | | | | | | | | the top of the error stack in constant time. This will be used by upcoming RSA changes. From OpenSSL 1.1.1d. ok inoguchi@ tb@
* bump internal version to 3.0.2bcook2019-10-101-2/+2
|
* bump to 3.0.2bcook2019-10-101-2/+2
|
* Use EVP_MAX_MD_SIZE instead of SHA_DIGEST_LENGTH and remove OPENSSL_NO_SHA*jsing2019-10-091-7/+2
| | | | | | conditionals, now that this code handles arbitrary message digests. ok inoguchi@ tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 22:17:31 +0000