summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Use a blinding value when generating a DSA signature, in order to reducejsing2018-06-141-9/+39
| | | | | | | | the possibility of a side-channel attack leaking the private key. Suggested by Keegan Ryan at NCC Group. With input from and ok tb@
* Clarify the digest truncation comment in DSA signature generation.jsing2018-06-141-3/+4
| | | | Requested by and ok tb@
* Pull up the code that converts the digest to a BIGNUM - this only needsjsing2018-06-141-10/+10
| | | | | | | to occur once and not be repeated if the signature generation has to be repeated. ok tb@
* Fix a potential leak/incorrect return value in DSA signature generation.jsing2018-06-141-4/+6
| | | | | | | | | | In the very unlikely case where we have to repeat the signature generation, the DSA_SIG return value has already been allocated. This will either result in a leak when we allocate again on the next iteration, or it will give a false success (with missing signature values) if any error occurs on the next iteration. ok tb@
* Call DSA_SIG_new() instead of hand rolling the same.jsing2018-06-141-5/+2
| | | | ok beck@ tb@
* DSA_SIG_new() amounts to a single calloc() call.jsing2018-06-141-10/+3
| | | | ok beck@ tb@
* style(9), comments and whitespace.jsing2018-06-131-30/+32
|
* Avoid a timing side-channel leak when generating DSA and ECDSA signatures.jsing2018-06-132-7/+4
| | | | | | | | | This is caused by an attempt to do fast modular arithmetic, which introduces branches that leak information regarding secret values. Issue identified and reported by Keegan Ryan of NCC Group. ok beck@ tb@
* zap stray tabsthen2018-06-121-2/+2
|
* Reject excessively large primes in DH key generation. Problem reportedsthen2018-06-121-1/+6
| | | | | | | | | | | by Guido Vranken to OpenSSL (https://github.com/openssl/openssl/pull/6457) and based on his diff. suggestions from tb@, ok tb@ jsing@ "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack."
* fix odd whitespacetb2018-06-101-3/+3
|
* Remove a handrolled GOST_le2bn().jsing2018-06-101-8/+4
| | | | From Dmitry Eremin-Solenikov <dbaryshkov at gmail dot com>.
* Now that all of the server-side client key exchange processing functionsjsing2018-06-101-53/+40
| | | | | | have been converted to CBS, pull it up a level. ok inoguchi@ tb@
* Allocate a dedicated buffer for use when deriving a shared key duringjsing2018-06-031-10/+18
| | | | | | | client KEX DHE processing, rather than reusing the buffer that is used to send/receive handshake messages. ok beck@ inoguchi@
* Check the return value from DH_size() in ssl3_send_client_kex_dhe().jsing2018-06-031-4/+6
| | | | ok beck@ inoguchi@
* Convert ssl3_get_client_kex_ecdhe_ecp() to CBS.jsing2018-06-021-44/+42
| | | | | | | Also allocate a dedicated buffer to hold the shared secret, rather than reusing init_buf. ok inoguchi@ tb@
* Update regress for DES cipher suite removal.jsing2018-06-022-49/+41
|
* Remove the three remaining single DES cipher suites.jsing2018-06-021-49/+1
| | | | | | | | | These are insecure and should not be used - furthermore, we would should not have been allowing their negotiation with TLSv1.2 (as noted by Robert Merget, Juraj Somorovsky and Simon Friedberger). Removing these cipher suites also fixes this issue. ok beck@ inoguchi@
* Zero the client random so that it is easier to spot unintended differences.jsing2018-06-021-0/+1
|
* Add a const qualifier to the argument of UI_method_get_closer(),tb2018-06-022-14/+14
| | | | | | | | | UI_method_get_flusher(), UI_method_get_opener(), UI_method_get_prompt_constructor(), UI_method_get_reader(), and UI_method_get_writer(). tested in a bulk build by sthen ok jsing
* Add const to the argument of the following callback getters:tb2018-06-022-18/+18
| | | | | | | | BIO_meth_get_callback_ctrl, BIO_meth_get_create, BIO_meth_get_ctrl, BIO_meth_get_destroy, BIO_meth_get_gets, BIO_meth_get_puts, BIO_meth_get_read, and BIO_meth_get_write. ok jsing
* Add const to both arguments of X509_certificate_type() and clean uptb2018-05-302-17/+10
| | | | | | | | | | | | | a little: Use X509_get0_pubkey() in place of X509_get_pubkey() and EVP_PKEY_free(). Check return value of the former in the appropriate place and simplify the logic for dealing with the potentially NULL pkey argument (includes a neat tweak from jsing). Finally, kill an ugly comment that has been rotting for twenty years and merge the lines around it. tested in a bulk build by sthen ok jsing
* Add a const qualifier to the argument of EVP_PKEY_size().tb2018-05-302-4/+4
| | | | | tested in a bulk build by sthen ok jsing
* Add a const qualifier to the `name' argument oftb2018-05-302-6/+8
| | | | | | | X509_NAME_get_index_by_{OBJ,NID}(). tested in a bulk build by sthen suggested by & ok jsing
* Add a const qualifier to the `uni' argument of OPENSSL_uni2asc().tb2018-05-302-4/+4
| | | | | tested in a bulk build by sthen ok jsing
* Add a const qualifier to the return value of BIO_s_file().tb2018-05-302-5/+5
| | | | | tested in a bulk build by sthen ok bcook, jsing
* minor markup improvement: .Fa *cctx -> .Pf * Fa cctxschwarze2018-05-261-3/+3
|
* Quote .Fa arguments containing blanks.schwarze2018-05-261-4/+4
| | | | Diff from Jack Burton <jack at saosce dot com dot au>.
* As calloc does the zeroing for us in EVP_PKEY_asn1_new() already, no needtb2018-05-241-42/+10
| | | | | | | | to do it a second time by hand, badly. While here, do some style cleanup. This incomplete list of function pointers appears in EVP_PKEY_asn1_copy() as well, fix it by adding sig_print to the members copied over. ok bcook
* In ui.h rev. 1.10 2018/05/19 11:03:33, tb@ added a const qualifierschwarze2018-05-191-3/+3
| | | | to the argument of UI_create_method(3). Adjust the manual.
* In x509.h rev. 1.67 2018/05/19 10:58:08, tb@ added a const qualifierschwarze2018-05-191-2/+2
| | | | | to the ASN1_OBJECT argment of X509_NAME_add_entry_by_OBJ(3). Adjust the manual.
* In asn1.h rev. 1.49 2018/05/19 10:46:28, tb@ added a const qualifierschwarze2018-05-191-3/+3
| | | | to the input argument of ASN1_STRING_to_UTF8(3). Adjust the manual.
* In ec.h rev. 1.13 2018/05/19 10:37:02, tb@ added a const qualifierschwarze2018-05-191-3/+3
| | | | to the input argument of i2o_ECPublicKey(3). Adjust the manual.
* In x509.h rev. 1.64 2018/05/18 19:24:08, tb@ added const qualifiersschwarze2018-05-191-4/+4
| | | | to both arguments of X509_check_private_key(3). Adjust the manual.
* In x509.h rev. 1.61 2018/05/18 18:37:23 and rev. 1.65 2018/05/18 19:28:27,schwarze2018-05-191-14/+14
| | | | | tb@ added const qualifiers to the pointer arguments of some X509_get_ext*(3) and X509_REVOKED_get_ext*(3) functions. Adjust the manual.
* In x509.h rev. 1.59 2018/05/18 18:19:31 and rev. 1.60 2018/05/18 18:23:24,schwarze2018-05-191-6/+6
| | | | | tb@ added a const qualifier to the X509_NAME argument of these output functions. Adjust the manual.
* In x509.h rev. 1.56 2018/05/18 18:05:57 to rev. 1.58 2018/05/18 18:16:39,schwarze2018-05-191-6/+6
| | | | | tb@ added const qualifiers to some arguments of X509_NAME read accessors. Adjust the manual.
* In x509.h rev. 1.54 2018/05/18 17:59:16, tb@ added a const qualifierschwarze2018-05-191-5/+5
| | | | | | | to the X509_NAME_ENTRY argument of X509_NAME_add_entry(3) and in x509.h rev. 1.55 2018/05/18 18:02:07 to the "bytes" argument of X509_NAME_add_entry_by_OBJ(3) and X509_NAME_add_entry_by_NID(3). Adjust the manual.
* In x509.h rev. 1.52 2018/05/18 17:53:09 and rev. 1.53 2018/05/18 17:56:12, tb@schwarze2018-05-191-6/+6
| | | | | added const qualifiers to some arguments of some X509_NAME_ENTRY functions. Adjust the manual.
* In x509.h rev. 1.51 2018/05/18 16:55:58, tb@ added const qualifiersschwarze2018-05-191-4/+4
| | | | | to one argument each of X509_EXTENSION_set_object(3) and X509_EXTENSION_get_critical(3). Adjust the manual.
* Clean out a pile of cruft from ssl3_get_client_kex_ecdhe_ecp().jsing2018-05-191-93/+38
| | | | | | | | | For pure ECDHE we do not need to construct a new key using the one that was set up during the other half of the key exchange. Also, since we do not support any form of ECDH the n == 0 case is not valid (per RFC 4492 section 5.7), so we can ditch this entirely. ok inoguchi@ tb@
* Convert ssl3_get_client_kex_gost() to CBS.jsing2018-05-191-21/+23
| | | | ok beck@ tb@
* UI_METHOD *UI_create_method(const char *name).tb2018-05-192-4/+4
| | | | | | ^^^^^ tested in a bulk build by sthen ok jsing
* Add const to the obj argument of X509_NAME_add_entry_by_OBJ()tb2018-05-192-5/+5
| | | | | tested in a bulk build by sthen ok jsing
* Add const to the 'obj' argument of X509_EXTENSION_create_by_OBJ().tb2018-05-192-5/+5
| | | | | tested in a bulk build by sthen ok jsing
* Add a const qualifier to the aint argument of X509V3_add_value_int()tb2018-05-192-4/+4
| | | | | Tested in a bulk build by sthen ok jsing
* The 'in' argument of ASN1_STRING_to_UTF8() is now adorned with const.tb2018-05-192-4/+4
| | | | | tested in a bulk build by sthen ok jsing
* Add a const qualifier to the STACK_OF(X509_EXTENSION) * arguments oftb2018-05-193-8/+10
| | | | | | | | X509V3_get_d2i() and X509V3_extensions_print(), and one to the 'title' argument of the latter function. tested in a bulk build by sthen ok jsing
* Add a const qualifier to the 'key' argument of i2o_ECPublicKey() andtb2018-05-197-22/+26
| | | | | | | | | one to the last argument of each one of i2s_ASN1_OCTET_STRING(), s2i_ASN1_OCTET_STRING(), i2s_ASN1_INTEGER(), i2s_ASN1_ENUMERATED(), and i2s_ASN1_ENUMERATED_TABLE(). tested in a bulk build by sthen ok jsing
* Fix eyesore indentation of member functions of X509_LOOKUP_METHOD.tb2018-05-181-12/+11
| | | | | Sprinkle a few spaces after commas while there. Omitted from earlier commit to reduce noise in the diff.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 15:58:57 +0000