summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* add a handful of missing functionsschwarze2019-03-211-5/+38
| | | | that are also documented in OpenSSL 1.1.1 (still under a free license)
* Bring back EVP_chacha20 list item that was accidentally removedtb2019-03-211-2/+3
| | | | in r1.28 when the AES ciphers were split into their own manual.
* fix examples (libtls uses its own error reporting mechanism)espie2019-03-201-4/+4
| | | | okay tb@
* escape backslashes;schwarze2019-03-202-11/+11
| | | | patch from Peter Piwowarski <peterjpiwowarski at gmail dot com>
* Document the flag EVP_CIPHER_CTX_FLAG_WRAP_ALLOW needed for the EVPschwarze2019-03-192-4/+71
| | | | | | | AES wrap modes, the function EVP_CIPHER_CTX_set_flags(3) needed to set it, and the companion functions EVP_CIPHER_CTX_clear_flags(3) and EVP_CIPHER_CTX_test_flags(3). With help and an OK from tb@.
* Avoid an internal 2 byte overread in ssl_sigalgs().jsing2019-03-191-7/+2
| | | | | | Found by oss-fuzz, fixes issue #13797. ok beck@ tb@
* Revert TLS1_get{,_client}_version simplification because DTLS.jsing2019-03-194-14/+15
|
* * note that the handshake must be completed firstschwarze2019-03-181-4/+15
| | | | | | | * correct the description of "unknown" (the previous are both from OpenSSL 1.1.1, still under a free license) * add a comment saying that TLS1_get_version() and TLS1_get_client_version() are intentionally undocumented (reasons provided by jsing@)
* Insert a missing input line break after a .Vt macro;schwarze2019-03-181-4/+5
| | | | | from Jan Stary <hans at stare dot cz>. Where here, correct one .Vt NULL -> .Dv NULL.
* Split EVP_aes_128_cbc(3) out of EVP_EncryptInit(3):schwarze2019-03-184-74/+322
| | | | | | | | | | | | both resulting pages are still long. Mention a number of missing functions. Add some text from the OpenSSL 1.1.1 EVP_aes.pod manual page, which is still under a free license. Add missing HISTORY information. Triggered by tb@ providing EVP_aes_{128,192,256}_wrap(3) in evp.h rev. 1.74.
* In ssl.h rev. 1.165, tb@ provided version agnostic DTLS methods.schwarze2019-03-181-3/+26
| | | | Document them.
* Document SM4; related to evp.h rev. 1.73.schwarze2019-03-184-6/+93
|
* Expand the ERR_PACK() macro to ERR_REASON() for consistency.tb2019-03-181-2/+2
| | | | No binary change.
* In evp.h rev. 1.75, tb@ provided EVP_PKEY_get0_hmac(3).schwarze2019-03-181-3/+29
| | | | | | | | | Document it. Even though OpenSSL muddles the waters by lumping the description together with the other EVP_PKEY_get0_*() functions, describe it separately because a char * has no reference count and because the function fills in an additional length parameter.
* Add regress tests for the EVP_aes_*_wrap() API. Based on the tests intb2019-03-172-4/+19
| | | | OpenSSL 1.0.2r which is still freely licenced with a tweak by jsing.
* bump minors after symbol additiontb2019-03-173-3/+3
|
* Provide EVP_PKEY_get0_hmac(). From OpenSSL 1.1.1 which is stilltb2019-03-174-3/+23
| | | | | | freely licensed. From jsing
* Provide EVP_aes_{128,192,256}_wrap(). This is a compatibletb2019-03-176-6/+174
| | | | | | | | | | | | | implementation based on the one in OpenSSL 1.0.2r which is still freely licensed. The functions are undocumented in OpenSSL. To use them, one needs to set the undocumented EVP_CIPHER_CTX_FLAG_WRAP_ALLOW flag on the EVP_CIPHER_CTX. resolves #505 ok jsing
* link sm4 regress to the buildtb2019-03-171-1/+2
|
* Add a regress test for the SM4 block cipher from the Chinese standardtb2019-03-172-0/+117
| | | | | | | GB/T 32907-2016. Patch from Daniel Wyatt ok inoguchi, jsing
* Add the SM4 block cipher from the Chinese standard GB/T 32907-2016.tb2019-03-171-1/+8
| | | | | Patch from Daniel Wyatt ok inoguchi, jsing
* Add the SM4 block cipher from the Chinese standard GB/T 32907-2016.tb2019-03-178-3/+479
| | | | | | | | This is an ISC licensed version based on the sources by Ribose Inc that were ported to OpenSSL in 2017. Patch from Daniel Wyatt with minor tweaks. ok inoguchi, jsing
* Provide version agnostic DTLS methods.jsing2019-03-173-2/+27
| | | | ok tb@
* Correct return value handling in tls13_handshake_recv_action().jsing2019-03-171-2/+4
| | | | | | | | The recv action handler returns success/failure, rather than a TLS13_IO_* value, which is what tls13_handshake_recv_action() needs to return. Failure previously mapped to TLS13_IO_EOF, which is not ideal. ok tb@
* Partially clean up the TLS1_get_{,client}_version macros.jsing2019-03-174-15/+14
| | | | | | | | | LibreSSL only supports TLSv1.0 and above, hence the checks the macros are performing are useless. Simplify them to their effective code. Also place both under #ifndef LIBRESSL_INTERNAL and use the variables directly in our code, which improves readability. ok tb@
* Remove the alert level from the TLSv1.3 alert callback.jsing2019-03-173-7/+6
| | | | | | | | In TLSv1.3 the alert level is effectively meaningless and the record layer has already checked that it is appropriate. As such, drop it from the alert callback. ok tb@
* Document the return values of X509_delete_ext(3) and X509_add_ext(3).schwarze2019-03-151-11/+15
| | | | | | From Viktor Dukhovni via OpenSSL commit 0df65d82 Jun 12 11:51:53 2018 -0400 which is still under a free license because it is before the 1.1.1 branch point. While here, add several missing const qualifiers.
* OpenSSL documents the macro OPENSSL_VERSION_TEXT since Sep 24, 2018;schwarze2019-03-151-4/+7
| | | | so mention it here, too.
* Document OCSP_basic_verify(3).schwarze2019-03-151-5/+75
| | | | | | From David dot von dot Oheimb at siemens dot com via OpenSSL commit b8c32081 Feb 10 15:45:11 2018 +0100, which is still under a free license because it is before the 1.1.1 branch point.
* Fix a number of ASN1_INTEGER vs ASN1_STRING mixups coming from thetb2019-03-135-13/+11
| | | | | | | | | | | mechanical M_ASN1 macro expansion. The ASN1_INTEGER_cmp function takes signs into account while ASN1_STRING_cmp doesn't. The mixups mostly involve serialNumbers, which, in principle, should be positive. However, it is unclear whether that is checked or enforced anywhere in the code, so these are probably bugs. Patch from Holger Mikolon ok jsing
* add a comment to format-pem.pl documenting typical steps to updatesthen2019-03-131-1/+9
| | | | cert.pem from Mozilla NSS.
* Backport support for probing ARMv8 HW acceleration capabilities on armv7patrick2019-03-133-32/+121
| | | | | | in preparation for adding support for the probing code for arm64. ok bcook@
* fix some cases of spaces before full stops, where none were neccessary;jmc2019-03-101-3/+3
|
* rename CRYPTO_set_locking_callback.3 to CRYPTO_lock.3schwarze2019-03-102-4/+4
| | | | | | | because CRYPTO_set_locking_callback() is now a no-op and was never documented in the first place; no text change; requested by jmc@ long ago
* delete functions from the manual page that do nothing in LibreSSLschwarze2019-03-103-318/+87
| | | | | | | and that don't do anything in OpenSSL either; no significant amount of text remains from OpenSSL, so change the Copyright information and license of CRYPTO_set_locking_callback.3; OK inoguchi@ jmc@
* Typo in comment.tb2019-03-061-2/+2
| | | | From Holger Mikolon
* Don't index a void pointer, fixes compilation with visual studio.millert2019-03-041-2/+3
| | | | | Gcc/clang will treat void * as char * but this is non-standard. OK deraadt@ jsing@ inoguchi@
* Fix OID for sm3WithRSAEncryption which was apparently mixed uptb2019-03-021-1/+1
| | | | | | with the OID for SM2 signing with SM3. From Daniel Wyatt
* Implement non-SSL_MODE_ENABLE_PARTIAL_WRITE in tls13_legacy_write_bytes().jsing2019-02-281-3/+34
| | | | | | | In non-SSL_MODE_ENABLE_PARTIAL_WRITE mode we have to write out all the things and only return success once all of the data has been sent. ok inoguchi@ tb@
* Automatically complete the handshake from tls13_legacy_{read,write}_bytes()jsing2019-02-283-3/+17
| | | | | | | | | | | | | | If the TLS handshake has not been completed, automatically complete the handshake as part of the read/write call, implementing the current SSL_read()/SSL_write() behaviour. Once the TLS handshake is completed we push a WANT_POLLIN or WANT_POLLOUT back up to the caller, since some applications appear to incorrectly call SSL_read() or SSL_write(), rather than repeating the previous call. This can lead to attempts to read data that does not exist, since the WANT_POLLIN was actually triggered as part of the handshake. ok inoguchi@ tb@
* Set the SSL state as part of tls13_legacy_connect().jsing2019-02-281-2/+5
| | | | | | | | Set the SSL state to SSL_ST_CONNECT during the TLSv1.3 handshake and to SSL_ST_OK once the handshake completes, since some applications currently rely on this information to function correctly. ok inoguchi@ tb@
* Add appropriate length checks to tls13_legacy_{read,write}_bytes()jsing2019-02-281-3/+9
| | | | ok inoguchi@ tb@
* Remove unused record_type from TLSv1.3 handshake actions.jsing2019-02-281-16/+1
| | | | ok tb@
* Correct return values for non-fatal alerts.jsing2019-02-261-3/+3
| | | | | | | | | In the close notify case we need to signal EOF and in the user cancelled case we need to return WANT_POLLIN. Returning success results in tls13_record_layer_read_record() thinking that we have record data when we do not, which then results in the content type check later failing. ok tb@
* Correctly propagate EOF from BIO in tls13_legacy_wire_read().jsing2019-02-261-1/+3
| | | | ok tb@
* Correctly handle tls_read() and tls_write() failures.jsing2019-02-261-5/+9
| | | | | | | Otherwise a TLS error (for example the remote end sent a fatal alert) is silently ignored. ok bluhm@ tb@
* Fix gcc3 compilation error by using a forward declaration instead of atb2019-02-251-3/+3
| | | | | | repeated typedef. Found the hard way by aoyama who also tested the fix. ok jsing
* revert "Move struct ssl_handshake_tls13_st definition", i.e., movetb2019-02-252-24/+26
| | | | | | SSL_HANDSHAKE_TLS13 back to ssl_locl.h. discussed with jsing and inoguchi
* Correctly handle oversize writes.jsing2019-02-251-2/+4
| | | | | | | | | | | | If the record layer is asked to write more than fits in a plaintext record, cap the amount at that limit. This means that we will effectively write out a single record and return a short-write. This behaviour matches SSL_write() with SSL_MODE_ENABLE_PARTIAL_WRITE enabled and the non-SSL_MODE_ENABLE_PARTIAL_WRITE case will be handled at a higher layer. ok inoguchi@ tb@
* Add a handshake action sent handler and use it for client finished.jsing2019-02-253-11/+22
| | | | | | | | | | The write traffic key needs to be changed to the client application traffic key after the client finished message has been sent. The send handler generates the client finished message, however we cannot switch keys at this stage since the client finished message has not yet been protected by the record layer. ok tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-03 19:52:51 +0000