summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Clean up and simplify the client verify code:jsing2019-03-311-50/+49
| | | | | | | | | | - Be consistent with _len naming. - Use size_t where possible/appropriate. - Group the CBB code. - Use EVP_MAX_MD_SIZE consistently, instead of "magic" values. - Switch GOST to EVP_DigestSign*, making it similar to sigalgs. ok tb@ a while back.
* Wrap long lines and apply some style(9).jsing2019-03-311-7/+10
|
* Use named field initialisers.jsing2019-03-312-16/+18
|
* Use correct capitalization of EC_GROUP_get_curve_GF{2m,p}(3).tb2019-03-291-4/+4
|
* Enable GOST cipher selection test after libssl has been fixed.bluhm2019-03-281-6/+1
|
* Cast nonce bytes to avoid undefined behaviour when left shifting.jsing2019-03-271-3/+3
| | | | | | Reported by oss-fuzz, really fixes issue #13805. ok beck@ tb@
* remove duplicate set key file call. from alf.tedu2019-03-271-3/+1
| | | | ok jsing
* bump to 2.9.1bcook2019-03-271-3/+3
|
* Use limits.h instead of sys/limits.h for portability.jsing2019-03-261-3/+2
| | | | From phrocker via github.
* Update regress following sigalgs changes.jsing2019-03-251-17/+1
|
* Strip out all of the pkey to sigalg and sigalg to pkey linkages.jsing2019-03-255-59/+8
| | | | | | These are no longer used now that we defer signature algorithm selection. ok beck@
* tls1_process_sigalgs() is no longer needed.jsing2019-03-252-57/+2
| | | | ok beck@
* Defer sigalgs selection until the certificate is known.jsing2019-03-259-48/+124
| | | | | | | | | | | | | Previously the signature algorithm was selected when the TLS extension was parsed (or the client received a certificate request), however the actual certificate to be used is not known at this stage. This leads to various problems, including the selection of a signature algorithm that cannot be used with the certificate key size (as found by jeremy@ via ruby regress). Instead, store the signature algorithms list and only select a signature algorithm when we're ready to do signature generation. Joint work with beck@.
* Rework ssl_ctx_use_certificate_chain_bio() to use the CERT_PKEY chain.jsing2019-03-251-46/+26
| | | | | | | | | | This means that any additional CA certificates end up on the per certificate chain, rather than the single/shared extra_certs. Also simplify this code and in particular, avoid setting the return value to indicate success until we've actually succeeded. ok beck@ tb@
* Remove ssl_get_server_send_cert() which is now unused.jsing2019-03-252-14/+2
| | | | ok beck@ tb@
* Rework ssl3_output_cert_chain() to take a CERT_PKEY and consider chains.jsing2019-03-254-40/+36
| | | | | | | | | | We will now include the certificates in the chain in the certificate list, or use the existing extra_certs if present. Failing that we fall back to the automatic chain building if not disabled. This also simplifies the code significantly. ok beck@ tb@
* Add a chain member to CERT_PKEY and provide functions for manipulating it.jsing2019-03-252-3/+74
| | | | | | | | | Note that this is not the full chain, as the leaf certificate currently remains in the x509 member of CERT_PKEY. Unfortunately we've got to contend with the fact that some OpenSSL *_chain_* APIs exclude the leaf certificate while others include it... ok beck@ tb@
* In the incredibly unbelievable circumstance where _rs_init() fails toderaadt2019-03-241-2/+2
| | | | | | | | | allocate pages, don't call abort() because of corefile data leakage concerns, but simply _exit(). The reasoning is _rs_init() will only fail if someone finds a way to apply specific pressure against this failure point, for the purpose of leaking information into a core which they can read. We don't need a corefile in this instance to debug that. So take this "lever" away from whoever in the future wants to do that.
* If ssl_cipher_apply_rule() is given a specific cipher suite, match on it.jsing2019-03-241-3/+4
| | | | | | | | | | Otherwise matching a specific cipher is performed by matching against its characteristics, which can result in multiple rather than a single match. Found by bluhm@'s regress tests. ok bluhm@ tb@
* Don't allow asn1_parse2 to recurse arbitrarily deep. Constrain to a maxbeck2019-03-241-1/+5
| | | | | depth of 128 - For oss-fuzz issue 13802 ok jsing@
* Cast nonce bytes to avoid undefined behaviour when left shifting.jsing2019-03-241-3/+3
| | | | | | Reported by oss-fuzz, fixes issue #13805. ok beck@ tb@
* do not call assert(), which has a tendency to leave traces of stuff inderaadt2019-03-241-2/+3
| | | | | | corefiles. Instead call OPENSSL_assert(), which has recently been trained to do this in a safer (if more awkward to debug) way. discussed with jsing and beck a while back
* Add range checks to varios ASN1_INTEGER functions to ensure thebeck2019-03-233-6/+62
| | | | | | sizes used remain a positive integer. Should address issue 13799 from oss-fuzz ok tb@ jsing@
* Fix typo in usage and comment.bluhm2019-03-213-6/+6
|
* import EVP_camellia_128_cbc(3) from OpenSSL 1.1.1,schwarze2019-03-214-3/+156
| | | | still under a free license, tweaked by me
* space before punct;jmc2019-03-211-3/+3
|
* Split EVP_rc4(3) out of EVP_EncryptInit(3) to reduce clutter.schwarze2019-03-214-21/+116
| | | | | | The algorithm is insecure and yet its description would spread over three paragraphs in the cipher list, including remarkable advice like using a 40 bit key length.
* Split EVP_des_cbc(3) out of EVP_EncryptInit(3) to reduce clutter:schwarze2019-03-214-55/+230
| | | | | this moves a large number of functions out of the way that are no longer the latest and greatest. Also mention a few that were missing.
* add a handful of missing functionsschwarze2019-03-211-5/+38
| | | | that are also documented in OpenSSL 1.1.1 (still under a free license)
* Bring back EVP_chacha20 list item that was accidentally removedtb2019-03-211-2/+3
| | | | in r1.28 when the AES ciphers were split into their own manual.
* fix examples (libtls uses its own error reporting mechanism)espie2019-03-201-4/+4
| | | | okay tb@
* escape backslashes;schwarze2019-03-202-11/+11
| | | | patch from Peter Piwowarski <peterjpiwowarski at gmail dot com>
* Document the flag EVP_CIPHER_CTX_FLAG_WRAP_ALLOW needed for the EVPschwarze2019-03-192-4/+71
| | | | | | | AES wrap modes, the function EVP_CIPHER_CTX_set_flags(3) needed to set it, and the companion functions EVP_CIPHER_CTX_clear_flags(3) and EVP_CIPHER_CTX_test_flags(3). With help and an OK from tb@.
* Avoid an internal 2 byte overread in ssl_sigalgs().jsing2019-03-191-7/+2
| | | | | | Found by oss-fuzz, fixes issue #13797. ok beck@ tb@
* Revert TLS1_get{,_client}_version simplification because DTLS.jsing2019-03-194-14/+15
|
* * note that the handshake must be completed firstschwarze2019-03-181-4/+15
| | | | | | | * correct the description of "unknown" (the previous are both from OpenSSL 1.1.1, still under a free license) * add a comment saying that TLS1_get_version() and TLS1_get_client_version() are intentionally undocumented (reasons provided by jsing@)
* Insert a missing input line break after a .Vt macro;schwarze2019-03-181-4/+5
| | | | | from Jan Stary <hans at stare dot cz>. Where here, correct one .Vt NULL -> .Dv NULL.
* Split EVP_aes_128_cbc(3) out of EVP_EncryptInit(3):schwarze2019-03-184-74/+322
| | | | | | | | | | | | both resulting pages are still long. Mention a number of missing functions. Add some text from the OpenSSL 1.1.1 EVP_aes.pod manual page, which is still under a free license. Add missing HISTORY information. Triggered by tb@ providing EVP_aes_{128,192,256}_wrap(3) in evp.h rev. 1.74.
* In ssl.h rev. 1.165, tb@ provided version agnostic DTLS methods.schwarze2019-03-181-3/+26
| | | | Document them.
* Document SM4; related to evp.h rev. 1.73.schwarze2019-03-184-6/+93
|
* Expand the ERR_PACK() macro to ERR_REASON() for consistency.tb2019-03-181-2/+2
| | | | No binary change.
* In evp.h rev. 1.75, tb@ provided EVP_PKEY_get0_hmac(3).schwarze2019-03-181-3/+29
| | | | | | | | | Document it. Even though OpenSSL muddles the waters by lumping the description together with the other EVP_PKEY_get0_*() functions, describe it separately because a char * has no reference count and because the function fills in an additional length parameter.
* Add regress tests for the EVP_aes_*_wrap() API. Based on the tests intb2019-03-172-4/+19
| | | | OpenSSL 1.0.2r which is still freely licenced with a tweak by jsing.
* bump minors after symbol additiontb2019-03-173-3/+3
|
* Provide EVP_PKEY_get0_hmac(). From OpenSSL 1.1.1 which is stilltb2019-03-174-3/+23
| | | | | | freely licensed. From jsing
* Provide EVP_aes_{128,192,256}_wrap(). This is a compatibletb2019-03-176-6/+174
| | | | | | | | | | | | | implementation based on the one in OpenSSL 1.0.2r which is still freely licensed. The functions are undocumented in OpenSSL. To use them, one needs to set the undocumented EVP_CIPHER_CTX_FLAG_WRAP_ALLOW flag on the EVP_CIPHER_CTX. resolves #505 ok jsing
* link sm4 regress to the buildtb2019-03-171-1/+2
|
* Add a regress test for the SM4 block cipher from the Chinese standardtb2019-03-172-0/+117
| | | | | | | GB/T 32907-2016. Patch from Daniel Wyatt ok inoguchi, jsing
* Add the SM4 block cipher from the Chinese standard GB/T 32907-2016.tb2019-03-171-1/+8
| | | | | Patch from Daniel Wyatt ok inoguchi, jsing
* Add the SM4 block cipher from the Chinese standard GB/T 32907-2016.tb2019-03-178-3/+479
| | | | | | | | This is an ISC licensed version based on the sources by Ribose Inc that were ported to OpenSSL in 2017. Patch from Daniel Wyatt with minor tweaks. ok inoguchi, jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-02 18:17:22 +0000