| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
These allow for chains to be managed on a per-certificate basis rather than
as a single "extra certificates" list. Note that "chain" in this context
does not actually include the leaf certificate however, unlike
SSL_CTX_use_certificate_chain_{file,mem}().
Thanks to sthen@ for running this through a bulk ports build.
ok beck@ tb@
|
|
|
|
ok millert@
|
|
The plen variable can be NO_PAYLOAD_LENGTH == (size_t)-1, so doing
tls_aad[plen-4] is no good. Also check that the length of the AAD
set via the control interface is equal to 13 since the whole file
is written with that case in mind.
Note that we no longer use this code in LibreSSL/OpenBSD. We
eliminated the use of these control interfaces and stitched cipher
modes in libssl a while ago.
Problem found by Guido Vranken with his cryptofuzz - thanks!
input & ok beck, jsing
|
|
|
|
|
|
Diff from Steven Roberts <sroberts at fenderq dot com> - thanks!
|
|
This makes libtls more friendly for multithreaded use - otherwise we can
end up with incorrect refcounts and end up freeing when we should not be
(or not freeing when we should be).
ok beck@
|
|
ok beck@, tb@
|
|
BIO_print() returns -1 on failure, whereas the ASN print functions need to
return 0.
ok beck@, tb@
|
|
If an ASN.1 item provides its own ASN1_PRIMITIVE_FUNCS functions, require
all functions to be provided (currently excluding prim_clear). This avoids
situations such as having a custom allocator that returns a specific struct
but then is then printed using the default primative print functions, which
interpret the memory as a different struct.
Found by oss-fuzz, fixes issue #13799.
ok beck@, tb@
|
|
|
|
checking the curve.
ok jsing@ tb@
|
|
- Be consistent with _len naming.
- Use size_t where possible/appropriate.
- Group the CBB code.
- Use EVP_MAX_MD_SIZE consistently, instead of "magic" values.
- Switch GOST to EVP_DigestSign*, making it similar to sigalgs.
ok tb@ a while back.
|
|
|
|
|
|
|
|
|
|
Reported by oss-fuzz, really fixes issue #13805.
ok beck@ tb@
|
|
ok jsing
|
|
|
|
From phrocker via github.
|
|
|
|
These are no longer used now that we defer signature algorithm selection.
ok beck@
|
|
ok beck@
|
|
Previously the signature algorithm was selected when the TLS extension was
parsed (or the client received a certificate request), however the actual
certificate to be used is not known at this stage. This leads to various
problems, including the selection of a signature algorithm that cannot be
used with the certificate key size (as found by jeremy@ via ruby regress).
Instead, store the signature algorithms list and only select a signature
algorithm when we're ready to do signature generation.
Joint work with beck@.
|
|
This means that any additional CA certificates end up on the per
certificate chain, rather than the single/shared extra_certs.
Also simplify this code and in particular, avoid setting the return value
to indicate success until we've actually succeeded.
ok beck@ tb@
|
|
ok beck@ tb@
|
|
We will now include the certificates in the chain in the certificate list,
or use the existing extra_certs if present. Failing that we fall back to
the automatic chain building if not disabled.
This also simplifies the code significantly.
ok beck@ tb@
|
|
Note that this is not the full chain, as the leaf certificate currently
remains in the x509 member of CERT_PKEY. Unfortunately we've got to
contend with the fact that some OpenSSL *_chain_* APIs exclude the leaf
certificate while others include it...
ok beck@ tb@
|
|
allocate pages, don't call abort() because of corefile data leakage
concerns, but simply _exit(). The reasoning is _rs_init() will only
fail if someone finds a way to apply specific pressure against this
failure point, for the purpose of leaking information into a core which
they can read. We don't need a corefile in this instance to debug that.
So take this "lever" away from whoever in the future wants to do that.
|
|
Otherwise matching a specific cipher is performed by matching against
its characteristics, which can result in multiple rather than a single
match.
Found by bluhm@'s regress tests.
ok bluhm@ tb@
|
|
depth of 128 - For oss-fuzz issue 13802
ok jsing@
|
|
Reported by oss-fuzz, fixes issue #13805.
ok beck@ tb@
|
|
corefiles. Instead call OPENSSL_assert(), which has recently been trained
to do this in a safer (if more awkward to debug) way.
discussed with jsing and beck a while back
|
|
sizes used remain a positive integer. Should address issue
13799 from oss-fuzz
ok tb@ jsing@
|
|
|
|
still under a free license, tweaked by me
|
|
|
|
The algorithm is insecure and yet its description would spread over
three paragraphs in the cipher list, including remarkable advice
like using a 40 bit key length.
|
|
this moves a large number of functions out of the way that are no
longer the latest and greatest. Also mention a few that were missing.
|
|
that are also documented in OpenSSL 1.1.1 (still under a free license)
|
|
in r1.28 when the AES ciphers were split into their own manual.
|
|
okay tb@
|
|
patch from Peter Piwowarski <peterjpiwowarski at gmail dot com>
|
|
AES wrap modes, the function EVP_CIPHER_CTX_set_flags(3) needed to
set it, and the companion functions EVP_CIPHER_CTX_clear_flags(3)
and EVP_CIPHER_CTX_test_flags(3).
With help and an OK from tb@.
|
|
Found by oss-fuzz, fixes issue #13797.
ok beck@ tb@
|
|
|
|
* correct the description of "unknown"
(the previous are both from OpenSSL 1.1.1, still under a free license)
* add a comment saying that TLS1_get_version() and TLS1_get_client_version()
are intentionally undocumented (reasons provided by jsing@)
|
