| Commit message (Collapse) | Author | Files | Lines |
|---|
|
This makes libtls more friendly for multithreaded use - otherwise we can
end up with incorrect refcounts and end up freeing when we should not be
(or not freeing when we should be).
ok beck@
|
|
ok beck@, tb@
|
|
BIO_print() returns -1 on failure, whereas the ASN print functions need to
return 0.
ok beck@, tb@
|
|
If an ASN.1 item provides its own ASN1_PRIMITIVE_FUNCS functions, require
all functions to be provided (currently excluding prim_clear). This avoids
situations such as having a custom allocator that returns a specific struct
but then is then printed using the default primative print functions, which
interpret the memory as a different struct.
Found by oss-fuzz, fixes issue #13799.
ok beck@, tb@
|
|
|
|
checking the curve.
ok jsing@ tb@
|
|
- Be consistent with _len naming.
- Use size_t where possible/appropriate.
- Group the CBB code.
- Use EVP_MAX_MD_SIZE consistently, instead of "magic" values.
- Switch GOST to EVP_DigestSign*, making it similar to sigalgs.
ok tb@ a while back.
|
|
|
|
|
|
|
|
|
|
Reported by oss-fuzz, really fixes issue #13805.
ok beck@ tb@
|
|
ok jsing
|
|
|
|
From phrocker via github.
|
|
|
|
These are no longer used now that we defer signature algorithm selection.
ok beck@
|
|
ok beck@
|
|
Previously the signature algorithm was selected when the TLS extension was
parsed (or the client received a certificate request), however the actual
certificate to be used is not known at this stage. This leads to various
problems, including the selection of a signature algorithm that cannot be
used with the certificate key size (as found by jeremy@ via ruby regress).
Instead, store the signature algorithms list and only select a signature
algorithm when we're ready to do signature generation.
Joint work with beck@.
|
|
This means that any additional CA certificates end up on the per
certificate chain, rather than the single/shared extra_certs.
Also simplify this code and in particular, avoid setting the return value
to indicate success until we've actually succeeded.
ok beck@ tb@
|
|
ok beck@ tb@
|
|
We will now include the certificates in the chain in the certificate list,
or use the existing extra_certs if present. Failing that we fall back to
the automatic chain building if not disabled.
This also simplifies the code significantly.
ok beck@ tb@
|
|
Note that this is not the full chain, as the leaf certificate currently
remains in the x509 member of CERT_PKEY. Unfortunately we've got to
contend with the fact that some OpenSSL *_chain_* APIs exclude the leaf
certificate while others include it...
ok beck@ tb@
|
|
allocate pages, don't call abort() because of corefile data leakage
concerns, but simply _exit(). The reasoning is _rs_init() will only
fail if someone finds a way to apply specific pressure against this
failure point, for the purpose of leaking information into a core which
they can read. We don't need a corefile in this instance to debug that.
So take this "lever" away from whoever in the future wants to do that.
|
|
Otherwise matching a specific cipher is performed by matching against
its characteristics, which can result in multiple rather than a single
match.
Found by bluhm@'s regress tests.
ok bluhm@ tb@
|
|
depth of 128 - For oss-fuzz issue 13802
ok jsing@
|
|
Reported by oss-fuzz, fixes issue #13805.
ok beck@ tb@
|
|
corefiles. Instead call OPENSSL_assert(), which has recently been trained
to do this in a safer (if more awkward to debug) way.
discussed with jsing and beck a while back
|
|
sizes used remain a positive integer. Should address issue
13799 from oss-fuzz
ok tb@ jsing@
|
|
|
|
still under a free license, tweaked by me
|
|
|
|
The algorithm is insecure and yet its description would spread over
three paragraphs in the cipher list, including remarkable advice
like using a 40 bit key length.
|
|
this moves a large number of functions out of the way that are no
longer the latest and greatest. Also mention a few that were missing.
|
|
that are also documented in OpenSSL 1.1.1 (still under a free license)
|
|
in r1.28 when the AES ciphers were split into their own manual.
|
|
okay tb@
|
|
patch from Peter Piwowarski <peterjpiwowarski at gmail dot com>
|
|
AES wrap modes, the function EVP_CIPHER_CTX_set_flags(3) needed to
set it, and the companion functions EVP_CIPHER_CTX_clear_flags(3)
and EVP_CIPHER_CTX_test_flags(3).
With help and an OK from tb@.
|
|
Found by oss-fuzz, fixes issue #13797.
ok beck@ tb@
|
|
|
|
* correct the description of "unknown"
(the previous are both from OpenSSL 1.1.1, still under a free license)
* add a comment saying that TLS1_get_version() and TLS1_get_client_version()
are intentionally undocumented (reasons provided by jsing@)
|
|
from Jan Stary <hans at stare dot cz>.
Where here, correct one .Vt NULL -> .Dv NULL.
|
|
both resulting pages are still long.
Mention a number of missing functions.
Add some text from the OpenSSL 1.1.1 EVP_aes.pod manual page,
which is still under a free license.
Add missing HISTORY information.
Triggered by tb@ providing EVP_aes_{128,192,256}_wrap(3)
in evp.h rev. 1.74.
|
|
Document them.
|
|
|
|
No binary change.
|
|
Document it.
Even though OpenSSL muddles the waters by lumping the description
together with the other EVP_PKEY_get0_*() functions, describe it
separately because a char * has no reference count and because
the function fills in an additional length parameter.
|
|
OpenSSL 1.0.2r which is still freely licenced with a tweak by jsing.
|
|
|
