summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa/dsa_key.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2021-03-31Bump minors after symbol additiontb3-3/+3
2021-03-31Expose various DTLSv1.2 specific functions and definestb5-27/+8
ok bcook inoguchi jsing
2021-03-31Document SSL_set_hostflags(3) and SSL_get0_peername(3)tb1-18/+4
ok bcook inoguchi jsing
2021-03-31Expose SSL_set_hostflags(3) and SSL_get0_peername(3)tb2-3/+3
ok bcook inoguchi jsing
2021-03-31Document SSL_use_certificate_chain_file(3)tb1-11/+3
ok bcook inoguchi jsing
2021-03-31Expose SSL_use_certificate_chain_file(3)tb2-3/+2
ok bcook inoguchi jsing
2021-03-31Provide missing prototype for d2i_DSAPrivateKey_fp(3)tb1-1/+2
ok bcook inoguchi jsing
2021-03-31Document EVP_PKEY_new_CMAC_key(3)tb1-16/+4
ok bcook inoguchi jsing
2021-03-31Provide EVP_PKEY_new_CMAC_key(3)tb2-5/+2
ok bcook inoguchi jsing
2021-03-29whitespace nitstb1-4/+4
2021-03-29Prepare documenting EVP_PKEY_new_CMAC_key(3)tb1-2/+54
Based on some text in OpenSSL 1.1.1's EVP_PKEY_new.pod.
2021-03-29Remove pointless assignment in SSL_get0_alpn_selected().jsing1-4/+1
ok tb@
2021-03-29Avoid transcript initialisation when sending a TLS HelloRequest.jsing1-4/+6
When server side renegotiation is triggered, the TLSv1.2 state machine sends a HelloRequest before going to ST_SW_FLUSH and ST_OK. In this case we do not need the transcript and currently hit the sanity check in ST_OK that ensures the transcript has been freed, breaking server initiated renegotiation. We do however need the transcript in the DTLS case. ok tb@
2021-03-29Move finished and peer finished to the handshake struct.jsing7-44/+44
This moves the finish_md and peer_finish_md from the 'tmp' struct to the handshake struct, renaming to finished and peer_finished in the process. This also allows the remaining S3I(s) references to be removed from the TLSv1.3 client and server. ok inoguchi@ tb@
2021-03-29Add regress coverage for TLSv1.2 record number increment.jsing1-8/+151
2021-03-29Move the TLSv1.2 record number increment into the new record layer.jsing3-19/+44
This adds checks (based on the TLSv1.3 implementation) to ensure that the TLS/DTLS sequence numbers do not wrap, as required by the respective RFCs. ok inoguchi@ tb@
2021-03-29Prepare to provide EVP_PKEY_new_CMAC_key()tb4-20/+84
sebastia ran into this when attempting to update security/hcxtools. This will be tested via wycheproof.go once the symbol is public. ok jsing, tested by sebastia
2021-03-28The failure mode of test-tls13-version-negotiation.py has changed.tb1-4/+2
Update comment.
2021-03-28Fix duplicate SSL_is_dtls in libssl and apps.cinoguchi1-1/+3
Currently, SSL_is_dtls exists in both libssl and apps.c, and one in libssl is guarded by LIBRESSL_INTERNAL and not exposed yet. This causes portable build broke with openssl(1) and optionstest. To solve this temporarily, rename SSL_is_dtls by apps.h. This temporary renaming will be removed when the SSL_is_dtls() is exposed. ok jsing@
2021-03-27Enable test-sig-algs-renegotiation-resumption.py.tb1-5/+6
This test covers various scenarios with renegotiation and session resumption. In particular it crashes the OpenSSL 1.1.1j server due to the sigalg NULL deref fixed this week. We need --sig-algs-drop-ok since we do not currently implement signature_algorithms_cert.
2021-03-27Garbage collect s->internal->typetb6-18/+9
This variable is used in the legacy stack to decide whether we are a server or a client. That's what s->server is for... The new TLSv1.3 stack failed to set s->internal->type, which resulted in hilarious mishandling of previous_{client,server}_finished. Indeed, both client and server would first store the client's verify_data in previous_server_finished and later overwrite it with the server's verify_data. Consequently, renegotiation has been completely broken for more than a year. In fact, server side renegotiation was broken during the 6.5 release cycle. Clearly, no-one uses this. This commit fixes client side renegotiation and restores the previous behavior of SSL_get_client_CA_list(). Server side renegotiation will be fixed in a later commit. ok jsing
2021-03-27Handle dynamic definition of SIGSTKSZ as of glibc 2.34 on Linux.bcook1-7/+24
ok bluhm@, inoguchi@, tb@, deraadt@
2021-03-26Add test-sig-algs-renegotiation-resumption.pytb1-1/+5
This test currently fails but may soon be fixed.
2021-03-26Sort header files and wrap long lines in x509.cinoguchi1-67/+110
2021-03-25Avoid mangled output in BIO_debug_callbacktb1-4/+12
Instead of blindly skipping 14 characters, we can use the return value of snprintf() to determine how much we should skip. From Martin Vahlensieck with minor tweaks by me
2021-03-24The server only sends a cookie during a HRR, not a SHtb1-4/+4
2021-03-24Update regress for new_cipher rename.jsing2-6/+6
2021-03-24Rename new_cipher to cipher.jsing11-64/+64
This is in the SSL_HANDSHAKE struct and is what we're currently negotiating, so there is really nothing more "new" about the cipher than there is the key block or other parts of the handshake data. ok inoguchi@ tb@
2021-03-24Add SSL_HANDSHAKE_TLS12 for TLSv1.2 specific handshake data.jsing5-40/+48
Move TLSv1.2 specific components over from SSL_HANDSHAKE. ok inoguchi@ tb@
2021-03-24Convert openssl(1) x509 option handlinginoguchi1-414/+747
Apply new option handling to openssl(1) x509. To handle incremental order value, using newly added OPTION_ORDER. I left the descriptions for -CAform, -inform, and -outform as it was, for now. These description would be fixed. And digest option handler could be consolidated to one between some subcommands in the future. ok and comments from tb@, and "I'd move forward with your current plan." from jsing@
2021-03-24Add option type OPTION_ORDERinoguchi2-2/+9
To handle incremental order value, added new option type OPTION_ORDER. openssl(1) x509 requires this option handling, since, - -CA and -signkey require to set both filename and incremental 'num'. - -dates requires to set two variables in a row, startdate and enddate. and this couldn't be solved by OPTION_FLAG_ORD. ok tb@ and "I'd move forward with your current plan." from jsing@
2021-03-23OCSP_basic_verify() doesn't set errno, so use tls_set_errorx()tb1-2/+2
ok inoguchi
2021-03-22Don't leak ca in test_cms_sign_verify().tb1-1/+2
Reported by Ilya Shipitsin
2021-03-22Plug a few memory leaks reported by Ilya Shipitsintb1-9/+7
2021-03-21Fully initialize rrec in tls12_record_layer_open_record_protectedtb1-1/+2
The CBC code path initializes rrec.padding_length in an indirect fashion and later makes use of it for copying the MAC. This is confusing some static analyzers as well as people investigating the whining. Avoid this confusion and add a bit of robustness by clearing the stack variable up front. ok jsing
2021-03-21Revise regress to match handshake struct changes.jsing1-18/+18
2021-03-21Move the TLSv1.3 handshake struct inside the shared handshake struct.jsing9-226/+227
There are currently three different handshake structs that are in use - the SSL_HANDSHAKE struct (as S3I(s)->hs), the SSL_HANDSHAKE_TLS13 struct (as S3I(s)->hs_tls13 or ctx->hs in the TLSv1.3 code) and the infamous 'tmp' embedded in SSL3_STATE_INTERNAL (as S3I(s)->tmp)). This is the first step towards cleaning up the handshake structs so that shared data is in the SSL_HANDSHAKE struct, with sub-structs for TLSv1.2 and TLSv1.3 specific information. Place SSL_HANDSHAKE_TLS13 inside SSL_HANDSHAKE and change ctx->hs to refer to the SSL_HANDSHAKE struct instead of the SSL_HANDSHAKE_TLS13 struct. This allows the TLSv1.3 code to access the shared handshake data without needing the SSL struct. ok inoguchi@ tb@
2021-03-21Split TLSv1.3 record protection from record layer.jsing1-46/+72
This makes the TLSv1.2 and TLSv1.3 record layers more consistent and while it is not currently necessary from a functionality perspective, it makes for more readable and simpler code. ok inoguchi@ tb@
2021-03-21Build options regress with -DLIBRESSL_INTERNAL.jsing1-2/+2
This is currently needed for DTLS1_2_VERSION, however it should be used here regardless.
2021-03-21Avoid a use-after-scope in tls13_cert_add().jsing1-4/+3
A parent CBB retains a reference to a child CBB until CBB_flush() or CBB_cleanup() is called. As such, the cert_exts CBB must be at function scope. Reported by Ilya Shipitsin. ok tb@
2021-03-21Plug memory leak reported by Ilya Shipitsintb1-3/+2
Since r1.7, input in base64_decoding_test() is allocated unconditionally, so free it unconditionally.
2021-03-20typotb1-2/+2
2021-03-20Add new test-tls13-multiple-ccs-messages.pytb1-1/+8
This is a test that checks for NSS's CCS flood DoS CVE-2020-25648. The test script currently fails on LibreSSL and OpenSSL 1.1.1j because it sends invalid records with version 0x0300 instead of 0x0303. We have the ccs_seen logic corresponding to NSS's fix: https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361 but we do allow up to two CCS due to an interop issue with Fizz, so at least one of the tests will likey be broken once the record version is fixed.
2021-03-19Prepare documenting SSL_use_certificate_chain_filetb1-2/+19
2021-03-19Undo previous. As pointed out by jsing I clearly wasn't fully awake...tb1-2/+2
2021-03-19Prepare to provide SSL_use_certificate_chain_file()tb2-15/+40
This is the same as SSL_CTX_use_certificate_chain_file() but for an SSL object instead of an SSL_CTX object. remi found this in a recent librelp update, so we need to provide it. The function will be exposed in an upcoming library bump. ok inoguchi on an earlier version, input/ok jsing
2021-03-19Fix copy-paste error in previoustb1-2/+2
Found the hard way by lists y42 org via an OCSP validation failure that in turn caused pkg_add over TLS to fail. Detailed report by sthen. ok sthen
2021-03-18Type-cast getpagesize() from int to size_t for the comparison with d.claudio1-2/+2
getpagesize() will only return positive numbers (there is no negative page size system) and it can not fail. Should fix some compiler warnings seen in -portable projects. OK otto@
2021-03-17Read ahead is now enforced for DTLS - remove workarounds.jsing2-20/+2
ok inoguchi@ tb@
2021-03-17Use consistent s_server_opt_ prefix.jsing1-9/+9