| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This version of GOST is old and not anywhere close to compliant with
modern GOST standards. It is also very intrusive in libssl and
makes a mess everywhere. Efforts to entice a suitably minded anyone
to care about it have been unsuccessful.
At this point it is probably best to remove this, and if someone
ever showed up who truly needed a working version, it should be
a clean implementation from scratch, and have it use something
closer to the typical API in libcrypto so it would integrate less
painfully here.
This removes it from libssl in preparation for it's removal from
libcrypto with a future major bump
ok tb@
|
| |
|
|
|
|
| |
With the guentherizer 9000
ok tb@
|
| |
|
|
|
|
|
|
| |
This is a better version of the fix for the missing pointer invalidation
but a bit larger, so errata got the minimal fix.
tested by jcs
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
| |
|
|
|
|
|
|
| |
These are no longer necessary due to SSL_CTX and SSL now being fully
opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back
into SSL.
Prompted by tb@
|
| |
|
|
|
|
|
| |
that are no longer needed now that libcrypto exposes the necessary
security-bits API.
ok jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing sthen
|
| |
|
|
| |
ok beck jsing sthen
|
| |
|
|
|
|
|
|
| |
S3I has served us well, however now that libssl is fully opaque it is time
to say goodbye. Aside from removing the calloc/free/memset, the rest is
mechanical sed.
ok inoguchi@ tb@
|
| |
|
|
|
|
| |
CID 118976 118979
ok tb@
|
| |
|
|
|
|
|
| |
There is no reason for SESS_CERT to exist - remove it and merge its members
into SSL_SESSION for the time being. More clean up to follow.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
Nearly all structs in libssl start with an SSL_ suffix, rename CERT and
CERT_PKEY for consistency.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
| |
Support for non-ephemeral DH was removed a long time ago - as such, the
dh_tmp and dh_tmp_cb are used for DHE parameters. Rename them to reflect
reality.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
| |
Support for non-ephemeral DH was removed a very long time ago - the only
way that dh_tmp is set is via DHparams_dup(), hence the public and private
keys are always going to be NULL.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
| |
This requires adding DHE support to tls_key_share. In doing so,
tls_key_share_peer_public() has to lose the group argument and gains
an invalid_key argument. The one place that actually needs the group
check is tlsext_keyshare_client_parse(), so add code to do this.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
| |
BIO_s_file_internal() should never have leaked out of libcrypto,
but it did. As a first step of getting rid of it, stop using it
internally.
ok jsing
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
|
|
| |
symbol will be exposed with tb@'s forthcoming bump
ok tb@
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
| |
X509_STORE_CTX and use accessors instead of reaching directly
into the struct.
ok jsing
|
| |
|
|
|
|
| |
This ensures that diff reports the correct function prototype.
Prompted by tb@
|
| |
|
|
|
|
|
|
|
|
| |
Currently cert_req is used by clients and cert_request is used by servers.
Replace this by a single cert_request used by either client or server.
Remove the certificate types as they are currently unused. This also fixes
a bug whereby if the number of certificate types exceeds SSL3_CT_NUMBER
the number of bytes read in is insufficient, which will break decoding.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This variable is used in the legacy stack to decide whether we are
a server or a client. That's what s->server is for...
The new TLSv1.3 stack failed to set s->internal->type, which resulted
in hilarious mishandling of previous_{client,server}_finished. Indeed,
both client and server would first store the client's verify_data in
previous_server_finished and later overwrite it with the server's
verify_data. Consequently, renegotiation has been completely broken
for more than a year. In fact, server side renegotiation was broken
during the 6.5 release cycle. Clearly, no-one uses this.
This commit fixes client side renegotiation and restores the previous
behavior of SSL_get_client_CA_list(). Server side renegotiation will
be fixed in a later commit.
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Add missing case entry for SSL_PKEY_GOST01.
Diff from Dmitry Baryshkov <dbaryshkov@gmail.com>
Sponsored by ROSA Linux
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some time prior to SSLeay 0.8.1b, SSL_PKEY_RSA_SIGN got added with the
intention of handling RSA sign only certificates... this incomplete code
had the following comment:
/* check to see if this is a signing only certificate */
/* EAY EAY EAY EAY */
And while the comment was removed in 2005, the incomplete RSA sign-only
handling has remained ever since.
Remove SSL_PKEY_RSA_SIGN and rename SSL_PKEY_RSA_ENC to SSL_PKEY_RSA. While
here also remove the unused SSL_PKEY_DH_RSA.
ok tb@
|
| |
|
|
|
|
|
| |
no need to check for it. Fixes COV-165788, identified with help from Alex
Bumstead.
ok jsing@
|
| |
|
|
|
|
|
|
| |
In the case that X509_NAME_dup() succeeds, but sk_X509_NAME_push()
fails, name is leaked. The entire function is trying to be clever
and therefore hard to follow. Let's do it the stupid but safe way.
ok jsing
|
| |
|
|
|
|
| |
These are no longer used now that we defer signature algorithm selection.
ok beck@
|
| |
|
|
|
|
|
|
|
| |
Note that this is not the full chain, as the leaf certificate currently
remains in the x509 member of CERT_PKEY. Unfortunately we've got to
contend with the fact that some OpenSSL *_chain_* APIs exclude the leaf
certificate while others include it...
ok beck@ tb@
|
| |
|
|
|
|
|
| |
In TLSv1.2, if the client does not send a signature algorithms extension
then for RSA key exchange a signature algorithm of {sha1,rsa} is implied.
The MD5+SHA1 hash only applies to older versions of TLS, which do not
support sigalgs.
|
| |
|
|
|
| |
sigalg for MD5_SHA1 and using it as the non sigalgs default
ok jsing@
|
| |
|
|
|
|
| |
just keep the sigalg around so we can remember what we actually
decided to use.
ok jsing@
|
| |
|
|
| |
ok beck@ tb@
|
| |
|
|
| |
ok bluhm@ tb@
|
| |
|
|
|
|
|
|
| |
our libssl functions match theirs wrt const, except for BIO_f_ssl(3)
which will be fixed in a later step.
this went through a i386 bulk by sthen
ok jsing
|
| |
|
|
|
|
| |
back.
ok guenther@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Over the years OpenSSL grew multiple ways of being able to specify EC keys
(and/or curves) for use with ECDH and ECDHE key exchange. You could specify
a static EC key (SSL{_CTX,}_set_tmp_ecdh()), use that as a curve and
generate ephemeral keys (SSL_OP_SINGLE_ECDH_USE), provide the EC key via
a callback that was provided with insufficient information
(SSL{_CTX,}_set_tmp_ecdh_cb()) or enable automatic selection and generation
of EC keys via SSL{_CTX,}_set_ecdh_auto(). This complexity leads to
problems (like ECDHE not being enabled) and potential weird configuration
(like being able to do ECDHE without the ephemeral part...).
We no longer support ECDH and ECDHE can be disabled by removing ECDHE
ciphers from the cipher list. As such, permanently enable automatic EC
curve selection and generation, effectively disabling all of the
configuration knobs. The only exception is the
SSL{_CTX,}_set_tmp_ecdh() functions, which retain part of their previous
behaviour by configuring the curve of the given EC key as the only curve
being enabled. Everything else becomes a no-op.
ok beck@ doug@
|
| |
|
|
|
|
|
|
|
| |
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
| |
|
|
|
|
| |
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
| |
|
|
| |
line wraps that resulted
|
| |
|
|
|
|
|
| |
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@
|
| | |
|
| | |
|
