| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
instead of a printf and a success return, when the operation fails.
|
| |
|
|
|
| |
`gost_' prefix to them, so that we do not pollute the global namespace too
much.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov;
libcrypto bits only for now.
This is a verbatim import of Dmitry's work, and does not compile in this
state; the forthcoming commits will address these issues.
None of the GOST code is enabled in libcrypto yet, for it still gets
compiled with OPENSSL_NO_GOST defined. However, the public header gost.h
will be installed.
|
| |
|
|
|
|
|
|
|
| |
This functionality was already available (and optional), and used in the
bowels of the ASN.1 code. This exposes it as a public interface, which will
be used by the upcoming GOST code.
Crank libcrypto minor version.
From Dmitry Eremin-Solenikov.
|
| |
|
|
|
|
| |
necessary for upcoming GOST code.
From Dmitry Eremin-Solenikov
|
| | |
|
| |
|
|
| |
DTLS (whatever that is) instead of for TLS too. ok jsing.
|
| | |
|
| |
|
|
|
|
|
| |
that use these algorithms (and SEED was removed from libcrypto some time
ago).
ok doug@
|
| |
|
|
| |
there are backwards compatible names/aliases for EDH.
|
| |
|
|
|
| |
drafts are now RFCs. Also add the TLS extension type for ALPN and be
consistent with RFC reference formatting.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This allows an SSL server to enable DHE ciphers with a single setting,
which results in an DH key being generated based on the server key length.
Partly based on OpenSSL.
|
| |
|
|
|
|
|
|
|
| |
The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively
a standards violation) and for RSA sign-only, should only be possible if
you are using an export cipher and have an RSA private key that is more
than 512 bits in size (however we no longer support export ciphers).
ok bcook@ miod@
|
| |
|
|
| |
ok jsing@ miod@
|
| |
|
|
| |
ok doug@ jsing@
|
| |
|
|
|
| |
of p12->mac->salt->data has actually succeeded.
In one of my trees for a long time already...
|
| |
|
|
|
|
|
|
| |
SSL3_RT_HANDSHAKE replays.
Reported by Markus Stenberg <markus.stenberg at iki.fi> - thanks!
ok deraadt@
|
| |
|
|
| |
are still needed for the engine). Our code should use arc4random instead.
|
| |
|
|
|
|
|
|
| |
arc4random_buf() is guaranteed to always succeed - it is worth noting
that a number of the replaced function calls were already missing return
value checks.
ok deraadt@
|
| |
|
|
|
|
|
|
| |
Modified patch from Dmitry Eremin-Solenikov
leave the sole public define in ripemd.h
ok deraadt@ miod@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modified version of patch from Dmitry Eremin-Solenikov.
==28360== 98 bytes in 2 blocks are definitely lost in loss record 7 of 7
==28360== at 0x402AC54: realloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==28360== by 0x40E2D2C: ASN1_STRING_set (asn1_lib.c:393)
==28360== by 0x40EC22C: asn1_ex_c2i (tasn_dec.c:959)
==28360== by 0x40EC632: asn1_d2i_ex_primitive (tasn_dec.c:824)
==28360== by 0x40ED2E6: ASN1_item_ex_d2i (tasn_dec.c:230)
==28360== by 0x40ED421: ASN1_item_d2i (tasn_dec.c:133)
==28360== by 0x40F0335: d2i_ASN1_OCTET_STRING (tasn_typ.c:75)
==28360== by 0x405FD6D: d2i_SSL_SESSION (ssl_asn1.c:367)
==28360== by 0x405DD6E: ssl3_send_newsession_ticket (s3_srvr.c:2743)
==28360== by 0x405EA48: ssl3_accept (s3_srvr.c:665)
==28360== by 0x4067C34: SSL_accept (ssl_lib.c:922)
==28360== by 0x404E97B: ssl23_get_client_hello (s23_srvr.c:573)
ok miod@ beck@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
arc4random provides high quality pseudo-random numbers, hence there is no
need to differentiate between "strong" and "pseudo". Furthermore, the
arc4random_buf() function is guaranteed to succeed, which avoids the need
to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and
RAND_pseudo_bytes() calls were missing return value checks and these
functions can fail for a number of reasons (at least in OpenSSL -
thankfully they were converted to wrappers around arc4random_buf() some
time ago in LibreSSL).
ok beck@ deraadt@ miod@
|
| |
|
|
| |
ok deraadt@
|
| |
|
|
|
| |
intrinsic functions everywhere, and wrap these functions in an
#ifndef LIBRESSL_INTERNAL to make sure we don't bring their use back.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSLv3 has been long known to have weaknesses and the POODLE attack has
once again shown that it is effectively broken/insecure. As such, it is
time to stop enabling a protocol was deprecated almost 15 years ago.
If an application really wants to provide backwards compatibility, at the
cost of security, for now SSL_CTX_clear_option(ctx, SSL_OP_NO_SSLv3) can be
used to re-enable it on a per-application basis.
General agreement from many.
ok miod@
|
| |
|
|
|
|
|
| |
a compression identifier. In the case of a server using ephemeral EC keys,
the supplied key is unlikely to have a public key where
SSL_CTX_set_tmp_ecdh() is called after SSL_OP_SINGLE_ECDH_USE has been
set. This makes ECDHE ciphers work again for this use case.
|
| |
|
|
|
| |
correct name for EECDH). The EDH and EECDH aliases remain for backwards
compatibility.
|
| |
|
|
|
|
|
|
|
|
|
| |
This makes 'openssl version' print a string that matches the -portable
release number. Thanks to @blakkeim for pointing it out.
The version integer is left alone, with the idea of discouraging software from
relying on magic numbers for detecting features. Software configuration should
do explicit feature tests instead.
ok beck@, deraadt@
|
| |
|
|
|
|
| |
only that it returns -1 on failure.
pointed out by guenther@
|
| |
|
|
|
|
|
|
|
| |
Prefer this because it is the POSIX standard and has consistent behavior
across platforms.
Use BIO_socket_nbio consistently across the tree.
from Jonas 'Sortie' Termansen, ok deraadt@
|
| |
|
|
| |
function was found broken in 1993, and later on in 1997?
|
| |
|
|
| |
in order to catch all negative sizes.
|
| |
|
|
|
|
| |
libcrypto has not been started yet.
ok schwarze@ miod@
|
| |
|
|
| |
ok doug@ jsing@
|
| |
|
|
|
| |
need to do it in ec_copy_parameters() prior to invoking EC_KEY_set_group().
ok doug@ jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
X509_PURPOSE object (obtained with X509_PURPOSE_get0() instead of being
allocated in the function) to be freed if modifying that object would fail
due to a low memory condition, while this object would still be referenced
elsewhere.
Fix this by only cleaning the object if we did not allocate it here.
While there, fail early if either `name' or `sname' are NULL, rather than
allocating an object and realizing we have nothing to strdup() into it.
ok guenther@
|
| |
|
|
|
|
| |
if it fails, free the object we were about to push.
Factor error handling to avoid having four copies of about the same code.
ok guenther@
|
| |
|
|
|
|
| |
on a stack; if the latter fails, we need to free the object before returning
failure.
ok guenther@
|
| |
|
|
| |
ok guenther@
|
| |
|
|
| |
Tweaks and ok guenther@
|
| |
|
|
| |
ok deraadt@ guenther@
|
| |
|
|
| |
ok deraadt@ guenther@
|
| |
|
|
| |
ok miod
|
| |
|
|
|
|
|
| |
ssl_add_clienthello_tlsext() and ssl_add_serverhello_tlsext(), rather than
the current generic naming.
ok miod@
|
