| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
okay tb@
|
| |
|
|
| |
patch from Peter Piwowarski <peterjpiwowarski at gmail dot com>
|
| |
|
|
|
|
|
| |
AES wrap modes, the function EVP_CIPHER_CTX_set_flags(3) needed to
set it, and the companion functions EVP_CIPHER_CTX_clear_flags(3)
and EVP_CIPHER_CTX_test_flags(3).
With help and an OK from tb@.
|
| |
|
|
|
|
| |
Found by oss-fuzz, fixes issue #13797.
ok beck@ tb@
|
| | |
|
| |
|
|
|
|
|
| |
* correct the description of "unknown"
(the previous are both from OpenSSL 1.1.1, still under a free license)
* add a comment saying that TLS1_get_version() and TLS1_get_client_version()
are intentionally undocumented (reasons provided by jsing@)
|
| |
|
|
|
| |
from Jan Stary <hans at stare dot cz>.
Where here, correct one .Vt NULL -> .Dv NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
both resulting pages are still long.
Mention a number of missing functions.
Add some text from the OpenSSL 1.1.1 EVP_aes.pod manual page,
which is still under a free license.
Add missing HISTORY information.
Triggered by tb@ providing EVP_aes_{128,192,256}_wrap(3)
in evp.h rev. 1.74.
|
| |
|
|
| |
Document them.
|
| | |
|
| |
|
|
| |
No binary change.
|
| |
|
|
|
|
|
|
|
| |
Document it.
Even though OpenSSL muddles the waters by lumping the description
together with the other EVP_PKEY_get0_*() functions, describe it
separately because a char * has no reference count and because
the function fills in an additional length parameter.
|
| | |
|
| |
|
|
|
|
| |
freely licensed.
From jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
implementation based on the one in OpenSSL 1.0.2r which is
still freely licensed.
The functions are undocumented in OpenSSL. To use them, one
needs to set the undocumented EVP_CIPHER_CTX_FLAG_WRAP_ALLOW
flag on the EVP_CIPHER_CTX.
resolves #505
ok jsing
|
| |
|
|
|
|
|
|
| |
This is an ISC licensed version based on the sources by Ribose Inc
that were ported to OpenSSL in 2017.
Patch from Daniel Wyatt with minor tweaks.
ok inoguchi, jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
| |
The recv action handler returns success/failure, rather than a TLS13_IO_*
value, which is what tls13_handshake_recv_action() needs to return.
Failure previously mapped to TLS13_IO_EOF, which is not ideal.
ok tb@
|
| |
|
|
|
|
|
|
|
| |
LibreSSL only supports TLSv1.0 and above, hence the checks the macros are
performing are useless. Simplify them to their effective code. Also place
both under #ifndef LIBRESSL_INTERNAL and use the variables directly in our
code, which improves readability.
ok tb@
|
| |
|
|
|
|
|
|
| |
In TLSv1.3 the alert level is effectively meaningless and the record layer
has already checked that it is appropriate. As such, drop it from the alert
callback.
ok tb@
|
| |
|
|
|
|
| |
From Viktor Dukhovni via OpenSSL commit 0df65d82 Jun 12 11:51:53 2018 -0400
which is still under a free license because it is before the 1.1.1 branch point.
While here, add several missing const qualifiers.
|
| |
|
|
| |
so mention it here, too.
|
| |
|
|
|
|
| |
From David dot von dot Oheimb at siemens dot com
via OpenSSL commit b8c32081 Feb 10 15:45:11 2018 +0100, which is still
under a free license because it is before the 1.1.1 branch point.
|
| |
|
|
|
|
|
|
|
|
|
| |
mechanical M_ASN1 macro expansion. The ASN1_INTEGER_cmp function
takes signs into account while ASN1_STRING_cmp doesn't. The mixups
mostly involve serialNumbers, which, in principle, should be positive.
However, it is unclear whether that is checked or enforced anywhere
in the code, so these are probably bugs.
Patch from Holger Mikolon
ok jsing
|
| |
|
|
| |
cert.pem from Mozilla NSS.
|
| |
|
|
|
|
| |
in preparation for adding support for the probing code for arm64.
ok bcook@
|
| | |
|
| |
|
|
|
|
|
| |
because CRYPTO_set_locking_callback() is now a no-op
and was never documented in the first place;
no text change;
requested by jmc@ long ago
|
| |
|
|
|
|
|
| |
and that don't do anything in OpenSSL either;
no significant amount of text remains from OpenSSL, so change the
Copyright information and license of CRYPTO_set_locking_callback.3;
OK inoguchi@ jmc@
|
| |
|
|
| |
From Holger Mikolon
|
| |
|
|
|
| |
Gcc/clang will treat void * as char * but this is non-standard.
OK deraadt@ jsing@ inoguchi@
|
| |
|
|
|
|
| |
with the OID for SM2 signing with SM3.
From Daniel Wyatt
|
| |
|
|
|
|
|
| |
In non-SSL_MODE_ENABLE_PARTIAL_WRITE mode we have to write out all the
things and only return success once all of the data has been sent.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the TLS handshake has not been completed, automatically complete the
handshake as part of the read/write call, implementing the current
SSL_read()/SSL_write() behaviour.
Once the TLS handshake is completed we push a WANT_POLLIN or WANT_POLLOUT
back up to the caller, since some applications appear to incorrectly call
SSL_read() or SSL_write(), rather than repeating the previous call. This
can lead to attempts to read data that does not exist, since the
WANT_POLLIN was actually triggered as part of the handshake.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
| |
Set the SSL state to SSL_ST_CONNECT during the TLSv1.3 handshake and to
SSL_ST_OK once the handshake completes, since some applications currently
rely on this information to function correctly.
ok inoguchi@ tb@
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
| |
In the close notify case we need to signal EOF and in the user cancelled
case we need to return WANT_POLLIN. Returning success results in
tls13_record_layer_read_record() thinking that we have record data when
we do not, which then results in the content type check later failing.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
| |
repeated typedef. Found the hard way by aoyama who also tested the fix.
ok jsing
|
| |
|
|
|
|
| |
SSL_HANDSHAKE_TLS13 back to ssl_locl.h.
discussed with jsing and inoguchi
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If the record layer is asked to write more than fits in a plaintext record,
cap the amount at that limit. This means that we will effectively write out
a single record and return a short-write.
This behaviour matches SSL_write() with SSL_MODE_ENABLE_PARTIAL_WRITE
enabled and the non-SSL_MODE_ENABLE_PARTIAL_WRITE case will be handled
at a higher layer.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
The write traffic key needs to be changed to the client application traffic
key after the client finished message has been sent. The send handler
generates the client finished message, however we cannot switch keys at
this stage since the client finished message has not yet been protected
by the record layer.
ok tb@
|
| | |
|
| |
|
|
|
|
| |
This solves build error on luna88k with gcc3.
ok aoyama@ jca@ jsing@ tb@
|
| |
|
|
|
|
|
|
|
| |
In the case of a dummy CCS or post-handshake handshake message, return
TLS13_WANT_POLLIN rather than using a goto internally. This allows the
caller to retry at an appropriate time and reduces the complexity within
the record layer.
ok beck@ tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
In most cases a TLS13_IO_WANT_POLLIN or TLS13_IO_WANT_POLLOUT will have
bubbled up from the wire callbacks, in which case the BIO retry flag will
already be set. However, if we return TLS13_IO_WANT_POLLIN or
TLS13_IO_WANT_POLLOUT from a higher layer the BIO retry flag will not be
set and that will cause SSL_get_error() to return SSL_ERROR_SYSCALL rather
than the intended SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.
ok beck@ tb@
|
| |
|
|
|
|
|
|
|
| |
In TLSv1.3 there are two types of alerts "closure alerts" and
"error alerts". This makes the record layer more strict and handles closure
of the read and write channels. The callback then handles the record layer to
SSL mapping/behaviour.
ok tb@
|
| |
|
|
|
|
|
|
| |
There is nothing for the handler to really signal, since it cannot change
the fact that we received an alert. While here use TLS13_IO_FAILURE instead
of hardcoding -1.
ok tb@
|
| | |
|
