| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
All of the AES-GCM ciphersuites use the EVP_AEAD interface, so there is no
need to support them via EVP_CIPHER.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
All ciphersuites that used these encryption algorithms were removed some
time ago.
ok bcook@ inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
the same curve. Some Wycheproof tests violate this assumption, making
ECDH_compute_key() compute and return garbage. Check that pub_key lies
on the curve of the private key so that the calculations make sense.
Most paths that get here have this checked (in particular those from
OpenSSH and libssl), but one might get here after using d2i_* or manual
computation.
discussed with & ok jsing;
"good catch!" markus
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
ssl3_pending() is used for all protocols and dtls1_shutdown() just calls
ssl3_shutdown(), so just call the appropriate function directly instead.
ok beck@ inoguchi@ tb@
|
| | |
|
| | |
|
| |
|
|
| |
ok inoguchi@
|
| |
|
|
|
|
|
|
|
| |
There are three versions of the DTLS header writing code, which primarily
differ by the fragment offset and fragment length values that differ.
Rework dtls1_write_message_header() such that it can be used in all three
cases and convert it to CBB in the process.
ok inoguchi@ tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The original code did a crazy encode/malloc/encode/decode/modify/encode
dance, in order to encode a session in the form needed to encrypt then add
to a session ticket. By modifying the encoding functions slightly, we can
do this entire dance as a single encode.
Inspired by similar changes in BoringSSL.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
i2d_SSL_SESSION. Also rework the example code so that it is clearer and
uses more appropriate names.
Input from and ok schwarze@, tb@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
need <openssl/x509.h>. The functions {d2i,i2d}_DSA_params_{bio,fp}(3)
were missing from the manual, so document them. The return values
of the i2d_* functions are left undocumented, as these still need to
be audited.
ok schwarze (lots of input and help as usual)
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
Accordingly, add some error checking to SSL_copy_session_id(),
BIO_ssl_copy_session_id(), and SSL_dup().
Prompted by OpenSSL commit 17dd65e6e1f
Tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
| |
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Requires adding a const to the priv_decode() member of
EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode()
functions. All this is already documented this way.
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
| |
we can add const to PKCS8_pkey_get0(). In order for this to work,
we need to sprinkle a few consts here and there.
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
Provide PKCS8_pkey_add1_attr_by_NID() and PKCS8_pkey_get0_attrs().
Remove the whole broken code and simplify pkcs8_priv_key_info_st
accordingly. Based on OpenSSL commit
54dbf42398e23349b59f258a3dd60387bbc5ba13 plus some const that was
added later.
tested in a bulk build by sthen
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
| |
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
| |
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
|
| |
those that OpenSSL has had for ages.
ok jsing
|
| |
|
|
|
| |
tested in a bulk by sthen
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
| |
checking. Matches our documented behavior.
Based on OpenSSL commit c5ebfcab713a82a1d46a51c8c2668c419425b387
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
| |
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
|
| |
This code has been rotting since 2006.
ok bcook@ tb@
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
| |
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
|
| |
failure accordingly.
ok jsing
|
| |
|
|
|
|
| |
failure accordingly.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
Based on OpenSSL commit c5ebfcab713a82a1d46a51c8c2668c419425b387
tested in a bulk by sthen
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
| |
These functions are no-ops. Their signature was changed by OpenSSL
to allow error checking. This way we return an error and do not
indicate the (non-)existence of memory leaks.
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The original implementation is rather crazy and means that we effectively
have two lots of code that parse a ClientHello and two lots of code that
parse TLS extensions. Partially simplify this by passing a CBS containing
the extension block through to the session handling functions, removing the
need to reimplement the ClientHello parsing.
While here standarise on naming for session_id and session_id_len.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
| |
Parse up until the extensions (if any), then proceed with processing,
rather than gradually parsing while processing. This makes the code
cleaner, requires messages to be valid before processing and makes way
for upcoming changes.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
| |
Now that all handshake messages are created using CBB, remove the non-CBB
ssl3_handshake_msg_start()/ssl3_handshake_msg_finish() functions. Rename
the CBB variants by dropping the _cbb suffix.
ok bcook@ inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
The CBB conversion resulted in the ticket encryption being handled
incorrectly, resulting in only the last block being used. Fix this and
restore the previous behaviour.
Issue found by inoguchi@ and sebastia@.
ok inoguchi@ and tb@
|
| | |
|
| |
|
|
|
|
| |
CID #118791
ok jsing mestre
|
| | |
|
| |
|
|
|
|
| |
CID #183499.
input & ok jsing, ok mestre on first version
|
