summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* spelling; from miodjmc2018-11-251-2/+2
|
* zap 10 tab leading whitespace before 'struct evp_pkey_ctx_st {'tb2018-11-241-2/+2
|
* Store and return the locking callbacks, restoring previous behaviour.jsing2018-11-241-6/+12
| | | | | | | | | | | The previous code meant that a caller could set the locking callback, after which CRYPTO_get_locking_callback() would return non-NULL. Some existing code depends on this behaviour, specifically to identify if lock handling has been configured. As such, always returning NULL from CRYPTO_get_locking_callback() can result in unexpected application behaviour. ok bcook@
* Fix DTLS transcript handling for HelloVerifyRequest.jsing2018-11-214-18/+26
| | | | | | | | | | | | | If DTLS sees a HelloVerifyRequest the transcript is reset - the previous tls1_init_finished_mac() function could be called multiple times and would discard any existing state. The replacement tls1_transcript_init() is more strict and fails if a transcript already exists. Provide an explicit tls1_transcript_reset() function and call it from the appropriate places. This also lets us make DTLS less of a special snowflake and call tls1_transcript_init() in the same place as used for TLS. ok beck@ tb@
* fold the contents of malloc.conf.5 into malloc.3 and sysctl.2,jmc2018-11-211-6/+118
| | | | | | now that there is essentially no malloc.conf; text tweaked by deraadt; ok otto deraadt
* Introducing malloc_usable_size() was a mistake. While some otherotto2018-11-212-105/+5
| | | | | | | | | | | libs have it, it is a function that is considered harmful, so: Delete malloc_usable_size(). It is a function that blurs the line between malloc managed memory and application managed memory and exposes some of the internal workings of malloc. If an application relies on that, it is likely to break using another implementation of malloc. If you want usable size x, just allocate x bytes. ok deraadt@ and other devs
* Saw a mention somewhere a while back that the gotdata() function inderaadt2018-11-205-144/+27
| | | | | | | | here could creates non-uniformity since very short fetches of 0 would be excluded. blocks of 0 are just as random as any other data, including blocks of 4 4 4.. This is a misguided attempt to identify errors from the entropy churn/gather code doesn't make sense, errors don't happen. ok bcook
* Fix compilation on alpha, where DEF_WEAK() really must be paired withguenther2018-11-191-2/+1
| | | | PROTO_NORMAL(). Problem noted by deraadt@
* Revert previous - DTLSv1 uses MD5+SHA1 for RSA signature verification.jsing2018-11-192-10/+4
| | | | Discussed with beck@
* Revert previous - the default sigalg for RSA key exchange is {sha1,rsa}.jsing2018-11-191-4/+4
| | | | | | | In TLSv1.2, if the client does not send a signature algorithms extension then for RSA key exchange a signature algorithm of {sha1,rsa} is implied. The MD5+SHA1 hash only applies to older versions of TLS, which do not support sigalgs.
* Implement malloc_usable_size(); ok millert@ deraadt@ and jmc@ for the man pageotto2018-11-182-6/+108
|
* Fix DTLS, because DTLS still remains a special flower, allows regress to passbeck2018-11-172-4/+10
|
* Fix whitespace around assignment operators.tb2018-11-171-7/+7
|
* revert previousbeck2018-11-161-5/+3
|
* Fix DTLS. Because the DTLS code is strange. I am really coming around tobeck2018-11-161-3/+5
| | | | joel's line of thinking about it
* Unbreak legacy ciphers for prior to 1.1 by setting having a legacybeck2018-11-164-10/+22
| | | | | sigalg for MD5_SHA1 and using it as the non sigalgs default ok jsing@
* Port OpenSSL commit 99540ec79491f59ed8b46b4edf130e17dc907f52 -- mitigationtb2018-11-151-4/+4
| | | | | | | | | | for a timing vullnerability in ECDSA signature generation (CVE-2018-0735). Note that the blinding that we introduced back in June for ECDSA and DSA should mitigate this and related issues. This simply adds an additional layer of protection. discussed with jsing
* Fix wrong sizeof argument by using 'uint16_t *', with minor nit from tb@,mestre2018-11-141-2/+2
| | | | | | | | | | instead of 'uint16_t' Found with llvm's static analyzer, noticed that it was also already reported in Coverity CID 155890 and to ensure this was correct also inspected OpenSSL's equivalent code. OK tb@ and jsing@
* In TLS1.2 we use evp_sha1 if we fall back this far, not evp_md5_sha1 as in 1.1beck2018-11-141-2/+2
| | | | Makes connections to outlook.office365.com work
* Temporary workaround for breakage seen in www.videolan.org with curve mismatchbeck2018-11-131-3/+4
|
* NULL out mdctx to prevent possible double free introduced in version 1.4beck2018-11-131-1/+2
| | | | Spotted by maestre@, ok tb@
* Fix pkey_ok to be less strange, and add cuve checks required for the EC onesbeck2018-11-131-9/+26
| | | | ok tb@
* Missing initialization for pub_key. CID 184303.tb2018-11-121-2/+2
| | | | ok bcook
* Add check function to verify that pkey is usable with a sigalg.beck2018-11-114-7/+24
| | | | | Include check for appropriate RSA key size when used with PSS. ok tb@
* Add back a few missing compatibility stubsbcook2018-11-112-4/+37
| | | | ok beck@
* quiet warning on other compilersbcook2018-11-111-3/+3
| | | | ok beck@
* Add EVP_sm3() to OpenSSL_add_all_digests_internal().tb2018-11-111-1/+4
| | | | ok beck inoguchi
* bump minors after symbol addition.tb2018-11-113-3/+3
|
* Add SSL_set1_host(), a thin wrapper around X509_VERIFY_PARAM_set1_host().tb2018-11-113-2/+10
| | | | | | | Used by unbound's DNS over TLS implementation to do server name verification. ok jsing
* Add Ribose Inc's implementation of the SM3 hashing function withtb2018-11-118-3/+437
| | | | | | | | | tweaks from jsing and myself. The SM2/SM3/SM4 algorithms are mandatory for legal use of cryptography within China and [are] widely applied in the country, covering identification/financial cards, contactless, TPM 2.0 and PKI. ok beck inoguchi jsing
* Nuke trailing whitespacebeck2018-11-111-6/+6
|
* Add automatic threading initialization for libcrypto.bcook2018-11-116-452/+140
| | | | | | | | | | | | | | This implements automatic thread support initialization in libcrypto. This does not remove any functions from the ABI, but does turn them into no-ops. Stub implementations of pthread_mutex_(init|lock|unlock) are provided for ramdisks. This does not implement the new OpenSSL 1.1 thread API internally, keeping the original CRYTPO_lock / CRYPTO_add_lock functions for library locking. For -portable, crypto_lock.c can be reimplemented with OS-specific primitives as needed. ok beck@, tb@, looks sane guenther@
* Free the server tls transcript in case session reuse did not work.bluhm2018-11-111-3/+4
| | | | | Regression found by Perl module p5-IO-Socket-SSL tests. with beck@ tb@
* include crypto.h from the correct path, remove unused variablebcook2018-11-111-5/+2
|
* Add support for RSA PSS algorithims being used in sigalgs.beck2018-11-112-2/+29
| | | | | | lightly tested, but will need sanity checks and regress test changes before being added to any sigalgs list for real ok jsing@ tb@
* Convert signatures and verifcation to use the EVP_DigestXXX apibeck2018-11-113-45/+93
| | | | | | to allow for adding PSS, Nuke the now unneejded guard around the PSS algorithms in the sigalgs table ok jsing@ tb@
* Remove dead codebeck2018-11-102-16/+2
| | | | ok jsing@
* Tweak and improve the TLSv1.3 state machine.jsing2018-11-101-24/+46
| | | | | | | | | | | | | | | | - Provide a tls13_handshake_active_action() function to reduce code duplication and replace tls13_handshake_get_sender(). - Add an INVALID message_type, so we can explicitly detect invalid conditions. - Implement skeletons for the tls13_handshake_send_action() and tls13_handshake_recv_action() functions. - OR in the NEGOTIATED value at the end of recving or sending a server hello so that we switch to the next chain in the state table. ok tb@
* Avoid a double allocation and memory leak.jsing2018-11-101-4/+2
| | | | Reported by Ben L <bobsayshilol at live dot co dot uk>
* Stop keeping track of sigalgs by guessing it from digest and pkey,beck2018-11-108-92/+102
| | | | | | just keep the sigalg around so we can remember what we actually decided to use. ok jsing@
* Use TLS13_HS_{CLIENT,SERVER} instead of using a redundant _SEND{,S}.tb2018-11-101-30/+28
| | | | ok jsing
* Fix last of the empty hash nonsensebeck2018-11-101-26/+3
| | | | ok jsing@
* Fix the TLSv1.3 key schedule implementation.jsing2018-11-092-66/+95
| | | | | | | | | | | | When the RFC refers to ("") for key derivation, it is referring to the transcript hash of an empty string, not an empty string. Rename tls13_secrets_new() to tls13_secrets_create(), make it take an EVP_MD * and calculate the hash of an empty string so that we have it available for the "derived" and other steps. Merge tls13_secrets_init() into the same function, remove the EVP_MD * from other functions and use the empty string hash at the appropriate places. ok beck@ tb@
* Use "send" and "recv" consistently instead of mixing them with "read"tb2018-11-091-98/+108
| | | | | | and "write". Use self-documenting C99 initializers. ok bcook, jsing
* Initialize priv_key and pub_key on first use instead of at the top.tb2018-11-091-6/+4
| | | | | | While there, eliminate a flag that was only used once. ok beck jsing mestre
* Initialize priv_key and pub_key on first use instead of at the top.tb2018-11-091-4/+4
| | | | ok beck jsing mestre
* Avoid dereferencing eckey before checking it for NULL.tb2018-11-091-5/+6
| | | | | | CID 184282 ok beck jsing mestre
* Remove ethers(5) YP support bits from libc as it makes it difficult tobrynet2018-11-092-70/+8
| | | | | | | | effectively use pledge(2) in some programs. approval from many, thanks! idea by & ok deraadt@
* Ensure we free the handshake transcript upon session resumption.jsing2018-11-091-1/+4
| | | | | | Found the hard way by jmc@ ok tb@
* Ensure we only choose sigalgs from our prefernce list, not the whole listbeck2018-11-094-10/+19
| | | | ok jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-22 08:45:31 +0000