summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove stack related macros that should have been nuked whenjsing2018-10-241-333/+1
| | | | {CMS,KRB5,SRP} were removed.
* Avoid calling memcpy with a length <= 0. Reported due to a GCC 7.3.0tb2018-10-201-5/+6
| | | | | | | compiler warning by Pavel Kraynyukhov. A similar fix was made in OpenSSL commit 369e93398b68b8a328e6c1d766222b. ok inoguchi
* RFC 3394 section 2 states that we need at least two 64 bit blockstb2018-10-201-6/+6
| | | | | | | | | | | | | | for wrapping and, accordingly, three 64 bit blocks for unwrapping. That is: we need at least 16 bytes for wrapping and 24 bytes for unwrapping. This also matches the lower bounds that OpenSSL have in their CRYPTO_128_{un,}wrap() functions. In fact, if we pass an input with 'inlen < 8' to AES_unwrap_key(), this results in a segfault since then inlen -= 8 underflows. Found while playing with the Wycheproof keywrap test vectors. ok bcook
* As per POSIX, when str{,r}chr is comparing it should convert c to a char.martijn2018-10-014-8/+10
| | | | | | | | | | The C implementation of str{,r}chr are not linked to the build, because assembly implementations are used, but change to code for easier reference. At least the i386 and amd64 are checked and seem to do the correct thing. Found thanks to the csh any/strchr change. minor pointers and OK millert@
* bump for LibreSSL 2.8.2bcook2018-09-301-3/+3
|
* bump for LibreSSL 2.8.1libressl-v2.8.1bcook2018-09-231-3/+3
|
* Simplify initialization of asn1_cb; use correct spelling of NULL.tb2018-09-171-4/+2
|
* sync with mozilla-release (one removal, TURKTRUST, more details atsthen2018-09-121-48/+1
| | | | | | https://bugzilla.mozilla.org/show_bug.cgi?id=1439127) ok danj guenther millert
* tweak previous;jmc2018-09-122-4/+4
|
* crank to follow minor crank in libcrypto; ok tb@ jsing@djm2018-09-122-2/+2
|
* Add some accessor functions:djm2018-09-128-17/+138
| | | | | | RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv() feedback and ok jsing@ tb@
* Remove now unused code for EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE.jsing2018-09-084-77/+28
| | | | ok inoguchi@ tb@
* SSL_MAX_DIGEST is no longer needed.jsing2018-09-082-17/+10
|
* ASN1_OBJECTs should be freed with ASN1_OBJECT_free(3), not with free(3).tb2018-09-081-2/+2
| | | | ok inoguchi, jsing
* indent labelstb2018-09-082-8/+8
|
* missing word & a couple of typostb2018-09-081-3/+3
|
* Drop SSL_CIPHER_ALGORITHM2_AEAD flag.jsing2018-09-064-31/+25
| | | | | | | All of our algorithm_mac == SSL_AEAD cipher suites use EVP_AEAD, so we can condition on that rather than having a separate redundant flag. ok tb@
* Use the newer/more sensible names for EVP_MD_CTX_* functions.jsing2018-09-055-16/+16
| | | | | | | | | | EVP_MD_CTX_create -> EVP_MD_CTX_new EVP_MD_CTX_destroy -> EVP_MD_CTX_free This should make the intent more obvious and reduce head scratching during code reviews. Raised by tb@
* Correctly clear the current cipher state, when changing cipher state.jsing2018-09-053-41/+37
| | | | | | | | | | | | | | | | | When a renegotiation results in a change of cipher suite, the renegotation would fail if it switched from AEAD to non-AEAD or vice versa. This is due to the fact that the previous EVP_AEAD or EVP_CIPHER state remained, resulting in incorrect logic that caused MAC failures. Rename ssl_clear_cipher_ctx() to ssl_clear_cipher_state() and split it into separate read/write components, then call these functions from the appropriate places when a ChangeCipherSpec message is being processed. Also, remove the separate ssl_clear_hash_ctx() calls and fold these into the ssl_clear_cipher_{read,write}_state() functions. Issue reported by Bernard Spil, who also tested this diff. ok tb@
* use timing-safe compares for checking results in signature verificationdjm2018-09-054-9/+10
| | | | | | (there are no known attacks, this is just inexpensive prudence) feedback and ok tb@ jsing@
* Stop using composite EVP_CIPHER AEADs.jsing2018-09-031-25/+7
| | | | | | | | | | | The composite AEADs are "stitched" mode ciphers, that are only supported on some architectures/CPUs and are designed to be faster than a separate EVP_CIPHER and EVP_MD implementation. The three AEADs are used for less than ideal cipher suites (if you have hardware support that these use there are better cipher suite options), plus continuing to support AEADs via EVP_CIPHER is creating additional code complexity. ok inoguchi@ tb@
* Stop handling AES-GCM via ssl_cipher_get_evp().jsing2018-09-031-20/+3
| | | | | | | All of the AES-GCM ciphersuites use the EVP_AEAD interface, so there is no need to support them via EVP_CIPHER. ok inoguchi@ tb@
* Clean up SSL_DES and SSL_IDEA remnants.jsing2018-09-031-41/+13
| | | | | | | All ciphersuites that used these encryption algorithms were removed some time ago. ok bcook@ inoguchi@ tb@
* Elliptic curve arithmetic only makes sense between points that belong totb2018-09-021-1/+5
| | | | | | | | | | | | the same curve. Some Wycheproof tests violate this assumption, making ECDH_compute_key() compute and return garbage. Check that pub_key lies on the curve of the private key so that the calculations make sense. Most paths that get here have this checked (in particular those from OpenSSH and libssl), but one might get here after using d2i_* or manual computation. discussed with & ok jsing; "good catch!" markus
* Tweak comment.tb2018-09-011-5/+2
|
* Remove unused argument to tls1_change_cipher_state_cipher().jsing2018-08-311-7/+4
|
* Nuke ssl_pending/ssl_shutdown function pointers.jsing2018-08-309-56/+14
| | | | | | | ssl3_pending() is used for all protocols and dtls1_shutdown() just calls ssl3_shutdown(), so just call the appropriate function directly instead. ok beck@ inoguchi@ tb@
* Remove extra "and" in "These functions and have been available"tb2018-08-281-3/+3
|
* n2s and l2n3 finally bite the dust!jsing2018-08-271-7/+1
|
* Convert ssl3_get_cert_verify() to CBS and clean up somewhat.jsing2018-08-271-74/+72
| | | | ok inoguchi@
* Dedup DTLS header writing code and convert to CBB.jsing2018-08-271-25/+35
| | | | | | | | | There are three versions of the DTLS header writing code, which primarily differ by the fragment offset and fragment length values that differ. Rework dtls1_write_message_header() such that it can be used in all three cases and convert it to CBB in the process. ok inoguchi@ tb@
* Add some missing statics.jsing2018-08-272-5/+5
|
* Simplify new session ticket encoding/generation.jsing2018-08-273-84/+90
| | | | | | | | | | | The original code did a crazy encode/malloc/encode/decode/modify/encode dance, in order to encode a session in the form needed to encrypt then add to a session ticket. By modifying the encoding functions slightly, we can do this entire dance as a single encode. Inspired by similar changes in BoringSSL. ok inoguchi@ tb@
* Fix formatting and grammatical issues with the description of how to usejsing2018-08-271-19/+17
| | | | | | | i2d_SSL_SESSION. Also rework the example code so that it is clearer and uses more appropriate names. Input from and ok schwarze@, tb@
* fix the same "an non" issue found by tb in EVP_EncryptInit.3;jmc2018-08-261-3/+3
|
* Some of the functions in this manual need <openssl/dsa.h>, otherstb2018-08-261-3/+45
| | | | | | | | | need <openssl/x509.h>. The functions {d2i,i2d}_DSA_params_{bio,fp}(3) were missing from the manual, so document them. The return values of the i2d_* functions are left undocumented, as these still need to be audited. ok schwarze (lots of input and help as usual)
* typo: an nonce -> a noncetb2018-08-261-3/+3
|
* tweak previous;jmc2018-08-241-3/+3
|
* crank majors after symbol addition/modification/removaltb2018-08-243-6/+6
|
* Adjust documentation for SSL_copy_session_id()tb2018-08-241-8/+7
| | | | ok jsing
* Let SSL_copy_session_id() return an int for error checking.tb2018-08-243-28/+31
| | | | | | | | | | Accordingly, add some error checking to SSL_copy_session_id(), BIO_ssl_copy_session_id(), and SSL_dup(). Prompted by OpenSSL commit 17dd65e6e1f Tested in a bulk build by sthen ok jsing
* Add const to EVP_PKCS82PKEY().tb2018-08-242-4/+4
| | | | | tested in a bulk by sthen ok jsing
* Add consts to EVP_PKEY_asn1_set_private()tb2018-08-248-16/+16
| | | | | | | | | Requires adding a const to the priv_decode() member of EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode() functions. All this is already documented this way. tested in a bulk build by sthen ok jsing
* After removing support for broken PKCS#8 formats (it was high time),tb2018-08-247-22/+19
| | | | | | | | we can add const to PKCS8_pkey_get0(). In order for this to work, we need to sprinkle a few consts here and there. tested in a bulk by sthen ok jsing
* Remove EVP_PKEY2PKCS8_broken() and PKCS8_set_broken()tb2018-08-245-98/+46
| | | | | | | | | | | Provide PKCS8_pkey_add1_attr_by_NID() and PKCS8_pkey_get0_attrs(). Remove the whole broken code and simplify pkcs8_priv_key_info_st accordingly. Based on OpenSSL commit 54dbf42398e23349b59f258a3dd60387bbc5ba13 plus some const that was added later. tested in a bulk build by sthen ok jsing
* Document const change for OCSP_cert_to_id()tb2018-08-241-4/+4
| | | | ok jsing
* Add const to two arguments of OCSP_cert_to_id()tb2018-08-242-6/+7
| | | | | tested in a bulk by sthen ok jsing
* Provide X509_get0_serialNumber()tb2018-08-243-2/+10
| | | | | tested in a bulk by sthen ok jsing
* Turn a number of #defines into proper functions with prototypes matchingtb2018-08-245-18/+80
| | | | | | those that OpenSSL has had for ages. ok jsing
* Change PEM_Sign{Init,Update}() to return an int.tb2018-08-242-8/+8
| | | | | tested in a bulk by sthen ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-23 16:41:29 +0000