| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
|
|
|
| |
This moves COMP_CTX and COMP_METHOD to comp_local.h and provides
missing typedefs in ossl_typ.h.
ok inoguchi jsing
|
| |
|
|
|
|
|
| |
Move BIO, BIO_METHOD and BIO_F_BUFFER_CTX to bio_local.h and provide
BIO typedef in ossl_typ.h.
ok inoguchi jsing
|
| |
|
|
|
|
|
| |
This is unused and was removed in OpenSSL 5b70372d when it was
replaced with an ASN.1 ADB callback (which we don't support).
ok inoguchi jsing
|
| |
|
|
|
|
| |
This follows OpenSSL commit 26f2412d.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
| |
This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET,
Netscape_RSA things. Some of the nasty tentacles that could go in
principle are used in some test suites, so we need to keep them...
All this was removed as part of OpenSSL commit 0bc2f365.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
| |
Move the struct declaration to asn1_locl.h and add a forward
declaration to ossl_typ.h. This makes struct visibility in the
asn1 headers match OpenSSL.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In OpenSSL commit 32fd54a9a3 HMAC_CTX_cleanup() was integrated into
HMAC_CTX_init(), then HMAC_CTX_init() was renamed to HMAC_CTX_reset()
in dc0099e1.
LibreSSL retained them for API compatibility with OpenSSL 1.0.
Not many things use them anymore. In fact, some projects that didn't
want to modify their code for OpenSSL 1.1 API compatibility used the
removed functions to wrap the OpenSSL 1.1 API. We had to patch some
of these and this will now no longer be necessary.
Also remove HMAC_cleanup(). Nothing uses this.
ok inoguchi jsing
|
| |
|
|
|
|
| |
This moves most structs to evp_locl.h and moves HMAC_CTX to hmac_local.h.
ok inoguchi jsing
|
| |
|
|
|
|
| |
This makes all structs in bn.h opaque that are also opaque in OpenSSL.
ok inoguchi jsing
|
| |
|
|
|
|
|
| |
Pointed out by schwarze. How something with this name ever made
its way into a public header will remain a mystery.
ok inoguchi jsing
|
| |
|
|
|
|
| |
Suggested by schwarze
ok inoguchi jsing
|
| |
|
|
|
|
|
| |
These are leftovers of the old ASN.1 stuff. Nothing uses this.
OpenSSL removed them in a469a677.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
| |
Inline X509_OBJECT_free_contents() in X509_OBJECT_free() and
remove this dangerous API. It was left over when x509_vfy.h
was made opaque.
ok inoguchi jsing
|
| |
|
|
|
|
| |
This unused, bug-ridden API was removed in OpenSSL commit 0674427f.
ok inoguchi jsing
|
| |
|
|
|
| |
This marks the start of major surgery in libcrypto. Do not attempt to
build the tree for a while (~50 commits).
|
| |
|
|
|
|
| |
to internal only soon. Stop documenting them.
ok inoguchi jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
peer_pkeys comes from some world where peers can send multiple certificates
- in fact, one of each known type. Since we do not live in such a world,
get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2
and TLSv1.3, both clients and servers can only send a single leaf
(aka end-entity) certificate).
ok inoguchi@ tb@
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
The 'peer' member of SSL_SESSION is the leaf/end-entity certificate
provided by our peer. Rename it since 'peer' on its own is unhelpful.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Distinguish between decode errors and other errors, so that we can send
a SSL_AD_DECODE_ERROR alert when appropriate.
Fixes a tlsfuzzer failure, due to it expecting a decode error alert and
not receiving one.
Prompted by anton@
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
SSL_AD_DECODE_ERROR is the default alert for a TLS extension parsing
failure - remove the various gotos and simply return 0 instead.
ok tb@
|
| |
|
|
| |
joint with jsing
|
| |
|
|
| |
looks good to jsing
|
| |
|
|
|
|
|
|
| |
As suggested by schwarze, this removes
X509_EX_V_{INIT,NETSCAPE_HACK} and X509_EXT_PACK_{STRING,UNKNOWN}
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
| |
This allows implementations to add their own EVP_MD_METHODs.
Only the setters are provided.
This is used by erlang for the otp_test_engine.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This implements checking of a public key and of key generation
parameters for DH and EC keys. With the same logic and setters
and const quirks as for EVP_PKEY_check().
There are a couple of quirks: For DH no default EVP_PKEY_check()
is implemented, instead EVP_PKEY_param_check() calls DH_check_ex()
even though DH_param_check_ex() was added for this purpose.
EVP_PKEY_public_check() for EC curves also checks the private key
if present.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DH_check{,_pub_key}_ex() wrap their non-ex versions to translate
the flags argument of the original functions into OpenSSL errors.
For this almost a dozen new error codes need to be added.
DH_params_check{,_ex}() is a new version of DH_check that only
performs a cheap subset of the checks.
They are needed to implement EVP_PKEY_{public,param}_check()
(observe the consistent naming) although the actual implementation
of EVP_PKEY_param_check() chose to use DH_check_ex().
As far as I can tell, the only raison d'ĂȘtre of the _ex functions
and error codes is to spew them to stderr in a couple of openssl(1)
commands. This couldn't have been solved differently...
These functions will not be exposed publicly.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows checking the validity of an EVP_PKEY. Only RSA and EC keys
are supported. If a check function is set the EVP_PKEY_METHOD, it will
be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is
used. The default ASN.1 methods wrap RSA_check_key() and
EC_KEY_check_key(), respectively.
The corresponding setters are EVP_PKEY_{asn1,meth}_set_check().
It is unclear why the PKEY method has no const while the ASN.1 method
has const.
Requested by tobhe and used by PHP 8.1.
Based on OpenSSL commit 2aee35d3
ok inoguchi jsing
|
| |
|
|
|
|
|
|
| |
NULL out two pointer values after memcpy() to avoid a double free.
In the event that both in->pctx and in->md_data are non-NULL and
the calloc() of out->md_data fails, a double free could occur.
ok inoguchi jsing
|
| | |
|
| |
|
|
|
|
| |
Part of OpenSSL commit 464d59a5
ok inoguchi jsing
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
|
|
| |
be needed.
discussed with jsing
|
| | |
|
| |
|
|
|
| |
If a libssl function takes an SSL *, it should normally be the first
argument.
|
| |
|
|
|
|
|
|
| |
Fix leaks, use sizeof() instead of hardcoded sizes, actually check return
codes, explicit_bzero() the premaster secret on the server side and
generally try to kick the GOST kex code into some sort of shape.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
Like other KEX handling functions, there is no need to return anything
other than failure/success here.
ok inoguchi@ tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
GOST skip certificate verify handling got broken in r1.132 of s3_srvr.c
circa 2016. Prior to this, ssl3_get_client_key_exchange() returned an
'extra special' value to indicate that the state machine should skip
certificate verify. Fix this by setting and checking the
TLS1_FLAGS_SKIP_CERT_VERIFY flag, which is the same as is done in the
client.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This API with very strange ownership handling is used by Ruby 3.1,
unfortunately.
For unclear reasons, it was decided that the caller retains ownership of
the pctx passed in. EVP_PKEY_CTX aren't refcounted, so a flag was added to
make sure that md_ctx->pctx is not freed in EVP_MD_CTX_{cleanup,reset}().
Since EVP_MD_CTX_copy_ex() duplicates the md_ctx->pctx, the flag also needs
to be unset on the duplicated EVP_MD_CTX.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
| |
With TLSv1.2 and earlier, the authentication algorithm used to sign the
ServerKeyExchange message is dependent on the cipher suite in use and has
nothing to do with the key exchange algorithm. As such, check the
authentication algorithm based on the cipher suite in
ssl3_get_server_key_exchange() and handle things accordingly.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
|
| |
OBJ_length() turns the int obj->length into a size_t, so add
an overflow check. While obj->length should never be negative,
who knows...
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
There is no reason for SESS_CERT to exist - remove it and merge its members
into SSL_SESSION for the time being. More clean up to follow.
ok inoguchi@ tb@
|
| | |
|
| |
|
|
|
|
|
| |
Nearly all structs in libssl start with an SSL_ suffix, rename CERT and
CERT_PKEY for consistency.
ok inoguchi@ tb@
|
| | |
|
