summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* s/ECDHE/ECDH/jsing2021-11-301-3/+3
| | | | | | | If we can provide an EC key that is used, then it is by definition non-ephemeral. ok tb@
* Add regress for {d2i,i2d}_{,DSA_,EC_,RSA_}PUBKEY{,_bio}().jsing2021-11-302-1/+570
|
* Crank the number of rounds of Miller-Rabin from 50 to 64tb2021-11-291-4/+7
| | | | | | | | for DSA key generation. From Kurt Roeckx, OpenSSL 74ee3796 ok bcook inoguchi jsing
* Clean up DH_check_pub_key() and ensure that y^q (mod p) == 1.tb2021-11-291-18/+53
| | | | | | | | | | This aligns our behavior with OpenSSL 1.1.1 which includes a mitigation for small subgroup attacks. This did not affect LibreSSL since we do not support X9.42 style parameter files or RFC 5114. The meat of this commit is from Matt Caswell, OpenSSL b128abc3 ok inoguchi jsing
* Increase number of iterations in Miller-Rabin checks for DH.tb2021-11-291-4/+9
| | | | | | | | | | BN_prime_checks is only to be used for random input. Here, the input isn't random, so increase the number of checks. According to https://eprint.iacr.org/2019/032, 64 rounds is suitable. From Jake Massimo, OpenSSL 1.1.1, af6ce3b4 ok inoguchi jsing
* Synchronize DH_check() mostly with OpenSSL 1.1.1 with sometb2021-11-291-32/+47
| | | | | | | | | | | | simplifications and readability tweaks. This ensures in particular that dh->q is suitable if present. Based on work by Stephen Henson and Bernd Edlinger in OpenSSL. Issues with the current implementation found via regression tests in py-cryptography. ok inoguchi jsing
* Provide a version of DH_check_params() for internal use.tb2021-11-291-1/+43
| | | | | | Based on the version in OpenSSL 1.1.1l with minor tweaks. ok inoguchi jsing
* Provide a number of flags for DH_check and DH_check_pubkeytb2021-11-291-1/+5
| | | | | | that will be used in subsequent commits. ok inoguchi jsing
* First pass of converting ssl_kex.c to opaque DH.tb2021-11-291-30/+58
| | | | | | | | | Assign the result of BN_dup() and BN_bn2bin() to local BIGNUMs, then set the factors and pubkey on the dh using DH_set0_{pqg,key}(). A second pass will be done during the upcoming bump. ok jsing
* Hide BIO_s_file_internal() from internal view.tb2021-11-291-2/+4
| | | | ok jsing
* Stop using BIO_s_file_inernal() in libssl.tb2021-11-293-13/+13
| | | | | | | | BIO_s_file_internal() should never have leaked out of libcrypto, but it did. As a first step of getting rid of it, stop using it internally. ok jsing
* Convert server serialisation of DHE parameters/public key to new functions.jsing2021-11-291-24/+3
| | | | ok inoguchi@ tb@
* Factor out/rewrite DHE key exchange.jsing2021-11-293-66/+173
| | | | | | | | | This follows what was done previously for ECDHE EC point key exchange and will allow for deduplication and further code improvement. Convert the TLSv1.2 client to use the new DHE key exchange functions. ok inoguchi@ tb@
* A few sys/param.h annotations lacked ALIGNBYTESderaadt2021-11-291-2/+2
|
* Niels agreed to remove the advertising clause; switching thesedjm2021-11-292-11/+5
| | | | to 3-term BSD license.
* document ASN1_tag2bit(3)schwarze2021-11-281-5/+66
|
* Document ASN1_object_size(3).schwarze2021-11-281-17/+53
| | | | | | | | | While here, * call the function arguments "content_length" rather than just "length" to make it less likely that the reader confuses them with the total length returned by ASN1_object_size(3); * state that only the short form is supported for content_length <= 127; * add the missing STANDARDS section.
* mark ASN1_check_infinite_end() and ASN1_const_check_infinite_end()schwarze2021-11-281-2/+5
| | | | as intentionally undocumented
* new manual page BIO_f_asn1(3)schwarze2021-11-273-3/+233
|
* Fix incomplete initialization bug: BIO_new(BIO_f_asn1()) neglectedschwarze2021-11-271-23/+10
| | | | | | | | | | | | | | | | initializing five of the fields in BIO_ASN1_BUF_CTX (prefix, prefix_free, suffix, suffix_free, ex_arg), inviting a segfault in a subsequent call from the application program to BIO_write(3) because subroutines of that function assume that the function pointers are either NULL or valid. Fix this by using the less error-prone calloc(3) idiom. While here, inline asn1_bio_init() at the only call site in asn1_bio_new() to simplify the code and make it easier to read. Bug found and initial patch by me, this version (with inlining) by and OK tb@.
* make the bn/mont test compile with opaque DH.tb2021-11-261-4/+12
|
* Stop reaching into EVP_PKEY in the rest of libssl.tb2021-11-266-38/+55
| | | | ok inoguchi jsing
* Simplify two weirdly formatted pieces of code in ssl_rsa.c and stoptb2021-11-261-27/+25
| | | | | | reaching into the EVP_PKEY struct. ok inoguchi jsing
* openssl(1): drop support for netscape certificates and server gated keys.tb2021-11-265-138/+12
| | | | ok inoguchi jsing
* spellingjsg2021-11-268-25/+25
| | | | ok schwarze@
* after the bugfix in x509_vfy.c rev. 1.100,schwarze2021-11-261-16/+12
| | | | replace the BUGS section with a shorter CAVEATS section
* Bugfix in X509_get_pubkey_parameters(3):schwarze2021-11-261-3/+5
| | | | | | | | | | If EVP_PKEY_copy_parameters(3) fails - among other reasons, this may happen when out of memory - the pkey argument and/or the chain argument will not contain all the desired parameters after returning. Consequently, report the failure to the caller rather than silently ignoring it. OK tb@
* Simplify the code in X509_get_pubkey_parameters(3)schwarze2021-11-261-8/+4
| | | | | | | | | | | | | | | by using X509_get0_pubkey(3) instead of X509_get_pubkey(3); no functional change. OK tb@ This is similar to the relevant part of the follwoing commit from the OpenSSL 1.1.1 branch, which is still under a free licence, but without the bug that commit introduced into this function in OpenSSL: commit c01ff880d47392b82cce2f93ac4a9bb8c68f8cc7 Author: Dr. Stephen Henson <steve@openssl.org> Date: Mon Dec 14 13:13:32 2015 +0000
* We know how to print a size_t now. Drop a comment and a cast.tb2021-11-251-6/+4
| | | | ok bluhm inoguchi
* Rework this test to compile with opaque RSAtb2021-11-251-282/+427
|
* Document BIO_method_name(3).schwarze2021-11-251-48/+97
| | | | | | | | | | | While here, also improve the rest of the page: * add missing BIO_TYPE_* constants * describe BIO_TYPE_START * better function argument names * more precision in the descriptions and regarding the RETURN VALUES * lots of wording improvements * improve the coding style below EXAMPLES * delete a BUGS section describing cretaceous behaviour
* Resolve last issue with opaque BIGNUM in this test.tb2021-11-251-3/+3
|
* Describe what RES_USE_DNSSEC does and how it's affected by trust-adjca2021-11-241-2/+15
| | | | ok florian@
* Fix OCSP_basic_verify() cert chain construction in case thetb2021-11-241-2/+5
| | | | | | | | OCSP_BASICRESP bs contains no certificates. From David von Oheimb (OpenSSL 121738d1) ok beck
* Simplify slightly by using X509_get0_pubkey() thus eliminating thetb2021-11-241-3/+2
| | | | | | need for EVP_PKEY_free(). ok beck
* Fix a whitespace error that has annoyed me for way too longtb2021-11-241-2/+2
|
* Fix timestamp printing in Signed Certificate Timestampstb2021-11-241-2/+1
| | | | | | | | | Our ASN1_GENERALIZEDTIME_set() doesn't accept time strings with fractional seconds, so don't feed it milliseconds, but only seconds. Ensures that openssl x509 -text prints timestamps instead of skipping them. ok beck jsing
* Add certificate transparency methods to the standard extensions.tb2021-11-241-1/+7
| | | | | | | | This way, CT extensions in certs will be parsed by the new CT code when they are encountered. This gets rid of a lot of gibberish when looking at a cert with 'openssl x509 -text -noout -in server.pem' ok beck jsing
* add the missing const qualifiers below EXAMPLES;schwarze2021-11-241-8/+11
| | | | | | from <Malgorzata dot Olszowka at stunnel dot org> via OpenSSL commit 256989ce in the OpenSSL 1.1.1 branch, which is still under a free license
* document ASN1_item_ndef_i2d(3)schwarze2021-11-241-4/+22
|
* In some situations, the verifier would discard the error on an unvalidatedbeck2021-11-243-50/+91
| | | | | | certificte chain. This would happen when the verification callback was in use, instructing the verifier to continue unconditionally. This could lead to incorrect decisions being made in software.
* Make the certificate transparency code build with the rest of the librarybeck2021-11-248-7/+86
| | | | | | Do not expose it yet, this will wait for an upcoming bump ok tb@
* Transform a mangled comment into something intelligible.tb2021-11-231-2/+5
| | | | from beck
* document ASN1_TYPE_set_int_octetstring(3) and ASN1_TYPE_get_int_octetstring(3)schwarze2021-11-231-9/+77
|
* Use LIBRESSL_NEXT_API to document the commented-out functions that aretb2021-11-231-13/+13
| | | | | | not yet available. ok schwarze
* document ASN1_TYPE_set_octetstring(3) and ASN1_TYPE_get_octetstring(3)schwarze2021-11-231-5/+67
|
* document a2i_ASN1_INTEGER(3),schwarze2021-11-232-69/+135
| | | | i2a_ASN1_ENUMERATED(3), and a2i_ASN1_ENUMERATED(3)
* re-align these copies of the a2i_*(3) code with f_string.c rev. 1.19schwarze2021-11-232-28/+12
| | | | | | to fix the same double-counting of the backslash and to make the parsing stricter in the same way; OK tb@
* In DH_set0_pqg() also set dh->length if q is set to match what OpenSSL do.tb2021-11-231-1/+2
| | | | ok inoguchi jsing
* Implement rfc6840 (AD flag processing) if using trusted name serversjca2021-11-221-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | libc can't do DNSSEC validation but it can ask a "security-aware" resolver to do so. Let's send queries with the AD flag set when appropriate, and let applications look at the AD flag in responses in a safe way, ie clear the AD flag if the resolvers aren't trusted. By default we only trust resolvers if resolv.conf(5) only lists name servers on localhost - the obvious candidates being unwind(8) and unbound(8). For non-localhost resolvers, an admin who trusts *all the name servers* listed in resolv.conf(5) *and the network path leading to them* can annotate this with "options trust-ad". AD flag processing gives ssh -o VerifyHostkeyDNS=Yes a chance to fetch SSHFP records in a secure manner, and tightens the situation for other applications, eg those using RES_USE_DNSSEC for DANE. It should be noted that postfix currently assumes trusted name servers by default and forces RES_TRUSTAD if available. RES_TRUSTAD and "options trust-ad" were first introduced in glibc by Florian Weimer. Florian Obser (florian@) contributed various improvements, fixed a bug and added automatic trust for name servers on localhost. ok florian@ phessler@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-24 19:09:59 +0000