|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| ... |  | 
| | 
| 
| 
| | to return const.  Update the documentation. | 
| | |  | 
| | 
| 
| 
| 
| 
| | public API in libssl.
ok beck, jsing | 
| | 
| 
| 
| 
| 
| | functions.
ok beck, jsing | 
| | 
| 
| 
| 
| 
| | With advice from jca@
OK jca@ millert@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | carefully document constant time vs. non-constant time operation
of BN_div(3), BN_mod_exp(3), and BN_mod_inverse(3).
Until the work that is required on the ill-designed BN_exp(3) and
BN_gcd(3) interfaces can be undertaken, also document the imperfections
in their behaviour, for now.  Finally, mention BN_mod_exp(3) behaviour
for even moduli.
Delete the vague statement about some functions automatically
setting BN_FLG_CONSTTIME.  It created a false sense of security.
Do not rely on it: not all relevant functions do that.
Topic brought up by beck@, significant feedback and OK jsing@. | 
| | 
| 
| 
| | ok schwarze@ | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| | and reference gethostby*(3) and /etc/hosts instead.
Say that setnetent(3), getnetent(3), and endnetent(3) now do nothing.
With feedback from guenther and significant help from deraadt@. | 
| | 
| 
| 
| 
| 
| | While here, stop implying plans to support additional address
families in the future, and do not call gethostbyname2(3) "advanced".
OK deraadt@ guenther@ | 
| | 
| 
| 
| 
| 
| | getnetent(3), and endnetent(3) do nothing, just like sethostent(3),
gethostent(3), and endhostent(3) years ago.
OK deraadt@ guenther@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | of OpenSSL commit c0caa945f6ef30363e0d01d75155f20248403df4 to our
version of this function.
ok beck, jsing
Original commit message:
commit c0caa945f6ef30363e0d01d75155f20248403df4
Author: Pauli <paul.dale@oracle.com>
Date:   Wed Nov 1 06:58:13 2017 +1000
    Address a timing side channel whereby it is possible to determine some
    information about the length of the scalar used in DSA operations from
    a large number (2^32) of signatures.
    This doesn't rate as a CVE because:
    * For the non-constant time code, there are easier ways to extract
      more information.
    * For the constant time code, it requires a significant number of signatures
      to leak a small amount of information.
    Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for
    reporting this issue.
    Reviewed-by: Andy Polyakov <appro@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4576)] | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | this is OpennSSL commit 4a089bbdf11f9e231cc68f42bba934c954d81a49.
ok beck, jsing
Original commit message:
commit 4a089bbdf11f9e231cc68f42bba934c954d81a49
Author: Pauli <paul.dale@oracle.com>
Date:   Wed Nov 1 06:58:39 2017 +1000
    Address a timing side channel whereby it is possible to determine some
    information about the length of the scalar used in ECDSA operations
    from a large number (2^32) of signatures.
    This doesn't rate as a CVE because:
    * For the non-constant time code, there are easier ways to extract
      more information.
    * For the constant time code, it requires a significant number of signatures
      to leak a small amount of information.
    Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for
    reporting this issue.
    Reviewed-by: Andy Polyakov <appro@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4576)] | 
| | 
| 
| 
| 
| | in preparation for pledgepath
ok deraadt@ | 
| | |  | 
| | 
| 
| 
| 
| | to some parameters of some functions.  Update the documentation.
Add a few additional missing const qualifiers while here. | 
| | 
| 
| 
| | show the public data type name "LHASH_OF(SSL_SESSION)" instead. | 
| | 
| 
| 
| 
| | and avoid the internal, undocumented names "struct ssl_st *"
and "struct ssl_ctx_st *". | 
| | 
| 
| 
| 
| | to some parameters and return values of some functions.
Update the documentation. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | BIO_f_asn1() will be taken care of later.
Tested in a bulk by sthen
ok bcook jca jsing | 
| | 
| 
| 
| | previous commit. | 
| | 
| 
| 
| | ok jsing (as part of a larger diff) | 
| | 
| 
| 
| 
| 
| 
| 
| | our libssl functions match theirs wrt const, except for BIO_f_ssl(3)
which will be fixed in a later step.
this went through a i386 bulk by sthen
ok jsing | 
| | 
| 
| 
| 
| 
| | grepability.
Req. by jsing | 
| | |  | 
| | |  | 
| | 
| 
| 
| | ok bcook | 
| | 
| 
| 
| | Annotate them. | 
| | |  | 
| | 
| 
| 
| 
| | While here, include a patch from tb@
adding the missing return type to ENGINE_ctrl() in the SYNOPSIS. | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| | * Correct documentation of DH_new(3), DH_free(3), DSA_new(3), DSA_free(3),
RSA_new(3), and RSA_free(3) with respect to reference counting.
* Stop referencing engine(3). | 
| | 
| 
| 
| 
| 
| 
| | and more concise.
* Correct the description of the return values of DH_set_method(3)
and DSA_set_method(3).
* Stop referencing engine(3). | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Add three missing const qualifiers to function prototypes.
* Correct the argument type of RSA_new_method(3).
* Remove duplicate decsription of RSA_flags(3) and RSA_new_method(3).
* Make the description of method selection simpler, more precise,
and more concise.
* Correct description of the return value of RSA_set_method(3).
* Stop referencing engine(3). | 
| | |  | 
| | 
| 
| 
| 
| 
| | covering the remaining functions that were documented in engine(3),
except for seven functions that are completely pointless and that
were merely listed but not really documented. | 
| | 
| 
| 
| 
| | covering 60% of the documented functions).  The old, abominable
engine(3) manual page shall die soon. | 
| | 
| 
| 
| 
| 
| | to accept a NULL argument.  Document that.
While here, make the related sentences more precise and less verbose.
Tweaks and OK tb@. | 
| | 
| 
| 
| 
| 
| | simplifies the caller side.
tested by & ok inoguchi; discussed with schwarze | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | OpenSSL commit 7c96dbcdab9 by Rich Salz.
This cleans up the caller side quite a bit and reduces the number of
lines enclosed in #ifndef OPENSSL_NO_ENGINE.  codesearch.debian.net
shows that almost nothing checks the return value of ENGINE_finish().
While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'.
ok jsing, tested by & ok inoguchi | 
| | 
| 
| 
| 
| | SSL_OP_TLS_ROLLBACK_BUG to no longer have any effect.
Update the manual page. | 
| | 
| 
| 
| 
| 
| 
| | around the SSLv3/TLSv1.0 period... and buggy clients are buggy. This also
helps to clean up the RSA key exchange code.
ok "kill it with fire" beck@ tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | because it was (1) woefully incomplete, (2) partially outdated
and wrong, (3) in parts imprecisely worded and hard to understand,
(4) excessively technical for a section 1 manual, (5) of excessive
size for this particular page, (6) and didn't belong here in the
first place because it essentially tried to document a C API -
SSL_CTX_set_cipher_list(3), which is now documented, so point to it. | 
| | 
| 
| 
| | collecting the information by inspecting the source code. | 
| | |  |