|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| ... |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| | Diff from Steven Roberts <sroberts at fenderq dot com> - thanks! | 
| | 
| 
| 
| 
| 
| 
| 
| | This makes libtls more friendly for multithreaded use - otherwise we can
end up with incorrect refcounts and end up freeing when we should not be
(or not freeing when we should be).
ok beck@ | 
| | 
| 
| 
| | ok beck@, tb@ | 
| | 
| 
| 
| 
| 
| 
| | BIO_print() returns -1 on failure, whereas the ASN print functions need to
return 0.
ok beck@, tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | If an ASN.1 item provides its own ASN1_PRIMITIVE_FUNCS functions, require
all functions to be provided (currently excluding prim_clear). This avoids
situations such as having a custom allocator that returns a specific struct
but then is then printed using the default primative print functions, which
interpret the memory as a different struct.
Found by oss-fuzz, fixes issue #13799.
ok beck@, tb@ | 
| | |  | 
| | 
| 
| 
| 
| | checking the curve.
ok jsing@ tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | - Be consistent with _len naming.
- Use size_t where possible/appropriate.
- Group the CBB code.
- Use EVP_MAX_MD_SIZE consistently, instead of "magic" values.
- Switch GOST to EVP_DigestSign*, making it similar to sigalgs.
ok tb@ a while back. | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| | Reported by oss-fuzz, really fixes issue #13805.
ok beck@ tb@ | 
| | 
| 
| 
| | ok jsing | 
| | |  | 
| | 
| 
| 
| | From phrocker via github. | 
| | |  | 
| | 
| 
| 
| 
| 
| | These are no longer used now that we defer signature algorithm selection.
ok beck@ | 
| | 
| 
| 
| | ok beck@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Previously the signature algorithm was selected when the TLS extension was
parsed (or the client received a certificate request), however the actual
certificate to be used is not known at this stage. This leads to various
problems, including the selection of a signature algorithm that cannot be
used with the certificate key size (as found by jeremy@ via ruby regress).
Instead, store the signature algorithms list and only select a signature
algorithm when we're ready to do signature generation.
Joint work with beck@. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | This means that any additional CA certificates end up on the per
certificate chain, rather than the single/shared extra_certs.
Also simplify this code and in particular, avoid setting the return value
to indicate success until we've actually succeeded.
ok beck@ tb@ | 
| | 
| 
| 
| | ok beck@ tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | We will now include the certificates in the chain in the certificate list,
or use the existing extra_certs if present. Failing that we fall back to
the automatic chain building if not disabled.
This also simplifies the code significantly.
ok beck@ tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Note that this is not the full chain, as the leaf certificate currently
remains in the x509 member of CERT_PKEY. Unfortunately we've got to
contend with the fact that some OpenSSL *_chain_* APIs exclude the leaf
certificate while others include it...
ok beck@ tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | allocate pages, don't call abort() because of corefile data leakage
concerns, but simply _exit().  The reasoning is _rs_init() will only
fail if someone finds a way to apply specific pressure against this
failure point, for the purpose of leaking information into a core which
they can read.  We don't need a corefile in this instance to debug that.
So take this "lever" away from whoever in the future wants to do that. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | Otherwise matching a specific cipher is performed by matching against
its characteristics, which can result in multiple rather than a single
match.
Found by bluhm@'s regress tests.
ok bluhm@ tb@ | 
| | 
| 
| 
| 
| | depth of 128 - For oss-fuzz issue 13802
ok jsing@ | 
| | 
| 
| 
| 
| 
| | Reported by oss-fuzz, fixes issue #13805.
ok beck@ tb@ | 
| | 
| 
| 
| 
| 
| | corefiles.  Instead call OPENSSL_assert(), which has recently been trained
to do this in a safer (if more awkward to debug) way.
discussed with jsing and beck a while back | 
| | 
| 
| 
| 
| 
| | sizes used remain a positive integer. Should address issue
13799 from oss-fuzz
ok tb@ jsing@ | 
| | |  | 
| | 
| 
| 
| | still under a free license, tweaked by me | 
| | |  | 
| | 
| 
| 
| 
| 
| | The algorithm is insecure and yet its description would spread over
three paragraphs in the cipher list, including remarkable advice
like using a 40 bit key length. | 
| | 
| 
| 
| 
| | this moves a large number of functions out of the way that are no
longer the latest and greatest.  Also mention a few that were missing. | 
| | 
| 
| 
| | that are also documented in OpenSSL 1.1.1 (still under a free license) | 
| | 
| 
| 
| | in r1.28 when the AES ciphers were split into their own manual. | 
| | 
| 
| 
| | okay tb@ | 
| | 
| 
| 
| | patch from Peter Piwowarski <peterjpiwowarski at gmail dot com> | 
| | 
| 
| 
| 
| 
| 
| | AES wrap modes, the function EVP_CIPHER_CTX_set_flags(3) needed to
set it, and the companion functions EVP_CIPHER_CTX_clear_flags(3)
and EVP_CIPHER_CTX_test_flags(3).
With help and an OK from tb@. | 
| | 
| 
| 
| 
| 
| | Found by oss-fuzz, fixes issue #13797.
ok beck@ tb@ | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | * correct the description of "unknown"
(the previous are both from OpenSSL 1.1.1, still under a free license)
* add a comment saying that TLS1_get_version() and TLS1_get_client_version()
are intentionally undocumented (reasons provided by jsing@) | 
| | 
| 
| 
| 
| | from Jan Stary <hans at stare dot cz>.
Where here, correct one .Vt NULL -> .Dv NULL. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | both resulting pages are still long.
Mention a number of missing functions.
Add some text from the OpenSSL 1.1.1 EVP_aes.pod manual page,
which is still under a free license.
Add missing HISTORY information.
Triggered by tb@ providing EVP_aes_{128,192,256}_wrap(3)
in evp.h rev. 1.74. | 
| | 
| 
| 
| | Document them. | 
| | |  | 
| | 
| 
| 
| | No binary change. |