Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| 1ab0fb16 | 2022-01-15 23:38:50 | spelling ok tb@ | ||
| d3e27d77 | 2022-01-15 18:16:02 | Add back an accidentally dropped .Pp | ||
| 0d9ce156 | 2022-01-15 09:14:40 | Update for HMAC_CTX_{init,cleanup} hand HMAC_cleanup removal | ||
| cd4b820d | 2022-01-15 09:08:51 | Stop documenting clone digests. | ||
| c3954054 | 2022-01-15 04:02:37 | Minor cleanup and simplification in dsa_pub_encode() This function has a weird dance of allocating an ASN1_STRING in an inner scope and assigning it to a void pointer in an outer scope for passing it to X509_PUBKEY_set0_param() and ASN1_STRING_free() on error. This can be simplified and streamlined. ok inoguchi | ||
| e457bdd1 | 2022-01-14 23:55:46 | Avoid buffer overflow in asn1_parse2 asn1_par.c r1.29 changed to access p[0] directly, and this pointer could be overrun since ASN1_get_object advances pointer to the first content octet. In case invalid ASN1 Boolean data, it has length but no content, I thought this could be happen. Adding check p with tot (diff below) will avoid this failure. Reported by oss-fuzz 43633 and 43648(later) ok tb@ | ||
| 27c8f1bf | 2022-01-14 09:15:07 | bump libcrypto, libssl, libtls majors after struct visibility changes and Symbol addition and removal in libcrypto. | ||
| c929ff6c | 2022-01-14 09:12:53 | Use the correct type for ssl_callback_ctrl() | ||
| f9a06750 | 2022-01-14 09:12:15 | Convert the new record layers to opaque EVP_AEAD_CTX ok jsing | ||
| 426f2c04 | 2022-01-14 09:11:22 | Convert ssl_kex.c to opaque DH Stop reaching into DH internals and use the new API functions instead. ok inoguchi jsing | ||
| 8c09bc91 | 2022-01-14 09:10:11 | Use BIO_next/BIO_set_next in ssl_lib.c Trivial conversion to cope with opaque BIO. | ||
| a366758f | 2022-01-14 09:09:30 | bio_ssl.c needs to peek into bio_local.h | ||
| 2a12d662 | 2022-01-14 09:08:03 | libkeynote: fix build with opaque RSA and DSA This is a completely mechanical conversion to use accessors instead of reaching inside the structs by hand. ok millert | ||
| 7df22999 | 2022-01-14 09:06:02 | Update Symbols.list ok inoguchi | ||
| 082847b1 | 2022-01-14 09:03:53 | Unconditionally comment out OPENSSL_NO_RFC3779 ok inoguchi jsing | ||
| 447b7d02 | 2022-01-14 09:01:36 | Remove header guard around RFC 3779 declarations ok inoguchi jsing | ||
| 8be50d4c | 2022-01-14 08:59:30 | Expose Certificate Transparency symbols in headers ok inoguchi jsing | ||
| e7d5586a | 2022-01-14 08:56:00 | Hide OBJ_bsearch_ from public visibility, This removes OBJ_bsearch_ex_() from the exported symbols and makes OBJ_bsearch_() semi-private. It is still used in libssl. While here, remove some hideous unused macros ok inoguchi jsing | ||
| 43c7bac0 | 2022-01-14 08:53:53 | Move ASN1_BOOLEAN to internal only. This moves {d2i,i2d}_ASN1_BOOLEAN() to internal only. They are unused, but help us testing the encoding. ok jsing | ||
| 409e1e2a | 2022-01-14 08:52:05 | Remove check_defer and obj_cleanup_defer from public visibility ok inoguchi jsing | ||
| f0dfbe84 | 2022-01-14 08:50:25 | Remove name_cmp from public visibility ok inoguchi jsing | ||
| 9bec1105 | 2022-01-14 08:43:06 | Remove all asn1_* symbols from public visibility ok inoguchi jsing | ||
| 818427c5 | 2022-01-14 08:40:57 | Implement new-style OpenSSL BIO callbacks This provides support for new-style BIO callbacks in BIO_{read,write,gets,puts}() and a helper function to work out whether it should call the new or the old style callback. It also adds a few typedefs and minor code cleanup as well as the BIO_{get,set}_callback_ex() from jsing, ok tb | ||
| b7df4fb6 | 2022-01-14 08:38:48 | Garbage collect last use of EVP_ecdsa() ok inoguchi jsing | ||
| 66c3bd61 | 2022-01-14 08:38:05 | Remove legacy sign/verify from EVP_MD. This removes m_dss.c, m_dss1.c, and m_ecdsa.c and the corresponding public API EVP_{dss,dss1,ecdsa}(). This is basically the following OpenSSL commit. The mentioned change in RSA is already present in rsa/rsa_pmeth.c. ok inoguchi jsing commit 7f572e958b13041056f377a62d3219633cfb1e8a Author: Dr. Stephen Henson <steve@openssl.org> Date: Wed Dec 2 13:57:04 2015 +0000 Remove legacy sign/verify from EVP_MD. Remove sign/verify and required_pkey_type fields of EVP_MD: these are a legacy from when digests were linked to public key types. All signing is now handled by the corresponding EVP_PKEY_METHOD. Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms already block unsupported types. Remove now obsolete EVP_dss1() and EVP_ecdsa(). Reviewed-by: Richard Levitte <levitte@openssl.org> Plus OpenSSL commit 625a9baf11c1dd94f17e5876b6ee8d6271b3921d for m_dss.c | ||
| e3ac9fd6 | 2022-01-14 08:34:39 | Make RSA, RSA_PSS_PARAMS and RSA_METHOD opaque Move the struct internals to rsa_locl.h and provide a missing typedef in ossl_typ.h. ok inoguchi jsing | ||
| f36fa09c | 2022-01-14 08:32:26 | Make structs in ocsp.h opaque This adds a little order to this pig sty. ok inoguchi jsing | ||
| 1e2ac2fc | 2022-01-14 08:31:03 | Move ECDSA_SIG to ecs_locl.h We can't make ECDSA_METHOD opaque since it is still used in smtpd(8) ok inoguchi jsing | ||
| 354ae18b | 2022-01-14 08:29:06 | Simplify DSAPublicKey_it This was obtained by porting the OpenSSL commit below and then using expand_crypto_asn1.go to unroll the new ASN.1 macros - actually the ones from 987157f6f63 which fixed the omission of dsa_cb() in the first commit. ok inoguchi jsing commit ea6b07b54c1f8fc2275a121cdda071e2df7bd6c1 Author: Dr. Stephen Henson <steve@openssl.org> Date: Thu Mar 26 14:35:49 2015 +0000 Simplify DSA public key handling. DSA public keys could exist in two forms: a single Integer type or a SEQUENCE containing the parameters and public key with a field called "write_params" deciding which form to use. These forms are non standard and were only used by functions containing "DSAPublicKey" in the name. Simplify code to only use the parameter form and encode the public key component directly in the DSA public key method. Reviewed-by: Richard Levitte <levitte@openssl.org> | ||
| 339abe94 | 2022-01-14 08:27:23 | Make DSA opaque This moves DSA_SIG, DSA and DSA_METHOD to dsa_locl.h. ok inoguchi jsing | ||
| 34372826 | 2022-01-14 08:25:44 | Make structs in dh.h opaque This moves the struct internals for DH and DH_METHOD to dh_local.h. ok inoguchi jsing | ||
| 371d42e6 | 2022-01-14 08:23:25 | Garbage collect the unused OPENSSL_ITEM ok inoguchi jsing | ||
| ede3f3cd | 2022-01-14 08:21:12 | Make structs in comp.h opaque This moves COMP_CTX and COMP_METHOD to comp_local.h and provides missing typedefs in ossl_typ.h. ok inoguchi jsing | ||
| 00451bf8 | 2022-01-14 08:18:55 | Make structs in bio.h opaque Move BIO, BIO_METHOD and BIO_F_BUFFER_CTX to bio_local.h and provide BIO typedef in ossl_typ.h. ok inoguchi jsing | ||
| 9b72422d | 2022-01-14 08:16:13 | Garbage collect the app_items field of ASN1_ADB This is unused and was removed in OpenSSL 5b70372d when it was replaced with an ASN.1 ADB callback (which we don't support). ok inoguchi jsing | ||
| 6d34308f | 2022-01-14 08:14:48 | Remove NO_ASN1_FIELD_NAMES This follows OpenSSL commit 26f2412d. ok inoguchi jsing | ||
| 568bf0f6 | 2022-01-14 08:12:31 | Remove obsolete key formats This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET, Netscape_RSA things. Some of the nasty tentacles that could go in principle are used in some test suites, so we need to keep them... All this was removed as part of OpenSSL commit 0bc2f365. ok inoguchi jsing | ||
| 292b1e0c | 2022-01-14 08:09:18 | Remove ASN1_OBJECT internals from public visibility. Move the struct declaration to asn1_locl.h and add a forward declaration to ossl_typ.h. This makes struct visibility in the asn1 headers match OpenSSL. ok inoguchi jsing | ||
| d56fe77f | 2022-01-14 08:06:03 | Remove HMAC_CTX_{init,cleanup}() and HMAC_init from public visibility In OpenSSL commit 32fd54a9a3 HMAC_CTX_cleanup() was integrated into HMAC_CTX_init(), then HMAC_CTX_init() was renamed to HMAC_CTX_reset() in dc0099e1. LibreSSL retained them for API compatibility with OpenSSL 1.0. Not many things use them anymore. In fact, some projects that didn't want to modify their code for OpenSSL 1.1 API compatibility used the removed functions to wrap the OpenSSL 1.1 API. We had to patch some of these and this will now no longer be necessary. Also remove HMAC_cleanup(). Nothing uses this. ok inoguchi jsing | ||
| 9a297db8 | 2022-01-14 08:04:14 | Make structs in evp.h and hmac.h opaque This moves most structs to evp_locl.h and moves HMAC_CTX to hmac_local.h. ok inoguchi jsing | ||
| e5507b79 | 2022-01-14 08:01:47 | Move BN structs to bn_lcl.h This makes all structs in bn.h opaque that are also opaque in OpenSSL. ok inoguchi jsing | ||
| f7158ee3 | 2022-01-14 07:59:32 | Remove BIO_s_file_internal Pointed out by schwarze. How something with this name ever made its way into a public header will remain a mystery. ok inoguchi jsing | ||
| e29dcb8a | 2022-01-14 07:57:17 | Remove ASN1{_const,}_check_infinite_end Suggested by schwarze ok inoguchi jsing | ||
| c0c24dd1 | 2022-01-14 07:55:29 | Remove ASN1{,_const}_CTX These are leftovers of the old ASN.1 stuff. Nothing uses this. OpenSSL removed them in a469a677. ok inoguchi jsing | ||
| 75395eaa | 2022-01-14 07:53:45 | Remove X509_OBJECT_free_contents Inline X509_OBJECT_free_contents() in X509_OBJECT_free() and remove this dangerous API. It was left over when x509_vfy.h was made opaque. ok inoguchi jsing | ||
| 6d0c4fa9 | 2022-01-14 07:52:24 | Remove PEM_Seal{Init,Update,Final} This unused, bug-ridden API was removed in OpenSSL commit 0674427f. ok inoguchi jsing | ||
| 326063fd | 2022-01-14 07:49:49 | Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_API This marks the start of major surgery in libcrypto. Do not attempt to build the tree for a while (~50 commits). | ||
| 5018f4d3 | 2022-01-12 21:41:06 | Lift the '#ifdef RCRT0' conditional out of boot*.h to crt0.c Prep for dropping #includes from archdep.h: pull in <machine/reloc.h> and declare _dl_exit() in boot*.h ok kettenis@ | ||
| c050635a | 2022-01-12 17:54:51 | ASN1_{,F,T}BOOLEAN_it and the encoding and decoding API will move to internal only soon. Stop documenting them. ok inoguchi jsing | ||
| 53d0bb89 | 2022-01-12 08:52:25 | Fix typo in header guard | ||
| 15b5e1ec | 2022-01-11 19:03:15 | Remove peer_pkeys from SSL_SESSION. peer_pkeys comes from some world where peers can send multiple certificates - in fact, one of each known type. Since we do not live in such a world, get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2 and TLSv1.3, both clients and servers can only send a single leaf (aka end-entity) certificate). ok inoguchi@ tb@ | ||
| b3f16bd2 | 2022-01-11 18:43:00 | Simplify SSL_get_peer_certificate() ok inoguchi@ tb@ | ||
| 666c9986 | 2022-01-11 18:39:28 | Rename 'peer' to 'peer_cert' in SSL_SESSION. The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful. ok inoguchi@ tb@ | ||
| 7dd422f8 | 2022-01-11 18:28:41 | Plumb decode errors through key share parsing code. Distinguish between decode errors and other errors, so that we can send a SSL_AD_DECODE_ERROR alert when appropriate. Fixes a tlsfuzzer failure, due to it expecting a decode error alert and not receiving one. Prompted by anton@ ok tb@ | ||
| 9ac58602 | 2022-01-11 18:24:03 | Use SSL_AD_INTERNAL_ERROR for non-decoding alerts when parsing keyshares. ok tb@ | ||
| cf04557d | 2022-01-11 18:22:16 | Simplify tlsext_keyshare_server_parse() SSL_AD_DECODE_ERROR is the default alert for a TLS extension parsing failure - remove the various gotos and simply return 0 instead. ok tb@ | ||
| 23724049 | 2022-01-11 12:14:07 | Garbage collect historical setting of dsa->write_params = 1. This is always 1 with modern libs and write_params will soon go away. | ||
| d771b0cb | 2022-01-11 09:21:34 | spelling | ||
| 7225d6bc | 2022-01-10 23:39:48 | Convert tls_bio_cb for opaque BIO joint with jsing | ||
| ade65a49 | 2022-01-10 23:03:07 | Mechanical conversion of libcsi for opaque DH. ok jsing | ||
| dd21ecf8 | 2022-01-10 22:44:22 | Document EVP_AEAD_CTX_{new,free}() and adjust example code. looks good to jsing | ||
| 33e609bc | 2022-01-10 14:13:03 | Remove a few unused defines from x509.h As suggested by schwarze, this removes X509_EX_V_{INIT,NETSCAPE_HACK} and X509_EXT_PACK_{STRING,UNKNOWN} ok inoguchi jsing | ||
| 868dc693 | 2022-01-10 13:42:28 | Prepare to provide the EVP_MD_meth_* API This allows implementations to add their own EVP_MD_METHODs. Only the setters are provided. This is used by erlang for the otp_test_engine. ok inoguchi jsing | ||
| 262d8ecc | 2022-01-10 12:10:26 | Prepare to provide EVP_PKEY_{public,param}_check This implements checking of a public key and of key generation parameters for DH and EC keys. With the same logic and setters and const quirks as for EVP_PKEY_check(). There are a couple of quirks: For DH no default EVP_PKEY_check() is implemented, instead EVP_PKEY_param_check() calls DH_check_ex() even though DH_param_check_ex() was added for this purpose. EVP_PKEY_public_check() for EC curves also checks the private key if present. ok inoguchi jsing | ||
| ef053c5d | 2022-01-10 12:00:52 | Provide DH_check*_ex and many error codes DH_check{,_pub_key}_ex() wrap their non-ex versions to translate the flags argument of the original functions into OpenSSL errors. For this almost a dozen new error codes need to be added. DH_params_check{,_ex}() is a new version of DH_check that only performs a cheap subset of the checks. They are needed to implement EVP_PKEY_{public,param}_check() (observe the consistent naming) although the actual implementation of EVP_PKEY_param_check() chose to use DH_check_ex(). As far as I can tell, the only raison d'ĂȘtre of the _ex functions and error codes is to spew them to stderr in a couple of openssl(1) commands. This couldn't have been solved differently... These functions will not be exposed publicly. ok inoguchi jsing | ||
| c0f4ec48 | 2022-01-10 11:52:43 | Prepare to provide EVP_PKEY_check() This allows checking the validity of an EVP_PKEY. Only RSA and EC keys are supported. If a check function is set the EVP_PKEY_METHOD, it will be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is used. The default ASN.1 methods wrap RSA_check_key() and EC_KEY_check_key(), respectively. The corresponding setters are EVP_PKEY_{asn1,meth}_set_check(). It is unclear why the PKEY method has no const while the ASN.1 method has const. Requested by tobhe and used by PHP 8.1. Based on OpenSSL commit 2aee35d3 ok inoguchi jsing | ||
| ec82bac4 | 2022-01-10 10:51:31 | Prevent a double free in EVP_MD_CTX_copy_ex() NULL out two pointer values after memcpy() to avoid a double free. In the event that both in->pctx and in->md_data are non-NULL and the calloc() of out->md_data fails, a double free could occur. ok inoguchi jsing | ||
| 657fbe7d | 2022-01-10 00:09:06 | zap trailing whitespace | ||
| 06618966 | 2022-01-10 00:03:02 | Check that the RSA exponent is neither even nor 1 in RSA_check_key() Part of OpenSSL commit 464d59a5 ok inoguchi jsing | ||
| 5e985eed | 2022-01-09 23:55:31 | Use C99 initializers for test_sha_md ok inoguchi jsing | ||
| d6991765 | 2022-01-09 23:50:10 | Add an essentially empty comp_local.h and include it where it will be needed. discussed with jsing | ||
| c010faf5 | 2022-01-09 15:55:37 | ssl_check_srvr_ecc_cert_and_alg() only returns 0/1 - test accordingly. | ||
| 2675be24 | 2022-01-09 15:53:52 | Swap arguments to ssl_check_srvr_ecc_cert_and_alg() If a libssl function takes an SSL *, it should normally be the first argument. | ||
| c3b8e425 | 2022-01-09 15:40:13 | Clean up ssl3_{send,get}_client_kex_gost() Fix leaks, use sizeof() instead of hardcoded sizes, actually check return codes, explicit_bzero() the premaster secret on the server side and generally try to kick the GOST kex code into some sort of shape. ok inoguchi@ tb@ | ||
| 7caec30c | 2022-01-09 15:34:21 | Return 0/1 from ssl3_{send,get}_client_kex_gost() Like other KEX handling functions, there is no need to return anything other than failure/success here. ok inoguchi@ tb@ | ||
| e94066c9 | 2022-01-09 15:29:42 | Remove a comment from Captain Obvious. | ||
| 54ad05ac | 2022-01-09 15:28:47 | Fix GOST skip certificate verify handling. GOST skip certificate verify handling got broken in r1.132 of s3_srvr.c circa 2016. Prior to this, ssl3_get_client_key_exchange() returned an 'extra special' value to indicate that the state machine should skip certificate verify. Fix this by setting and checking the TLS1_FLAGS_SKIP_CERT_VERIFY flag, which is the same as is done in the client. ok inoguchi@ tb@ | ||
| 628f93c2 | 2022-01-09 15:15:25 | Prepare to provide EVP_MD_CTX{,_set}_pkey_ctx() This API with very strange ownership handling is used by Ruby 3.1, unfortunately. For unclear reasons, it was decided that the caller retains ownership of the pctx passed in. EVP_PKEY_CTX aren't refcounted, so a flag was added to make sure that md_ctx->pctx is not freed in EVP_MD_CTX_{cleanup,reset}(). Since EVP_MD_CTX_copy_ex() duplicates the md_ctx->pctx, the flag also needs to be unset on the duplicated EVP_MD_CTX. ok inoguchi jsing | ||
| de3a2796 | 2022-01-09 13:17:33 | Clean up pkey handling in ssl3_get_server_key_exchange() With TLSv1.2 and earlier, the authentication algorithm used to sign the ServerKeyExchange message is dependent on the cipher suite in use and has nothing to do with the key exchange algorithm. As such, check the authentication algorithm based on the cipher suite in ssl3_get_server_key_exchange() and handle things accordingly. ok inoguchi@ tb@ | ||
| 460715d7 | 2022-01-08 21:36:39 | Prepare to provide OBJ_length() and OBJ_get0_data() OBJ_length() turns the int obj->length into a size_t, so add an overflow check. While obj->length should never be negative, who knows... ok jsing | ||
| 97125bc4 | 2022-01-08 15:34:59 | tiny whitespace tweak | ||
| 7cf55da3 | 2022-01-08 12:59:58 | Merge SESS_CERT into SSL_SESSION. There is no reason for SESS_CERT to exist - remove it and merge its members into SSL_SESSION for the time being. More clean up to follow. ok inoguchi@ tb@ | ||
| 0f5d2532 | 2022-01-08 12:54:32 | Remove commented out CERT_* defines. | ||
| ef36d1f9 | 2022-01-08 12:43:44 | Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY. Nearly all structs in libssl start with an SSL_ suffix, rename CERT and CERT_PKEY for consistency. ok inoguchi@ tb@ | ||
| 2dc20167 | 2022-01-08 07:25:52 | x509_cpols.c will need to include x509_lcl.h soon | ||
| 5724b795 | 2022-01-07 21:58:17 | Prepare to provide EVP_AEAD_CTX_{new,free}() ok jsing | ||
| c0b85757 | 2022-01-07 16:45:06 | Rename dh_tmp to dhe_params. Support for non-ephemeral DH was removed a long time ago - as such, the dh_tmp and dh_tmp_cb are used for DHE parameters. Rename them to reflect reality. ok inoguchi@ tb@ | ||
| 8534b126 | 2022-01-07 15:56:33 | Stop attempting to duplicate the public and private key of dh_tmp. Support for non-ephemeral DH was removed a very long time ago - the only way that dh_tmp is set is via DHparams_dup(), hence the public and private keys are always going to be NULL. ok inoguchi@ tb@ | ||
| aebe2672 | 2022-01-07 15:46:30 | Convert legacy server to tls_key_share. This requires a few more additions to the DHE key share code - we need to be able to either set the DHE parameters or specify the number of key bits for use with auto DHE parameters. Additionally, we need to be able to serialise the DHE parameters to send to the client. This removes the infamous 'tmp' struct from ssl3_state_internal_st. ok inoguchi@ tb@ | ||
| 4b3400b0 | 2022-01-07 12:24:17 | A few more files need asn1_locl.h. | ||
| ec30313d | 2022-01-07 11:13:54 | include asn1_locl.h where it will be needed for the bump. discussed with jsing | ||
| 05cb8c9e | 2022-01-07 09:55:31 | Prepare to make RSA and RSA_METHOD opaque by including rsa_locl.h where it will be needed in the upcoming bump. discussed with jsing | ||
| 9f44a700 | 2022-01-07 09:45:52 | Add an essentially empty ocsp_local.h and include it in the files that will need it in the upcoming bump. discussed with jsing | ||
| 7081195d | 2022-01-07 09:40:03 | gost needs to look into ecs_locl.h | ||
| f69303b6 | 2022-01-07 09:35:36 | Prepare the move of DSA_SIG, DSA_METHOD and DSA to dsa_locl.h by including the local header where it will be needed. discussed with jsing | ||
| a69386be | 2022-01-07 09:27:13 | Add an essentially empty dh_local.h and include it in the files where it will be needed in the upcoming bump. discussed with jsing | ||
| e8300e2c | 2022-01-07 09:21:21 | zap trailing whitespace | ||
| 94b1984e | 2022-01-07 09:02:17 | Add a new, mostly empty, bio_local.h and include it in the files that will need it in the upcoming bump. discussed with jsing | ||
| ba09b28a | 2022-01-06 18:58:24 | refer to longindex as an argument, not a field; from uwe@netbsd -r1.22 ok millert | ||
| 892af70e | 2022-01-06 18:23:56 | Convert legacy TLS client to tls_key_share. This requires adding DHE support to tls_key_share. In doing so, tls_key_share_peer_public() has to lose the group argument and gains an invalid_key argument. The one place that actually needs the group check is tlsext_keyshare_client_parse(), so add code to do this. ok inoguchi@ tb@ |