aboutsummaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* Add the ability to set OCSP_RESPID fieldsMatt Caswell2016-09-221-0/+2
| | | | | | | OCSP_RESPID was made opaque in 1.1.0, but no accessors were provided for setting the name/key value for the OCSP_RESPID. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Don't allow too many consecutive warning alertsMatt Caswell2016-09-211-0/+1
| | | | | | | | | | Certain warning alerts are ignored if they are received. This can mean that no progress will be made if one peer continually sends those warning alerts. Implement a count so that we abort the connection if we receive too many. Issue reported by Shi Lei. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Revert "Constify code about X509_VERIFY_PARAM"Rich Salz2016-09-212-3/+3
| | | | | | This reverts commit 81f9ce1e1965e0e33db6d2391285c4c1b6af0434. Reviewed-by: Matt Caswell <matt@openssl.org>
* make update and fix some associated mis-matched error codesMatt Caswell2016-09-211-0/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Convert NextProto message construction to WPACKETMatt Caswell2016-09-201-0/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Constify code about X509_VERIFY_PARAMFdaSilvaYY2016-09-182-3/+3
| | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1594)
* bio.h: fix number of arguments passed to BIO_ptr_ctrl()Viktor Szakats2016-09-131-3/+3
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1520)
* Convert tls_construct_client_hello() to use PACKETWMatt Caswell2016-09-131-1/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* VMS: be less picky when loading DSOsRichard Levitte2016-09-111-6/+0
| | | | | | | | | | | The DSO API was picky about casing of symbol names on VMS. There's really no reason to be that picky, it's mostly just annoying. Therefore, we take away the possibility to flag for a choice, and will instead first try to find a symbol with exact case, and failing that, we try to find it in upper case. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Update CHANGES, NEWS, README and opensslv.h on masterRichard Levitte2016-08-251-3/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Un-delete still documented X509_STORE_CTX_set_verifyViktor Dukhovni2016-08-241-0/+2
| | | | | | It should not have been removed. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Updates the CT_POLICY_EVAL_CTX PODRob Percival2016-08-241-1/+1
| | | | | | | Ownership semantics and function names have changed. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Documents the CTLOG functionsRob Percival2016-08-241-0/+1
| | | | | | | | CTLOG_new_null() has been removed from the code, so it has also been removed from this POD. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Add comment about calling CT_POLICY_EVAL_CTX_freeRob Percival2016-08-241-1/+5
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix comment about what SCT_LIST_validate does.Rob Percival2016-08-241-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Removes {i2o,o2i}_SCT_signature from the CT public APIRob Percival2016-08-231-19/+0
| | | | | | | | | They may return if an SCT_signature struct is added in the future that allows them to be refactored to conform to the i2d/d2i function signature conventions. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Internalizes SCT_verify and removes SCT_verify_v1Rob Percival2016-08-231-15/+1
| | | | | | | | | | | | | SCT_verify is impossible to call through the public API (SCT_CTX_new() is not part of the public API), so rename it to SCT_CTX_verify and move it out of the public API. SCT_verify_v1 is redundant, since SCT_validate does the same verification (by calling SCT_verify) and more. The API is less confusing with a single verification function (SCT_validate). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Constify a bit X509_NAME_get_entryFdaSilvaYY2016-08-231-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Constify some X509_NAME, ASN1 printing codeFdaSilvaYY2016-08-232-10/+10
| | | | | | | ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Constify some input parameters.FdaSilvaYY2016-08-231-7/+7
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Constify some inputs buffersFdaSilvaYY2016-08-232-4/+4
| | | | | | | remove useless cast to call ASN1_STRING_set Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Constify ASN1_PCTX_*FdaSilvaYY2016-08-231-5/+5
| | | | | | | ... add a static keyword. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Expose alloc functions for EC{PK,}PARAMETERSKazuki Yamaguchi2016-08-221-0/+2
| | | | | | | | | | Declare EC{PK,}PARAMETERS_{new,free} functions in public headers. The free functions are necessary because EC_GROUP_get_ec{pk,}parameters() was made public by commit 60b350a3ef96 ("RT3676: Expose ECgroup i2d functions"). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* crypto/pkcs12: facilitate accessing data with non-interoperable password.Andy Polyakov2016-08-221-13/+3
| | | | | | | | | | | Originally PKCS#12 subroutines treated password strings as ASCII. It worked as long as they were pure ASCII, but if there were some none-ASCII characters result was non-interoperable. But fixing it poses problem accessing data protected with broken password. In order to make asscess to old data possible add retry with old-style password. Reviewed-by: Richard Levitte <levitte@openssl.org>
* crypto/pkcs12: default to UTF-8.Andy Polyakov2016-08-221-2/+4
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* crypto/pkcs12: add UTF8 support.Andy Polyakov2016-08-221-1/+8
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Move BIO index lock creationRich Salz2016-08-211-0/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add X509_getm_notBefore, X509_getm_notAfterDr. Stephen Henson2016-08-211-4/+6
| | | | | | | | Add mutable versions of X509_get0_notBefore and X509_get0_notAfter. Rename X509_SIG_get0_mutable to X509_SIG_getm. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Duplicate includesFdaSilvaYY2016-08-201-1/+0
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1475)
* Add BIO_get_new_index()Rich Salz2016-08-191-28/+30
| | | | Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Constify certificate and CRL time routines.Dr. Stephen Henson2016-08-191-8/+24
| | | | | | Update certificate and CRL time routines to match new standard. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Convert PKCS12* functions to use const gettersMatt Caswell2016-08-191-14/+18
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Update function error codeMatt Caswell2016-08-191-1/+1
| | | | | | A function error code needed updating due to merge issues. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix DTLS replay protectionMatt Caswell2016-08-191-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The DTLS implementation provides some protection against replay attacks in accordance with RFC6347 section 4.1.2.6. A sliding "window" of valid record sequence numbers is maintained with the "right" hand edge of the window set to the highest sequence number we have received so far. Records that arrive that are off the "left" hand edge of the window are rejected. Records within the window are checked against a list of records received so far. If we already received it then we also reject the new record. If we have not already received the record, or the sequence number is off the right hand edge of the window then we verify the MAC of the record. If MAC verification fails then we discard the record. Otherwise we mark the record as received. If the sequence number was off the right hand edge of the window, then we slide the window along so that the right hand edge is in line with the newly received sequence number. Records may arrive for future epochs, i.e. a record from after a CCS being sent, can arrive before the CCS does if the packets get re-ordered. As we have not yet received the CCS we are not yet in a position to decrypt or validate the MAC of those records. OpenSSL places those records on an unprocessed records queue. It additionally updates the window immediately, even though we have not yet verified the MAC. This will only occur if currently in a handshake/renegotiation. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means the right hand edge of the window is moved very far to the right, and all subsequent legitimate packets are dropped causing a denial of service. A similar effect can be achieved during the initial handshake. In this case there is no MAC key negotiated yet. Therefore an attacker can send a message for the current epoch with a very large sequence number. The code will process the record as normal. If the hanshake message sequence number (as opposed to the record sequence number that we have been talking about so far) is in the future then the injected message is bufferred to be handled later, but the window is still updated. Therefore all subsequent legitimate handshake records are dropped. This aspect is not considered a security issue because there are many ways for an attacker to disrupt the initial handshake and prevent it from completing successfully (e.g. injection of a handshake message will cause the Finished MAC to fail and the handshake to be aborted). This issue comes about as a result of trying to do replay protection, but having no integrity mechanism in place yet. Does it even make sense to have replay protection in epoch 0? That issue isn't addressed here though. This addressed an OCAP Audit issue. CVE-2016-2181 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add X509_get0_serialNumber() and constify OCSP_cert_to_id()Dr. Stephen Henson2016-08-192-4/+6
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* constify X509_REQ_get0_signature()Dr. Stephen Henson2016-08-191-2/+2
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* constify i2o_ECPublicKeyDr. Stephen Henson2016-08-191-1/+1
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Constify i2a*Dr. Stephen Henson2016-08-182-3/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Convert X509_REVOKED* functions to use const gettersMatt Caswell2016-08-182-4/+5
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Don't try to init dasync internallyRichard Levitte2016-08-171-2/+1
| | | | | | | | Since dasync isn't installed, and is only ever used as a dynamic engine, there's no reason to consider it for initialization when building static engines. Reviewed-by: Ben Laurie <ben@openssl.org>
* Constify X509_SIG.Dr. Stephen Henson2016-08-172-10/+15
| | | | | | | | | Constify X509_SIG_get0() and order arguments to mactch new standard. Add X509_SIG_get0_mutable() to support modification or initialisation of an X509_SIG structure. Reviewed-by: Matt Caswell <matt@openssl.org>
* Constify X509_certificate_type()Dr. Stephen Henson2016-08-171-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Constify X509_get0_signature()Dr. Stephen Henson2016-08-171-1/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Convert X509* functions to use const gettersDr. Stephen Henson2016-08-172-6/+7
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Convert X509_CRL* functions to use const gettersMatt Caswell2016-08-172-6/+7
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Make X509_NAME_get0_der() conform to OpenSSL styleMatt Caswell2016-08-171-2/+2
| | | | | | | Put the main object first in the params list. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Convert OCSP* functions to use const gettersMatt Caswell2016-08-171-3/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Constify private key decode.Dr. Stephen Henson2016-08-172-4/+4
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* constify X509_ALGOR_get0()Dr. Stephen Henson2016-08-171-2/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Constify ASN1_item_unpack().Dr. Stephen Henson2016-08-171-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-29 00:42:50 +0000