This only gets used to set a specific curve without actually checking that the
peer supports it or not and can therefor result in handshake failures that can
be avoided by selecting a different cipher.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Remove RSA_FLAG_SIGN_VER: this was origininally used to retain binary
compatibility after RSA_METHOD was extended to include rsa_sign and
rsa_verify fields. It is no longer needed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a
legacy from when digests were linked to public key types. All signing is
now handled by the corresponding EVP_PKEY_METHOD.
Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms
already block unsupported types.
Remove now obsolete EVP_dss1() and EVP_ecdsa().
Reviewed-by: Richard Levitte <levitte@openssl.org>
Add CRYPTO_free_ex_index (for shared libraries)
Unify and complete the documentation for all "ex_data" API's and objects.
Replace xxx_get_ex_new_index functions with a macro.
Added an exdata test.
Renamed the ex_data internal datatypes.
Reviewed-by: Matt Caswell <matt@openssl.org>
Following on from the previous commit this adds some documentation for the
BN_with_flags function which is easy to misuse.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Add a ctrl to EVP_md5_sha1() to handle the additional operations needed
to handle SSL v3 client authentication and finished message.
Reviewed-by: Tim Hudson <tjh@openssl.org>
This patch contains the necessary changes to provide GOST 2012
ciphersuites in TLS. It requires the use of an external GOST 2012 engine.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
During rebasing of the async changes some error codes ended up being
duplicated so that "make errors" fails. This removes the duplication.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Implements Thread Local Storage in the windows async port. This also has
some knock on effects to the posix and null implementations.
Reviewed-by: Rich Salz <rsalz@openssl.org>
In theory the pthreads approach for Thread Local Storage should be more
portable.
This also changes some APIs in order to accommodate this change. In
particular ASYNC_init_pool is renamed ASYNC_init_thread and
ASYNC_free_pool is renamed ASYNC_cleanup_thread. Also introduced ASYNC_init
and ASYNC_cleanup.
Reviewed-by: Rich Salz <rsalz@openssl.org>
A lot of the pool handling code was in the arch specific files, but was
actually boiler plate and the same across the implementations. This commit
moves as much code as possible out of the arch specific files.
Reviewed-by: Rich Salz <rsalz@openssl.org>
We were using _pipe to create a pipe on windows. This uses the "int" type
for its file descriptor for compatibility. However most windows functions
expect to use a "HANDLE". Probably we could get away with just casting but
it seems more robust to use the proper type and main stream windows
functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
There are potential deadlock situations that can occur if code executing
within the context of a job aquires a lock, and then pauses the job. This
adds an ability to temporarily block pauses from occuring whilst performing
work and holding a lock.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Initial API implemented for notifying applications that an ASYNC_JOB
has completed. Currently only s_server is using this. The Dummy Async
engine "cheats" in that it notifies that it has completed *before* it
pauses the job. A normal async engine would not do that.
Only the posix version of this has been implemented so far, so it will
probably fail to compile on Windows at the moment.
Reviewed-by: Rich Salz <rsalz@openssl.org>
It is expensive to create the ASYNC_JOB objects due to the "makecontext"
call. This change adds support for pools of ASYNC_JOB objects so that we
don't have to create a new ASYNC_JOB every time we want to use one.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Removed the function ASYNC_job_is_waiting() as it was redundant. The only
time user code has a handle on a job is when one is waiting, so all they
need to do is check whether the job is NULL. Also did some cleanups to
make sure the job really is NULL after it has been freed!
Reviewed-by: Rich Salz <rsalz@openssl.org>
The following entry points have been made async aware:
SSL_accept
SSL_read
SSL_write
Also added is a new mode - SSL_MODE_ASYNC. Calling the above functions with
the async mode enabled will initiate a new async job. If an async pause is
encountered whilst executing the job (such as for example if using SHA1/RSA
with the Dummy Async engine), then the above functions return with
SSL_WANT_ASYNC. Calling the functions again (with exactly the same args
as per non-blocking IO), will resume the job where it left off.
Reviewed-by: Rich Salz <rsalz@openssl.org>
This engine is for developers of async aware applications. It simulates
asynchronous activity with external hardware. This initial version supports
SHA1 and RSA. Certain operations using those algorithms have async job
"pauses" in them - using the new libcrypto async capability.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Provides support for running asynchronous jobs. Currently this is completely
stand alone. Future commits will integrate this into libssl and s_server/
s_client. An asynchronous capable engine will be required to see any benefit
from this capability.
Reviewed-by: Rich Salz <rsalz@openssl.org>
There are lots of calls to EVP functions from within libssl There were
various places where we should probably check the return value but don't.
This adds these checks.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Print certificate details using accessor functions.
Since X509_CERT_AUX_print is only used in one place and can't
be used by applications (it uses an internal X509_CERT_AUX structure)
this has been removed and replaced by a function X509_aux_print which
takes an X509 pointer instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
The new function SSL_use_certificate_chain_file was always crashing in
the internal function use_certificate_chain_file because it would pass a
NULL value for SSL_CTX *, but use_certificate_chain_file would
unconditionally try to dereference it.
Reviewed-by: Stephen Henson <steve@openssl.org>
The actual implementation has the state of the connection being
controlled with the peer parameter, non-NULL meaning connected and
NULL meaning connected.
Reviewed-by: Andy Polyakov <appro@openssl.org>
BIO_int_ctrl isn't made for the purpose BIO_get_conn_int_port used it
for.
This also changes BIO_C_GET_CONNECT to actually return the port
instead of assigning it to a pointer that was never returned back to
the caller.
Reviewed-by: Andy Polyakov <appro@openssl.org>
A number of error codes were wrong due to a rebase of the state machine
code.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Remove all the defines for the old state machines states. Mapping old to new
is probably going to cause more problems than it solves so it is probably
better to just remove them.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
SSL_state has been replaced by SSL_get_state and SSL_set_state is no longer
supported.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>