summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* Add another empty linetb2024-07-091-1/+2
|
* Turn tls1_prf_alg() into single exittb2024-07-091-9/+11
| | | | | requested by jsing on review ok beck
* Unwrap a few more linestb2024-07-091-9/+5
|
* Unwrap a couple of linestb2024-07-091-5/+3
|
* Align math with t1_enc.ctb2024-07-091-6/+8
| | | | suggested by jsing on review
* Minor cosmetics in pkey_tls1_prf_derive()tb2024-07-091-5/+3
| | | | noticed by jsing on review
* Replace explicit_bzero() plus free() with freezero()tb2024-07-091-3/+2
| | | | This is simpler, if slightly more expensive
* Improve test coverage for TLS1-PRFtb2024-07-091-4/+177
| | | | | | This is basically a copy of the libssl unit tests, moved to libcrypto to avoid starting the infection of libssl with this particular piece of EVP garbage.
* Add a minimal regress test for TLS1-PRFtb2024-07-091-1/+96
|
* Shuffle things into a more sensible ordertb2024-07-091-63/+58
| | | | no functional change
* Use better order in EVP_PKEY_CTRL_TLS_SECRETtb2024-07-091-6/+5
| | | | Also avoid an unnecessary NULL check.
* Add tls1_prf_pkey_meth to pkey_methodstb2024-07-091-1/+3
| | | | ok jsing
* Make a NULL check explicittb2024-07-091-2/+2
|
* Zap or align some ugly commentstb2024-07-091-4/+3
|
* Test & assign once moretb2024-07-091-4/+4
|
* sec_len -> secret_lentb2024-07-091-3/+3
|
* Test and assign in tls1_prf_P_hash()tb2024-07-091-5/+8
|
* Fix whitespace around '/'tb2024-07-091-4/+4
|
* Invert logic in tls1_prf_alg()tb2024-07-091-22/+22
|
* olen -> out_lentb2024-07-091-15/+15
|
* Add a few empty linestb2024-07-091-1/+7
|
* seedlen -> seed_lentb2024-07-091-10/+10
|
* seclen -> secret_lentb2024-07-091-7/+7
|
* slen -> secret_lentb2024-07-091-7/+8
|
* sec -> secrettb2024-07-091-17/+17
|
* Replace local typedef with spelling out the struct nametb2024-07-091-8/+8
|
* Remove a few useless commentstb2024-07-091-6/+1
|
* Apply a knfmt(8) sledgehammertb2024-07-091-226/+236
|
* Add an RCS tagtb2024-07-091-1/+1
|
* Replace license stub with full licensetb2024-07-091-5/+55
| | | | | This reverts to the license added in OpenSSL's initial import of this file in commit 1eff3485b63f84956b5f212aa4d853783bf6c8b5
* link tls1_prf.c to buildtb2024-07-091-1/+2
| | | | ok jsing
* Replace a malloc() call with calloc()tb2024-07-091-1/+1
|
* Replace an ossl_assert() with an error checktb2024-07-091-2/+1
|
* Use C99 initializers for tls1_prf_pkey_meth()tb2024-07-091-19/+23
|
* Inline an instance of OPENSSL_memdup()tb2024-07-091-2/+11
|
* Tidy up includestb2024-07-091-3/+7
|
* OPENSSL_free() -> free()tb2024-07-091-1/+1
|
* OPENSSL_cleanse() -> explicit_bzero()tb2024-07-091-3/+3
|
* OPENSSL_clear_free() -> freezero()tb2024-07-091-4/+4
|
* OPENSSL_malloc() -> malloc()tb2024-07-091-1/+1
|
* Spell OPENSSL_zalloc() correctly as calloc()tb2024-07-091-1/+1
|
* Mechanically replace KDFerr() with KDFerror()tb2024-07-091-8/+8
|
* Add a verbatim copy of tls1_prf.c from OpenSSL 1.1.1tb2024-07-091-0/+278
| | | | | | | | | | | | From the last public commit b372b1f76450acdfed1e2301a39810146e28b02c of the OpenSSL_1_1_1-stable branch SHA256 (kdf/tls1_prf.c) = a519d3ff721d4ec59befac8586e24624fa87d9d8f6479327f7af58d652b6e4e5 Will be beat (a little bit) into shape in tree before linking it to the build. ok jsing
* Add various defines for TLS1-PRFtb2024-07-092-2/+36
| | | | ok jsing
* Add EVP_PKEY_TLS1_PRF as alias for NID_tls1_prftb2024-07-091-1/+2
| | | | ok jsing
* Choose fixed NID for TLS1-PRFtb2024-07-091-0/+1
|
* Add NID for TLS1-PRFtb2024-07-091-0/+2
| | | | ok jsing
* Don't push the error stack in ssl_sigalg_select()beck2024-07-091-2/+1
| | | | | | | Doing so breaks certificate selection if a TLS 1.3 client does not support EC certs, and needs to fall back to RSA. ok tb@
* Fix TLS key share check to not fire when using < TLS 1.3beck2024-07-091-7/+6
| | | | | | | | | | | | The check was being too aggressive and was catching us when the extension was being sent by a client which supports tls 1.3 but the server was capped at TLS 1.2. This moves the check after the max version check, so we won't error out if we do not support TLS 1.3 Reported by obsd@bartula.de ok tb@
* do not need to force bss values to 0deraadt2024-07-091-2/+2
|