Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Add another empty line | tb | 2024-07-09 | 1 | -1/+2 | |
| | ||||||
* | Turn tls1_prf_alg() into single exit | tb | 2024-07-09 | 1 | -9/+11 | |
| | | | | | requested by jsing on review ok beck | |||||
* | Unwrap a few more lines | tb | 2024-07-09 | 1 | -9/+5 | |
| | ||||||
* | Unwrap a couple of lines | tb | 2024-07-09 | 1 | -5/+3 | |
| | ||||||
* | Align math with t1_enc.c | tb | 2024-07-09 | 1 | -6/+8 | |
| | | | | suggested by jsing on review | |||||
* | Minor cosmetics in pkey_tls1_prf_derive() | tb | 2024-07-09 | 1 | -5/+3 | |
| | | | | noticed by jsing on review | |||||
* | Replace explicit_bzero() plus free() with freezero() | tb | 2024-07-09 | 1 | -3/+2 | |
| | | | | This is simpler, if slightly more expensive | |||||
* | Improve test coverage for TLS1-PRF | tb | 2024-07-09 | 1 | -4/+177 | |
| | | | | | | This is basically a copy of the libssl unit tests, moved to libcrypto to avoid starting the infection of libssl with this particular piece of EVP garbage. | |||||
* | Add a minimal regress test for TLS1-PRF | tb | 2024-07-09 | 1 | -1/+96 | |
| | ||||||
* | Shuffle things into a more sensible order | tb | 2024-07-09 | 1 | -63/+58 | |
| | | | | no functional change | |||||
* | Use better order in EVP_PKEY_CTRL_TLS_SECRET | tb | 2024-07-09 | 1 | -6/+5 | |
| | | | | Also avoid an unnecessary NULL check. | |||||
* | Add tls1_prf_pkey_meth to pkey_methods | tb | 2024-07-09 | 1 | -1/+3 | |
| | | | | ok jsing | |||||
* | Make a NULL check explicit | tb | 2024-07-09 | 1 | -2/+2 | |
| | ||||||
* | Zap or align some ugly comments | tb | 2024-07-09 | 1 | -4/+3 | |
| | ||||||
* | Test & assign once more | tb | 2024-07-09 | 1 | -4/+4 | |
| | ||||||
* | sec_len -> secret_len | tb | 2024-07-09 | 1 | -3/+3 | |
| | ||||||
* | Test and assign in tls1_prf_P_hash() | tb | 2024-07-09 | 1 | -5/+8 | |
| | ||||||
* | Fix whitespace around '/' | tb | 2024-07-09 | 1 | -4/+4 | |
| | ||||||
* | Invert logic in tls1_prf_alg() | tb | 2024-07-09 | 1 | -22/+22 | |
| | ||||||
* | olen -> out_len | tb | 2024-07-09 | 1 | -15/+15 | |
| | ||||||
* | Add a few empty lines | tb | 2024-07-09 | 1 | -1/+7 | |
| | ||||||
* | seedlen -> seed_len | tb | 2024-07-09 | 1 | -10/+10 | |
| | ||||||
* | seclen -> secret_len | tb | 2024-07-09 | 1 | -7/+7 | |
| | ||||||
* | slen -> secret_len | tb | 2024-07-09 | 1 | -7/+8 | |
| | ||||||
* | sec -> secret | tb | 2024-07-09 | 1 | -17/+17 | |
| | ||||||
* | Replace local typedef with spelling out the struct name | tb | 2024-07-09 | 1 | -8/+8 | |
| | ||||||
* | Remove a few useless comments | tb | 2024-07-09 | 1 | -6/+1 | |
| | ||||||
* | Apply a knfmt(8) sledgehammer | tb | 2024-07-09 | 1 | -226/+236 | |
| | ||||||
* | Add an RCS tag | tb | 2024-07-09 | 1 | -1/+1 | |
| | ||||||
* | Replace license stub with full license | tb | 2024-07-09 | 1 | -5/+55 | |
| | | | | | This reverts to the license added in OpenSSL's initial import of this file in commit 1eff3485b63f84956b5f212aa4d853783bf6c8b5 | |||||
* | link tls1_prf.c to build | tb | 2024-07-09 | 1 | -1/+2 | |
| | | | | ok jsing | |||||
* | Replace a malloc() call with calloc() | tb | 2024-07-09 | 1 | -1/+1 | |
| | ||||||
* | Replace an ossl_assert() with an error check | tb | 2024-07-09 | 1 | -2/+1 | |
| | ||||||
* | Use C99 initializers for tls1_prf_pkey_meth() | tb | 2024-07-09 | 1 | -19/+23 | |
| | ||||||
* | Inline an instance of OPENSSL_memdup() | tb | 2024-07-09 | 1 | -2/+11 | |
| | ||||||
* | Tidy up includes | tb | 2024-07-09 | 1 | -3/+7 | |
| | ||||||
* | OPENSSL_free() -> free() | tb | 2024-07-09 | 1 | -1/+1 | |
| | ||||||
* | OPENSSL_cleanse() -> explicit_bzero() | tb | 2024-07-09 | 1 | -3/+3 | |
| | ||||||
* | OPENSSL_clear_free() -> freezero() | tb | 2024-07-09 | 1 | -4/+4 | |
| | ||||||
* | OPENSSL_malloc() -> malloc() | tb | 2024-07-09 | 1 | -1/+1 | |
| | ||||||
* | Spell OPENSSL_zalloc() correctly as calloc() | tb | 2024-07-09 | 1 | -1/+1 | |
| | ||||||
* | Mechanically replace KDFerr() with KDFerror() | tb | 2024-07-09 | 1 | -8/+8 | |
| | ||||||
* | Add a verbatim copy of tls1_prf.c from OpenSSL 1.1.1 | tb | 2024-07-09 | 1 | -0/+278 | |
| | | | | | | | | | | | | From the last public commit b372b1f76450acdfed1e2301a39810146e28b02c of the OpenSSL_1_1_1-stable branch SHA256 (kdf/tls1_prf.c) = a519d3ff721d4ec59befac8586e24624fa87d9d8f6479327f7af58d652b6e4e5 Will be beat (a little bit) into shape in tree before linking it to the build. ok jsing | |||||
* | Add various defines for TLS1-PRF | tb | 2024-07-09 | 2 | -2/+36 | |
| | | | | ok jsing | |||||
* | Add EVP_PKEY_TLS1_PRF as alias for NID_tls1_prf | tb | 2024-07-09 | 1 | -1/+2 | |
| | | | | ok jsing | |||||
* | Choose fixed NID for TLS1-PRF | tb | 2024-07-09 | 1 | -0/+1 | |
| | ||||||
* | Add NID for TLS1-PRF | tb | 2024-07-09 | 1 | -0/+2 | |
| | | | | ok jsing | |||||
* | Don't push the error stack in ssl_sigalg_select() | beck | 2024-07-09 | 1 | -2/+1 | |
| | | | | | | | Doing so breaks certificate selection if a TLS 1.3 client does not support EC certs, and needs to fall back to RSA. ok tb@ | |||||
* | Fix TLS key share check to not fire when using < TLS 1.3 | beck | 2024-07-09 | 1 | -7/+6 | |
| | | | | | | | | | | | | The check was being too aggressive and was catching us when the extension was being sent by a client which supports tls 1.3 but the server was capped at TLS 1.2. This moves the check after the max version check, so we won't error out if we do not support TLS 1.3 Reported by obsd@bartula.de ok tb@ | |||||
* | do not need to force bss values to 0 | deraadt | 2024-07-09 | 1 | -2/+2 | |
| |