| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
They are part of the public API, may be needed for implementing custom BIO
types, and application programmers need to avoid clashing with them.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
From David Benjamin (BoringSSL)
ok beck
|
| | |
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
from jsing
|
| | |
|
| |
|
|
| |
From jsing
|
| | |
|
| |
|
|
| |
This is a hack needed until bn_local.h is updated
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Note that it is important to invalidate the cache before returning,
as the return might bubble up an error.
OK tb@ jsing@
|
| |
|
|
|
|
|
| |
A small side-effect in X509_to_X509_REQ() is that 'x->req_info->enc.modified'
now earlier on is set to 1.
OK tb@ jsing@
|
| |
|
|
| |
Reported by anton
|
| |
|
|
| |
Reported by anton
|
| |
|
|
| |
ok jsing, and kind of tb an earlier version
|
| |
|
|
|
|
| |
support.
discussed with beck and jsing
|
| |
|
|
| |
discussed with beck and jsing
|
| |
|
|
| |
Discussed with jsing and beck
|
| |
|
|
|
|
|
| |
Aligns tlsext_randomize_build_order() with tlsext_linearize_build_order()
and will help regression testing.
ok jsing
|
| |
|
|
|
|
| |
from boringssl
ok tb@ jsing@
|
| | |
|
| |
|
|
|
|
| |
error message with internal error code name.
OK tb@ jsing@
|
| |
|
|
|
|
|
| |
jsing@ noted that ASN1_OP_D2I_POST might not be the best place to
introduce this check (as could lead to pushing errors
(ASN1_R_AUX_ERROR) onto the stack). Additionally, without matching
validation on the encoding side brittleness is introduced.
|
| |
|
|
| |
Error introduced in 1.24
|
| |
|
|
| |
OK tb@
|
| |
|
|
|
|
|
| |
While there, explicitly check for 0 - as X509_get_version() is a wrapper
around the less than beloved ASN1_INTEGER_get().
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check whether the X.509 version is in the range of valid version
values, and also checks whether the version is consistent with fields
new to those versions (such as X.509 v3 extensions).
X.690 section 11.5 states: "The encoding of a set value or a sequence
value shall not include an encoding for any component value which is
equal to its default value." However, enforcing version 1 (value 0) to
be absent reportedly caused some issues as recent as July 2020, so
accept version 1 even if it is explicitly encoded.
OK tb@ beck@
|
| |
|
|
|
| |
TLS extensions (this involves unrandomizing the extension order
for the tests that rely on golden numbers.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On creation of an SSL using SSL_new(), randomize the order in which the
extensions will be sent. There are several constraints: the PSK extension
must always come last. The order cannot be randomized on a per-message
basis as the strict interpretation of the standard chosen in the CH hashing
doesn't allow changing the order between first and second ClientHello.
Another constraint is that the current code calls callbacks directly on
parsing an extension, which means that the order callbacks are called
depends on the order in which the peer sent the extensions. This results
in breaking apache-httpd setups using virtual hosts with full ranomization
because virtual hosts don't work if the SNI is unknown at the time the
ALPN callback is called. So for the time being, we ensure that SNI always
precedes ALPN to avoid issues until this issue is fixed.
This is based on an idea by David Benjamin
https://boringssl-review.googlesource.com/c/boringssl/+/48045
Input & ok jsing
|
| |
|
|
| |
OK tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This currently only covers Ed25519 using the c2sp-testvectors package
and checks that our Ed25519 implementation behaves as expected from a
"ref10" implementation.
This test has Go and c2sp-testvectors as a hard dependency. It will
optionally pick up any OpenSSL package installed on the system and
test that as well.
https://github.com/C2SP/CCTV
https://github.com/C2SP/CCTV/tree/main/ed25519
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a bit of a strange one. When this function was moved and renamed,
somehow checks for NULL pointers and 0 length were lost. Whether that was
due to great review missing it or great review suggesting it, is unclear.
Now the function can actually legitimately be called with a length of 0
(as ASN.1 OCTET STRINGS can have length 0) and "" is the appropriate
representation for that, so the fix is to allocate a 0 octet. That much
was correct. What was completely missed is that a long can be negative
which will then still lead to an out-of-bounds access. So fix that as
well.
Finally, don't malloc 3 * len + 1 without overflow checking. Rather
use calloc's internal checks. The + 1 isn't really needed anyway.
All this is still really gross and can be done much more cleanly and
safely with CBB/CBS. This will done later once we have better regress
coverage.
ok jsing
|
| | |
|
| |
|
|
| |
compat nonsense
|
