summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* x509 trust: remove unneeded headerstb2024-03-261-3/+1
|
* Rework input and output handling for sha1.jsing2024-03-261-128/+79
| | | | | | | | Use be32toh(), htobe32() and crypto_{load,store}_htobe32() as appropriate. Also use the same while() loop that is used for other hash functions. ok joshua@ tb@
* Inline initial values.jsing2024-03-261-11/+8
| | | | No functional change.
* Rework input and output handling for md4.jsing2024-03-261-55/+61
| | | | | | Use le32toh(), htole32() and crypto_{load,store}_htole32() as appropriate. ok joshua@ tb@
* Simplify HMAC_CTX_new()joshua2024-03-261-9/+2
| | | | | | | There is no need to call HMAC_CTX_init() as the memory has already been initialised to zero. ok tb
* Clean up EVP_DigestSignFinaljoshua2024-03-261-27/+31
| | | | ok jsing tb
* Reject setting invalid versions for certs, CRLs and CSRstb2024-03-263-3/+18
| | | | | | | | | | | | The toolkit aspect bites again. Lots of invalid CRLs and CSRs are produced because people neither read the RFCs nor does the toolkit check anything it is fed. Reviewers apparently also aren't capable of remembering that they have three copy-pasted versions of the same API and that adding a version check to one of the might suggest adding one for the other two. This requires ruby-openssl 20240326p0 to pass ok beck job jsing
* Add TLS_ERROR_INVALID_CONTEXT error code to libtlsjoshua2024-03-264-11/+16
| | | | ok jsing@ beck@
* Remove now unnecessary do {} while (0);jsing2024-03-261-3/+1
|
* Inline HASH_MAKE_STRING.jsing2024-03-261-13/+12
| | | | No change to generated assembly.
* Remove PKCS5_pbe2_set_iv()tb2024-03-261-28/+9
| | | | | | | | | | This used to be a generalization of PKCS5_pbe2_set(). Its only caller was the latter, which always passes aiv == NULL and pbe_prf == -1. Thus, the iv would always be random and regarding the pbe_prf, it would always end up being NID_hmacWithSHA1 since the only ctrl grokking EVP_CTRL_PBE_PRF_NID was RC2's control, but only if PBE_PRF_TEST was defined, which it wasn't. ok jsing
* Reorder functions expanded from md32_common.h.jsing2024-03-261-103/+102
| | | | No functional change.
* Unifdef PBE_PRF_TESTtb2024-03-261-7/+1
| | | | | | This gets use of the last mention of EVP_CTRL_PBE_PRF_NID outside of evp.h ok jsing
* Expand HASH_* defines.jsing2024-03-261-26/+28
| | | | No change to generated assembly.
* Inline hash functions from md32_common.h.jsing2024-03-261-1/+102
| | | | No change to generated assembly.
* Fix previous commit.jsing2024-03-261-2/+2
|
* Add error code support to libtlsjoshua2024-03-2612-225/+363
| | | | | | | | | This adds tls_config_error_code() and tls_error_code(), which will become public API at a later date. Additional error codes will be added in follow-up commits. ok jsing@ beck@
* Reorder functions.jsing2024-03-261-13/+13
| | | | No functional change.
* Provide an optimised bn_subw() for amd64.jsing2024-03-261-3/+22
| | | | bn_subw() will be used more widely in an upcoming change.
* Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in EVP_SignFinaljoshua2024-03-261-6/+8
| | | | ok jsing@
* Stop including md32_common.h in md5.c and remove unused defines.jsing2024-03-261-17/+1
| | | | | | This is now no longer needed. ok tb@
* Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in EVP_VerifyFinaljoshua2024-03-261-6/+7
| | | | ok tb@
* Include stdint.h for uintptr_t.jsing2024-03-261-1/+2
|
* Add back x509_local.h for PBKDF2PARAMtb2024-03-261-1/+2
|
* PKCS5_pbe2_set_iv() can be local to p5_pbev2tb2024-03-262-6/+3
| | | | quoth the muppet "yes I know this is horrible!"
* Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in PKCS1_MGF1joshua2024-03-261-9/+14
| | | | ok tb@
* Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} injoshua2024-03-261-19/+22
| | | | | | RSA_verify_PKCS1_PSS_mgf1 ok jsing@ tb@
* Clean up use of EVP_CIPHER_CTX_{legacy_clear,cleanup} in EVP_OpenInitjoshua2024-03-261-3/+3
| | | | ok tb@
* Demacro MD5 and improve data loading.jsing2024-03-261-116/+154
| | | | | | | Use static inline functions instead of macros and improve handling of aligned data. Also number rounds as per RFC 1321. ok tb@
* Mark internal functions as static.jsing2024-03-261-5/+5
|
* Move bn_montgomery_reduce() and drop prototype.jsing2024-03-261-73/+71
| | | | No functional change.
* Fix function guards.jsing2024-03-261-3/+3
|
* Add an indicator that an extension has been processed.beck2024-03-263-3/+21
| | | | ok jsing@
* Fix expected client hello value to allow for supported_groups change.beck2024-03-261-4/+4
| | | | ok jsing@
* Garbage collect the unused verifyctx() and verifyctx_init()tb2024-03-262-23/+5
| | | | ok joshua jsing
* Process supported groups before key share.beck2024-03-261-15/+15
| | | | | | | This will allow us to know the client preferences for an upcoming change to key share processing. ok jsing@
* Disable client handshake test for now for pending changes.beck2024-03-261-2/+3
| | | | ok jsing@
* Use errno_value instead of num for readabilityjoshua2024-03-261-7/+7
| | | | ok jsing@
* Use errno_value instead of num for readabilityjoshua2024-03-262-12/+12
| | | | ok beck@ jsing@
* Change ts to only support one second precision.beck2024-03-263-84/+9
| | | | | | | | | | | | | RFC 3631 allows for sub second ASN1 GENERALIZED times, if you choose to support sub second time precison. It does not indicate that an implementation must support them. Supporting sub second timestamps is just silly and unrealistic, so set our maximum to one second of precision. We then simplify this code by removing some nasty eye-bleed that made artisinally hand crafted strings and jammed them into an ASN1_GENERALIZEDTIME. ok tb@, jsing@, with one second precision tested by kn@
* Clean up conf's module_init()tb2024-03-261-39/+27
| | | | | | | | | | Immediately error out when no name or value is passed instead of hiding this in a a combination of ternary operator and strdup error check. Use calloc(). Unindent some stupid, don't pretend this function can return anything but -1 and 1, turn the whole thing into single exit and call the now existing imodule_free() instead of handrolling it. ok jsing
* Rewrite HKDF_expand().jsing2024-03-251-38/+50
| | | | | | | Simplify overflow checking and length tracking, use a CBB to handle output and use HMAC_CTX_new() rather than having a HMAC_CTX on the stack. ok tb@
* Revert r1.13 since it currently breaks openssl-ruby regress tests.jsing2024-03-251-2/+2
| | | | ok tb@
* Inline sctx in EVP_DigestSignFinaljoshua2024-03-251-11/+8
| | | | ok tb@ jsing@
* Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in PKCS5_PBE_keyivgenjoshua2024-03-251-11/+12
| | | | ok tb@
* Error on setting an invalid CSR versionjob2024-03-251-2/+2
| | | | | | Reported by David Benjamin (BoringSSL) OK tb@
* Remove unneeded brackets from if statement in EVP_DigestSignFinaljoshua2024-03-251-3/+2
| | | | ok tb@
* Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in EVP_BytesToKeyjoshua2024-03-251-12/+14
| | | | ok tb@
* Codify more insane CRYPTO_EX_DATA API.jsing2024-03-251-9/+59
| | | | | | The current CRYPTO_EX_DATA implementation allows for data to be set without calling new, indexes can be used without allocation, new can be called without getting an index and dup can be called after new or without calling new.
* Revise for TLS extension parsing/processing changes.jsing2024-03-251-108/+42
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 19:48:26 +0000