summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Use the FAIL macro instead of fprintf(stderr, "FAIL: ...\n");tb2022-08-051-10/+10
|
* Make the bogokey[] global static const.tb2022-08-051-7/+8
|
* Move CBB_init() to a consistent place.tb2022-08-051-10/+10
|
* Consistently initialize failure to 1 at the top of the function andtb2022-08-051-76/+62
| | | | clear it right before the done label.
* Consistently check for CBB_init() failure.tb2022-08-051-45/+89
|
* Remove overly aggressive trust check in legacy verifier that breaksbeck2022-08-051-15/+4
| | | | | | | | p5-IO-Socket-SSL regress and regress/sbin/iked/live Still passes the mutt regress that this was intended to fix. ok tb@
* Remove most of the indirection introduced in previous and instead fetchtb2022-08-051-400/+339
| | | | | | | the appropriate tls_extension_funcs pointers for client and server from libssl and reach into them directly. ok jsing
* Add some glue to fetch the tlsext functions from the tls_extensions[]tb2022-08-041-190/+440
| | | | table rather than calling the functions directly.
* Make tlsext_*_{build,needs,parse}() functions statictb2022-08-042-217/+94
| | | | | | | | | None of these functions are used outside of ssl_tlsext.c. The only reason they are prototyped in the header is for the use of tlsexttest.c. Rather than having a big pile of useless copy-paste in the header, we can adapt the test to avoid using these functions directly. ok jsing
* Mop up key_len assignments.jsing2022-08-041-91/+59
| | | | | | | Remove unnecessary conditions for XTS mode, since we know which are XTS. Also use bytes rather than bits / 8. ok tb@
* Mop up EVP_CIPH_FLAG_FIPS usage.jsing2022-08-041-59/+59
| | | | | | LibreSSL does not do FIPS and nothing else sets or checks these. ok tb@
* Remove various aesni_* defines to aes_* functions.jsing2022-08-041-56/+24
| | | | | | | A number of the AES-NI functions are #defines to an aes_* function - remove these and just use the AES variant directly. ok tb@
* change some 4.4BSD references to earlier releasesjsg2022-08-042-6/+6
| | | | ok schwarze@
* Add workarounds for some symbols that are hidden under !LIBRESSL_INTERNALtb2022-08-031-1/+7
| | | | until the next bump exposes new symbols that we can use.
* Prepare to provide PKCS12 accessorstb2022-08-039-22/+349
| | | | | | | | | | | | | | In order to be able to make pkcs12/ opaque, we need an entire family of accessors. These are in a particularly nasty tangle since this was done in about a dozen steps while sprinkling const, renaming functions, etc. The public API also adds backward compat macros for functions that were in the tree for half a day and then renamed. Of course some of them got picked up by some ports. Some of the gruesome hacks in here will go away with the next bump, but that doesn't mean that the pkcs12 directory will be prettier afterward. ok jsing
* Expand BLOCK_CIPHER_* macros.jsing2022-08-021-133/+1056
| | | | | | | | | As a first step towards untangling and cleaning up the EVP AES code, expand the BLOCK_CIPHER_* macros. In particular, rather than having two sets of macros - one that is used if AESNI is being compiled in and one if it is not, condition on #ifdef AESNI_CAPABLE in the expanded code. ok tb@
* libc string functions were not ported from pwb to v7jsg2022-08-013-15/+9
| | | | | | https://minnie.tuhs.org/pipermail/tuhs/2017-August/011807.html ok schwarze@
* strlen was in v6 libc (s5/perror.c) but not documented till v7jsg2022-07-311-5/+4
| | | | ok schwarze@
* Tidy up some of BN_nist_mod_*jsing2022-07-311-22/+30
| | | | | | | Shuffle variables around for consistency, also ensuring appropriate and consistent initialisation. ok tb@
* fix indenttb2022-07-311-2/+2
|
* Allow a NULL header in PEM_write{,_bio}()tb2022-07-311-3/+2
| | | | | | | | | When PEM_write{,_bio}() were documented by Rich Salz and Richard Levitte, it was incorrectly stated that the header argument is allowed to be NULL. This was never true. Instead of fixing the documentation, it was decided that the API needs a fix, so pull in a variant of OpenSSL 3b9082c8. ok jsing
* Randomise the rekey interval a little. Previously, the chacha20djm2022-07-311-2/+8
| | | | | | | instance would be rekeyed every 1.6MB. This makes it happen at a random point somewhere in the 1-2MB range. Feedback deraadt@ visa@, ok tb@ visa@
* Use named initialisers for BIGNUMs.jsing2022-07-301-61/+65
| | | | | | | Also move the _bignum_nist_p_.*_sqr static BIGNUMs out of individual functions. ok tb@
* Untangle two logic chains in x509_asid.c into something more readable.tb2022-07-301-9/+22
| | | | ok jsing
* update copyright yearstb2022-07-301-2/+2
|
* Reorder functions and remove unnecessary function prototypes.jsing2022-07-301-29/+24
|
* Update copyright for additional/new code.jsing2022-07-301-1/+2
|
* Provide additional AEAD test cases.jsing2022-07-306-1/+1991
| | | | | | | | | Bring in additional AEAD test cases from BoringSSL. This provides additional coverage for AES-{128,192,256}-GCM, as well as Chacha20-Poly1305 and XChaCha20-Poly1305. Discussed with tb@
* Add EVP_aes_192_gcm() as a known AEAD.jsing2022-07-301-1/+3
|
* Allow the AEAD to be specified for a test file.jsing2022-07-302-8/+12
| | | | | Currently, this must be specified per test - allow it to be given as a command line argument that applies to the entire test file.
* Run AEAD tests against EVP_CIPHER implementations.jsing2022-07-301-15/+220
| | | | | | | | In addition to running AEAD tests against the EVP_AEAD implementation, also run them against the EVP_CIPHER implementation where applicable. This is a perfect example of why EVP_AEAD exists and why EVP_CIPHER is completely unsuited for use with AEADs...
* Allow quoted ASCII strings as input for AEAD regress.jsing2022-07-301-21/+42
| | | | | | Currently, each line in the text file is expected to be string of hexadecimal digits. In addition to this, allow a line to be given as an quoted ASCII string.
* Sort includes.jsing2022-07-301-4/+4
|
* Less #ifndef OPENSSL_NO_*jsing2022-07-301-17/+1
| | | | | We're not going to be compiling without AES or CHACHA/POLY1305 anytime soon.
* Fix comment formatting.jsing2022-07-301-4/+7
|
* Switch to ISC license.jsing2022-07-301-46/+13
| | | | | | | Use Google's ISC license for this code - this was originally being upstreamed to OpenSSL by Adam Langley, however it was never actually accepted and eventually ended up in BoringSSL (via commit dfe3053086). The same change was made a long time ago for evp/evp_aead.c and others.
* Add stack frames to AES-NI x86_64 assembly.jsing2022-07-301-39/+58
| | | | | | | | | | | | | | | | | | | | | The current AES-NI x86_64 assembly does some strange, although valid things, such as making internal function calls without creating stack frames. In this case, the return address lands in the red zone (which it allows for when making use of the stack) and everything works as expected. However, this trips a false positive in valgrind, which seems to think that any data saved on the stack prior to the internal function call is now "undefined" once the function returns. Avoid this by actually using stack frames - this brings in most of 6a40ebe86b4 from OpenSSL, omitting the unnecessary explicit stack alignment (which was apparently added so this code could be used in the Linux kernel with an incorrectly aligned stack). Valgrind issue reported by Steffen Jaeckel (@sjaeckel), found via libstrophe unit tests. ok tb@
* Use ASN1_INTEGER to encode/decode BIGNUM_it.jsing2022-07-301-34/+48
| | | | | | | | | | The current code simply shoves the unvalidated ASN.1 bytes into a BIGNUM on the hope that other things will detect issues (such as negative values being flipped to positive). Instead of doing this, decode and validate the ASN.1 data using ASN1_INTEGER, then convert it to a BIGNUM. Similarly, for encoding convert from BIGNUM to ASN1_INTEGER and use ASN1_INTEGER encoding. ok tb@
* Provide and use a primitive clear function for BIGNUM_it.jsing2022-07-301-8/+15
| | | | | | Also tidy up bn_new() while here. ok tb@
* Eliminate the somewhat pointless Ij variabletb2022-07-301-5/+4
| | | | Requested by & ok jsing
* Transform two || chains into individually checked functionstb2022-07-301-8/+13
| | | | Requested by and ok jsing
* Having a perfect square at this point is not an error. Rather it istb2022-07-291-2/+2
| | | | | a shortcut bypassing expensive computation, so change goto err to goto done. Bug introduced in last refactoring before commit.
* Tweak some comments and whitespace around commentstb2022-07-291-9/+32
|
* Add a second test to validate the tables in the library.tb2022-07-281-1/+42
|
* Adjust a comment to reflect reality, minor code tweaks.tb2022-07-271-7/+7
|
* Do not pass input length <= 0 to the cipher handlerstb2022-07-261-11/+17
| | | | | | | | | | Input length < 0 is an error and input length == 0 can result in strange effects in some ciphers, except in CCM mode, which is extra special. Based on OpenSSL 420cb707 by Matt Caswell and Richard Levitte found by & ok jsing
* minor tweaks: unwrap a line, tweak a comment and zap an empty linetb2022-07-261-5/+3
|
* Remove test of non-portable implementation details (whether wctype_tguenther2022-07-251-5/+1
| | | | | | | and wctrans_t values are locale-specific) so we can simplify our implementation in libc ok schwarze@
* Add a regression test for bn_isqrt.ctb2022-07-252-1/+302
| | | | | This validates the tables used in bn_is_perfect_square() and checks that for randomly generated numbers the isqrt() is what it is expected to be.
* Separate the macro for generating string test functionsschwarze2022-07-251-14/+22
| | | | | | | | | | for the macro generating test functions for other data types. This makes sense because both are sufficiently different. It also avoids a large number of false positive compiler warnings that guenther@ reported. OK guenther@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-31 05:47:35 +0000