summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Provide ssl_security_shared_group()tb2022-08-172-5/+18
| | | | | | | | | Refactor ssl_security_supported_group() into a wrapper of a new internal ssl_security_group() which takes a secop as an argument. This allows adding ssl_security_shared_group() which will be needed in upcoming commits. ok jsing
* Deduplicate peer certificate chain processing code.jsing2022-08-1710-109/+121
| | | | | | | | | | | | | | Rather than reimplement this in each TLS client and server, deduplicate it into a single function. Furthermore, rather than dealing with the API hazard that is SSL_get_peer_cert_chain() in this code, simply produce two chains - one that has the leaf and one that does not. SSL_get_peer_cert_chain() can then return the appropriate one. This also moves the peer cert chain from the SSL_SESSION to the SSL_HANDSHAKE, which makes more sense since it is not available on resumption. ok tb@
* Add missing RCS tag and zap a trailing spacetb2022-08-151-2/+2
|
* Initialize readbytes in BIO_gets()tb2022-08-151-2/+2
| | | | | | | | If the bgets() callback returns <= 0, we currently rely on the user provided callback to set readbytes, which isn't ideal. This also matches what's done in BIO_read() and BIO_write(). ok jsing
* Avoid shadowing the cbs function parameter in tlsext_alpn_server_parse()tb2022-08-151-6/+4
| | | | ok jsing
* Remove redeclaration of rettb2022-08-151-2/+1
| | | | | | | When ret was introduced in an outer scope in r1.113, this declaration wasn't garbage collected. ok jsing
* Fix upper bound in a for loop (no functional change).tb2022-08-121-2/+2
|
* Tweak a comment to be more accurate.tb2022-08-121-3/+3
|
* Remove unused variabletb2022-08-111-6/+3
| | | | | | | | | | | X509_NAME_print() is documented to print things at a given indentation level. Unfortunately, this never worked since someone got some logic wrong. Part of the wrong logic was removed in a dead code removal in OpenSSL commit 92ada7cc, but the variable l was left behind, which leads to compiler warnings on some platforms. End its sad life pointlessly and incorrectly measuring column width and remove it. ok jsing
* Avoid signed integer overflow due to unary negationtb2022-08-101-12/+8
| | | | | | | | | | | | The current X509_print_ex() tries too hard pretty printing negative serialNumbers (which shouldn't occur in the first place). In particular, negating LONG_MAX leads to signed overflow. Ditch the code dealing with negative serialNumbers representable as long and fall back to the long form printing. This simplifies the code and fixes oss-fuzz #49944 with/ok jsing
* Cast int64_t to uint64_t for negatingtb2022-08-101-3/+7
| | | | | | | | Avoid signed integer overflow by casting an int64_t to uint64_t before negating. Same fix was applied in a_int.c -r1.44, but was forgotten to be applied to a_enum.c. ok jsing
* Only print versions we know abouttb2022-08-101-4/+10
| | | | | | | | | | | | The version field of an X.509 Certificate is an enum Version ::= INTEGER { v1(0), v2(1), v3(2) } Printing the version as l + 1 only really makes sense with 0 <= l <= 2. Otherwise print a naked l while also indicating that it is an unknown version. ok jsing
* For putenv(3), return an error if string starts with a '=' character.millert2022-08-082-5/+10
| | | | Both FreeBSD and NetBSD have this behavior. OK deraadt@
* fix error messagetb2022-08-051-2/+2
|
* Use the FAIL macro instead of fprintf(stderr, "FAIL: ...\n");tb2022-08-051-10/+10
|
* Make the bogokey[] global static const.tb2022-08-051-7/+8
|
* Move CBB_init() to a consistent place.tb2022-08-051-10/+10
|
* Consistently initialize failure to 1 at the top of the function andtb2022-08-051-76/+62
| | | | clear it right before the done label.
* Consistently check for CBB_init() failure.tb2022-08-051-45/+89
|
* Remove overly aggressive trust check in legacy verifier that breaksbeck2022-08-051-15/+4
| | | | | | | | p5-IO-Socket-SSL regress and regress/sbin/iked/live Still passes the mutt regress that this was intended to fix. ok tb@
* Remove most of the indirection introduced in previous and instead fetchtb2022-08-051-400/+339
| | | | | | | the appropriate tls_extension_funcs pointers for client and server from libssl and reach into them directly. ok jsing
* Add some glue to fetch the tlsext functions from the tls_extensions[]tb2022-08-041-190/+440
| | | | table rather than calling the functions directly.
* Make tlsext_*_{build,needs,parse}() functions statictb2022-08-042-217/+94
| | | | | | | | | None of these functions are used outside of ssl_tlsext.c. The only reason they are prototyped in the header is for the use of tlsexttest.c. Rather than having a big pile of useless copy-paste in the header, we can adapt the test to avoid using these functions directly. ok jsing
* Mop up key_len assignments.jsing2022-08-041-91/+59
| | | | | | | Remove unnecessary conditions for XTS mode, since we know which are XTS. Also use bytes rather than bits / 8. ok tb@
* Mop up EVP_CIPH_FLAG_FIPS usage.jsing2022-08-041-59/+59
| | | | | | LibreSSL does not do FIPS and nothing else sets or checks these. ok tb@
* Remove various aesni_* defines to aes_* functions.jsing2022-08-041-56/+24
| | | | | | | A number of the AES-NI functions are #defines to an aes_* function - remove these and just use the AES variant directly. ok tb@
* change some 4.4BSD references to earlier releasesjsg2022-08-042-6/+6
| | | | ok schwarze@
* Add workarounds for some symbols that are hidden under !LIBRESSL_INTERNALtb2022-08-031-1/+7
| | | | until the next bump exposes new symbols that we can use.
* Prepare to provide PKCS12 accessorstb2022-08-039-22/+349
| | | | | | | | | | | | | | In order to be able to make pkcs12/ opaque, we need an entire family of accessors. These are in a particularly nasty tangle since this was done in about a dozen steps while sprinkling const, renaming functions, etc. The public API also adds backward compat macros for functions that were in the tree for half a day and then renamed. Of course some of them got picked up by some ports. Some of the gruesome hacks in here will go away with the next bump, but that doesn't mean that the pkcs12 directory will be prettier afterward. ok jsing
* Expand BLOCK_CIPHER_* macros.jsing2022-08-021-133/+1056
| | | | | | | | | As a first step towards untangling and cleaning up the EVP AES code, expand the BLOCK_CIPHER_* macros. In particular, rather than having two sets of macros - one that is used if AESNI is being compiled in and one if it is not, condition on #ifdef AESNI_CAPABLE in the expanded code. ok tb@
* libc string functions were not ported from pwb to v7jsg2022-08-013-15/+9
| | | | | | https://minnie.tuhs.org/pipermail/tuhs/2017-August/011807.html ok schwarze@
* strlen was in v6 libc (s5/perror.c) but not documented till v7jsg2022-07-311-5/+4
| | | | ok schwarze@
* Tidy up some of BN_nist_mod_*jsing2022-07-311-22/+30
| | | | | | | Shuffle variables around for consistency, also ensuring appropriate and consistent initialisation. ok tb@
* fix indenttb2022-07-311-2/+2
|
* Allow a NULL header in PEM_write{,_bio}()tb2022-07-311-3/+2
| | | | | | | | | When PEM_write{,_bio}() were documented by Rich Salz and Richard Levitte, it was incorrectly stated that the header argument is allowed to be NULL. This was never true. Instead of fixing the documentation, it was decided that the API needs a fix, so pull in a variant of OpenSSL 3b9082c8. ok jsing
* Randomise the rekey interval a little. Previously, the chacha20djm2022-07-311-2/+8
| | | | | | | instance would be rekeyed every 1.6MB. This makes it happen at a random point somewhere in the 1-2MB range. Feedback deraadt@ visa@, ok tb@ visa@
* Use named initialisers for BIGNUMs.jsing2022-07-301-61/+65
| | | | | | | Also move the _bignum_nist_p_.*_sqr static BIGNUMs out of individual functions. ok tb@
* Untangle two logic chains in x509_asid.c into something more readable.tb2022-07-301-9/+22
| | | | ok jsing
* update copyright yearstb2022-07-301-2/+2
|
* Reorder functions and remove unnecessary function prototypes.jsing2022-07-301-29/+24
|
* Update copyright for additional/new code.jsing2022-07-301-1/+2
|
* Provide additional AEAD test cases.jsing2022-07-306-1/+1991
| | | | | | | | | Bring in additional AEAD test cases from BoringSSL. This provides additional coverage for AES-{128,192,256}-GCM, as well as Chacha20-Poly1305 and XChaCha20-Poly1305. Discussed with tb@
* Add EVP_aes_192_gcm() as a known AEAD.jsing2022-07-301-1/+3
|
* Allow the AEAD to be specified for a test file.jsing2022-07-302-8/+12
| | | | | Currently, this must be specified per test - allow it to be given as a command line argument that applies to the entire test file.
* Run AEAD tests against EVP_CIPHER implementations.jsing2022-07-301-15/+220
| | | | | | | | In addition to running AEAD tests against the EVP_AEAD implementation, also run them against the EVP_CIPHER implementation where applicable. This is a perfect example of why EVP_AEAD exists and why EVP_CIPHER is completely unsuited for use with AEADs...
* Allow quoted ASCII strings as input for AEAD regress.jsing2022-07-301-21/+42
| | | | | | Currently, each line in the text file is expected to be string of hexadecimal digits. In addition to this, allow a line to be given as an quoted ASCII string.
* Sort includes.jsing2022-07-301-4/+4
|
* Less #ifndef OPENSSL_NO_*jsing2022-07-301-17/+1
| | | | | We're not going to be compiling without AES or CHACHA/POLY1305 anytime soon.
* Fix comment formatting.jsing2022-07-301-4/+7
|
* Switch to ISC license.jsing2022-07-301-46/+13
| | | | | | | Use Google's ISC license for this code - this was originally being upstreamed to OpenSSL by Adam Langley, however it was never actually accepted and eventually ended up in BoringSSL (via commit dfe3053086). The same change was made a long time ago for evp/evp_aead.c and others.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-29 10:30:05 +0000