summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix ASN1_INTEGER_to_BN() misusetb2024-10-031-16/+16
| | | | | | | Same issue/leak as for BN_to_ASN1_INTEGER(). Stop reusing the elliptic curve parameters a and b for order and cofacter. It's confusing. ok jsing
* Switch field_bits to be an inttb2024-10-031-3/+3
| | | | ok jsing
* Fix BN_to_ASN1_INTEGER() misusetb2024-10-031-7/+6
| | | | | | | You can either let this API reuse an existing ASN1_INTEGER or you can let it allocate a new one. If you try to do both at the same time, you'll leak. ok jsing
* Provide OPENSSL_INIT_NO_ATEXIT nooptb2024-10-031-1/+2
| | | | | | | | | | | The brilliant idea of installing a fragile non-idempotent cleanup atexit handler as a library has bitten many people over time. This gets particularly exciting when you can't control who dlopens the lib first (don't we all love Python bindings) or if you are in a threaded context. Fake OpenSSL clones chose not to do this but now get to carry a noop flag since people start opting out of this madness (there's a good old tradition at work here). ok beck joshua jsing millert miod
* X509V3_EXT_get_nid.3: indicate what nid meanstb2024-10-031-3/+3
|
* Reorder functions.jsing2024-10-021-297/+286
| | | | | Reorder functions so that things are somewhat more logical, moving internal functions towards the top (and removing now unnecessary prototypes).
* Remove err_fns and associated machinery.jsing2024-10-021-142/+65
| | | | | | | | | | | | Like all good OpenSSL code, errors was built to be completely extensible. Thankfully, the ERR_{get,set}_implementation() functions were removed in r1.127 of err.c, which means that the extensibility can no longer be used. Take the first of many steps to clean up this code - remove err_fns and associated machinery, calling functions directly. Rename so that we have an 'err_' prefix rather than 'int_' (or nothing). ok joshua@ tb@
* Hook up the err regress.jsing2024-10-021-1/+2
|
* Add initial regress for the error stack and ERR_* APIs.jsing2024-10-022-0/+210
|
* Enable additional CRYPTO_get_ex_new_index() tests.jsing2024-10-021-6/+1
| | | | | | | It was previously possible to call CRYPTO_get_ex_new_index() with either a negative index or a positive index that equaled or exceeded CRYPTO_EX_INDEX__COUNT. The reimplementation of exdata treats these as error cases.
* Reinstate bounds check accidentally disabled when defining OPENSSL_NO_DTLS1tb2024-09-221-3/+1
| | | | | From Kenjiro Nakayama Closes https://github.com/libressl/portable/issues/1097
* remove unneeded semicolons; checked by millert@jsg2024-09-201-2/+2
|
* Enable large number of extension tests and stop skippking QUIC transporttb2024-09-181-8/+3
| | | | parameter extension which we now know about
* tlsfuzzer: add a start-server convenience target for interactive testingtb2024-09-171-2/+6
|
* Replace OpenSSL 3.1 (which no longer is in ports) with 3.3tb2024-09-171-2/+2
|
* tlsfuzzer: grammar fix missed in previoustb2024-09-141-2/+2
|
* typo: troups -> groupstb2024-09-131-2/+2
|
* parametes -> parameterstb2024-09-111-2/+2
|
* Make error 235 resolve to "no application protocol"tb2024-09-091-2/+1
| | | | | | | | | We accidentally have two errors 235 since we didn't notice that OpenSSL removed the unused SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER and later that becamse SSL_R_NO_APPLICATION_PROTOCOL. Getting an "unsupported cipher" error when fiddling with ALPN is confusing, so fix that. ok jsing
* Fix alert callback in the QUIC layertb2024-09-091-2/+12
| | | | | | | | | | | | | | | | | | | Only close_notify and user_cancelled are warning alerts. All others should be fatal. In order for the lower layers to behave correctly, the return code for fatal alerts needs to be TLS13_IO_ALERT instead of TLS13_IO_SUCCESS. Failure to signal handshake failure in the public API led to a crash in HAProxy when forcing the tls cipher to TLS_AES_128_CCM_SHA256 as found by haproxyfred while investigating https://github.com/haproxy/haproxy/issues/2569 Kenjiro Nakayama found misbehavior of ngtcp2-based servers, wrote a similar patch and tested this version. Fixes https://github.com/libressl/portable/issues/1093 ok jsing
* Add and use tls13_record_layer_alert_sent()tb2024-09-092-3/+12
| | | | | | | | | This is a small refactoring that wraps a direct call to the record layer's alert_sent() callback into a handler for upcoming reuse in the QUIC code. No functional change. ok jsing
* Futhermore -> Furthermoretb2024-09-071-2/+2
|
* Prepare for an upcoming tlsfuzzer test that expects decode_errortb2024-09-061-2/+5
| | | | when we send illegal_parameter. Shrug.
* Reenable AES-NI in libcryptotb2024-09-064-10/+29
| | | | | | | | | | | | | | | | | | | The OPENSSL_cpu_caps() change after the last bump missed a crucial bit: there is more MD mess in the MI code than anticipated, with the result that AES is now used without AES-NI on amd64 and i386, hurting machines that previously greatly benefitted from it. Temporarily add an internal crypto_cpu_caps_ia32() API that returns the OPENSSL_ia32cap_P or 0 like OPENSSL_cpu_caps() previously did. This can be improved after the release. Regression reported and fix tested by Mark Patruck. No impact on public ABI or API. with/ok jsing PS: Next time my pkg_add feels very slow, I should perhaps not mechanically blame IEEE 802.11...
* Adjust documentation to work without X509_LOOKUP_by_subject()tb2024-09-061-52/+5
| | | | | X509_LOOKUP_by_subject() was made internal a while back. Its documentation was very detailed, so this was a bit of a tangle to undo.
* typo in comment; Effectivly -> Effectively; ok gilles@op2024-09-031-2/+2
|
* wild white spacederaadt2024-09-031-2/+2
|
* Remove X509_check_trust documentationtb2024-09-027-226/+11
|
* The X509at_* manuals are no longer neededtb2024-09-024-299/+4
|
* Also remove .Xr to X509at_*tb2024-09-021-4/+2
|
* Excise X509at_* from X509_REQ_* documentationtb2024-09-021-22/+10
|
* Rename lastpos to start_after to match other, similar manualstb2024-09-021-13/+13
|
* More X509at_* removaltb2024-09-021-8/+4
|
* Remove mention of the no longer public X509at_* functionstb2024-09-021-23/+12
|
* Adjust function signatures for const X509_LOOKUP_METHODtb2024-09-022-8/+8
|
* symbols: remove special case for cpuid_setup and cpu_capstb2024-09-011-8/+1
| | | | The former is gone and the latter is available in crypto.h.
* sync x509v3_add_value with x509_utl.ctb2024-08-311-19/+32
|
* Rewrite X509V3_add_value() to a single exit idiomtb2024-08-311-19/+32
| | | | ok jsing
* Remove redundant COPYRIGHT file.jsing2024-08-311-50/+0
| | | | | | This is already included at the top of each file in this directory. Prompted by tb@
* Make fcrypt_body() static and remove prototype.jsing2024-08-312-6/+3
|
* Unifdef DES_PTR, DES_RISC1 and DES_RISC2.jsing2024-08-313-162/+3
| | | | | | | These are all go fast knobs that convolute the code and can be dangerous. Lets presume that we have a modern and somewhat capable C compiler instead. ok tb@
* Unifdef OPENBSD_DES_ASM.jsing2024-08-312-10/+2
| | | | | | There are no assembly implementations now. ok tb@
* Inline and remove spr.h.jsing2024-08-312-211/+149
| | | | | | This is only included once in des_enc.c - inline the tables instead. Prompted by tb@
* Combine DES code into a smaller set of files.jsing2024-08-3119-1967/+1185
| | | | Discussed with tb@
* Merge fcrypt_b.c into fcrypt.c.jsing2024-08-313-148/+136
| | | | | | | There is no need for these to be separate (presumably done due to assembly implementations, even though there are #ifdef as well). Discussed with tb@
* Remove now unused ncbc_enc.c.jsing2024-08-311-160/+0
|
* Expand DES_ncbc_encrypt() in des_enc.c.jsing2024-08-311-3/+80
| | | | | | | Copy ncbc_enc.c where it was previously #included, then clean up with `unifdef -m -UCBC_ENC_C__DONT_UPDATE_IV`. Discussed with tb@
* Expand DES_cbc_encrypt() in cbc_enc.c.jsing2024-08-311-3/+73
| | | | | | | Copy ncbc_enc.c where it was previously #included, then clean up with `unifdef -m -DCBC_ENC_C__DONT_UPDATE_IV`. Discussed with tb@
* Update for OPENSSL_cpu_caps() now being machine independent.jsing2024-08-313-17/+5
|
* Update for OPENSSL_cpu_caps() now being machine independent.jsing2024-08-311-6/+2
| | | | ok tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-10 01:32:04 +0000