| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
| |
If the bgets() callback returns <= 0, we currently rely on the user
provided callback to set readbytes, which isn't ideal. This also
matches what's done in BIO_read() and BIO_write().
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
When ret was introduced in an outer scope in r1.113, this declaration
wasn't garbage collected.
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
X509_NAME_print() is documented to print things at a given indentation
level. Unfortunately, this never worked since someone got some logic
wrong. Part of the wrong logic was removed in a dead code removal in
OpenSSL commit 92ada7cc, but the variable l was left behind, which leads
to compiler warnings on some platforms. End its sad life pointlessly
and incorrectly measuring column width and remove it.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The current X509_print_ex() tries too hard pretty printing negative
serialNumbers (which shouldn't occur in the first place). In particular,
negating LONG_MAX leads to signed overflow. Ditch the code dealing with
negative serialNumbers representable as long and fall back to the long
form printing. This simplifies the code and fixes
oss-fuzz #49944
with/ok jsing
|
| |
|
|
|
|
|
|
| |
Avoid signed integer overflow by casting an int64_t to uint64_t before
negating. Same fix was applied in a_int.c -r1.44, but was forgotten to
be applied to a_enum.c.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The version field of an X.509 Certificate is an enum
Version ::= INTEGER { v1(0), v2(1), v3(2) }
Printing the version as l + 1 only really makes sense with 0 <= l <= 2.
Otherwise print a naked l while also indicating that it is an unknown
version.
ok jsing
|
| |
|
|
| |
Both FreeBSD and NetBSD have this behavior. OK deraadt@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
clear it right before the done label.
|
| | |
|
| |
|
|
|
|
|
|
| |
p5-IO-Socket-SSL regress and regress/sbin/iked/live
Still passes the mutt regress that this was intended to fix.
ok tb@
|
| |
|
|
|
|
|
| |
the appropriate tls_extension_funcs pointers for client and server from
libssl and reach into them directly.
ok jsing
|
| |
|
|
| |
table rather than calling the functions directly.
|
| |
|
|
|
|
|
|
|
| |
None of these functions are used outside of ssl_tlsext.c. The only reason
they are prototyped in the header is for the use of tlsexttest.c. Rather
than having a big pile of useless copy-paste in the header, we can adapt
the test to avoid using these functions directly.
ok jsing
|
| |
|
|
|
|
|
| |
Remove unnecessary conditions for XTS mode, since we know which are XTS.
Also use bytes rather than bits / 8.
ok tb@
|
| |
|
|
|
|
| |
LibreSSL does not do FIPS and nothing else sets or checks these.
ok tb@
|
| |
|
|
|
|
|
| |
A number of the AES-NI functions are #defines to an aes_* function - remove
these and just use the AES variant directly.
ok tb@
|
| |
|
|
| |
ok schwarze@
|
| |
|
|
| |
until the next bump exposes new symbols that we can use.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to be able to make pkcs12/ opaque, we need an entire family of
accessors. These are in a particularly nasty tangle since this was done
in about a dozen steps while sprinkling const, renaming functions, etc.
The public API also adds backward compat macros for functions that were
in the tree for half a day and then renamed. Of course some of them got
picked up by some ports.
Some of the gruesome hacks in here will go away with the next bump, but
that doesn't mean that the pkcs12 directory will be prettier afterward.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
As a first step towards untangling and cleaning up the EVP AES code, expand
the BLOCK_CIPHER_* macros. In particular, rather than having two sets of
macros - one that is used if AESNI is being compiled in and one if it is
not, condition on #ifdef AESNI_CAPABLE in the expanded code.
ok tb@
|
| |
|
|
|
|
| |
https://minnie.tuhs.org/pipermail/tuhs/2017-August/011807.html
ok schwarze@
|
| |
|
|
| |
ok schwarze@
|
| |
|
|
|
|
|
| |
Shuffle variables around for consistency, also ensuring appropriate and
consistent initialisation.
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
When PEM_write{,_bio}() were documented by Rich Salz and Richard Levitte,
it was incorrectly stated that the header argument is allowed to be NULL.
This was never true. Instead of fixing the documentation, it was decided
that the API needs a fix, so pull in a variant of OpenSSL 3b9082c8.
ok jsing
|
| |
|
|
|
|
|
| |
instance would be rekeyed every 1.6MB. This makes it happen at a
random point somewhere in the 1-2MB range.
Feedback deraadt@ visa@, ok tb@ visa@
|
| |
|
|
|
|
|
| |
Also move the _bignum_nist_p_.*_sqr static BIGNUMs out of individual
functions.
ok tb@
|
| |
|
|
| |
ok jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Bring in additional AEAD test cases from BoringSSL.
This provides additional coverage for AES-{128,192,256}-GCM, as well as
Chacha20-Poly1305 and XChaCha20-Poly1305.
Discussed with tb@
|
| | |
|
| |
|
|
|
| |
Currently, this must be specified per test - allow it to be given as a
command line argument that applies to the entire test file.
|
| |
|
|
|
|
|
|
| |
In addition to running AEAD tests against the EVP_AEAD implementation, also
run them against the EVP_CIPHER implementation where applicable.
This is a perfect example of why EVP_AEAD exists and why EVP_CIPHER is
completely unsuited for use with AEADs...
|
| |
|
|
|
|
| |
Currently, each line in the text file is expected to be string of
hexadecimal digits. In addition to this, allow a line to be given as an
quoted ASCII string.
|
| | |
|
| |
|
|
|
| |
We're not going to be compiling without AES or CHACHA/POLY1305 anytime
soon.
|
| | |
|
| |
|
|
|
|
|
| |
Use Google's ISC license for this code - this was originally being
upstreamed to OpenSSL by Adam Langley, however it was never actually
accepted and eventually ended up in BoringSSL (via commit dfe3053086).
The same change was made a long time ago for evp/evp_aead.c and others.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current AES-NI x86_64 assembly does some strange, although valid
things, such as making internal function calls without creating stack
frames. In this case, the return address lands in the red zone (which it
allows for when making use of the stack) and everything works as expected.
However, this trips a false positive in valgrind, which seems to think that
any data saved on the stack prior to the internal function call is now
"undefined" once the function returns.
Avoid this by actually using stack frames - this brings in most of
6a40ebe86b4 from OpenSSL, omitting the unnecessary explicit stack alignment
(which was apparently added so this code could be used in the Linux kernel
with an incorrectly aligned stack).
Valgrind issue reported by Steffen Jaeckel (@sjaeckel), found via
libstrophe unit tests.
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
The current code simply shoves the unvalidated ASN.1 bytes into a BIGNUM on
the hope that other things will detect issues (such as negative values
being flipped to positive). Instead of doing this, decode and validate the
ASN.1 data using ASN1_INTEGER, then convert it to a BIGNUM. Similarly, for
encoding convert from BIGNUM to ASN1_INTEGER and use ASN1_INTEGER encoding.
ok tb@
|
