summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Remove a useless OBJ_obj2nid() call from X509_CRL_print()tb2024-05-021-2/+1
| | | | ok beck (as part of a larger diff)
* Tweak start of DESCRIPTION of EC_GROUP_new()tb2024-04-271-4/+9
| | | | | Complete precision will lead to complete confusion, however outright lies are also bad.
* Document EC_curve_{nid2nist,nist2nid}()tb2024-04-261-4/+57
|
* Take pem2.h behind the barntb2024-04-252-73/+1
| | | | | | | | | | | /* * This header only exists to break a circular dependency between pem and err * Ben 30 Jan 1999. */ 25 years of uselessness is about a quarter century more than enough. discussed with jsing
* Add regress coverage for crypto_ct_*_u8()jsing2024-04-253-1/+111
|
* One empty line is enoughtb2024-04-231-18/+1
|
* Instead of unhooking libssl/client regress tests, flag them as expectedanton2024-04-222-4/+6
| | | | | | to fail. ok tb@
* remove space at eoljsg2024-04-221-3/+3
|
* unwrap linetb2024-04-211-3/+2
|
* Remove more unnecessary GOST codetb2024-04-202-24/+2
| | | | ok jsing
* bss_conn: zap trailing whitespacetb2024-04-191-8/+8
|
* Remove a couple of lies about GOST in CMStb2024-04-182-8/+8
|
* More GOST removal adjustmentstb2024-04-181-3/+3
|
* EVP_PKEY_set1_RSA.3 some adjustments after GOST removaltb2024-04-181-4/+4
|
* Add some more comments explaining shortcomings of the APItb2024-04-181-2/+9
| | | | | | | | The case in point is the incompatibility of the very ergonomic X509_ALGOR API with the RC2-derived API massacre that is EVP_CIPHER_asn1_to_param() and its "inverse". ok jsing
* Use X509_ALGOR_get0() in ecdh_cms_set_shared_info()tb2024-04-181-6/+14
| | | | | | | | This makes things slightly less gross since it involves less reaching into nested ASN.1 structures. But don't get the idea that this means the code is now clean. ok jsing
* Test and assign in ecdh_cms_set_shared_info()tb2024-04-181-9/+7
| | | | ok jsing
* Turn ecdh_cms_set_shared_info() into single exittb2024-04-181-7/+9
| | | | ok jsing
* Remove comments from captain obvious and drop useless prototypestb2024-04-171-43/+1
|
* SSL_version_str is no moretb2024-04-171-5/+1
|
* tidy includestb2024-04-171-3/+2
|
* bn_convert: zap extra blank linetb2024-04-171-2/+1
|
* Rewrite BN_mpi2bn() using CBS and bn_bin2bn_cbs().jsing2024-04-171-32/+29
| | | | ok tb@
* Rewrite BN_lebin2bn() using CBS.jsing2024-04-171-48/+16
| | | | | | | We get an implementation of this for free by having bn_bin2bn_cbs() use CBS_get_u8() instead of CBS_get_last_u8(). ok tb@
* Provide constant time operations for uint8_t.jsing2024-04-171-1/+68
| | | | | | These will be used in upcoming changes. ok tb@
* Shuffle EVP_PKEY_CTX setting togethertb2024-04-171-5/+3
| | | | | | | Another stroke of the already very dirty brush eliminates more traces of ADHD and/or crack. ok jsing
* ecdh_cms_encrypt(): tweak wrap_algor constructiontb2024-04-171-15/+23
| | | | | | | | | | | | | | | | This manually constructs an X509_ALGOR because the (now internal) legacy interface EVP_CIPHER_param_to_asn1() (which is an unwelcome complication thanks to RC2) is entirely incompatible with X509_ALGOR_set0() since the ASN1_TYPE can't be pulled apart nicely (because the ASN1_TYPE API is incomplete as well). Once we got this far, we get to DER-encode the inner AlgorithmIdentifier and set that blob as the parameters of another one. The same variables are reused of course and needless to say an unchecked X509_ALGOR_set0() would leak this blob on failure. So fix this by switching to the usual error checked X509_ALGOR_set0_by_nid(). ok jsing
* ecdh_cms_encrypt: tweak handling of ecdh_nidtb2024-04-171-4/+3
| | | | ok jsing
* ecdh_cms_encrypt: handle kdf_md in one gotb2024-04-171-3/+3
| | | | | | | Again the getting and the setting were interrupted by ten lines of completely unrelated code. ok jsing
* ecdh_cms_encrypt: simplify setting the KDF typetb2024-04-171-13/+6
| | | | | | | | | It is much simpler to avoid the key_type variable altogether and inline its use. Also it makes no sense to have 15 unrelated lines between the getting of the kdf type, checking its content, and then actually setting it to EVP_PKEY_ECDH_KDF_X9_63. ok jsing
* Use error checked X509_ALGOR_set0_by_nidtb2024-04-171-5/+5
| | | | | | | | While setting the parameters to type V_ASN1_UNDEF can't actually fail, it is cleaner to just do the check. Using the by_nid() variant also removes the need for an unchecked nested OBJ_nid2obj() call. ok jsing
* ecdh_cms_encrypt: simplify handling of pkeytb2024-04-171-15/+6
| | | | | | | The pkey is only used in one scope. i2o allocates if passed a pointer to NULL, so use that to drop two unnecessary local variables. ok jsing
* Transfer ownership before setting unused bitstb2024-04-171-2/+4
| | | | | | | This looks like a use after free, but setting the unused bits to 0 can't actually fail. ok jsing
* Turn ecdh_cms_encrypt() into single exittb2024-04-171-7/+7
| | | | | | Also use ret instead of rv. ok jsing
* Fix error check in ecdh_cms_encrypt()tb2024-04-171-2/+2
| | | | | | | | ASN1_TYPE_get() returns V_ASN1_* constants. Checking the return for NID_undef instead means that we actually check for V_ASN1_EOC, which makes absolutely no sense here. Clearly V_ASN1_UNDEF was intended. ok jsing
* Add regress coverage for BN_lebin2bn().jsing2024-04-171-3/+17
|
* Avoid NULL dereference in EVP_PKEY_paramgen()tb2024-04-171-6/+8
| | | | | | | | If EVP_PKEY_new() returns NULL, it would be passed to the paramgen() pmeth which would typically dereference it. This is identical to a recent change in keygen(). ok jsing
* openssl req: plug obvious leaktb2024-04-171-1/+2
| | | | CID 492603
* Fix key share negotiation in HRR casetb2024-04-161-1/+40
| | | | | | | | | | | | | | | | | | | | | | | | In the ClientHello retrying the handshake after a HelloRetryRequest, the client must send a single key share matching the group selected by the server in the HRR. This is not necessarily the mutually preferred group. Incorrect logic added in ssl_tlsect.c r1.134 would potentially reject such a key share because of that. Instead, add logic to ensure on the server side that there is a single share matching the group we selected in the HRR. Fixes a regress test in p5-IO-Socket-SSL where server is configured with P-521:P-384 and the client with P-256:P-384:P-521. Since the client sends an initial P-256 key share, a HRR is triggered which the faulty logic rejected because it was not the mutually preferred P-384 but rather matching the server-selected P-521. This will need some deduplication in subsequent commits. We may also want to consider honoring the mutual preference and request a key accordingly in the HRR. reported by bluhm, fix suggested by jsing ok beck jsing
* Invert BN_BITS2 handling in bn_bin2bn_cbs() and bn_hex2bn_cbs().jsing2024-04-161-11/+11
| | | | | | This results in simpler code. Suggested by tb@ during review.
* Rewrite BN_bin2bn() using CBS.jsing2024-04-161-35/+58
| | | | ok tb@
* Provide bn_expand_bytes().jsing2024-04-162-2/+16
| | | | | | This will be used in an upcoming change. ok tb@
* Rename bn_expand() to bn_expand_bits().jsing2024-04-163-10/+7
| | | | | | | Also change the bits type from int to size_t, since that's what the callers are passing and we can avoid unnecessary input validation. ok tb@
* sorttb2024-04-161-1/+1
|
* Remove workarounds for unprototyped symbolstb2024-04-151-71/+1
|
* Include the correct headertb2024-04-151-2/+2
|
* crank libtls like libcrypto and libssltb2024-04-151-1/+1
|
* crank libssl major after libcrypto major and symbol removaltb2024-04-151-1/+1
|
* Unexport SSL_version_strtb2024-04-152-4/+1
| | | | ok jsing
* crank libcrypto major after symbol removaltb2024-04-151-1/+1
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-31 15:23:26 +0000