summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Adjust signatures of BIO_ctrl functionstb2022-08-181-13/+10
| | | | | | | | | | | | | | | In bio.h r1.54, the signature of BIO_callback_ctrl() was changed from bio_info_cb to BIO_info_cb. Adjust manual to reflect this change. At the moment, bio_info_cb and BIO_info_cb are still distinct types with our BIO_info_cb matching OpenSSL's definition. Historically, bio_info_cb had a different type, but that leads to issues with casting function pointers. The ecosystem has moved on to embrace the new type and several ports confuse the two types because OpenSSL decided to "solve" the issues with "typedef BIO_info_cb bio_info_cb; /* backward compatibilty */". We will align with this in the next bump. ok jsing
* Allow empty attribute sets in CSRstb2022-08-181-2/+4
| | | | | | | | | | | While each attribute must contain at least one extension, it is not required that a CSR have attributes at all. Instead of signalling an error by returning NULL if no extensions are found, return an empty stack of extensions. Via OpenSSL 1f02ca2d ok jsing
* Tweak prototype to match function definition (n -> index)tb2022-08-181-2/+2
|
* Implement the SSL_CTRL_GET_SHARED_GROUP controltb2022-08-171-1/+37
| | | | | | | | | | | | | | | | | | | | | | | This implements SSL_get_shared_{curve,group}() in a bug-compatible fashion with OpenSSL. This is your average OpenSSL-style overloaded parameter API where n >= 0 means "return the n-th shared group's NID" (as if anyone possibly ever cared about the case n > 0) and n == -1 means "return the number of shared groups". There is also an undocumented case n == -2 for Suite B profile support which falls back to n == 0 in case Suite B profile support is disabled, so n == -2 is the same as n == 0 in LibreSSL. The API also returns 0 for error, which is indistinguishable from a count of 0 shared groups but coincides with NID_undef. Contrary to claims in the documentation, the API doesn't actually return -1 for clients, rather it returns 0. Obviously this entire exercise is pretty useless, but since somebody exposed it because they could and someone else used it because they could we need to provide it. ok jsing
* Refactor tls1_get_supported_group()tb2022-08-172-30/+99
| | | | | | | | | | | | | This splits tls1_get_supported_group() into a few helper functions to be able to count shared groups and to return the n-th shared group since someone thought it is a great idea to expose that in a single API and some others thought it is useful to add this info to log noise. This is all made a bit more complicated thanks to the security level having its tentacles everywhere and because a user-provided security callback can influence the list of groups shared by the peers. ok jsing
* Add SSL_get_shared_{curve,group}()tb2022-08-171-2/+10
| | | | | | | | These are wrappers of SSL_ctrl() using the SSL_CTRL_GET_SHARED_GROUP control. Do not provide SSL_CTRL_GET_SHARED_CURVE since that is only mentioned in Net::SSLeay docs according to codesearch.debian.net. ok jsing
* Make tls1_get_{format,group_}list() take a const SSLtb2022-08-172-8/+8
| | | | ok jsing
* Provide ssl_security_shared_group()tb2022-08-172-5/+18
| | | | | | | | | Refactor ssl_security_supported_group() into a wrapper of a new internal ssl_security_group() which takes a secop as an argument. This allows adding ssl_security_shared_group() which will be needed in upcoming commits. ok jsing
* Deduplicate peer certificate chain processing code.jsing2022-08-1710-109/+121
| | | | | | | | | | | | | | Rather than reimplement this in each TLS client and server, deduplicate it into a single function. Furthermore, rather than dealing with the API hazard that is SSL_get_peer_cert_chain() in this code, simply produce two chains - one that has the leaf and one that does not. SSL_get_peer_cert_chain() can then return the appropriate one. This also moves the peer cert chain from the SSL_SESSION to the SSL_HANDSHAKE, which makes more sense since it is not available on resumption. ok tb@
* Add missing RCS tag and zap a trailing spacetb2022-08-151-2/+2
|
* Initialize readbytes in BIO_gets()tb2022-08-151-2/+2
| | | | | | | | If the bgets() callback returns <= 0, we currently rely on the user provided callback to set readbytes, which isn't ideal. This also matches what's done in BIO_read() and BIO_write(). ok jsing
* Avoid shadowing the cbs function parameter in tlsext_alpn_server_parse()tb2022-08-151-6/+4
| | | | ok jsing
* Remove redeclaration of rettb2022-08-151-2/+1
| | | | | | | When ret was introduced in an outer scope in r1.113, this declaration wasn't garbage collected. ok jsing
* Fix upper bound in a for loop (no functional change).tb2022-08-121-2/+2
|
* Tweak a comment to be more accurate.tb2022-08-121-3/+3
|
* Remove unused variabletb2022-08-111-6/+3
| | | | | | | | | | | X509_NAME_print() is documented to print things at a given indentation level. Unfortunately, this never worked since someone got some logic wrong. Part of the wrong logic was removed in a dead code removal in OpenSSL commit 92ada7cc, but the variable l was left behind, which leads to compiler warnings on some platforms. End its sad life pointlessly and incorrectly measuring column width and remove it. ok jsing
* Avoid signed integer overflow due to unary negationtb2022-08-101-12/+8
| | | | | | | | | | | | The current X509_print_ex() tries too hard pretty printing negative serialNumbers (which shouldn't occur in the first place). In particular, negating LONG_MAX leads to signed overflow. Ditch the code dealing with negative serialNumbers representable as long and fall back to the long form printing. This simplifies the code and fixes oss-fuzz #49944 with/ok jsing
* Cast int64_t to uint64_t for negatingtb2022-08-101-3/+7
| | | | | | | | Avoid signed integer overflow by casting an int64_t to uint64_t before negating. Same fix was applied in a_int.c -r1.44, but was forgotten to be applied to a_enum.c. ok jsing
* Only print versions we know abouttb2022-08-101-4/+10
| | | | | | | | | | | | The version field of an X.509 Certificate is an enum Version ::= INTEGER { v1(0), v2(1), v3(2) } Printing the version as l + 1 only really makes sense with 0 <= l <= 2. Otherwise print a naked l while also indicating that it is an unknown version. ok jsing
* For putenv(3), return an error if string starts with a '=' character.millert2022-08-082-5/+10
| | | | Both FreeBSD and NetBSD have this behavior. OK deraadt@
* fix error messagetb2022-08-051-2/+2
|
* Use the FAIL macro instead of fprintf(stderr, "FAIL: ...\n");tb2022-08-051-10/+10
|
* Make the bogokey[] global static const.tb2022-08-051-7/+8
|
* Move CBB_init() to a consistent place.tb2022-08-051-10/+10
|
* Consistently initialize failure to 1 at the top of the function andtb2022-08-051-76/+62
| | | | clear it right before the done label.
* Consistently check for CBB_init() failure.tb2022-08-051-45/+89
|
* Remove overly aggressive trust check in legacy verifier that breaksbeck2022-08-051-15/+4
| | | | | | | | p5-IO-Socket-SSL regress and regress/sbin/iked/live Still passes the mutt regress that this was intended to fix. ok tb@
* Remove most of the indirection introduced in previous and instead fetchtb2022-08-051-400/+339
| | | | | | | the appropriate tls_extension_funcs pointers for client and server from libssl and reach into them directly. ok jsing
* Add some glue to fetch the tlsext functions from the tls_extensions[]tb2022-08-041-190/+440
| | | | table rather than calling the functions directly.
* Make tlsext_*_{build,needs,parse}() functions statictb2022-08-042-217/+94
| | | | | | | | | None of these functions are used outside of ssl_tlsext.c. The only reason they are prototyped in the header is for the use of tlsexttest.c. Rather than having a big pile of useless copy-paste in the header, we can adapt the test to avoid using these functions directly. ok jsing
* Mop up key_len assignments.jsing2022-08-041-91/+59
| | | | | | | Remove unnecessary conditions for XTS mode, since we know which are XTS. Also use bytes rather than bits / 8. ok tb@
* Mop up EVP_CIPH_FLAG_FIPS usage.jsing2022-08-041-59/+59
| | | | | | LibreSSL does not do FIPS and nothing else sets or checks these. ok tb@
* Remove various aesni_* defines to aes_* functions.jsing2022-08-041-56/+24
| | | | | | | A number of the AES-NI functions are #defines to an aes_* function - remove these and just use the AES variant directly. ok tb@
* change some 4.4BSD references to earlier releasesjsg2022-08-042-6/+6
| | | | ok schwarze@
* Add workarounds for some symbols that are hidden under !LIBRESSL_INTERNALtb2022-08-031-1/+7
| | | | until the next bump exposes new symbols that we can use.
* Prepare to provide PKCS12 accessorstb2022-08-039-22/+349
| | | | | | | | | | | | | | In order to be able to make pkcs12/ opaque, we need an entire family of accessors. These are in a particularly nasty tangle since this was done in about a dozen steps while sprinkling const, renaming functions, etc. The public API also adds backward compat macros for functions that were in the tree for half a day and then renamed. Of course some of them got picked up by some ports. Some of the gruesome hacks in here will go away with the next bump, but that doesn't mean that the pkcs12 directory will be prettier afterward. ok jsing
* Expand BLOCK_CIPHER_* macros.jsing2022-08-021-133/+1056
| | | | | | | | | As a first step towards untangling and cleaning up the EVP AES code, expand the BLOCK_CIPHER_* macros. In particular, rather than having two sets of macros - one that is used if AESNI is being compiled in and one if it is not, condition on #ifdef AESNI_CAPABLE in the expanded code. ok tb@
* libc string functions were not ported from pwb to v7jsg2022-08-013-15/+9
| | | | | | https://minnie.tuhs.org/pipermail/tuhs/2017-August/011807.html ok schwarze@
* strlen was in v6 libc (s5/perror.c) but not documented till v7jsg2022-07-311-5/+4
| | | | ok schwarze@
* Tidy up some of BN_nist_mod_*jsing2022-07-311-22/+30
| | | | | | | Shuffle variables around for consistency, also ensuring appropriate and consistent initialisation. ok tb@
* fix indenttb2022-07-311-2/+2
|
* Allow a NULL header in PEM_write{,_bio}()tb2022-07-311-3/+2
| | | | | | | | | When PEM_write{,_bio}() were documented by Rich Salz and Richard Levitte, it was incorrectly stated that the header argument is allowed to be NULL. This was never true. Instead of fixing the documentation, it was decided that the API needs a fix, so pull in a variant of OpenSSL 3b9082c8. ok jsing
* Randomise the rekey interval a little. Previously, the chacha20djm2022-07-311-2/+8
| | | | | | | instance would be rekeyed every 1.6MB. This makes it happen at a random point somewhere in the 1-2MB range. Feedback deraadt@ visa@, ok tb@ visa@
* Use named initialisers for BIGNUMs.jsing2022-07-301-61/+65
| | | | | | | Also move the _bignum_nist_p_.*_sqr static BIGNUMs out of individual functions. ok tb@
* Untangle two logic chains in x509_asid.c into something more readable.tb2022-07-301-9/+22
| | | | ok jsing
* update copyright yearstb2022-07-301-2/+2
|
* Reorder functions and remove unnecessary function prototypes.jsing2022-07-301-29/+24
|
* Update copyright for additional/new code.jsing2022-07-301-1/+2
|
* Provide additional AEAD test cases.jsing2022-07-306-1/+1991
| | | | | | | | | Bring in additional AEAD test cases from BoringSSL. This provides additional coverage for AES-{128,192,256}-GCM, as well as Chacha20-Poly1305 and XChaCha20-Poly1305. Discussed with tb@
* Add EVP_aes_192_gcm() as a known AEAD.jsing2022-07-301-1/+3
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-30 01:48:25 +0000