| Commit message (Collapse) | Author | Files | Lines |
|---|
|
While each attribute must contain at least one extension, it is not
required that a CSR have attributes at all. Instead of signalling an
error by returning NULL if no extensions are found, return an empty
stack of extensions.
Via OpenSSL 1f02ca2d
ok jsing
|
|
|
|
This implements SSL_get_shared_{curve,group}() in a bug-compatible
fashion with OpenSSL.
This is your average OpenSSL-style overloaded parameter API where n >= 0
means "return the n-th shared group's NID" (as if anyone possibly ever
cared about the case n > 0) and n == -1 means "return the number of
shared groups". There is also an undocumented case n == -2 for Suite B
profile support which falls back to n == 0 in case Suite B profile
support is disabled, so n == -2 is the same as n == 0 in LibreSSL.
The API also returns 0 for error, which is indistinguishable from a
count of 0 shared groups but coincides with NID_undef. Contrary to claims
in the documentation, the API doesn't actually return -1 for clients,
rather it returns 0.
Obviously this entire exercise is pretty useless, but since somebody
exposed it because they could and someone else used it because they could
we need to provide it.
ok jsing
|
|
This splits tls1_get_supported_group() into a few helper functions to
be able to count shared groups and to return the n-th shared group since
someone thought it is a great idea to expose that in a single API and
some others thought it is useful to add this info to log noise.
This is all made a bit more complicated thanks to the security level
having its tentacles everywhere and because a user-provided security
callback can influence the list of groups shared by the peers.
ok jsing
|
|
These are wrappers of SSL_ctrl() using the SSL_CTRL_GET_SHARED_GROUP
control. Do not provide SSL_CTRL_GET_SHARED_CURVE since that is only
mentioned in Net::SSLeay docs according to codesearch.debian.net.
ok jsing
|
|
ok jsing
|
|
Refactor ssl_security_supported_group() into a wrapper of a new internal
ssl_security_group() which takes a secop as an argument. This allows
adding ssl_security_shared_group() which will be needed in upcoming
commits.
ok jsing
|
|
Rather than reimplement this in each TLS client and server, deduplicate it
into a single function. Furthermore, rather than dealing with the API
hazard that is SSL_get_peer_cert_chain() in this code, simply produce two
chains - one that has the leaf and one that does not.
SSL_get_peer_cert_chain() can then return the appropriate one.
This also moves the peer cert chain from the SSL_SESSION to the
SSL_HANDSHAKE, which makes more sense since it is not available on
resumption.
ok tb@
|
|
|
|
If the bgets() callback returns <= 0, we currently rely on the user
provided callback to set readbytes, which isn't ideal. This also
matches what's done in BIO_read() and BIO_write().
ok jsing
|
|
ok jsing
|
|
When ret was introduced in an outer scope in r1.113, this declaration
wasn't garbage collected.
ok jsing
|
|
|
|
|
|
X509_NAME_print() is documented to print things at a given indentation
level. Unfortunately, this never worked since someone got some logic
wrong. Part of the wrong logic was removed in a dead code removal in
OpenSSL commit 92ada7cc, but the variable l was left behind, which leads
to compiler warnings on some platforms. End its sad life pointlessly
and incorrectly measuring column width and remove it.
ok jsing
|
|
The current X509_print_ex() tries too hard pretty printing negative
serialNumbers (which shouldn't occur in the first place). In particular,
negating LONG_MAX leads to signed overflow. Ditch the code dealing with
negative serialNumbers representable as long and fall back to the long
form printing. This simplifies the code and fixes
oss-fuzz #49944
with/ok jsing
|
|
Avoid signed integer overflow by casting an int64_t to uint64_t before
negating. Same fix was applied in a_int.c -r1.44, but was forgotten to
be applied to a_enum.c.
ok jsing
|
|
The version field of an X.509 Certificate is an enum
Version ::= INTEGER { v1(0), v2(1), v3(2) }
Printing the version as l + 1 only really makes sense with 0 <= l <= 2.
Otherwise print a naked l while also indicating that it is an unknown
version.
ok jsing
|
|
Both FreeBSD and NetBSD have this behavior. OK deraadt@
|
|
|
|
|
|
|
|
|
|
clear it right before the done label.
|
|
|
|
p5-IO-Socket-SSL regress and regress/sbin/iked/live
Still passes the mutt regress that this was intended to fix.
ok tb@
|
|
the appropriate tls_extension_funcs pointers for client and server from
libssl and reach into them directly.
ok jsing
|
|
table rather than calling the functions directly.
|
|
None of these functions are used outside of ssl_tlsext.c. The only reason
they are prototyped in the header is for the use of tlsexttest.c. Rather
than having a big pile of useless copy-paste in the header, we can adapt
the test to avoid using these functions directly.
ok jsing
|
|
Remove unnecessary conditions for XTS mode, since we know which are XTS.
Also use bytes rather than bits / 8.
ok tb@
|
|
LibreSSL does not do FIPS and nothing else sets or checks these.
ok tb@
|
|
A number of the AES-NI functions are #defines to an aes_* function - remove
these and just use the AES variant directly.
ok tb@
|
|
ok schwarze@
|
|
until the next bump exposes new symbols that we can use.
|
|
In order to be able to make pkcs12/ opaque, we need an entire family of
accessors. These are in a particularly nasty tangle since this was done
in about a dozen steps while sprinkling const, renaming functions, etc.
The public API also adds backward compat macros for functions that were
in the tree for half a day and then renamed. Of course some of them got
picked up by some ports.
Some of the gruesome hacks in here will go away with the next bump, but
that doesn't mean that the pkcs12 directory will be prettier afterward.
ok jsing
|
|
As a first step towards untangling and cleaning up the EVP AES code, expand
the BLOCK_CIPHER_* macros. In particular, rather than having two sets of
macros - one that is used if AESNI is being compiled in and one if it is
not, condition on #ifdef AESNI_CAPABLE in the expanded code.
ok tb@
|
|
https://minnie.tuhs.org/pipermail/tuhs/2017-August/011807.html
ok schwarze@
|
|
ok schwarze@
|
|
Shuffle variables around for consistency, also ensuring appropriate and
consistent initialisation.
ok tb@
|
|
|
|
When PEM_write{,_bio}() were documented by Rich Salz and Richard Levitte,
it was incorrectly stated that the header argument is allowed to be NULL.
This was never true. Instead of fixing the documentation, it was decided
that the API needs a fix, so pull in a variant of OpenSSL 3b9082c8.
ok jsing
|
|
instance would be rekeyed every 1.6MB. This makes it happen at a
random point somewhere in the 1-2MB range.
Feedback deraadt@ visa@, ok tb@ visa@
|
|
Also move the _bignum_nist_p_.*_sqr static BIGNUMs out of individual
functions.
ok tb@
|
|
ok jsing
|
|
|
|
|
|
|
|
Bring in additional AEAD test cases from BoringSSL.
This provides additional coverage for AES-{128,192,256}-GCM, as well as
Chacha20-Poly1305 and XChaCha20-Poly1305.
Discussed with tb@
|
|
|
|
Currently, this must be specified per test - allow it to be given as a
command line argument that applies to the entire test file.
|
