| Commit message (Collapse) | Author | Files | Lines |
|---|
|
is deliberately reduced to an unsigned int. Since the session_id is at
most 32 bytes, this is not a concern.
ok jsing
|
|
|
|
ok jsing (who informs me he had the same diff in his jungle)
|
|
ok jsing
|
|
Now that master_key_length is a size_t, we no longer have to fiddle with
data_len. We can rather pass a pointer to it to CBS_write_bytes().
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
Failure of this undocumented callback was previously silently ignored.
Follow OpenSSL's behavior and throw an internal error (for lack of a
better choice) if the callback failed or if it set the master_key_length
to a negative number.
Unindent the success path and clean up some strange idioms.
ok jsing
|
|
SSLv2 remnants.
ok jsing
|
|
ok jsing
|
|
Wrap long lines and fix a bug where the wrong struct member was checked
for NULL.
ok jsing
|
|
Apparently 60 * 5 + 4 seconds is 5 minutes. Presumably this is the case
with sufficiently potent crack, which would explain a few things in here.
|
|
The fallback to SHA-1 if SHA-256 is disabled fell victim to tedu many
moons ago when this file was still called s3_clnt.c and had no RCS ID.
|
|
|
|
|
|
|
|
|
|
Found by anton with tlsfuzzer
ok anton
|
|
|
|
ok jsing
|
|
ok jsing
|
|
This will be used to indicate client side support for DHE key
establishment.
ok jsing
|
|
key exchange mode extension, as required by RFC 8446, 4.2.9.
ok jsing
|
|
ok jsing
|
|
|
|
|
|
|
|
extract_min_max().
|
|
Instead of inl, outl, and outll, use in_len, out_len, and buf_out_len.
Use the appropriate types for them. Check return values properly, check
for overflow. Remove some unnecessary casts and add some for readability.
Use asn1_abs_set_unused_bits() instead of inlining it.
This removes the last direct consumer of ASN1_STRING_FLAG_BITS_LEFT
outside of asn1/a_bitstr.c. The flag is still mentioned in x509/x509_addr.c
but that will hopefully go away soon.
tweaks/ok jsing
|
|
Don't try to reuse curve->seed to avoid an allocation. Free it
unconditionally and copy over the group->seed if it's available.
Use asn1_abs_set_unused_bits() instead of inlining it.
ok jsing
|
|
asn1_abs_set_unused_bits()
ok jsing
|
|
This streamlines the logic and uses ASN1_STRING_set0() and
asn1_abs_set_unused_bits() instead of inlining them.
ok jsing
|
|
ok jsing
|
|
causing EACCESS as opposed of ESDIR to be returned while trying to
truncate a directory as a user lacking write permissions to the same
directory. As this behavior is reasonable, change the truncate directory
from /etc/ to /tmp which makes the test pass both as root and non-root.
|
|
|
|
Factor out the ef->asn1_ex_d2i() callback handling - this allows us to pull
out all of the related variables into a self-contained function.
ok tb@
|
|
Also use array indexes for it->templates, rather than trying to be extra
clever in for loops (suggested by tb@ during a review).
No functional change.
ok tb@
|
|
It no longer makes sense to have "extended" versions of functions
internally.
No functional change.
ok tb@
|
|
This got broken when system.c was converted from signal(3) to sigaction(2).
Also add SIGINT and SIGQUIT to the set of blocked signals and unblock
them in the parent after the signal handlers are installed.
Based on a diff from Leon Fischer. OK deraadt@
|
|
Unfortunately, several things in the ecosystem depend on the existing
API behavior of being able to pass in an uninitialized pointer on the
stack: haproxy, grpc, mongo-tools and others show up on the first two
pages of Debian codesearch.
ok jsing
|
|
Exposed by recent rewrite of ASN1_STRING_to_UTF8(). Found via grep
after fixing CID 352831.
ok jsing
|
|
Exposed by recent rewrite of ASN1_STRING_to_UTF8().
CID 352831
ok jsing
|
|
Order functions by use, moving public API to the bottom and utility
functions to the top. This makes the code more logical/readable, plus we
can remove all except one of the static function prototypes.
No functional change.
|
|
Rewrite the asn1_template_*() functions with CBS, readable variable names
and free then alloc.
This was the last caller of asn1_check_eoc() and asn1_check_tag(), hence
remove them and rename the _cbs suffixed versions in their place.
ok tb@
|
|
|
|
Split the object content handling off into asn1_d2i_ex_primitive_content(),
move the handling ov V_ASN1_ANY into asn1_d2i_ex_any() and move the MSTRING
handling into asn1_d2i_ex_mstring(). This way we parse the header once
(rather than twice for ANY and MSTRING), then process the content, while
also avoiding complex special cases in a single code path.
ok tb@
|
|
Change asn1_template_ex_d2i() so that we short circuit in the no explicit
tagging case.
Split out the SET OF/SEQUENCE OF handling from asn1_template_noexp_d2i()
into a asn1_template_stack_of_d2i() function and simplify the remaining
code.
ok tb@
|
|
Should have been part of a previous commit.
ok jsing
|
|
Factor the trimming of the end and the counting of unused bits into
helper functions and reuse an ASN.1 bit string API to set the unused
bits and the ASN1_STRING_FLAG_BITS_SET. With a couple of explanatory
comments it becomes much clearer what the code is actually doing and
why.
ok jsing
|
|
In order to set the BIT STRING containing an address prefix, use existing
helper functions from the ASN.1 code instead of redoing everything by
hand. Make the function single exit and rename a few variables to make
it clearer what is being done.
ok jsing
|
