openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2022-06-26	Provide and use long_{get,set}()	jsing	1	-11/+35
	Apparently at some point a LONG_it was misaligned - provide and use long_{get,set}() so that we always memcpy() rather than doing it some times but not others. While here provide long_clear() rather than abusing and reusing long_free(). ok tb@
2022-06-26	Fix URI name constraints, allow for URI's with no host part.	beck	2	-3/+38
	Such uri's must be parsed and allowed, but then should fail if a name constraint is present. Adds regress testing for this same case. fixes https://github.com/libressl-portable/openbsd/issues/131 ok tb@
2022-06-26	whitespace	tb	1	-2/+2

2022-06-25	Move leaf certificate checks to the last thing after chain validation.	beck	3	-20/+317
	While seemingly illogical and not what is done in Go's validator, this mimics OpenSSL's behavior so that callback overrides for the expiry of a certificate will not "sticky" override a failure to build a chain. ok jsing@
2022-06-25	Use ints for boolean values.	jsing	1	-31/+31
	Switch to using ints for boolean values and use 0 or 1 for constructed, rather than using 0 the ASN.1 tag encoded value (1 << 5). ok tb@
2022-06-25	Reuse ASN1_INTEGER functions for ASN1_ENUMERATED_{get,set}()	jsing	2	-56/+59
	Instead of having a separate get/set implementation, reuse the ASN1_INTEGER code. Also prepare to provide ASN1_ENUMERATED_{get,set}_int64(). ok beck@ tb@
2022-06-25	Check pointer argument after {d2i,i2d}_ASN1_{BIT_STRING,BOOLEAN,INTEGER}()	jsing	1	-2/+46

2022-06-25	Add regress for ASN1_INTEGER_{get,set}_{u,}int64()	jsing	1	-1/+103

2022-06-25	Rewrite ASN1_INTEGER_{get,set}() using CBS/CBB	jsing	4	-65/+197
	In the process, prepare to provide ASN1_INTEGER_{get,set}_{u,}int64(). ok beck@ tb@
2022-06-25	Simplify ASN1_INTEGER_cmp()	jsing	1	-16/+9
	ok beck@ tb@
2022-06-25	Add regress for ASN1_INTEGER_cmp()	jsing	1	-1/+76

2022-06-23	Use dynamic linking correctly. bntest and bn_to_string need static linking.	tb	1	-3/+5

2022-06-22	Explicitly include fcntl.h and unistd.h for pipe2	tb	1	-1/+4

2022-06-22	Fix format strings for size_t	tb	1	-5/+5

2022-06-22	Fix format string: use %zu for size_t, not %lu.	tb	1	-3/+3

2022-06-22	Error out on negative shifts in BN_{r,l}shift()	tb	1	-1/+13
	Without these checks in both functions nw = n / BN_BITS2 will be negative and this leads to out-of-bounds accesses via negative array indices and memset with a negative size. Pointed out by cheloha ok jsing
2022-06-20	Tweak a comment	tb	1	-2/+2

2022-06-20	Flip roles of lowercase and uppercase A and B.	tb	1	-44/+44
	This matches Cohen's text better and makes the entire thing easier to read. suggested by jsing
2022-06-20	Clean up BN_kronecker()	tb	1	-73/+88
	Instead of "Cohen's step N" explain in words what is being done. Things such as (A & B & 2) != 0 being equivalent to (-1)^((A-1)(B-1)/4) being negative are not entirely obvious... Remove the strange error dance and adjust variable names to what Cohen's book uses. Simplify various curly bits. ok jsing
2022-06-20	Fix some bizarre indentation and line breaks.	tb	1	-8/+7

2022-06-19	Use uppercase for SUCCESS for consistency	tb	1	-2/+2

2022-06-19	None of these tests needs to link statically.	tb	2	-4/+4

2022-06-19	Drop bogus DPADD += ${LIBSSL}	tb	3	-7/+6

2022-06-18	Quick regression test that checks that BN_is_prime_fasttest_ex()	tb	2	-1/+97
	recognizes the primes in the primes[] table with and without trial division. Would have caught the bug fixed in bn_primes.c r1.9.
2022-06-18	Fix prime recognition when doing trial divisions	tb	1	-2/+2
	If gcd(a, primes[i]) == 0 then a could still be a prime, namely in the case that a == primes[i], so check for that case as well. Problem noted by Martin Grenouilloux ok jsing
2022-06-15	Switch to using TLS_INT instead of handrolling it	tb	1	-3/+2

2022-06-10	More %i vs %d cleanup	tb	7	-20/+20

2022-06-08	do not refuse valid IPv6 addresses in -X connect (HTTP CONNECT proxy)	djm	1	-2/+2
	support. Identified by Wilmer van der Gaast, ok millert@
2022-06-08	KNF, mostly whitespace - no binary change on amd64	tb	1	-22/+19

2022-06-07	Fix format strings: change %i, %li, %lli to %d, %ld, %lld and switch to	tb	1	-18/+18
	%zu for master_key_length, session_id_length and sid_ctx_length, which are now size_t.
2022-06-07	Change the loop index from an unsigned int to size_t now that all	tb	1	-2/+2
	upper bounds are known to be size_t. ok jsing
2022-06-07	Simplify another CBS_write_bytes() call in d2i_SSL_SESSION()	tb	1	-5/+2
	ok jsing
2022-06-07	Switch sid_ctx_length in SSL, SSL_CTX and SSL_SESSION to a size_t	tb	1	-4/+4
	ok jsing
2022-06-07	Use CBS_write_bytes() instead of manual unpacking of a CBS and assigning	tb	1	-3/+5
	length and using memcpy(). This also provides a missing overflow check (which is done by the only caller, however). ok jsing
2022-06-07	Simplify various CBS_write_bytes() calls	tb	3	-13/+7
	Now that session_id_length is a size_t, we can pass it directly to CBS_write_bytes() instead of using a temporary variable. ok jsing
2022-06-07	Switch SSL_SESSION's session_id_length to a size_t	tb	1	-2/+2
	ok jsing
2022-06-07	Add missing error check call in ssl3_get_new_session_ticket()	tb	1	-4/+9
	EVP_Digest() can fail, so handle failure appropriately and prepare switch of session_id_length to a size_t. ok jsing
2022-06-07	Another small readability tweak: compare explicitly against 0 and NULL,	tb	1	-4/+3
	respectively ok jsing
2022-06-07	Tweak readability of a test: compare tmp explicitly against 0 and drop	tb	1	-2/+2
	redundant parentheses. ok jsing
2022-06-07	Add a cast to SSL_SESSION_get_id() to indicate that session_id_length	tb	1	-2/+2
	is deliberately reduced to an unsigned int. Since the session_id is at most 32 bytes, this is not a concern. ok jsing
2022-06-07	fix indent	tb	1	-2/+2

2022-06-07	Unindent and simplify remove_session_lock()	tb	1	-21/+22
	ok jsing (who informs me he had the same diff in his jungle)
2022-06-07	Drop an unnecessary cast	tb	1	-2/+2
	ok jsing
2022-06-07	Simplify CBS_write_bytes() invocation	tb	1	-5/+2
	Now that master_key_length is a size_t, we no longer have to fiddle with data_len. We can rather pass a pointer to it to CBS_write_bytes(). ok jsing
2022-06-07	The master_key_length can no longer be < 0	tb	1	-2/+2
	ok jsing
2022-06-07	Switch the SSL_SESSION's master_key_length to a size_t	tb	1	-2/+2
	ok jsing
2022-06-07	Add error checking to tls_session_secret_cb() calls	tb	2	-32/+49
	Failure of this undocumented callback was previously silently ignored. Follow OpenSSL's behavior and throw an internal error (for lack of a better choice) if the callback failed or if it set the master_key_length to a negative number. Unindent the success path and clean up some strange idioms. ok jsing
2022-06-06	Use SSL3_CK_VALUE_MASK instead of hardcoded 0xffff and remove some	tb	2	-12/+6
	SSLv2 remnants. ok jsing
2022-06-06	Tweak comment describing the SSL_SESSION ASN.1	tb	1	-4/+5
	ok jsing
2022-06-06	Minor style cleanup in ssl_txt.c	tb	1	-23/+41
	Wrap long lines and fix a bug where the wrong struct member was checked for NULL. ok jsing