| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
clear it right before the done label.
|
|
|
|
p5-IO-Socket-SSL regress and regress/sbin/iked/live
Still passes the mutt regress that this was intended to fix.
ok tb@
|
|
the appropriate tls_extension_funcs pointers for client and server from
libssl and reach into them directly.
ok jsing
|
|
table rather than calling the functions directly.
|
|
None of these functions are used outside of ssl_tlsext.c. The only reason
they are prototyped in the header is for the use of tlsexttest.c. Rather
than having a big pile of useless copy-paste in the header, we can adapt
the test to avoid using these functions directly.
ok jsing
|
|
Remove unnecessary conditions for XTS mode, since we know which are XTS.
Also use bytes rather than bits / 8.
ok tb@
|
|
LibreSSL does not do FIPS and nothing else sets or checks these.
ok tb@
|
|
A number of the AES-NI functions are #defines to an aes_* function - remove
these and just use the AES variant directly.
ok tb@
|
|
ok schwarze@
|
|
until the next bump exposes new symbols that we can use.
|
|
In order to be able to make pkcs12/ opaque, we need an entire family of
accessors. These are in a particularly nasty tangle since this was done
in about a dozen steps while sprinkling const, renaming functions, etc.
The public API also adds backward compat macros for functions that were
in the tree for half a day and then renamed. Of course some of them got
picked up by some ports.
Some of the gruesome hacks in here will go away with the next bump, but
that doesn't mean that the pkcs12 directory will be prettier afterward.
ok jsing
|
|
As a first step towards untangling and cleaning up the EVP AES code, expand
the BLOCK_CIPHER_* macros. In particular, rather than having two sets of
macros - one that is used if AESNI is being compiled in and one if it is
not, condition on #ifdef AESNI_CAPABLE in the expanded code.
ok tb@
|
|
https://minnie.tuhs.org/pipermail/tuhs/2017-August/011807.html
ok schwarze@
|
|
ok schwarze@
|
|
Shuffle variables around for consistency, also ensuring appropriate and
consistent initialisation.
ok tb@
|
|
|
|
When PEM_write{,_bio}() were documented by Rich Salz and Richard Levitte,
it was incorrectly stated that the header argument is allowed to be NULL.
This was never true. Instead of fixing the documentation, it was decided
that the API needs a fix, so pull in a variant of OpenSSL 3b9082c8.
ok jsing
|
|
instance would be rekeyed every 1.6MB. This makes it happen at a
random point somewhere in the 1-2MB range.
Feedback deraadt@ visa@, ok tb@ visa@
|
|
Also move the _bignum_nist_p_.*_sqr static BIGNUMs out of individual
functions.
ok tb@
|
|
ok jsing
|
|
|
|
|
|
|
|
Bring in additional AEAD test cases from BoringSSL.
This provides additional coverage for AES-{128,192,256}-GCM, as well as
Chacha20-Poly1305 and XChaCha20-Poly1305.
Discussed with tb@
|
|
|
|
Currently, this must be specified per test - allow it to be given as a
command line argument that applies to the entire test file.
|
|
In addition to running AEAD tests against the EVP_AEAD implementation, also
run them against the EVP_CIPHER implementation where applicable.
This is a perfect example of why EVP_AEAD exists and why EVP_CIPHER is
completely unsuited for use with AEADs...
|
|
Currently, each line in the text file is expected to be string of
hexadecimal digits. In addition to this, allow a line to be given as an
quoted ASCII string.
|
|
|
|
We're not going to be compiling without AES or CHACHA/POLY1305 anytime
soon.
|
|
|
|
Use Google's ISC license for this code - this was originally being
upstreamed to OpenSSL by Adam Langley, however it was never actually
accepted and eventually ended up in BoringSSL (via commit dfe3053086).
The same change was made a long time ago for evp/evp_aead.c and others.
|
|
The current AES-NI x86_64 assembly does some strange, although valid
things, such as making internal function calls without creating stack
frames. In this case, the return address lands in the red zone (which it
allows for when making use of the stack) and everything works as expected.
However, this trips a false positive in valgrind, which seems to think that
any data saved on the stack prior to the internal function call is now
"undefined" once the function returns.
Avoid this by actually using stack frames - this brings in most of
6a40ebe86b4 from OpenSSL, omitting the unnecessary explicit stack alignment
(which was apparently added so this code could be used in the Linux kernel
with an incorrectly aligned stack).
Valgrind issue reported by Steffen Jaeckel (@sjaeckel), found via
libstrophe unit tests.
ok tb@
|
|
The current code simply shoves the unvalidated ASN.1 bytes into a BIGNUM on
the hope that other things will detect issues (such as negative values
being flipped to positive). Instead of doing this, decode and validate the
ASN.1 data using ASN1_INTEGER, then convert it to a BIGNUM. Similarly, for
encoding convert from BIGNUM to ASN1_INTEGER and use ASN1_INTEGER encoding.
ok tb@
|
|
Also tidy up bn_new() while here.
ok tb@
|
|
Requested by & ok jsing
|
|
Requested by and ok jsing
|
|
a shortcut bypassing expensive computation, so change goto err to
goto done. Bug introduced in last refactoring before commit.
|
|
|
|
|
|
|
|
Input length < 0 is an error and input length == 0 can result in
strange effects in some ciphers, except in CCM mode, which is extra
special.
Based on OpenSSL 420cb707 by Matt Caswell and Richard Levitte
found by & ok jsing
|
|
|
|
and wctrans_t values are locale-specific) so we can simplify our
implementation in libc
ok schwarze@
|
|
This validates the tables used in bn_is_perfect_square() and checks that
for randomly generated numbers the isqrt() is what it is expected to be.
|
|
for the macro generating test functions for other data types.
This makes sense because both are sufficiently different.
It also avoids a large number of false positive compiler warnings
that guenther@ reported.
OK guenther@
|
