summaryrefslogtreecommitdiff
path: root/src/lib/libc/string/memcpy.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-06-28Copy the security level stuff in ssl_cert_dup()tb1-1/+5
ok beck jsing sthen
2022-06-28Set up the default callback in SSL_CERTtb1-1/+8
ok beck jsing sthen
2022-06-28Implement the default security level callbacktb3-2/+202
And here is where the fun starts. The tentacles will grow everywhere. ok beck jsing sthen
2022-06-28Provide OPENSSL_TLS_SECURITY_LEVEL definetb1-1/+7
ok beck jsing sthen
2022-06-28Implement SSL_{CTX_}_{g,s}et_security_level(3)tb1-1/+25
ok beck jsing sthen
2022-06-28Add security callback, level and ex_data fields to SSL_CERTtb1-1/+6
ok beck jsing sthen
2022-06-28Add #defines and prototypes for security level APItb1-1/+72
This marks the start of one of the worst API additions in the history of this library. And as everybody knows the bar is high. Very high. ok beck jsing sthen
2022-06-28Negate unsigned then cast to signed.jsing1-2/+2
Avoid undefined behaviour by negating the unsigned value, before casting to int64_t, rather than casting to int64_t then negating. Fixes oss-fuzz #48499 ok tb@
2022-06-28Take away bogus error assignment before callback call.beck1-2/+1
Keep the depth which was needed. This went an error too far, and broke openssl-ruby's callback and error code sensitivity in it's tests. With this removed, both my newly committed regress to verify the same error codes and depths in the callback, and openssl-ruby's tests pass again. ok tb@
2022-06-28Botan 2.19.2 has removed support for the OpenSSL crypto provider.bluhm2-24/+1
It was incompatible with OpenSSL 3.0. Remove the regression test to check that LibreSSL crypto works with Botan tests. This is better than to keep an outdated Botan in ports. discussed with tb@ beck@
2022-06-28Free ciphers before assigning to themtb1-6/+6
While this is not a leak currently, it definitely looks like one. Pointed out by jsing on review of a diff that touched the vicinity a while ago. ok jsing
2022-06-28Only asn1time needs to be static for now.tb1-2/+4
2022-06-28Make this regress test link staticly and use internal symbolsbeck1-1/+2
so that it works and compiles during the tb@ pre-bump shuffle(tm).
2022-06-28Fix the legacy verifier callback behaviour for untrusted certs.beck3-19/+347
The verifier callback is used by mutt to do a form of certificate pinning where the callback gets fired and depending on a cert saved to a file will decide to accept an untrusted cert. This corrects two problems that affected this. The callback was not getting the correct depth and chain for the error where mutt would save the certificate in the first place, and then the callback was not getting fired to allow it to override the failing certificate validation. thanks to Avon Robertson <avon.r@xtra.co.nz> for the report and sthen@ for analysis. "The callback is not an API, it's a gordian knot - tb@" ok jsing@
2022-06-27Correct misleading comment for URI parsingbeck1-4/+10
ok jsing@
2022-06-27Add function to free all of the issuer cache.beck1-13/+39
ok jsing@
2022-06-27Allow security_level to mestastasize into the verifiertb4-4/+156
The tentacles are everywhere. This checks that all certs in a chain have keys and signature algorithms matching the requirements of the security_level configured in the verify parameters. ok beck jsing
2022-06-27Prepare to provide X509_VERIFY_PARAM_set_auth_level()tb3-2/+12
For some unknown reason this needed a different name than security_level, both internally and in the public API. Obviously it is exactly the same garbage. ok beck jsing
2022-06-27Add new time manipulation funcitons that OpenSSL has exposed thatbeck4-26/+121
the world seems to be using. Symbols.list changes and exposure to wait for minor bump ok jsing@ jca@
2022-06-27Prepare to provide EVP_PKEY_security_bits()tb8-8/+75
This also provides a pkey_security_bits member to the PKEY ASN.1 methods and a corresponding setter EVP_PKEY_asn1_set_security_bits(). ok beck jsing
2022-06-27Prepare to provide DH_security_bits()tb2-2/+18
ok beck jsing
2022-06-27Prepare to provide RSA_security_bits()tb2-2/+12
ok beck jsing
2022-06-27Prepare to provide DSA_security_bits()tb2-2/+14
ok beck jsing
2022-06-27Prepare to provide BN_security_bits()tb2-2/+37
ok beck jsing
2022-06-26Provide and use long_{get,set}()jsing1-11/+35
Apparently at some point a LONG_it was misaligned - provide and use long_{get,set}() so that we always memcpy() rather than doing it some times but not others. While here provide long_clear() rather than abusing and reusing long_free(). ok tb@
2022-06-26Fix URI name constraints, allow for URI's with no host part.beck2-3/+38
Such uri's must be parsed and allowed, but then should fail if a name constraint is present. Adds regress testing for this same case. fixes https://github.com/libressl-portable/openbsd/issues/131 ok tb@
2022-06-26whitespacetb1-2/+2
2022-06-25Move leaf certificate checks to the last thing after chain validation.beck3-20/+317
While seemingly illogical and not what is done in Go's validator, this mimics OpenSSL's behavior so that callback overrides for the expiry of a certificate will not "sticky" override a failure to build a chain. ok jsing@
2022-06-25Use ints for boolean values.jsing1-31/+31
Switch to using ints for boolean values and use 0 or 1 for constructed, rather than using 0 the ASN.1 tag encoded value (1 << 5). ok tb@
2022-06-25Reuse ASN1_INTEGER functions for ASN1_ENUMERATED_{get,set}()jsing2-56/+59
Instead of having a separate get/set implementation, reuse the ASN1_INTEGER code. Also prepare to provide ASN1_ENUMERATED_{get,set}_int64(). ok beck@ tb@
2022-06-25Check pointer argument after {d2i,i2d}_ASN1_{BIT_STRING,BOOLEAN,INTEGER}()jsing1-2/+46
2022-06-25Add regress for ASN1_INTEGER_{get,set}_{u,}int64()jsing1-1/+103
2022-06-25Rewrite ASN1_INTEGER_{get,set}() using CBS/CBBjsing4-65/+197
In the process, prepare to provide ASN1_INTEGER_{get,set}_{u,}int64(). ok beck@ tb@
2022-06-25Simplify ASN1_INTEGER_cmp()jsing1-16/+9
ok beck@ tb@
2022-06-25Add regress for ASN1_INTEGER_cmp()jsing1-1/+76
2022-06-23Use dynamic linking correctly. bntest and bn_to_string need static linking.tb1-3/+5
2022-06-22Explicitly include fcntl.h and unistd.h for pipe2tb1-1/+4
2022-06-22Fix format strings for size_ttb1-5/+5
2022-06-22Fix format string: use %zu for size_t, not %lu.tb1-3/+3
2022-06-22Error out on negative shifts in BN_{r,l}shift()tb1-1/+13
Without these checks in both functions nw = n / BN_BITS2 will be negative and this leads to out-of-bounds accesses via negative array indices and memset with a negative size. Pointed out by cheloha ok jsing
2022-06-20Tweak a commenttb1-2/+2
2022-06-20Flip roles of lowercase and uppercase A and B.tb1-44/+44
This matches Cohen's text better and makes the entire thing easier to read. suggested by jsing
2022-06-20Clean up BN_kronecker()tb1-73/+88
Instead of "Cohen's step N" explain in words what is being done. Things such as (A & B & 2) != 0 being equivalent to (-1)^((A-1)(B-1)/4) being negative are not entirely obvious... Remove the strange error dance and adjust variable names to what Cohen's book uses. Simplify various curly bits. ok jsing
2022-06-20Fix some bizarre indentation and line breaks.tb1-8/+7
2022-06-19Use uppercase for SUCCESS for consistencytb1-2/+2
2022-06-19None of these tests needs to link statically.tb2-4/+4
2022-06-19Drop bogus DPADD += ${LIBSSL}tb3-7/+6
2022-06-18Quick regression test that checks that BN_is_prime_fasttest_ex()tb2-1/+97
recognizes the primes in the primes[] table with and without trial division. Would have caught the bug fixed in bn_primes.c r1.9.
2022-06-18Fix prime recognition when doing trial divisionstb1-2/+2
If gcd(a, primes[i]) == 0 then a could still be a prime, namely in the case that a == primes[i], so check for that case as well. Problem noted by Martin Grenouilloux ok jsing
2022-06-15Switch to using TLS_INT instead of handrolling ittb1-3/+2
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-20 03:43:29 +0000