summaryrefslogtreecommitdiff
path: root/src/lib/libssl/bs_cbs.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2015-06-27Add unit tests for LibreSSL.doug3-0/+256
cipher_list.c is based on code from jsing@. Discussed with jsing@
2015-06-27Fix pointer to unsigned long conversion.doug4-10/+14
bcook@ notes that this check really only impacted 64-bit Windows. Also, changed the check to be unsigned for consistency. ok bcook@
2015-06-24Put BUF_memdup() and BUF_reverse() under #ifndef LIBRESSL_INTERNAL.jsing2-6/+4
2015-06-24Stop using BUF_memdup() within the LibreSSL code base - it is correctlyjsing4-12/+14
spelt malloc+memcpy, which is what is used in all except two places. ok deraadt@ doug@
2015-06-23Change CBS_dup() to also sync the offset.doug3-3/+41
Previously, CBS_dup() had its own offset. However, it is more consistent to copy everything. ok miod@ jsing@
2015-06-23Convert bytestringtest to individual checks and don't short circuit.doug1-321/+337
The statements were chained together with OR which makes it more annoying to debug. Also, it was short circuiting all tests as soon as one function failed. Since the functions are independent, they should each run until error. Discussed with miod@ and jsing@
2015-06-23Remove unnecessary regress target.doug1-7/+2
2015-06-21Check for failure with CBB_init() in bs_ber.c.doug2-4/+6
From BoringSSL commit 3fa65f0f05f67615d9daf48940e07f84d094ac6e.
2015-06-21Just return if nmemb is 0. Avoids a NULL dereference and ismillert1-1/+4
consistent with the behavior of the other libc sort functions. OK deraadt@
2015-06-20Convert ssl3_get_new_session_ticket to CBS.doug2-48/+48
tweak + ok miod@ jsing@
2015-06-20Convert ssl3_get_next_proto to CBS.doug2-28/+38
tweak + ok miod@ jsing@
2015-06-20Convert ssl_parse_serverhello_renegotiate_ext to CBS.doug4-38/+42
ok miod@ jsing@
2015-06-20Handle NIST curve names in openssl(1) ecparam.jsing1-1/+4
From OpenSSL.
2015-06-20Handle NIST curve names.jsing2-4/+8
From OpenSSL. ok miod@ (a while ago)
2015-06-20Have ECPKParameters_print() include the NIST curve name, if known.jsing2-2/+20
From OpenSSL. ok miod@ (a while ago).
2015-06-20Less mdc2.jsing1-4/+1
2015-06-20Provide EC_curve_nid2nist() and EC_curve_nist2nid().jsing4-4/+114
From OpenSSL. Rides libcrypto bump. ok miod@ (a while ago)
2015-06-20Make SSL_OP_ALL readable.jsing2-4/+18
ok deraadt@ doug@ millert@ miod@ sthen@
2015-06-20Put CRYPTO_memcmp() under #ifndef LIBRESSL_INTERNAL.jsing2-2/+6
ok doug@ deraadt@
2015-06-20Replace remaining CRYPTO_memcmp() calls with timingsafe_memcmp().jsing6-12/+12
ok doug@ deraadt@
2015-06-20Convert ssl_parse_clienthello_renegotiate_ext to CBS.doug4-30/+28
ok miod@, tweak + ok jsing@
2015-06-20Replace internal call to CRYPTO_memcmp with timingsafe_memcmp.doug2-4/+4
Suggested by jsing@. ok jsing@ miod@
2015-06-20Fix warning on vax due to old gcc.doug2-8/+8
Old gcc warns when parameters have the same names as functions. Noticed by deraadt@. ok deraadt@ jsing@
2015-06-20Crank major for libcrypto, ssl and tls due to MDC-2DES removal.doug5-6/+6
ok miod@ jsing@
2015-06-20Remove obsolete MDC-2DES from libcrypto.doug46-1239/+59
ok deraadt@ jsing@ miod@
2015-06-19Remove needless casts. There's no reason to cast delim to char *millert1-5/+4
when we can just make spanp const char * to match it. OK deraadt@
2015-06-19Add missing message digests to function table.jsing1-3/+27
Diff from kinichiro via github. ok doug@
2015-06-19Remove fallback dynamic engine loading support.bcook1-18/+2
Since we no longer have dynamic engines, don't bother falling back to them if a builtin engine is not found first. Before: $ openssl dgst -engine unknown invalid engine "unknown" 27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown 27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=dynamic After: $ openssl dgst -engine unknown invalid engine "unknown" 27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown ok doug@
2015-06-19Return the failing engine ID in the error stack.bcook2-4/+8
Noted by doug@ in an earlier revision of the dynamic engine removal patch, but I had forgotten to include it in the latest version.
2015-06-19Add standard headers, C++ support to tls.h.bcook1-1/+12
This makes using libtls easier to include by including dependent headers, making something like this work as expected: #include <iostream> #include <tls.h> int main() { std::cout << "tls_init: " << tls_init() << "\n"; } This also makes building a standalone libtls-portable simpler. ok doug@, jsing@
2015-06-19Disable ENGINE_load_dynamic (dynamic engine support).bcook34-1060/+22
We do not build, test or ship any dynamic engines, so we can remove the dynamic engine loader as well. This leaves a stub initialization function in its place. ok beck@, reyk@, miod@
2015-06-19Convert tls1_alpn_handle_client_hello() to CBS.doug2-40/+28
tweak + ok miod@ jsing@
2015-06-19Add CBS_dup() to initialize a new CBS with the same values.doug4-4/+28
This is useful for when you need to check the data ahead and then continue on from the same spot. input + ok jsing@ miod@
2015-06-18Extend the input types for CBB_add_*() to help catch bugs.doug4-26/+50
While the previous types were correct, they can silently accept bad data via truncation or signed conversion. We now take size_t as input for CBB_add_u*() and do a range check. discussed with deraadt@ input + ok jsing@ miod@
2015-06-18Remove Microsoft Server Gated Crypto.doug16-264/+52
Another relic due to the old US crypto policy. From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and 95275599399e277e71d064790a1f828a99fc661a. ok jsing@ miod@
2015-06-18Change DTLS client cert request code to match TLS.doug2-12/+12
DTLS currently doesn't check whether a client cert is expected. This change makes the logic in dtls1_accept() match that from ssl3_accept(). From OpenSSL commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65 input + ok jsing@ miod@
2015-06-18spelling fixes from theo buehler;jmc1-4/+4
2015-06-17add DST Root CA X3 certificate, already present in most browser cert stores.sthen1-0/+77
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing the issuing intermediates for letsencrypt.org so is expected to be important for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@
2015-06-17Clean up alert codes and add references.jsing2-42/+58
2015-06-17Keep alerts sorted by alert code.jsing5-14/+15
2015-06-17Remove pointless comments.jsing2-14/+6
2015-06-17Convert ssl_next_proto_validate to CBS.doug2-22/+24
ok miod@, tweak + ok jsing@
2015-06-17Convert tls1_check_curve to CBS.doug2-8/+20
ok miod@ jsing@
2015-06-17KNF whitespace.doug4-34/+38
ok miod@ jsing@
2015-06-17Use explicit int in bs_cbs.c.doug4-44/+48
ok miod@ jsing@
2015-06-17Use explicit int in bs_ber.c.doug2-16/+16
ok miod@ jsing@
2015-06-17Add tests for CBS_offset() and CBS_write_bytes().doug1-2/+70
"no problem" miod@, tweak + ok jsing@
2015-06-17Add CBS_write_bytes() to copy the remaining CBS bytes to the caller.doug4-4/+48
This is a common operation when dealing with CBS. ok miod@ jsing@
2015-06-17Add a new function CBS_offset() to report the current offset in the data.doug4-4/+30
"why not" miod@, sure jsing@
2015-06-17Cleanup SSL_OP_* compat flags in ssl.h.doug2-62/+48
These were recently removed and are now set to 0: SSL_OP_NETSCAPE_CA_DN_BUG SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG SSL_OP_SSLEAY_080_CLIENT_DH_BUG The code associated with these was deleted in the past at some point and these are also now 0: SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_EPHEMERAL_RSA SSL_OP_MICROSOFT_SESS_ID_BUG SSL_OP_NETSCAPE_CHALLENGE_BUG SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG The SSL_OP_ALL macro has been updated to reflect the removals. ok miod@ jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-10 09:54:33 +0000