summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_handshake_msg.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2024-08-28Avoid polluting the error stack when printing certificatestb1-3/+17
For a certificate serial number between LONG_MAX and ULONG_MAX, the call to ASN1_INTEGER_get() fails and leaves an error on the stack because the check bs->length <= sizeof(long) doesn't quite do what it's supposed to do (bs is probably for bitstring, although the more common reading would be adequate, too.) Fix this by checking for non-negativity and using ASN1_INTEGER_get_uint64() and add a lengthy comment to explain the nonsense per beck's request. discussed with jsing ok beck
2024-08-27cms_att.c: tidy includes and add x509_local.h for upcoming changetb1-5/+5
2024-08-26replace atoi(3) usage with strtonum(3); ok/tweaks tb@op3-16/+64
2024-08-26replace strtol(3) usage with strtonum(3); idea/ok/tweaks tb@op2-46/+19
2024-08-26ts.c: typo flaf -> flagtb1-2/+2
2024-08-24More precision on what exactly OCSP_id_cmp and OCSP_issuer_id_cmp compare.tb1-7/+14
The existing description was lacking and incorrect, respectively.
2024-08-24conf_def.c: add two trailing commastb1-3/+3
2024-08-24X509at_get_attr: zap trailing comma.tb1-2/+2
reminded by mandoc -Tlint
2024-08-24LibreSSL no longer supports adding X.501 attributes to an EVP_PKEYtb7-206/+11
Remove the corresponding documentation.
2024-08-24Switch UI_UTIL_read_pw* to LCRYPTO_UNUSED()tb1-3/+3
ok jsing
2024-08-24Neuter the completely broken UI_UTIL_read_pw* APItb1-27/+5
Return 0 on success, return <= 0 on failure. Sigh. In particular, if an allocation failed, the password that no one entered was considered valid. ok jsing
2024-08-24Remove documentation of UI_UTIL_read_pw*tb4-122/+7
According to some, a fail-open password verification function is par for the course for libcrypto. Unfortunately, we have been recommending its use over similarly named EVP functions after what amounted to a coin toss a few years back. Luckily enough, no one followed that advice and we can soon remove this API for good.
2024-08-23Remove unwanted trailing newlines from err/warn format strings.anton8-19/+19
2024-08-23Remove use of CSP/LMK in pkcs12 create/verify teststb1-3/+2
reminded by ... anton
2024-08-22PKCS12_create(3): remove Xr to EVP_PKEY_add1_attr(3)tb1-3/+2
This API family has been neutered and will be removed in the next bump. Further cross references will be untangled in the future.
2024-08-22Garbage collect unused attributes member from EVP_PKEYtb2-4/+2
ok miod
2024-08-22Remove copy_bag_attr()tb1-33/+1
It is no longer possible to set an attribute on an EVP_PKEY, so this code is dead. ok miod
2024-08-22Neuter EVP_PKEY_add1_attr_by_NID()tb1-36/+5
The last consumer in openssl(1) pkcs12 has been removed, so we no longer need this function. ok miod
2024-08-22openssl: adjust manual for LMK and CSP removaltb1-10/+2
2024-08-22openssl pkcs12: remove support for LMK and CSP attributestb1-25/+1
Documentation on what the Microsoft-specific local machine keyset and the cryptographic service provider are actually good for is hard to find. For some reason (perhaps one million and two arguments for PKCS12_create() was considered two too many) these hang off the EVP_PKEY in the attributes member, which serves no other purpose. Every use of EVP_PKEY (of which there are far too many) pays extra memory taxes for this fringe use case. This complication is not worth it. ok miod
2024-08-18Use OPENSSL_config() instead of OPENSSL_load_builtin_modules()tb1-2/+2
2024-08-18conf_def.c: shuffle things into a slightly more sensibletb1-80/+69
Reduces upcoming diffs and avoids annoying prototypes.
2024-08-18Remove documentation for X509_REQ_[gs]et_extension_nidstb1-30/+2
These functions have been disabled for a while and they will be removed in the next major bump.
2024-08-18Drop OpenSSL 3.0 interop testing infrastructuretb8-75/+11
The openssl 3.0 port was removed nearly a year ago shortly after the 7.4 release.
2024-08-18Add support for openssl32 in interop testtb7-9/+70
2024-08-18Use struct __sFILE instead of FILE in thread locking callbackguenther1-5/+6
declarations to reduce <stdio.h> pollution. Declare __isthreaded in thread_private.h where it's really needed. ok deraadt@
2024-08-17Zap a trailing comma to appease mandoc -Tlinttb1-2/+2
2024-08-17Remove docs of various X509_TRUST "functionality" that no longer existstb4-334/+5
Some macros are still exposed, but apart from the loss of a very nice way of saying "this is completely misdesigned, overengineered and not properly thought through" the only thing we would have learned from it is that this stuff is "probably useless".
2024-08-15t_recvmmsg and t_sendmmsg were enabled in 2022guenther1-2/+0
2024-08-12Give libtls the same bump as libssltb1-1/+1
2024-08-12Bump minor after symbol additiontb1-1/+1
2024-08-12Add SSL_CTX_set1_cert_store() and SSL_CIPHER_get_handshake_digest() totb1-0/+2
Symbols.list
2024-08-12Expose SSL_CTX_set1_cert_store() and SSL_CIPHER_get_handshake_digest()tb1-5/+1
2024-08-12Make exit(), fclose(), fflush(), and freopen() comply with POSIX-2008guenther1-6/+5
requirements for setting the underlying file position when flushing read-mode streams, and make an fseek()-after-fflush() not change the underlying file position. Much testing, review, and assistance from tb@ ok tb@ millert@
2024-08-12Add -CRLfile option to 'cms' sub commandjob2-7/+38
This option allows to verify certs in a CMS object against additional CRLs. Ported from work by Tom Harrison from APNIC OK tb@
2024-08-11Add include path for crypto_arch.h.jsing2-2/+4
2024-08-11Provide and use crypto_arch.h.jsing23-35/+347
Provide a per architecture crypto_arch.h - this will be used in a similar manner to bn_arch.h and will allow for architecture specific #defines and static inline functions. Move the HAVE_AES_* and HAVE_RC4_* defines here. ok tb@
2024-08-10Remove the empty ui_compat.htb2-67/+1
unused in ports and on codesearch
2024-08-08ct.h: move two asterisks to the proper placetb1-3/+3
2024-08-08check_complete: accept #errortb1-0/+1
2024-08-08check_complete: OBJ_bsearch_() and OBJ_bsearch_ex_() are gonetb1-3/+0
2024-08-08ui_util.c needs stdio.h and ui.h, but not ui_compat.h and ui_local.htb1-4/+3
2024-08-08hmac test: fix build with gcctb1-2/+8
The bounded attribute leads to failing regress compilation with gcc due to a test passing a negative length to exercise a chck. noticed and fixed suggested by claudio
2024-08-07adjust check_complete after recent-ish API and docs changestb1-11/+2
2024-08-07wcslcpy() and wcslcat() are in POSIX-2024. Update #include visibilityguenther1-4/+11
and manpages and add restrict qualifiers. ok millert@
2024-08-05Remove bogus connect(s, NULL, 0) calltb1-5/+1
The only thing it does is error because of a check added in sockargs() in uipc_syscalls r1.155. As guenther pointed out, this may have been added because of a misreading of the last sentence of the first paragraph of the connect(2) manual. Instead of erroring, this will keep listening if -k is given and otherwise it will close the socket and exit with success. ok guenther jeremy
2024-08-04x509_vfy.c: drop some unnecessary parenthesestb1-6/+5
2024-08-03A dozen interfaces in <endian.h> were standardized in POSIX-2024 as expectedguenther1-6/+4
2024-08-03The improbable occurred: strlcpy(3) and strlcat(3) are in POSIX-2024.guenther2-7/+16
memmem(3) was also added. Update #include visibility and manpages and add restrict qualifiers. "never thought I'd see this day" millert@
2024-08-03mkostemp(3) and reallocarray(3) are in POSIX-2024:guenther1-2/+6
adjust #include visibility and update the reallocarray(3) manpage ok millert@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-10 10:32:22 +0000