summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_lib.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2023-04-16Mark EC_KEY_{get,insert}_method_data() for removaltb1-1/+5
This is unused and in the way of some house keeping. Thus it will be relocated to the attic. ok jsing
2023-04-16Mark TS_VERIFY_CTX_init() for removaltb1-1/+3
With opaque TS_VERIFY_CTX the init function dangerous and useless. It will be dropped. ok jsing
2023-04-16Prepare addition of X509_STORE_CTX_get1_{certs,crls}(3)tb2-2/+27
X509_STORE_get1_{certs,crls}(3) was added to the OpenSSL 1.1 API with the usual care. At some point later it was noticed that they didn't deal with an X509_STORE at all, but rather with an X509_STORE_CTX, so were misnamed. The fact that X509_STORE_CTX and X509_STORE have their roles reversed when compared to other FOO vs FOO_CTX in this API may or may not be related. Anyway, the X509_STORE versions will be demoted to compat defines and the X509_STORE_CTX will be added to match OpenSSL 1.1 API more closely. This was pointed out by schwarze a long time ago and missed in a few bumps. Hopefully we'll manage to do it this time around. ok jsing
2023-04-16Mark remaining policy tree public API for removaltb2-3/+19
ok jsing
2023-04-16Annotate policy tree STACK_OF() goo for removal from public APItb1-1/+4
ok jsing
2023-04-16The policy tree types become internal ony. Annotate them.tb1-1/+7
ok jsing
2023-04-16Cipher text stealing will go away. Mark it for removal.tb1-1/+3
ok jsing
2023-04-16Mark proxy policy API for removal in upcoming bumptb1-1/+5
ok jsing
2023-04-16Remove the now unused ex_pcpathlen from the X509 structtb1-2/+1
ok jsing
2023-04-16More ProxyCertInfo tentacles go to the attictb2-65/+6
This removes ProxyCertInfo from extension caching, issuer checking and it also drops the special path validation for proxy certs from the legacy verifier. ok jsing
2023-04-16Remove some dead code from the new verifiertb1-7/+1
The new verifier API is currently unused as we still operate the verifier in legacy mode. Therefore ctx->xsc is always set and the EXFLAG_PROXY will soon be dropped from the library, so this error on encountering proxy certs is effectively doubly dead code. ok jsing
2023-04-16Drop support for the ProxyCertInfo extensiontb1-3/+2
This removes the ProxyCertInfo extension from RFC 3820 from the list of supported extensions. Since it is a critical extension, this means that certificates containing it will no longer be considered valid by default. ok jsing
2023-04-16Make pcy_int.h pull in x509_local.h it will need it soontb1-1/+4
ok jsing
2023-04-15ec_point_conversion: do not rely on ec.h pulling in bn.htb1-1/+2
2023-04-15Use size_t rather than int.jsing2-13/+13
Also buy a vowel for rsiz.
2023-04-15Add SHA3 digest length define that was previously missed.jsing1-1/+2
2023-04-15Remove sha3() function, which will not be used or exposed.jsing2-16/+2
2023-04-15Mark sha3_keccakf() as static and remove prototype from header.jsing2-5/+3
2023-04-15Use memset() to zero the context, instead of zeroing manually.jsing1-5/+3
2023-04-15Provide SHA3 length related defines.jsing1-1/+27
These will make EVP integration easier, as well as being used in the SHA3 implementation itself.
2023-04-15Use the same byte order tests as we do elsewhere in libcrypto.jsing1-3/+5
2023-04-15Adjust documentation of X9.31 padding modetb1-6/+6
2023-04-15Stop supporting the long-retired X9.31 standardtb2-113/+57
This isolates the three API functions from the library so they can be easily removed and any attempt to use RSA_X931_PADDING mode will now result in an error. ok jsing
2023-04-15Prepare rsa.h for X9.31 support removaltb1-1/+5
This wraps the three public functions in the usual #if stanza. RSA_X931_PADDING is unfortunately exposed by rust-openssl and erlang. Therefore it will remain visible to avoid breaking the build of lang/rust. Its use in the library will be neutered shortly. ok jsing
2023-04-15Remove now unused GF2m perlasm generatorstb3-980/+0
2023-04-15Rename SHA3 context struct field from 'st' to 'state'.jsing2-15/+15
2023-04-15Rename SHA3 context to align with existing code.jsing2-14/+14
2023-04-15Move some defines out of the sha3_internal.h header.jsing2-10/+6
2023-04-15Stop building GF2m assemblytb3-8/+2
GF2m support will be removed shortly. In the interim drop some of this unused code already and let it fall back to the C implementation. ok jsing
2023-04-15Revise header guards.jsing1-4/+4
2023-04-15Pull constant tables out of sha3_keccakf().jsing1-24/+24
2023-04-15Strip and reformat comments.jsing2-44/+14
Remove various comments that are unhelpful or obvious. Reformat remaining comments per style(9).
2023-04-15Apply style(9) (first pass).jsing2-146/+152
2023-04-15Import sha3_internal.h.jsing1-2/+2
2023-04-15Add license to sha3 files.jsing2-0/+50
2023-04-15Import tiny_sha3jsing2-0/+238
This is a minimal and readable SHA3 implementation. ok tb@
2023-04-15ssltest: Drop more policy go from this test.tb1-357/+21
Hopefully that is all. What an absolutely horrid mess.
2023-04-15ssltest: initial pass of dropping proxy cert gootb1-89/+1
2023-04-15symbols test: drop LIBRESSL_INTERNALtb1-2/+1
This tests the external API, so it should not have visibility to the inside. Silences two warnings since EC_{GROUP,POINT}_clear_free() are now wrapped in #ifndef LIBRESSL_INTERNAL.
2023-04-14Drop policy printing from openssltb6-95/+6
Nothing really uses the policy tree. It's desgined with built-in DoS capabilities directly from the RFC. It will be removed from the attack surface and replaced with something equivalent that doesn't grow exponentially with the depth. This removes the only reason the policy tree itself ever leaked out of the library. ok jsing
2023-04-14cttest: plug leak due to missing SCT_LIST_free()tb1-1/+2
2023-04-14Plug a memleak caused by an extra bump of a refcounttb1-2/+1
SSL_set_session() should really be called SSL_set1_session()...
2023-04-14Cast the uint64_t SCT timestamps to (unsigned long long) for printing.tb1-3/+4
What a wonderful choice between this and that PRI ugliness...
2023-04-14Make the signertest work better with the portable test frameworktb2-14/+12
2023-04-14Make the apitest work better with the portable tets frameworktb2-13/+12
2023-04-14Make cttest work better with the portable test harnesstb2-9/+12
2023-04-14Fix cttest to use public headertb2-5/+3
2023-04-14Rename the largely misnamed bn_print.c to bn_convert.cjsing2-3/+3
This file primarily contains the various BN_bn2*() and BN_*2bn() functions (along with BN_print() and BN_options()). More function shuffling will follow. Discussed with tb@
2023-04-14Provide and use bn_copy_words() in BN_copy().jsing1-31/+15
This is simpler than the current code, while still being well optimised by compilers, across a range of architectures. In many cases we even get a performance gain for the BN sizes that we primarily care about. Joint work with tb@
2023-04-14Add support for truncated SHA512 variants.jsing2-2/+115
This adds support for SHA512/224 and SHA512/256, as specified in FIPS FIPS 180-4. These are truncated versions of the SHA512 hash. ok tb@