summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls_buffer.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-01-09Fix GOST skip certificate verify handling.jsing1-19/+11
GOST skip certificate verify handling got broken in r1.132 of s3_srvr.c circa 2016. Prior to this, ssl3_get_client_key_exchange() returned an 'extra special' value to indicate that the state machine should skip certificate verify. Fix this by setting and checking the TLS1_FLAGS_SKIP_CERT_VERIFY flag, which is the same as is done in the client. ok inoguchi@ tb@
2022-01-09Prepare to provide EVP_MD_CTX{,_set}_pkey_ctx()tb4-5/+55
This API with very strange ownership handling is used by Ruby 3.1, unfortunately. For unclear reasons, it was decided that the caller retains ownership of the pctx passed in. EVP_PKEY_CTX aren't refcounted, so a flag was added to make sure that md_ctx->pctx is not freed in EVP_MD_CTX_{cleanup,reset}(). Since EVP_MD_CTX_copy_ex() duplicates the md_ctx->pctx, the flag also needs to be unset on the duplicated EVP_MD_CTX. ok inoguchi jsing
2022-01-09Clean up pkey handling in ssl3_get_server_key_exchange()jsing1-42/+22
With TLSv1.2 and earlier, the authentication algorithm used to sign the ServerKeyExchange message is dependent on the cipher suite in use and has nothing to do with the key exchange algorithm. As such, check the authentication algorithm based on the cipher suite in ssl3_get_server_key_exchange() and handle things accordingly. ok inoguchi@ tb@
2022-01-09Increase the max size of allocations, in prep for a large cache implementation.otto1-3/+3
2022-01-08Prepare to provide OBJ_length() and OBJ_get0_data()tb2-2/+28
OBJ_length() turns the int obj->length into a size_t, so add an overflow check. While obj->length should never be negative, who knows... ok jsing
2022-01-08tiny whitespace tweaktb1-2/+2
2022-01-08Merge SESS_CERT into SSL_SESSION.jsing8-171/+76
There is no reason for SESS_CERT to exist - remove it and merge its members into SSL_SESSION for the time being. More clean up to follow. ok inoguchi@ tb@
2022-01-08Remove commented out CERT_* defines.jsing1-7/+1
2022-01-08Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY.jsing10-101/+101
Nearly all structs in libssl start with an SSL_ suffix, rename CERT and CERT_PKEY for consistency. ok inoguchi@ tb@
2022-01-08x509_cpols.c will need to include x509_lcl.h soontb1-1/+2
2022-01-08Indicate current default cipherinoguchi1-3/+3
2022-01-07Add some workarounds to make build_addr_block_test_data const.tb1-17/+26
2022-01-07Prepare to provide EVP_AEAD_CTX_{new,free}()tb2-3/+29
ok jsing
2022-01-07Revert previous accidental committb1-2/+2
2022-01-07Rename dh_tmp to dhe_params.jsing5-33/+39
Support for non-ephemeral DH was removed a long time ago - as such, the dh_tmp and dh_tmp_cb are used for DHE parameters. Rename them to reflect reality. ok inoguchi@ tb@
2022-01-07Stop attempting to duplicate the public and private key of dh_tmp.jsing1-17/+1
Support for non-ephemeral DH was removed a very long time ago - the only way that dh_tmp is set is via DHparams_dup(), hence the public and private keys are always going to be NULL. ok inoguchi@ tb@
2022-01-07Convert legacy server to tls_key_share.jsing6-233/+115
This requires a few more additions to the DHE key share code - we need to be able to either set the DHE parameters or specify the number of key bits for use with auto DHE parameters. Additionally, we need to be able to serialise the DHE parameters to send to the client. This removes the infamous 'tmp' struct from ssl3_state_internal_st. ok inoguchi@ tb@
2022-01-07A few more files need asn1_locl.h.tb3-3/+8
2022-01-07include asn1_locl.h where it will be needed for the bump.tb7-7/+19
discussed with jsing
2022-01-07Prepare to make RSA and RSA_METHOD opaque by including rsa_locl.htb9-9/+19
where it will be needed in the upcoming bump. discussed with jsing
2022-01-07Add an essentially empty ocsp_local.h and include it in the filestb10-9/+95
that will need it in the upcoming bump. discussed with jsing
2022-01-07gost needs to look into ecs_locl.htb2-2/+4
2022-01-07Prepare the move of DSA_SIG, DSA_METHOD and DSA to dsa_locl.h bytb10-10/+25
including the local header where it will be needed. discussed with jsing
2022-01-07Add an essentially empty dh_local.h and include it in the files wheretb10-9/+88
it will be needed in the upcoming bump. discussed with jsing
2022-01-07zap trailing whitespacetb1-9/+9
2022-01-07Let dtlstest peek into bio_local.htb2-2/+4
2022-01-07Add a new, mostly empty, bio_local.h and include it in the filestb23-22/+128
that will need it in the upcoming bump. discussed with jsing
2022-01-06refer to longindex as an argument, not a field;jmc1-3/+3
from uwe@netbsd -r1.22 ok millert
2022-01-06Revise for change to tls_key_share_peer_public()jsing1-3/+2
2022-01-06Convert legacy TLS client to tls_key_share.jsing7-256/+181
This requires adding DHE support to tls_key_share. In doing so, tls_key_share_peer_public() has to lose the group argument and gains an invalid_key argument. The one place that actually needs the group check is tlsext_keyshare_client_parse(), so add code to do this. ok inoguchi@ tb@
2022-01-06Allocate and free the EVP_AEAD_CTX struct in tls13_record_protection.jsing1-7/+13
This brings the code more in line with the tls12_record_layer and reduces the effort needed to make EVP_AEAD_CTX opaque. Prompted by and ok tb@
2022-01-06Add regress tests for ASN1_BIT_STRING.jsing1-2/+113
2022-01-06Add a comment that explains why build_addr_block_tests isn't consttb2-3/+8
2022-01-06Convert SCT verification to CBB.jsing1-56/+57
ok inoguchi@ tb@
2022-01-06Sync from libssl.jsing2-2/+21
2022-01-06Test CBB_add_u64()jsing1-2/+6
2022-01-06Provide CBB_add_u64()jsing2-2/+21
Prompted by and ok tb@
2022-01-06minor tweaks, no code changetb1-4/+3
Adjust a comment to reality, zap a stray empty line and fix whitespace before comment after #endif
2022-01-06With openssl-ruby-tests 20220105, test_post_connection_check_wildcard_santb1-2/+2
is now an unexpected pass, so remove it from the expected failures.
2022-01-06Free memory before assign to avoid leakinoguchi1-1/+7
CID 313263 313301 313322
2022-01-06Free memory if error occurredinoguchi1-2/+4
2022-01-06Remove NULL check before freeinoguchi1-3/+2
2022-01-06Fix a copy-paste error that led to an out-of-bounds access.tb1-2/+2
Found via a crash on bluhm's i386 regress test box
2022-01-06Add test coverage for SCT validation.jsing4-7/+116
Of note, the public APIs for this mean that the only way you can add a CTLOG is by reading a configuration file from disk - there is no programmatic way to do this.
2022-01-06t_syscall was a test for the gcc 1.x off_t syscall padding,guenther2-125/+2
which was an implementation detail and has been deleted, so delete the test
2022-01-05Prepare to provide DSA_bits()tb2-2/+11
Used by Qt5 and Qt6 and slightly reduces the patching in there. ok inoguchi jsing
2022-01-05Prepare to provide BIO_set_retry_reason()tb2-2/+11
Needed by freerdp. ok inoguchi jsing
2022-01-05Prepare to provide a number of RSA accessorstb2-2/+67
This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will be exposed in the upcoming bump. ok inoguchi jsing
2022-01-05Prepare to provide ECDSA_SIG_get0_{r,s}()tb2-2/+19
ok inoguchi jsing
2022-01-05Prepare to provide DH_get_length()tb2-2/+11
Will be needed by openssl(1) dhparam. ok inoguchi jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-20 07:37:13 +0000