summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Convert ssl3_get_client_certificate to CBS.doug2015-07-142-30/+38
| | | | ok miod@ jsing@
* Convert ssl3_get_finished to CBS.doug2015-07-142-12/+18
| | | | ok miod@ jsing@
* Convert ssl_parse_clienthello_use_srtp_ext to CBS.doug2015-07-144-84/+50
| | | | ok miod@ jsing@
* Convert ssl3_get_cert_status to CBS.doug2015-07-142-34/+52
| | | | ok miod@ jsing@
* Convert ssl3_get_server_certificate to CBS.doug2015-07-142-34/+36
| | | | ok miod@
* fix the build on arm after the recent addition of -Wundefjsg2015-06-291-2/+2
| | | | ok doug@ deraadt@
* Convert ssl_bytes_to_cipher_list to CBS.doug2015-06-284-20/+40
| | | | | | | Link in the new 'unit' regress and expand the invalid tests to include some that would fail before the CBS conversion. input + ok miod@ jsing@
* Fix pointer to unsigned long conversion.doug2015-06-272-5/+7
| | | | | | | bcook@ notes that this check really only impacted 64-bit Windows. Also, changed the check to be unsigned for consistency. ok bcook@
* Put BUF_memdup() and BUF_reverse() under #ifndef LIBRESSL_INTERNAL.jsing2015-06-241-3/+2
|
* Stop using BUF_memdup() within the LibreSSL code base - it is correctlyjsing2015-06-244-12/+14
| | | | | | spelt malloc+memcpy, which is what is used in all except two places. ok deraadt@ doug@
* Change CBS_dup() to also sync the offset.doug2015-06-232-2/+4
| | | | | | | Previously, CBS_dup() had its own offset. However, it is more consistent to copy everything. ok miod@ jsing@
* Check for failure with CBB_init() in bs_ber.c.doug2015-06-212-4/+6
| | | | From BoringSSL commit 3fa65f0f05f67615d9daf48940e07f84d094ac6e.
* Convert ssl3_get_new_session_ticket to CBS.doug2015-06-202-48/+48
| | | | tweak + ok miod@ jsing@
* Convert ssl3_get_next_proto to CBS.doug2015-06-202-28/+38
| | | | tweak + ok miod@ jsing@
* Convert ssl_parse_serverhello_renegotiate_ext to CBS.doug2015-06-204-38/+42
| | | | ok miod@ jsing@
* Handle NIST curve names.jsing2015-06-201-2/+4
| | | | | | From OpenSSL. ok miod@ (a while ago)
* Have ECPKParameters_print() include the NIST curve name, if known.jsing2015-06-201-1/+10
| | | | | | From OpenSSL. ok miod@ (a while ago).
* Provide EC_curve_nid2nist() and EC_curve_nist2nid().jsing2015-06-202-2/+57
| | | | | | | | From OpenSSL. Rides libcrypto bump. ok miod@ (a while ago)
* Make SSL_OP_ALL readable.jsing2015-06-202-4/+18
| | | | ok deraadt@ doug@ millert@ miod@ sthen@
* Put CRYPTO_memcmp() under #ifndef LIBRESSL_INTERNAL.jsing2015-06-201-1/+3
| | | | ok doug@ deraadt@
* Replace remaining CRYPTO_memcmp() calls with timingsafe_memcmp().jsing2015-06-203-6/+6
| | | | ok doug@ deraadt@
* Convert ssl_parse_clienthello_renegotiate_ext to CBS.doug2015-06-204-30/+28
| | | | ok miod@, tweak + ok jsing@
* Replace internal call to CRYPTO_memcmp with timingsafe_memcmp.doug2015-06-202-4/+4
| | | | | | Suggested by jsing@. ok jsing@ miod@
* Fix warning on vax due to old gcc.doug2015-06-201-4/+4
| | | | | | | Old gcc warns when parameters have the same names as functions. Noticed by deraadt@. ok deraadt@ jsing@
* Crank major for libcrypto, ssl and tls due to MDC-2DES removal.doug2015-06-202-2/+2
| | | | ok miod@ jsing@
* Remove obsolete MDC-2DES from libcrypto.doug2015-06-2022-534/+26
| | | | ok deraadt@ jsing@ miod@
* Return the failing engine ID in the error stack.bcook2015-06-191-2/+4
| | | | | Noted by doug@ in an earlier revision of the dynamic engine removal patch, but I had forgotten to include it in the latest version.
* Disable ENGINE_load_dynamic (dynamic engine support).bcook2015-06-194-517/+11
| | | | | | | We do not build, test or ship any dynamic engines, so we can remove the dynamic engine loader as well. This leaves a stub initialization function in its place. ok beck@, reyk@, miod@
* Convert tls1_alpn_handle_client_hello() to CBS.doug2015-06-192-40/+28
| | | | tweak + ok miod@ jsing@
* Add CBS_dup() to initialize a new CBS with the same values.doug2015-06-194-4/+28
| | | | | | | This is useful for when you need to check the data ahead and then continue on from the same spot. input + ok jsing@ miod@
* Extend the input types for CBB_add_*() to help catch bugs.doug2015-06-184-26/+50
| | | | | | | | | While the previous types were correct, they can silently accept bad data via truncation or signed conversion. We now take size_t as input for CBB_add_u*() and do a range check. discussed with deraadt@ input + ok jsing@ miod@
* Remove Microsoft Server Gated Crypto.doug2015-06-1816-264/+52
| | | | | | | | | Another relic due to the old US crypto policy. From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and 95275599399e277e71d064790a1f828a99fc661a. ok jsing@ miod@
* Change DTLS client cert request code to match TLS.doug2015-06-182-12/+12
| | | | | | | | DTLS currently doesn't check whether a client cert is expected. This change makes the logic in dtls1_accept() match that from ssl3_accept(). From OpenSSL commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65 input + ok jsing@ miod@
* Clean up alert codes and add references.jsing2015-06-172-42/+58
|
* Keep alerts sorted by alert code.jsing2015-06-175-14/+15
|
* Remove pointless comments.jsing2015-06-172-14/+6
|
* Convert ssl_next_proto_validate to CBS.doug2015-06-172-22/+24
| | | | ok miod@, tweak + ok jsing@
* Convert tls1_check_curve to CBS.doug2015-06-172-8/+20
| | | | ok miod@ jsing@
* KNF whitespace.doug2015-06-174-34/+38
| | | | ok miod@ jsing@
* Use explicit int in bs_cbs.c.doug2015-06-174-44/+48
| | | | ok miod@ jsing@
* Use explicit int in bs_ber.c.doug2015-06-172-16/+16
| | | | ok miod@ jsing@
* Add CBS_write_bytes() to copy the remaining CBS bytes to the caller.doug2015-06-174-4/+48
| | | | | | This is a common operation when dealing with CBS. ok miod@ jsing@
* Add a new function CBS_offset() to report the current offset in the data.doug2015-06-174-4/+30
| | | | "why not" miod@, sure jsing@
* Cleanup SSL_OP_* compat flags in ssl.h.doug2015-06-172-62/+48
| | | | | | | | | | | | | | | | | | | | | These were recently removed and are now set to 0: SSL_OP_NETSCAPE_CA_DN_BUG SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG SSL_OP_SSLEAY_080_CLIENT_DH_BUG The code associated with these was deleted in the past at some point and these are also now 0: SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_EPHEMERAL_RSA SSL_OP_MICROSOFT_SESS_ID_BUG SSL_OP_NETSCAPE_CHALLENGE_BUG SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG The SSL_OP_ALL macro has been updated to reflect the removals. ok miod@ jsing@
* Be more strict about BER and DER terminology.doug2015-06-164-56/+66
| | | | | | | | bs_ber.c does not convert BER to DER. It's a hack to convert a DER-like encoding with one violation (indefinite form) to strict DER. Rename the functions to reflect this. ok miod@ jsing@
* Simplify cbs_get_any_asn1_element_internal based on comments from jsing@doug2015-06-164-34/+26
|
* Make CBS_get_any_asn1_element() more compliant with DER encoding.doug2015-06-156-56/+172
| | | | | | | | | | | | | | | | | CBS_get_any_asn1_element violates DER encoding by allowing indefinite form. All callers except bs_ber.c expect DER encoding. The callers must check to see if it was indefinite or not. Rather than exposing all callers to this behavior, cbs_get_any_asn1_element_internal() allows specifying whether you want to allow the normally forbidden indefinite form. This is used by CBS_get_any_asn1_element() for strict DER encoding and by a new static function in bs_ber.c for the relaxed version. While I was here, I added comments to differentiate between ASN.1 restrictions and CBS limitations. ok miod@
* Remove ancient SSL_OP_NETSCAPE_CA_DN_BUG from SSLeay days.doug2015-06-158-106/+40
| | | | | | | This commit matches the OpenSSL removal in commit 3c33c6f6b10864355553961e638514a6d1bb00f6. ok deraadt@
* Remove ancient compat hack SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG.doug2015-06-154-52/+10
| | | | | This was imported into OpenSSL from SSLeay. It was recently deleted in OpenSSL commit 7a4dadc3a6a487db92619622b820eb4f7be512c9
* Remove 1997's compat hack SSL_OP_SSLEAY_080_CLIENT_DH_BUG.doug2015-06-154-22/+16
| | | | This is a hack for an old version of SSLeay which predates OpenSSL.