summaryrefslogtreecommitdiff
path: root/src/lib/libtls (unfollow)
Commit message (Collapse)AuthorFilesLines
2025-06-11SMIME_read_ASN1(3) is no longer public,schwarze2-6/+12
so link to SMIME_read_CMS(3) or SMIME_read_PKCS7(3) instead, and sprinkle a few other .Xrs that may be helpful; OK tb@
2025-06-11Explain why we still need OPENSSL_init() (autoconf)tb1-1/+5
2025-06-11Remove BF_PTRtb14-109/+3
In bf_local.h r1.2, openssl/opensslconf.h was pulled out of the HEADER_BF_LOCL_H header guard, so BF_PTR was never defined from opensslfeatures.h. Thus, alpha, mips64, sparc64 haven't used the path that is supposedly optimized for them. On the M3k the speed gain of bf-cbc with BF_PTR is roughly 5%, so not really great. This is blowfish, so I don't think we want to carry complications for alpha and mips64 only. ok jsing kenjiro
2025-06-10err.c: fix previous: 8 spaces -> tabtb1-2/+2
2025-06-09Fix comment: unsigned int, not just inttb1-2/+2
2025-06-09one DES_LONG hid in arch/sh/opensslconf.htb1-8/+0
2025-06-09Move (mostly) MI constants to proper headerstb18-416/+36
Most of the constants here are only defined if a specific header is in scope. So move the machine-independent macros to those headers and lose the header guards. Most of these should actually be typedefs but let's change this when we're bumping the major since this technically has ABI impact. IDEA_INT RC2_INT and RC4_INT are always unsigned int DES_LONG is always unsigned int except on i386 This preserves the existing situation on OpenBSD. If you're using portable on i386 with a compiler that does not define __i386__, there's an ABI break. ok jsing
2025-06-09Make OPENSSL_IA32_SSE2 the default for i386 and remove the flag.jsing8-23/+9
The OPENSSL_IA32_SSE2 flag controls whether a number of the perlasm scripts generate additional implementations that use SSE2 functionality. In all cases except ghash, the code checks OPENSSL_ia32cap_P for SSE2 support, before trying to run SSE2 code. For ghash it generates a CLMUL based implementation in addition to different MMX version (one MMX version hides behind OPENSSL_IA32_SSE2, the other does not), however this does not appear to actually use SSE2. We also disable AES-NI on i386 if OPENSSL_IA32_SSE2. On OpenBSD, we've always defined OPENSSL_IA32_SSE2 so this is effectively a no-op. The only change is that we now check MMX rather than SSE2 for the ghash MMX implementation. ok bcook@ beck@
2025-06-09Remove GNU assembler version check.jsing1-4/+1
GNU assembler version 2.19 was released in 2014, so it does not seem unreasonable to expect that we have an assembler that supports AVX. Furthermore, the current check fails on LLVM. ok bcook@ beck@
2025-06-09Stop defining OPENSSL_IA32_SSE2 on amd64.jsing1-2/+1
This no longer does anything on this architecture. ok bcook@ beck@
2025-06-09Retire the manual pages OPENSSL_load_builtin_modules(3) and OBJ_NAME_add(3)schwarze7-456/+25
because these functions no longer exist. OK tb@
2025-06-09EVP_cleanup(3) is no longer relevant here since it no longer has any effect.schwarze1-3/+2
OK tb@
2025-06-09This file is no longer relevant because the function CONF_module_add()schwarze1-73/+0
is no longer public. Even though ASN1_add_oid_module() still exists as an internal function, this file contains more misleading (DSO, OPENSSL_load_builtin_modules) than useful information, so delete it. OK tb@
2025-06-09SSL_shutdown(): remove pointless NULL check.tb1-2/+2
reported by smatch via jsg ok beck
2025-06-08mention that SSL_load_error_strings(3) lives in libssl;schwarze1-1/+3
"sounds good" tb@
2025-06-08.Lb libssl libcrypto ; OK tb@schwarze121-244/+365
2025-06-08delete an "intentionally undocumented" comment regarding stuffschwarze1-8/+3
that no longer exists, and add .Lb libssl libcrypto; OK tb@
2025-06-08add the missing .In line and add .Lb libssl libcrypto ; OK tb@schwarze2-4/+8
2025-06-08.Lb libcrypto ; OK tb@schwarze411-822/+1233
2025-06-08remove some "intentionally undocumented" comments regarding stuffschwarze9-37/+27
that no longer exists, and add .Lb; OK tb@
2025-06-08add the missing .In line and add .Lb libcrypto ; OK tb@schwarze2-4/+8
2025-06-08allow checking of tls.hschwarze1-2/+3
2025-06-08allow checking of conf.hschwarze1-1/+5
2025-06-08Remove ${MULTIPLE_OF_EIGHT}_BIT*tb13-144/+0
These are unused internally and very few things look at them, none of which should really matter to us, except possibly free pascal on Windows. sizeof has been available since forever... ok jsing
2025-06-08Test to verify the handling of fflush() for the pushed-back buffer thatyasuoka1-1/+40
has been read or that has not.
2025-06-08More code clean up.jsing1-10/+9
Fix some things that got missed in the last pass - the majority is use of post-increment rather than unnecessary pre-increment.
2025-06-08Remove more mess related to arm assembly.jsing1-23/+1
2025-06-08Garbage collect DES_PTRtb13-78/+0
pointed out by/ok jsing
2025-06-08Remove DES_RISC*tb13-715/+0
codesearch.debian.net only shows some legacy openssl patches plus binkd (a FidoNet mailer) as sole potential user. net-snmp and a strongswan DES plugin bundle some opt-in libdes/openssl legacy things. If this should break any of this, I don't think we need to care. If you're really going to use DES you can also use non bleeding edge libressl. We can remove the big 'default values' block because one of DES_RISC1, DES_RISC2, DES_UNROLL is always defined (you can ignore DES_PTR for this), so this is dead support code for mostly dead platforms. ok kenjiro
2025-06-07Trim trailing whitespacetb1-8/+8
2025-06-07Spelling, discussed with jsingtb1-1/+1
2025-06-07tls13_ctx_new(): fix calloc() incantationtb1-2/+2
Switch argument order and use sizeof(*ctx) rather than sizeof(struct ...). ok jsg
2025-06-07Fix weird calloc() argument ordertb1-5/+5
ok jsg
2025-06-07do_PVK_body: Unconditionally free enctmptb1-3/+3
enctmp is only allocated if saltlen > 0, so there is no harm in checking for that, but it's also pointless. Unconfuses smatch who thinks there might be a memory leak: pem/pvkfmt.c:808 do_PVK_body() warn: possible memory leak of 'enctmp' found by jsg
2025-06-07Fix smatch warning in asn1_primitive_print()tb1-2/+2
Remove unnecessary and inconsistent NULL check for 'it', which the only caller, asn1_item_print_ctx(), already dereferenced. found by jsg ok kenjiro
2025-06-07KNF for variations of get_cipher_by_name()tb3-6/+9
2025-06-07openssl.1: update defaults for cms and smimetb1-4/+4
2025-06-07openssl smime: switch default encryption from 40-bit RC2 to AES-256tb1-11/+5
The old default is still available with rc2-40. https://github.com/pyca/cryptography/issues/12949 https://github.com/libressl/portable/issues/1168 ok kenjiro
2025-06-07openssl cms: switch default encryption from triple DES to AES-256tb1-11/+5
The old default is still available with "des3" https://github.com/pyca/cryptography/issues/12949 https://github.com/libressl/portable/issues/1168 ok kenjiro
2025-06-07crypto_ex_data: fix allocation size of classes_newtb1-2/+2
classes_new is an array of pointers to struct crypto_ex_data, not an array of struct crypto_ex_data_index, so this overallocated by 240 or 480 bytes on ILP32 or LP64, respectively. found by jsg using smatch ok jsing
2025-06-06Fix EVP_DecryptFinal() for CCM cipherstb1-5/+10
There is an old trap that you must not call EVP_*Final() when using AES-CCM. While encrypting this happens to be a noop and succeeds, but when decrypting, the call fails. This behavior changed in OpenSSL and BoringSSL, making the trap even worse since we now fail when the others succeed. This is an adaptation of OpenSSL commit 197421b1 to fix this. See also https://github.com/sfackler/rust-openssl/pull/1805#issuecomment-2734788336 ok beck kenjiro
2025-06-05pkcs7.h: drop two spaces before a tabtb1-3/+3
2025-06-05Rename the header guard of des.h with HEADER_DES_Htb14-16/+16
libdes is dead, Jim. Only its successors continue to haunt us. discussed with jsing
2025-06-05Remove preprocessor branching on HEADER_DES_Htb13-13/+13
This was the header guard for des_old.h introduced in 2002 and removed in 2014. The header guard for des.h is HEADER_NEW_DES_H for the sake of inconsistency (ostensibly due to backward compat concerns with libdes). ok jsing
2025-06-05opensslconf.h: remove md2 leftoverstb13-52/+0
md2.h left on Apr 15, 2014, along with jpake and seed. In particular, HEADER_MD2_H is never defined. These bits have been dead ever since. ok jsing
2025-06-04libtls: add basic regress for ALPNtb1-1/+138
This currently only tests the behavior for successful protocol negotiations since the test expects all handshakes to complete.
2025-06-04libtls: abort handshake on no ALPN protcol overlaptb1-2/+2
RFC 7301, section 3.2: In the event that the server supports no protocols that the client advertises, then the server SHALL respond with a fatal "no_application_protocol" alert. This change makes tlsext_alpn_server_process() send the alert rather than pretending no callback was present. ok jsing
2025-06-04Revert 1.144 of lib/libc/stdlib/malloc.3. It was changed by accidentyasuoka1-12/+3
by my previous commit.
2025-06-03Now our fflush() comply POSIX-2008. test_fflush is expected "pass".yasuoka2-6/+3
And switch test___freadahead to use another version that uses fflush().
2025-06-03Again. Make exit(), fclose(), fflush(), and freopen() comply withyasuoka2-9/+17
POSIX-2008 requirements for setting the underlying file position when flushing read-mode streams, and make an fseek()-after-fflush() not change the underlying file position. This commit fixes some minor problems of the previous. previous diff from guenther Much testing, review, assistence form tb@ ok tb@ millert@ for the previous ok asou
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-03 22:54:27 +0000