summaryrefslogtreecommitdiff
path: root/src/lib (unfollow)
Commit message (Collapse)AuthorFilesLines
3 daysminor libssl bump (SSL_OP_NO_RENEGOTIATION/SSL_OP_ALLOW_CLIENT_RENEGOTIATION)HEADmastersthen2-2/+2
code #ifdef'ing these and compiled with new headers won't work as expected on earlier libraries minor libtls bump to match libssl bump ok tb@
3 dayspkey_ec_derive: fix call to ECDH_compute_key()tb1-2/+2
The last argument is a pointer to the KDF, so use NULL, not 0.
3 daysSimplify field and private key encodingtb1-13/+3
Reach into the group (p and order are always available) and use BN_num_bytes() rather than using clumsy and badly named API. It's shorter and more readable. ok jsing
3 daysMake srtp.h self-standing by including ssl.htb1-1/+3
ok miod
3 daysProvide an accelerated SHA-512 assembly implementation for aarch64.jsing4-2/+353
This provides a SHA-512 assembly implementation that makes use of the ARM Cryptographic Extension (CE), which is found on many arm64 CPUs. This gives a performance gain of up to 2.5x on an Apple M2 (dependent on block size). If an aarch64 machine does not have SHA512 support, then we'll fall back to using the existing C implementation. ok kettenis@ tb@
3 daysTest SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION.jsing1-1/+56
Extend renegotiation tests to cover SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION.
4 daysProvide SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION.jsing4-6/+36
In January 2017 we added SSL_OP_NO_CLIENT_RENEGOTIATION, which results in a SSL_AD_NO_RENEGOTIATION fatal alert if a ClientHello message is seen on an active connection (client initiated renegotation). Then in May 2017 OpenSSL added SSL_OP_NO_RENEGOTIATION, which results in a SSL_AD_NO_RENEGOTIATION warning alert if a server receives a ClientHello on an active connection (client initiated renegotation), or a client receives a HelloRequest (server requested renegotation). This option also causes calls to SSL_renegotiate() and SSL_renegotiate_abbreviated() to fail. Then in 2021, OpenSSL also added SSL_OP_ALLOW_CLIENT_RENEGOTIATION, which trumps SSL_OP_NO_RENEGOTIATION but only for incoming ClientHello messages (apparently unsetting SSL_OP_NO_RENEGOTIATION is too hard). Provide SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION, primarily to make life easier for ports. If SSL_OP_NO_CLIENT_RENEGOTIATION is set it will take precedence and render SSL_OP_ALLOW_CLIENT_RENEGOTIATION ineffective. The rest of the behaviour should match OpenSSL, with the exception of ClientHellos triggering fatal alerts instead of warnings. ok tb@
4 daysUse .arch rather than .cpu for sha2 instructions.jsing1-2/+2
We have code that targets a specific architecture level, hence .arch makes more sense here than .cpu. Suggested by kettenis@
4 daysStreamline X509_VERIFY_PARAM_add0_table()tb1-17/+12
Unindent, use correct type for idx (int rather than size_t) and make this mess a bit more pleasant on the eyes. ok jsing
4 daysx509_vpm: remove unnecessary NULL check before sk_pop_free()tb1-4/+2
ok jsing
6 daysec.h: remove last SunPro pragmastb1-13/+1
With the removal of the EC_POINTs_* API, this header features no arrays anymore, so this noise can go away. ok miod
6 daysDisambiguate curve commentstb1-21/+21
There are three "X9.62 curve over a 239 bit prime field" and the Brainpool curves are a pair for each field size thanks to their characteristic twist. Just include the curve name for each of the curves. discussed with jsing
6 daysX509_NAME_print_ex: zap stray commatb1-2/+2
6 daysGive libtls the same bump as libcrypto and libssltb1-2/+2
6 daysGive libssl the same bump as libcryptotb1-1/+1
6 daysBump libcrypto major after symbol removaltb1-1/+1
6 daysconst correct tls_session_secret_cb_fn()tb4-8/+8
Various ports throw a warning since their tls_session_secret_cb's signature doesn't match what we expect. Aligns us with OpenSSL 1.1. This is only useful for RFC 4851 EAP-FAST implementations and surprisingly it's undocumented. ok jsing
6 daysBump LibreSSL versiontb1-3/+3
ok jsing
6 daysReinstate PKCS12_key_gen_uni()tb5-7/+10
Unfortunately, this is used in acsm-calibre-plugin, via oscrypto. Fixes https://github.com/Leseratte10/acsm-calibre-plugin/issues/112 ok jsing
6 daysRemove EC_POINTs_* APItb4-34/+3
And another one... Completely overengineered for the sake of academic credentials and only Ruby ever picked this garbage up. Fortunately, it's no longer used with LibreSSL since we defanged this in 2018. The latest version of ruby/openssl has completely removed this as part of their post 1.0.x cleanup. ok jsing
6 daysRemove Jprojective_coordinates APItb4-29/+3
There goes another implementation detail that should never have been leaked out of the library. ok jsing
6 daysUnexport EC_GROUP_*precompute_mult()tb4-25/+3
These have been noops for a while and as usual some Perl module was the only thing "using" it. ok jsing
6 daysUnexport EC_GROUP_copy()tb4-8/+4
Without EC_GROUP_new(), this API is useless. There's EC_GROUP_dup(). ok jsing
6 daysUnexport EC_METHOD and all API using ittb6-56/+10
This is an implementation detail and there is no reason to leak it from the library. This removes EC_GFp_{mont,simple}_method(), EC_GROUP_{method_of,new}(), EC_METHOD_get_field_type(), EC_POINT_method_of() from the public API. EC_GROUP_copy() is now quite useless, so it will go as well. ok jsing
6 daysAlign CRYPTO_set_mem*_functions with OpenSSL 1.1tb4-20/+9
CRYPTO_set_mem_ex_functions() was renamed to CRYPTO_set_mem_functions(), replacing the latter while also correcting the arguments for the free pointer. The backstory is that a commit that was never compiled was fixed the wrong way an hour later (both committed without review, obviously), and here we are, still cleaning up the mess 23 years later. We carry patches in cjose and stunnel for this; dovecot and links+ have autoconf checks and will adapt. Oh, and then there's the mariadb configure time insanity passing wrong function pointers... ok jsing
6 daysconst correct UI_OpenSSL()tb2-5/+5
ok jsing
6 daysFix documented signature of UI_OpenSSL()tb1-3/+3
6 daysFix documented signature of BN_MONT_CTX_copy()tb1-3/+3
6 daysconst correct BN_MONT_CTX_copy()tb2-4/+4
ok jsing
6 daysUnexport the weird X509_OBJECT_up_ref_count()tb4-8/+6
It's only used in x509_lu.c, so move it there. X509_OBJECT is not itself refcounted. This API bumps the refcount of its cert or CRL member. This isn't really useful outside of the library. ok jsing
6 daysUnexport X509_NAME_print()tb4-8/+4
Nothing uses this anymore. M2Crypto has been patched and a fix for opensc has been upstreamed. ok jsing This is the start of a major bump. Don't build the tree until I have synced sets in about 20 commits.
6 daysSupport OPENSSL_NO_FILENAMEStb18-91/+221
Some people are concerned that leaking a user name is a privacy issue. Allow disabling the __FILE__ and __LINE__ argument in the error stack to avoid this. This can be improved a bit in tree. From Viktor Szakats in https://github.com/libressl/portable/issues/761 ok bcook jsing
6 daysX509_NAME_print_ex.3: move s to the proper placetb1-2/+2
7 daysRemove mention of X509_NAME_print(3) in the docstb3-46/+13
7 daysec_asn1_test: Prepare for upcoming bumptb2-8/+11
Linking statically, pull in ec_local.h and provide a prototype for EC_GROUP_new(), which will be removed from the public API.
7 daysAdjust signature of CRYPTO_set_mem_functions and remove _get_ docstb1-23/+5
7 daysRename CRYPTO_get_mem_functions.3 to CRYPTO_set_mem_functions.3tb2-4/+4
7 daysRemove EC_POINT_method_of() docstb1-19/+1
7 daysRemove X509_OBJECT_free_contets() docstb1-20/+3
7 daysRemove X509_OBJECT_up_ref_count() documentationtb1-23/+2
7 daysRemove EC_PIONT_{get,set}_Jprojective_coordinates_GFp docstb1-53/+1
7 daysRemove EC_POINTs_{make_affine,mul}() docstb1-67/+2
7 daysRemove EC_GROUP_{,have_}precompute_mult() docstb1-31/+4
7 daysRemove EC_GROUP_method_of() docstb1-20/+1
7 daysRemove EC_GFp_* and EC_METHOD_get_field_type docstb7-156/+12
8 daysInline _CONF_get_section_values() in its last caller and remove ittb3-19/+9
NCONF_get_section() isn't any clearer by using this indirection. ok jsing
8 daysProvide an accelerated SHA-256 assembly implementation for aarch64.jsing4-2/+232
This provides a SHA-256 assembly implementation that makes use of the ARM Cryptographic Extension (CE), which is found on many arm64 CPUs. This gives a performance gain of up to 7.5x on an Apple M2 (dependent on block size). If an aarch64 machine does not have SHA2 support, then we'll fall back to using the existing C implementation. ok kettenis@ tb@
9 days_CONF_new_section: error check hash insertiontb1-1/+5
Don't leak v if its insertion into the hash failed and properly free it instead. ok jsing
9 days_CONF_new_section(): avoid silly ok dancetb1-11/+8
ok jsing
9 days_CONF_new_section(): replace hand-rolled strdup() with the real thingtb1-5/+3
ok jsing