| Commit message (Collapse) | Author | Files | Lines |
|---|
|
code #ifdef'ing these and compiled with new headers won't work as expected on
earlier libraries
minor libtls bump to match libssl bump
ok tb@
|
|
The last argument is a pointer to the KDF, so use NULL, not 0.
|
|
Reach into the group (p and order are always available) and use
BN_num_bytes() rather than using clumsy and badly named API.
It's shorter and more readable.
ok jsing
|
|
ok miod
|
|
This provides a SHA-512 assembly implementation that makes use of the ARM
Cryptographic Extension (CE), which is found on many arm64 CPUs. This gives
a performance gain of up to 2.5x on an Apple M2 (dependent on block size).
If an aarch64 machine does not have SHA512 support, then we'll fall back to
using the existing C implementation.
ok kettenis@ tb@
|
|
Extend renegotiation tests to cover SSL_OP_NO_RENEGOTIATION and
SSL_OP_ALLOW_CLIENT_RENEGOTIATION.
|
|
In January 2017 we added SSL_OP_NO_CLIENT_RENEGOTIATION, which results in a
SSL_AD_NO_RENEGOTIATION fatal alert if a ClientHello message is seen on an
active connection (client initiated renegotation). Then in May 2017 OpenSSL
added SSL_OP_NO_RENEGOTIATION, which results in a SSL_AD_NO_RENEGOTIATION
warning alert if a server receives a ClientHello on an active connection
(client initiated renegotation), or a client receives a HelloRequest
(server requested renegotation). This option also causes calls to
SSL_renegotiate() and SSL_renegotiate_abbreviated() to fail. Then in 2021,
OpenSSL also added SSL_OP_ALLOW_CLIENT_RENEGOTIATION, which trumps
SSL_OP_NO_RENEGOTIATION but only for incoming ClientHello messages
(apparently unsetting SSL_OP_NO_RENEGOTIATION is too hard).
Provide SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION,
primarily to make life easier for ports. If SSL_OP_NO_CLIENT_RENEGOTIATION
is set it will take precedence and render SSL_OP_ALLOW_CLIENT_RENEGOTIATION
ineffective. The rest of the behaviour should match OpenSSL, with the
exception of ClientHellos triggering fatal alerts instead of warnings.
ok tb@
|
|
We have code that targets a specific architecture level, hence .arch makes
more sense here than .cpu.
Suggested by kettenis@
|
|
Unindent, use correct type for idx (int rather than size_t) and make
this mess a bit more pleasant on the eyes.
ok jsing
|
|
ok jsing
|
|
With the removal of the EC_POINTs_* API, this header features no arrays
anymore, so this noise can go away.
ok miod
|
|
There are three "X9.62 curve over a 239 bit prime field" and the Brainpool
curves are a pair for each field size thanks to their characteristic twist.
Just include the curve name for each of the curves.
discussed with jsing
|
|
|
|
|
|
|
|
|
|
Various ports throw a warning since their tls_session_secret_cb's
signature doesn't match what we expect. Aligns us with OpenSSL 1.1.
This is only useful for RFC 4851 EAP-FAST implementations and
surprisingly it's undocumented.
ok jsing
|
|
ok jsing
|
|
Unfortunately, this is used in acsm-calibre-plugin, via oscrypto.
Fixes https://github.com/Leseratte10/acsm-calibre-plugin/issues/112
ok jsing
|
|
And another one... Completely overengineered for the sake of academic
credentials and only Ruby ever picked this garbage up. Fortunately, it's
no longer used with LibreSSL since we defanged this in 2018. The latest
version of ruby/openssl has completely removed this as part of their post
1.0.x cleanup.
ok jsing
|
|
There goes another implementation detail that should never have been leaked
out of the library.
ok jsing
|
|
These have been noops for a while and as usual some Perl module was the
only thing "using" it.
ok jsing
|
|
Without EC_GROUP_new(), this API is useless. There's EC_GROUP_dup().
ok jsing
|
|
This is an implementation detail and there is no reason to leak it from
the library.
This removes EC_GFp_{mont,simple}_method(), EC_GROUP_{method_of,new}(),
EC_METHOD_get_field_type(), EC_POINT_method_of() from the public API.
EC_GROUP_copy() is now quite useless, so it will go as well.
ok jsing
|
|
CRYPTO_set_mem_ex_functions() was renamed to CRYPTO_set_mem_functions(),
replacing the latter while also correcting the arguments for the free
pointer. The backstory is that a commit that was never compiled was fixed
the wrong way an hour later (both committed without review, obviously),
and here we are, still cleaning up the mess 23 years later.
We carry patches in cjose and stunnel for this; dovecot and links+ have
autoconf checks and will adapt. Oh, and then there's the mariadb
configure time insanity passing wrong function pointers...
ok jsing
|
|
ok jsing
|
|
|
|
|
|
ok jsing
|
|
It's only used in x509_lu.c, so move it there. X509_OBJECT is not
itself refcounted. This API bumps the refcount of its cert or CRL
member. This isn't really useful outside of the library.
ok jsing
|
|
Nothing uses this anymore. M2Crypto has been patched and a fix for
opensc has been upstreamed.
ok jsing
This is the start of a major bump. Don't build the tree until I have
synced sets in about 20 commits.
|
|
Some people are concerned that leaking a user name is a privacy issue.
Allow disabling the __FILE__ and __LINE__ argument in the error stack
to avoid this. This can be improved a bit in tree.
From Viktor Szakats in https://github.com/libressl/portable/issues/761
ok bcook jsing
|
|
|
|
|
|
Linking statically, pull in ec_local.h and provide a prototype for
EC_GROUP_new(), which will be removed from the public API.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
NCONF_get_section() isn't any clearer by using this indirection.
ok jsing
|
|
This provides a SHA-256 assembly implementation that makes use of the ARM
Cryptographic Extension (CE), which is found on many arm64 CPUs. This gives
a performance gain of up to 7.5x on an Apple M2 (dependent on block size).
If an aarch64 machine does not have SHA2 support, then we'll fall back to
using the existing C implementation.
ok kettenis@ tb@
|
|
Don't leak v if its insertion into the hash failed and properly free it
instead.
ok jsing
|
|
ok jsing
|
|
ok jsing
|
