| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
| |
The tentacles are everywhere. This checks that all certs in a chain
have keys and signature algorithms matching the requirements of the
security_level configured in the verify parameters.
ok beck jsing
|
| |
|
|
|
|
|
|
| |
For some unknown reason this needed a different name than security_level,
both internally and in the public API. Obviously it is exactly the same
garbage.
ok beck jsing
|
| |
|
|
|
|
|
|
| |
the world seems to be using.
Symbols.list changes and exposure to wait for minor bump
ok jsing@ jca@
|
| |
|
|
|
|
|
| |
This also provides a pkey_security_bits member to the PKEY ASN.1 methods
and a corresponding setter EVP_PKEY_asn1_set_security_bits().
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
|
|
| |
Apparently at some point a LONG_it was misaligned - provide and use
long_{get,set}() so that we always memcpy() rather than doing it some times
but not others. While here provide long_clear() rather than abusing and
reusing long_free().
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
Such uri's must be parsed and allowed, but then should
fail if a name constraint is present.
Adds regress testing for this same case.
fixes https://github.com/libressl-portable/openbsd/issues/131
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
| |
While seemingly illogical and not what is done in Go's validator, this
mimics OpenSSL's behavior so that callback overrides for the expiry of
a certificate will not "sticky" override a failure to build a chain.
ok jsing@
|
| |
|
|
|
|
|
| |
Switch to using ints for boolean values and use 0 or 1 for constructed,
rather than using 0 the ASN.1 tag encoded value (1 << 5).
ok tb@
|
| |
|
|
|
|
|
| |
Instead of having a separate get/set implementation, reuse the ASN1_INTEGER
code. Also prepare to provide ASN1_ENUMERATED_{get,set}_int64().
ok beck@ tb@
|
| |
|
|
|
|
| |
In the process, prepare to provide ASN1_INTEGER_{get,set}_{u,}int64().
ok beck@ tb@
|
| |
|
|
| |
ok beck@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
Without these checks in both functions nw = n / BN_BITS2 will be negative
and this leads to out-of-bounds accesses via negative array indices and
memset with a negative size.
Pointed out by cheloha
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
This matches Cohen's text better and makes the entire thing easier to
read.
suggested by jsing
|
| |
|
|
|
|
|
|
|
|
| |
Instead of "Cohen's step N" explain in words what is being done. Things
such as (A & B & 2) != 0 being equivalent to (-1)^((A-1)(B-1)/4) being
negative are not entirely obvious... Remove the strange error dance and
adjust variable names to what Cohen's book uses. Simplify various curly
bits.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
| |
If gcd(a, primes[i]) == 0 then a could still be a prime, namely in the
case that a == primes[i], so check for that case as well.
Problem noted by Martin Grenouilloux
ok jsing
|
| |
|
|
|
|
| |
upper bounds are known to be size_t.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
length and using memcpy(). This also provides a missing overflow check
(which is done by the only caller, however).
ok jsing
|
| |
|
|
|
|
|
| |
Now that session_id_length is a size_t, we can pass it directly to
CBS_write_bytes() instead of using a temporary variable.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
EVP_Digest() can fail, so handle failure appropriately and prepare
switch of session_id_length to a size_t.
ok jsing
|
| |
|
|
|
|
| |
respectively
ok jsing
|
| |
|
|
|
|
| |
redundant parentheses.
ok jsing
|
| |
|
|
|
|
|
| |
is deliberately reduced to an unsigned int. Since the session_id is at
most 32 bytes, this is not a concern.
ok jsing
|
| | |
|
| |
|
|
| |
ok jsing (who informs me he had the same diff in his jungle)
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
Now that master_key_length is a size_t, we no longer have to fiddle with
data_len. We can rather pass a pointer to it to CBS_write_bytes().
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
Failure of this undocumented callback was previously silently ignored.
Follow OpenSSL's behavior and throw an internal error (for lack of a
better choice) if the callback failed or if it set the master_key_length
to a negative number.
Unindent the success path and clean up some strange idioms.
ok jsing
|
| |
|
|
|
|
| |
SSLv2 remnants.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
Wrap long lines and fix a bug where the wrong struct member was checked
for NULL.
ok jsing
|
| |
|
|
|
| |
Apparently 60 * 5 + 4 seconds is 5 minutes. Presumably this is the case
with sufficiently potent crack, which would explain a few things in here.
|
| |
|
|
|
| |
The fallback to SHA-1 if SHA-256 is disabled fell victim to tedu many
moons ago when this file was still called s3_clnt.c and had no RCS ID.
|
| | |
|
| |
|
|
|
|
| |
Found by anton with tlsfuzzer
ok anton
|
| | |
|
| |
|
|
| |
ok jsing
|
