| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
| |
Switch to using ints for boolean values and use 0 or 1 for constructed,
rather than using 0 the ASN.1 tag encoded value (1 << 5).
ok tb@
|
|
|
|
|
|
|
| |
Instead of having a separate get/set implementation, reuse the ASN1_INTEGER
code. Also prepare to provide ASN1_ENUMERATED_{get,set}_int64().
ok beck@ tb@
|
|
|
|
|
|
| |
In the process, prepare to provide ASN1_INTEGER_{get,set}_{u,}int64().
ok beck@ tb@
|
|
|
|
| |
ok beck@ tb@
|
|
|
|
|
|
|
|
|
|
| |
Without these checks in both functions nw = n / BN_BITS2 will be negative
and this leads to out-of-bounds accesses via negative array indices and
memset with a negative size.
Pointed out by cheloha
ok jsing
|
| |
|
|
|
|
|
|
|
| |
This matches Cohen's text better and makes the entire thing easier to
read.
suggested by jsing
|
|
|
|
|
|
|
|
|
|
| |
Instead of "Cohen's step N" explain in words what is being done. Things
such as (A & B & 2) != 0 being equivalent to (-1)^((A-1)(B-1)/4) being
negative are not entirely obvious... Remove the strange error dance and
adjust variable names to what Cohen's book uses. Simplify various curly
bits.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
If gcd(a, primes[i]) == 0 then a could still be a prime, namely in the
case that a == primes[i], so check for that case as well.
Problem noted by Martin Grenouilloux
ok jsing
|
|
|
|
|
|
| |
upper bounds are known to be size_t.
ok jsing
|
|
|
|
| |
ok jsing
|
|
|
|
| |
ok jsing
|
|
|
|
|
|
|
| |
length and using memcpy(). This also provides a missing overflow check
(which is done by the only caller, however).
ok jsing
|
|
|
|
|
|
|
| |
Now that session_id_length is a size_t, we can pass it directly to
CBS_write_bytes() instead of using a temporary variable.
ok jsing
|
|
|
|
| |
ok jsing
|
|
|
|
|
|
|
| |
EVP_Digest() can fail, so handle failure appropriately and prepare
switch of session_id_length to a size_t.
ok jsing
|
|
|
|
|
|
| |
respectively
ok jsing
|
|
|
|
|
|
| |
redundant parentheses.
ok jsing
|
|
|
|
|
|
|
| |
is deliberately reduced to an unsigned int. Since the session_id is at
most 32 bytes, this is not a concern.
ok jsing
|
| |
|
|
|
|
| |
ok jsing (who informs me he had the same diff in his jungle)
|
|
|
|
| |
ok jsing
|
|
|
|
|
|
|
| |
Now that master_key_length is a size_t, we no longer have to fiddle with
data_len. We can rather pass a pointer to it to CBS_write_bytes().
ok jsing
|
|
|
|
| |
ok jsing
|
|
|
|
| |
ok jsing
|
|
|
|
|
|
|
|
|
|
|
| |
Failure of this undocumented callback was previously silently ignored.
Follow OpenSSL's behavior and throw an internal error (for lack of a
better choice) if the callback failed or if it set the master_key_length
to a negative number.
Unindent the success path and clean up some strange idioms.
ok jsing
|
|
|
|
|
|
| |
SSLv2 remnants.
ok jsing
|
|
|
|
| |
ok jsing
|
|
|
|
|
|
|
| |
Wrap long lines and fix a bug where the wrong struct member was checked
for NULL.
ok jsing
|
|
|
|
|
| |
Apparently 60 * 5 + 4 seconds is 5 minutes. Presumably this is the case
with sufficiently potent crack, which would explain a few things in here.
|
|
|
|
|
| |
The fallback to SHA-1 if SHA-256 is disabled fell victim to tedu many
moons ago when this file was still called s3_clnt.c and had no RCS ID.
|
| |
|
|
|
|
|
|
| |
Found by anton with tlsfuzzer
ok anton
|
| |
|
|
|
|
| |
ok jsing
|
|
|
|
| |
ok jsing
|
|
|
|
|
|
|
| |
This will be used to indicate client side support for DHE key
establishment.
ok jsing
|
|
|
|
|
|
| |
key exchange mode extension, as required by RFC 8446, 4.2.9.
ok jsing
|
|
|
|
| |
ok jsing
|
|
|
|
| |
extract_min_max().
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of inl, outl, and outll, use in_len, out_len, and buf_out_len.
Use the appropriate types for them. Check return values properly, check
for overflow. Remove some unnecessary casts and add some for readability.
Use asn1_abs_set_unused_bits() instead of inlining it.
This removes the last direct consumer of ASN1_STRING_FLAG_BITS_LEFT
outside of asn1/a_bitstr.c. The flag is still mentioned in x509/x509_addr.c
but that will hopefully go away soon.
tweaks/ok jsing
|
|
|
|
|
|
|
|
| |
Don't try to reuse curve->seed to avoid an allocation. Free it
unconditionally and copy over the group->seed if it's available.
Use asn1_abs_set_unused_bits() instead of inlining it.
ok jsing
|
|
|
|
|
|
| |
asn1_abs_set_unused_bits()
ok jsing
|
|
|
|
|
|
|
| |
This streamlines the logic and uses ASN1_STRING_set0() and
asn1_abs_set_unused_bits() instead of inlining them.
ok jsing
|
|
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Factor out the ef->asn1_ex_d2i() callback handling - this allows us to pull
out all of the related variables into a self-contained function.
ok tb@
|
|
|
|
|
|
|
|
|
| |
Also use array indexes for it->templates, rather than trying to be extra
clever in for loops (suggested by tb@ during a review).
No functional change.
ok tb@
|
|
|
|
|
|
|
|
|
| |
It no longer makes sense to have "extended" versions of functions
internally.
No functional change.
ok tb@
|