summaryrefslogtreecommitdiff
path: root/src (unfollow)
Commit message (Collapse)AuthorFilesLines
2024-09-22Reinstate bounds check accidentally disabled when defining OPENSSL_NO_DTLS1tb1-3/+1
From Kenjiro Nakayama Closes https://github.com/libressl/portable/issues/1097
2024-09-20remove unneeded semicolons; checked by millert@jsg1-2/+2
2024-09-18Enable large number of extension tests and stop skippking QUIC transporttb1-8/+3
parameter extension which we now know about
2024-09-17tlsfuzzer: add a start-server convenience target for interactive testingtb1-2/+6
2024-09-17Replace OpenSSL 3.1 (which no longer is in ports) with 3.3tb1-2/+2
2024-09-14tlsfuzzer: grammar fix missed in previoustb1-2/+2
2024-09-13typo: troups -> groupstb1-2/+2
2024-09-11parametes -> parameterstb1-2/+2
2024-09-09Make error 235 resolve to "no application protocol"tb1-2/+1
We accidentally have two errors 235 since we didn't notice that OpenSSL removed the unused SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER and later that becamse SSL_R_NO_APPLICATION_PROTOCOL. Getting an "unsupported cipher" error when fiddling with ALPN is confusing, so fix that. ok jsing
2024-09-09Fix alert callback in the QUIC layertb1-2/+12
Only close_notify and user_cancelled are warning alerts. All others should be fatal. In order for the lower layers to behave correctly, the return code for fatal alerts needs to be TLS13_IO_ALERT instead of TLS13_IO_SUCCESS. Failure to signal handshake failure in the public API led to a crash in HAProxy when forcing the tls cipher to TLS_AES_128_CCM_SHA256 as found by haproxyfred while investigating https://github.com/haproxy/haproxy/issues/2569 Kenjiro Nakayama found misbehavior of ngtcp2-based servers, wrote a similar patch and tested this version. Fixes https://github.com/libressl/portable/issues/1093 ok jsing
2024-09-09Add and use tls13_record_layer_alert_sent()tb2-3/+12
This is a small refactoring that wraps a direct call to the record layer's alert_sent() callback into a handler for upcoming reuse in the QUIC code. No functional change. ok jsing
2024-09-07Futhermore -> Furthermoretb1-2/+2
2024-09-06Prepare for an upcoming tlsfuzzer test that expects decode_errortb1-2/+5
when we send illegal_parameter. Shrug.
2024-09-06Reenable AES-NI in libcryptotb4-10/+29
The OPENSSL_cpu_caps() change after the last bump missed a crucial bit: there is more MD mess in the MI code than anticipated, with the result that AES is now used without AES-NI on amd64 and i386, hurting machines that previously greatly benefitted from it. Temporarily add an internal crypto_cpu_caps_ia32() API that returns the OPENSSL_ia32cap_P or 0 like OPENSSL_cpu_caps() previously did. This can be improved after the release. Regression reported and fix tested by Mark Patruck. No impact on public ABI or API. with/ok jsing PS: Next time my pkg_add feels very slow, I should perhaps not mechanically blame IEEE 802.11...
2024-09-06Adjust documentation to work without X509_LOOKUP_by_subject()tb1-52/+5
X509_LOOKUP_by_subject() was made internal a while back. Its documentation was very detailed, so this was a bit of a tangle to undo.
2024-09-03typo in comment; Effectivly -> Effectively; ok gilles@op1-2/+2
2024-09-03wild white spacederaadt1-2/+2
2024-09-02Remove X509_check_trust documentationtb7-226/+11
2024-09-02The X509at_* manuals are no longer neededtb4-299/+4
2024-09-02Also remove .Xr to X509at_*tb1-4/+2
2024-09-02Excise X509at_* from X509_REQ_* documentationtb1-22/+10
2024-09-02Rename lastpos to start_after to match other, similar manualstb1-13/+13
2024-09-02More X509at_* removaltb1-8/+4
2024-09-02Remove mention of the no longer public X509at_* functionstb1-23/+12
2024-09-02Adjust function signatures for const X509_LOOKUP_METHODtb2-8/+8
2024-09-01symbols: remove special case for cpuid_setup and cpu_capstb1-8/+1
The former is gone and the latter is available in crypto.h.
2024-08-31sync x509v3_add_value with x509_utl.ctb1-19/+32
2024-08-31Rewrite X509V3_add_value() to a single exit idiomtb1-19/+32
ok jsing
2024-08-31Remove redundant COPYRIGHT file.jsing1-50/+0
This is already included at the top of each file in this directory. Prompted by tb@
2024-08-31Make fcrypt_body() static and remove prototype.jsing2-6/+3
2024-08-31Unifdef DES_PTR, DES_RISC1 and DES_RISC2.jsing3-162/+3
These are all go fast knobs that convolute the code and can be dangerous. Lets presume that we have a modern and somewhat capable C compiler instead. ok tb@
2024-08-31Unifdef OPENBSD_DES_ASM.jsing2-10/+2
There are no assembly implementations now. ok tb@
2024-08-31Inline and remove spr.h.jsing2-211/+149
This is only included once in des_enc.c - inline the tables instead. Prompted by tb@
2024-08-31Combine DES code into a smaller set of files.jsing19-1967/+1185
Discussed with tb@
2024-08-31Merge fcrypt_b.c into fcrypt.c.jsing3-148/+136
There is no need for these to be separate (presumably done due to assembly implementations, even though there are #ifdef as well). Discussed with tb@
2024-08-31Remove now unused ncbc_enc.c.jsing1-160/+0
2024-08-31Expand DES_ncbc_encrypt() in des_enc.c.jsing1-3/+80
Copy ncbc_enc.c where it was previously #included, then clean up with `unifdef -m -UCBC_ENC_C__DONT_UPDATE_IV`. Discussed with tb@
2024-08-31Expand DES_cbc_encrypt() in cbc_enc.c.jsing1-3/+73
Copy ncbc_enc.c where it was previously #included, then clean up with `unifdef -m -DCBC_ENC_C__DONT_UPDATE_IV`. Discussed with tb@
2024-08-31Update for OPENSSL_cpu_caps() now being machine independent.jsing3-17/+5
2024-08-31Update for OPENSSL_cpu_caps() now being machine independent.jsing1-6/+2
ok tb@
2024-08-31Make OPENSSL_cpu_caps() machine independent.jsing2-18/+23
OPENSSL_cpu_caps() is currently machine dependent and exposes CPUID data on amd64 and i386. However, what it is really used for is to indicate whether specific algorithms are accelerated on the given hardware. Change OPENSSL_cpu_caps() so that it returns a machine indepent value, which decouples it from amd64/i386 and will allow it to be used appropriately on other platforms in the future. ok tb@
2024-08-31Undo workaround for EVP_PKEY_*check() removaltb1-3/+2
2024-08-31major bump for libcrypto libssl and libtlstb3-5/+5
2024-08-31Bump LIBRESSL_VERSION_NUMBERtb1-3/+3
2024-08-31Remove SSL_add_compression_methodtb6-36/+10
2024-08-31Expose X509_get_signature_infotb2-3/+2
To compensate for all the removals, a single, small, constructive piece of this bump: expose X509_get_signature_info() so that libssl's security level API can handle RSA-PSS certificates correctly. ok beck jsing
2024-08-31Make X509at_* API internaltb5-75/+19
The only consumer, yara, has been adjusted. It will be some more work to remove this idiocy internally, but at least we will no longer have to care about external consumers. ok beck jsing
2024-08-31Unexport OPENSSL_cpuid_setup and OPENSSL_ia32cap_Ptb4-8/+1
This allows us in particular to get rid of the MD Symbols.list which were needed on amd64 and i386 for llvm 16 a while back. OPENSSL_ia32cap_P was never properly exported since the symbols were marked .hidden in the asm. ok beck jsing
2024-08-31Zap HMAC_Inittb4-16/+3
Long deprecated, last users have been fixed. ok beck jsing
2024-08-31Nuke the whrlpool (named after the galaxy) from orbittb10-1018/+6
It's just gross. Only used by a popular disk encryption utility on an all-too-popular OS one or two decades back. ok beck jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 21:28:27 +0000