summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Refactor IPAddressFamily accessorstb2022-01-041-37/+90
| | | | | | | | | | | Introduce a helper function that allows fetching the AFI and the optional SAFI out of an IPAddressFamily. Also add two wrappers that only fetch and validate the AFI, where validation currently only means that the length is between 2 and 3. Use these accessors throughout to simplify and streamline the code. ok inoguchi jsing
* Return 0 on failure from send/get kex functions in the legacy stack.jsing2022-01-042-43/+43
| | | | | | | | | | | | | In the legacy stack, a message handling function returns -1 for failure, 0 for need more data and 1 for success (although in extra special cases 2 may also be used). However, the various send/get kex functions only need to indicate success or failure - switch these to return 0 on failure (rather than -1) and use normal result testing. This leaves GOST unchanged for now, as that code is special and needs extra work. ok inoguchi@ tb@
* Use normal result testing for tls1_check_curve().jsing2022-01-041-2/+2
|
* Refactor ssl3_get_server_kex_ecdhe() to separate parsing and validation.jsing2022-01-041-20/+18
| | | | | | | | | If we receive something other than a "named curve", send a handshake failure alert as we're unable to complete the handshake with the given parameters. If the server responded with a curve that we did not advertise send an illegal parameter alert. ok inoguchi@ tb@
* Pull key share group/length CBB code up from tls13_key_share_public()jsing2022-01-042-27/+22
| | | | | | | This provides better symmetry with the parsing code and will allow for better reuse with the legacy stack, which has different message structures. ok inoguchi@ tb@
* Only allow zero length key shares when we know we're doing HRR.jsing2022-01-041-3/+5
| | | | ok inoguchi@ tb@
* fix strange indentation in code exampletb2022-01-021-3/+3
|
* contibutions -> contributionsjsg2022-01-011-3/+3
|
* identfier -> identifierjsg2022-01-012-6/+6
|
* excpetions -> exceptionsjsg2021-12-311-3/+3
|
* deafult -> defaultjsg2021-12-311-3/+3
|
* Plug memleakstb2021-12-291-3/+11
| | | | CID 345150
* Plug memleaktb2021-12-291-2/+7
| | | | CID 345156
* More EVP_* return value checkstb2021-12-291-22/+60
| | | | CID 345152
* Remove redundant NULL checkstb2021-12-291-3/+1
| | | | CID 345154
* Minor cleanup after EC_POINT_get_affine_coordinates() unified thetb2021-12-291-23/+6
| | | | | | _GFp and _GF2m variants. CID 345155
* More return value checks for EVP_* APItb2021-12-291-16/+28
| | | | CID 345159
* Check return values of EVP_* APItb2021-12-291-6/+24
| | | | CID 345158
* knfmt makes this slightly nicer.tb2021-12-291-52/+49
|
* One more leak of the same kindtb2021-12-291-2/+2
|
* Plug memleaktb2021-12-291-3/+3
| | | | CID 345160
* Set failed in test_random_points()tb2021-12-291-2/+2
| | | | CID 345141
* Fix typo in commenttb2021-12-281-2/+2
|
* Use lowercase letters for hexadecimal constants, as both jsing and Itb2021-12-281-15/+15
| | | | prefer this.
* Rewrite X509v3_addr_canonize() with new accessorstb2021-12-281-7/+9
| | | | | | | This is again a straightforward conversion and leads to something which matches our usual style more. ok jsing
* Validate AFIs before sorting in X509v3_adr_canonize()tb2021-12-281-1/+7
| | | | | | | Again, we're dealing with necessarily not fully validated data here, so a check up front seems prudent. ok jsing
* Rewrite/simplify X509v3_addr_is_canonical()tb2021-12-281-40/+36
| | | | | | | | This is a more or less straightforward conversion using the new IPAddressFamily accessor API. As a result, some checks have become a bit stricter, which is only desirable here. ok jsing
* Check AFI/SAFI before comparing them in X509v3_addr_is_canonical()tb2021-12-281-1/+8
| | | | | | | | | As mentioned in a previous commit, IPAddressFamily_cmp() can't really check for trailing garbage in addressFamily->data. Since the path validation and hence the X.509 validator call X509v3_addr_is_canonical(), this deals with only partially validated data. ok jsing
* Make IPAddressFamily_cmp() more pleasing on the eyetb2021-12-281-4/+11
| | | | | | | | | | | | | | Define and use MINIMUM() instead of a ternary operator and separate the code from the declarations. Also, we can spare a line to make the return legible instead of squeezing it into another ternary operator. addressFamily->data contains a two-bytes AFI and an optional one-byte SAFI. This function currently also compares any trailing garbage that may be present. Since comparison functions can't really error, this needs to be checked bofore it is used. Such checks will be added in subsequent commits. ok jsing
* Style improvements in X509v3_addr_add_range()tb2021-12-281-8/+15
| | | | ok jsing
* Style improvements in X509v3_addr_add_prefix()tb2021-12-281-7/+16
| | | | ok jsing
* Another small readability tweak in X509v3_addr_inherits()tb2021-12-281-2/+3
| | | | Declare IPAddressFamily before using it.
* Use an accessor in X509v3_addr_inherits()tb2021-12-281-2/+2
|
* Add a comment to i2r_IPAddrBlocks that we may want/have to deal withtb2021-12-281-1/+2
| | | | | | unknown address family types. Pointed out by jsing during review.
* Add a few accessors for IPAddressFamily and make first use of themtb2021-12-281-25/+94
| | | | | | | | | | | | | | One reason why this file is hard to read are endless repetitions of checks and assignments reaching deep inside structs. This can be made much more readable by adding a bunch of accessors. As a first step, we deal with IPAddressFamily, where we want to check the type of the ipAddressChoice member, check whether the inheritance element is present or access the addressOrRanges field. This diff already makes minimal use of these accessors to appease -Werror. More use and additional accessors will follow in later passes. ok inoguchi jsing
* Simplify and explain expand_addr() a bittb2021-12-281-12/+23
| | | | | | | | | | | | | | | | RFC 3779 section 2.1.2 does a decent job of explaining how IP addresses are encoded in. What's stored amounts to a prefix with all trailing zero octets omitted. If there are trailing zero bits in the last non-zero octet, bs->flags & 7 indicates how many. addr_expand() expands this to an address of length 4 or 16 depending on whether we deal with IPv4 or IPv6. Since an address can be the lower or the upper bound of a prefix or address range, expansion needs to be able to zero-fill or one-fill the unused bits/octets. No other expansion is ever used, so simplify the meaning of fill accordingly. There's no need to special case the case that there are no unused bits, the masking/filling is a noop. ok jsing
* Add a comment so I don't forget to think about input validationtb2021-12-281-1/+3
| | | | in make_IPAddressFamily()
* Convert make_IPAddressFamily to CBS/CBBtb2021-12-281-13/+26
| | | | | | | | | | | | | | | The IPAddrBlocks type, which represents the IPAddrBlocks extension, should have exactly one IPAddressFamily per AFI+SAFI combination to be delegated. make_IPAddressFamily() first builds up a search key from the afi and safi arguments and then looks for an existing IPAddressFamily with that key in the IPAddrBlocks that was passed in. It returns that if it finds it or allocates and adds a new one. This diff preserves the current behavior that the afi and *safi arguments are truncated to 2 and 1 bytes, respectively. This may change in the future. ok inoguchi jsing
* Remove two pointless NULL checks and allocationstb2021-12-281-7/+1
| | | | | | | The ASN.1 template for IPAddressFamily doesn't mark either of its two members as optional, so they are allocated by IPAddressFamily_new(). ok inoguchi jsing
* Check for trailing garbage in X509_addr_get_afi()tb2021-12-281-1/+5
| | | | | | | | | | | | Per RFC 3779 2.2.3.3, the addressFamily field contains the 2-byte AFI and an optional 1-byte SAFI. Nothing else. The optional SAFI is nowhere exposed in the API. It is used expliclty only for pretty printing. There are implicit uses in a few places, notably for sorting/comparing where trailing garbage would be erroneously taken into account. Erroring in this situation will let us avoid this in upcoming revisions. ok inoguchi jsing
* Convert X509v3_adr_get_afi() to CBStb2021-12-281-6/+21
| | | | | | | | | | | The manual byte bashing is performed more safely using this API which would have avoided the out-of-bounds read that this API had until a few years back. The API is somewhat strange in that it uses the reserved AFI 0 as an in-band error but it doesn't care about the reserved AFI 65535. ok inoguchi jsing
* Pull BN_{new,init,clear,clear_free,free} up to the top of bn_lib.cjsing2021-12-271-58/+58
| | | | Discussed with tb@
* Provide a set of RSA and ECDSA test certificates/keys.jsing2021-12-2730-0/+919
| | | | These are generated using the make-certs.sh script.
* Provide a script to generate test certificates/keys.jsing2021-12-271-0/+263
| | | | | | | This will allow us to generate a variety of client and server certificates, including expired and revoked certificates, using both RSA and ECDSA. Discussed with tb@
* zap doubled semicolontb2021-12-261-2/+2
|
* Check BIO_indent() return like all the others in this file.tb2021-12-261-2/+3
| | | | CID 345118
* Check error returns for HMAC_* to appease coverity.tb2021-12-261-4/+13
| | | | CID 345114
* One more leak similar to previous.tb2021-12-261-2/+2
|
* Plug leakstb2021-12-261-2/+2
| | | | CID 345111
* Plug memleaktb2021-12-261-2/+4
| | | | CID 345119
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-02 07:11:14 +0000