summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* nc: disallow -T with = when arguments are not key=value pairstb2025-05-141-1/+3
| | | | From Ross L Richardson
* Increase default PKCS12_SALT_LEN from 8 to 16 bytestb2025-05-101-2/+2
| | | | | | | | | | | | | | Currently PKCS12_setup_mac() function uses salt length of 8 bytes / 64 bits when no salt length is specified. Increase this fallback default to 16 bytes / 128 bits, as recommended by NIST SP 800-132. Note this is for interoperability purposes. Some FIPS implementations enforce minimum salt length of 16 bytes. Examples of such FIPS implemenations are Bouncycastle FIPS Java API and Chainguard FIPS Provider for OpenSSL. Also future v3.6 release of OpenSSL will also increase the default salt length to 16 bytes. From Dimitri John Ledkov, thanks
* asn_moid: move inclusion of err_local.h to the proper placetb2025-05-101-2/+2
|
* Sort FOOerror() in ASCII ordertb2025-05-101-18/+18
|
* Simplify the remaining FOOerror()tb2025-05-101-26/+28
| | | | | | | | Redirect through an additional macro that adds the repeated function, file and line macros. Reduces the eyesore and makes the whole thing much more redable. similar to a suggestion by jsing a while back
* Remove unused internal FOOerror()tb2025-05-101-11/+1
| | | | pointed out by djm a while back
* Remove error macros except PEMerr(), RSAerr() and SSLerr()tb2025-05-101-37/+4
| | | | | | | These three are still used in about half a dozen ports. All the others are unused. ok jsing
* ssl_local.h: stop guarding SYSerror() with an #ifdeftb2025-05-101-3/+1
|
* Move the internal FOOerror() to err_local.htb2025-05-102-40/+38
| | | | | | | These are now only used in libcrypto. They should never have been in a public header in the first place. ok jsing
* Use err_local.h rather than err.h in most placestb2025-05-10222-456/+454
| | | | ok jsing
* ssl_local: provide an SSL-internal version of SYSerror()tb2025-05-101-1/+4
|
* SSL_error_internal: remove a superfluous pair of parenstb2025-05-101-3/+2
|
* ssl_local.h: adjust some whitespacetb2025-05-101-3/+3
|
* const correct SSL_error_internal()tb2025-05-102-4/+4
|
* cms: disallow AEAD ciphers and AES XTStb2025-05-101-3/+21
| | | | | | | | | | | | | | | | The CMS code doesn't support RFC 5083/5084 authenticated enveloped data and outputs garbage that even itself can't decrypt for a reason that I have not tried to pinpoint. So refuse using AEAD ciphers and AES XTS for enveloped data from the cms "app" and throw an error pointing out that this isn't supported. OpenSSL have since added incorrect support for AuthEnvelopedData (ASN.1 and code review are hard), so doing this right will need both correct and interoperable code, which I doubt anyone will bother to write anytime soon. Reported by Ben Cooper in https://github.com/libressl/portable/issues/1157 ok beck jsing
* Garbage collect docs of BIO_dump{,_indent}_{cb,fp}()tb2025-05-091-35/+3
| | | | | The _cb() variants were only documented as intentionally undocumented. Be that as it may, they left the building more than a year ago.
* bss_log.c: don't rely on err.h pulling in bio.htb2025-05-091-2/+2
| | | | ok jsing
* openssl ocsp: switch from X509V3error() to perror()tb2025-05-091-6/+6
| | | | ok jsing
* merge the x509name test into x509_name_test.ctb2025-05-054-73/+125
| | | | | | | | | | | | | Remove the old x509name test and its Makefile rule. Its logic has been fully integrated into x509_name_test.c using a new table-driven approach. Each x509 name entry is added and validated step by step, checking both the string representation produced by X509_NAME_print_ex() and the internal RDN set structure. This makes the test easier to extend and maintain, and eliminates the need for an external .expected file or output diff. From Kenjiro Nakayama (with tiny tweaks)
* Fix up two markup mistakes with .Fn and .Xrtb2025-05-041-4/+4
|
* Improve the pqueue testtb2025-05-043-48/+57
| | | | | | | This simplifies the test in portable and makes the whole thing a bit less ugly overall. From Kenjiro Nakayama with minor tweaks by me
* sigh. pqueue_find() also needs a const treatmenttb2025-05-042-4/+4
|
* pqueue.h: zap trailing whitespacetb2025-05-041-3/+3
|
* const correct first argument of pitem_new()tb2025-05-042-4/+4
| | | | Makes upcoming changes in regress less ugly.
* Remove the X9.62 prime239v{1,2,3} curvestb2025-05-041-179/+1
| | | | | | | | | | | | | While RFC 3279 allows these curves for use in X.509 certificates (*), no one actually does this. Certs using these curves cannot be used for TLS and the curves aren't accepted by FIPS either. codesearch shows no actual uses of these curves, only their OIDs are listed. At this point these have become useless historical baggage. ok jsing (*) Of the 27 curves listed in RFC 3279 the only one that seems to have seen actual use in certificates is P-256.
* Remove the three test cases covering prime239v*tb2025-05-041-121/+1
|
* Move P-256 where it belongstb2025-05-041-67/+67
| | | | ok jsing
* Fix typo in curve comment: P224r2 -> P224t1tb2025-05-031-2/+2
|
* CTASSERT that internal pub/priv keys match the sizes exposed in mlkem.htb2025-05-032-2/+10
| | | | | | | This will need reworking (especially deduplicating) anyway, but it doesn't hurt now. From Kenjiro Nakayama
* Verify that the selected key share is indeed group 29tb2025-05-031-1/+6
| | | | From Kenjiro Nakayama
* mlkem_unittest: check return value of decap()tb2025-05-031-5/+11
| | | | From Kenjiro Nakayama
* mlkem_tests: add an empty line for consistencytb2025-05-031-1/+2
|
* More space around .Dl + a typo on toptb2025-05-012-5/+11
|
* lhash: add missing spaces before assignment operatortb2025-05-011-4/+4
|
* tlsext: stop sending SNI before ALPN in clientstb2025-04-301-24/+1
| | | | | | | | | | | All supported releases of LibreSSL ensure that the corresponding callbacks are called in a predefined order rather than honoring the order in which a client sends its extensions. Therefore the ALPN callback for apache-httpd's virtual host setups can rely on SNI information being available and we no longer need to work around this on hte client side. Cuts the amount of code needed for tlsext randomization in half. ok jsing
* tlsexttest: remove check that clients receive SNI before ALPNtb2025-04-301-33/+3
| | | | | | The next commit will remove the kludge for compatibility of Apache with older libressl, so remove the corresponding regress coverage and only check that PSK is the last extension.
* EC_GROUP_check.3: rephrase a sentence to avoid a word repetitiontb2025-04-281-4/+4
|
* EC_GROUP_new_by_curve_name.3: escape a - in code.tb2025-04-281-3/+3
|
* c2sp: drop OpenSSL 1.1 and 3.2, add 3.5tb2025-04-271-2/+2
|
* EC_POINT_point2oct: remove in_ prefix in RETURN VALUEStb2025-04-261-5/+5
|
* EC_GROUP_new_curve_GFp: some fixes in the RETURN VALUE sectiontb2025-04-261-9/+12
|
* Fix markup for EC_GROUP_set_point_conversion_formtb2025-04-261-4/+5
|
* Fix up a few dangling referencestb2025-04-254-13/+12
|
* Rework EC documentationtb2025-04-2513-1242/+1998
| | | | | | | | | | | | | | | | | | | | | | | | | | This replaces the giant, poor quality and outdated EC_GROUP_copy.3, EC_GROUP_new.3, and EC_POINT_new.3 manuals with seven new manuals written from scratch. * EC_GROUP_new_by_curve_name() is the entry point for builtin curves, * EC_GROUP_new_curve_GFp() describes lower level API that should not usually be needed apart from a handful of accessors. * EC_GROUP_check() contains two functions that applications should not need because either you know for certain something is an elliptic curve (so these checks are pointless) or you should not use it. * EC_GROUP_get_curve_name() describes some low level ASN.1 footguns and corresponding getters. * EC_POINT_new() contains the simple EC_POINT allocation and freeing API * EC_POINT_get_affine_coordinates() contains the coordinate accessors * EC_POINT_point2oct() is about encoding elliptic curve points While all this is quite far from perfect, the diff is getting too big and it will be easier to improve this in tree. It is definitely more repetitive than I would like it to be. Reviews, tweaks and general feedback are of course welcome. discussed with jsing
* BN_new: zap an anachronistic admonitiontb2025-04-251-4/+2
| | | | | | | | | -This type should be considered opaque and fields should not be modified -or accessed directly. The type has long been opaque and reasonable people will not do things that permit them to access the fields of opaque types directly. Of course, in the vicinity of OpenSSL code and API all sorts of insanity actually exist.
* Restore two #if defined(GHASH) that were incorrectly removed.jsing2025-04-251-5/+5
| | | | | | | Also condition on defined(GHASH_CHUNK) since this is used within these blocks. This makes the conditionals consistent with other usage. Fixes build with TABLE_BITS == 1.
* Unifdef OPENSSL_SMALL_FOOTPRINT.jsing2025-04-251-13/+5
| | | | ok tb@
* Use the OPENSSL_SMALL_FOOTPRINT code in gcm_init_4bit().jsing2025-04-251-32/+2
| | | | | | | | A modern compiler will unroll these loops - LLVM produces identical code (at least on arm64). Drop the manually unrolled version and have code that is more readable and maintainable. ok tb@
* Mop up all of the GETU32/BSWAP4/BSWAP8 macros since they're now unused.jsing2025-04-232-44/+2
| | | | ok beck@ tb@
* Rewrite gcm_gmult_1bit() to avoid sizeof(long) hacks.jsing2025-04-231-22/+8
| | | | | | | | | | | We're already using 64 bit variables, so just continue to do so and let the compiler deal with code generation. While here, use unsigned right shifts instead of relying on signed right shifts and implementation-defined behaviour (which the original code did). Feedback from lucas@ ok beck@ tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-22 16:14:19 +0000