summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2015-06-21Check for failure with CBB_init() in bs_ber.c.Doug Hogan
From BoringSSL commit 3fa65f0f05f67615d9daf48940e07f84d094ac6e.
2015-06-21Just return if nmemb is 0. Avoids a NULL dereference and isTodd C. Miller
consistent with the behavior of the other libc sort functions. OK deraadt@
2015-06-20Convert ssl3_get_new_session_ticket to CBS.Doug Hogan
tweak + ok miod@ jsing@
2015-06-20Convert ssl3_get_next_proto to CBS.Doug Hogan
tweak + ok miod@ jsing@
2015-06-20Convert ssl_parse_serverhello_renegotiate_ext to CBS.Doug Hogan
ok miod@ jsing@
2015-06-20Handle NIST curve names.Joel Sing
From OpenSSL. ok miod@ (a while ago)
2015-06-20Have ECPKParameters_print() include the NIST curve name, if known.Joel Sing
From OpenSSL. ok miod@ (a while ago).
2015-06-20Provide EC_curve_nid2nist() and EC_curve_nist2nid().Joel Sing
From OpenSSL. Rides libcrypto bump. ok miod@ (a while ago)
2015-06-20Make SSL_OP_ALL readable.Joel Sing
ok deraadt@ doug@ millert@ miod@ sthen@
2015-06-20Put CRYPTO_memcmp() under #ifndef LIBRESSL_INTERNAL.Joel Sing
ok doug@ deraadt@
2015-06-20Replace remaining CRYPTO_memcmp() calls with timingsafe_memcmp().Joel Sing
ok doug@ deraadt@
2015-06-20Convert ssl_parse_clienthello_renegotiate_ext to CBS.Doug Hogan
ok miod@, tweak + ok jsing@
2015-06-20Replace internal call to CRYPTO_memcmp with timingsafe_memcmp.Doug Hogan
Suggested by jsing@. ok jsing@ miod@
2015-06-20Bump major after {,asr_}print_sockaddr() renaming.Jeremie Courreges-Anglas
2015-06-20Fix warning on vax due to old gcc.Doug Hogan
Old gcc warns when parameters have the same names as functions. Noticed by deraadt@. ok deraadt@ jsing@
2015-06-20Rename print_sockaddr() to avoid symbol visibility problemsJeremie Courreges-Anglas
print_sockaddr is internal to asr, and conflicts with ports/net/samba4. ok eric@
2015-06-20Crank major for libcrypto, ssl and tls due to MDC-2DES removal.Doug Hogan
ok miod@ jsing@
2015-06-20Remove obsolete MDC-2DES from libcrypto.Doug Hogan
ok deraadt@ jsing@ miod@
2015-06-19Tweak whitespace and remove dangling, unneeded "else".Jeremie Courreges-Anglas
No functional change.
2015-06-19Remove needless casts. There's no reason to cast delim to char *Todd C. Miller
when we can just make spanp const char * to match it. OK deraadt@
2015-06-19Return the failing engine ID in the error stack.Brent Cook
Noted by doug@ in an earlier revision of the dynamic engine removal patch, but I had forgotten to include it in the latest version.
2015-06-19Add standard headers, C++ support to tls.h.Brent Cook
This makes using libtls easier to include by including dependent headers, making something like this work as expected: #include <iostream> #include <tls.h> int main() { std::cout << "tls_init: " << tls_init() << "\n"; } This also makes building a standalone libtls-portable simpler. ok doug@, jsing@
2015-06-19Disable ENGINE_load_dynamic (dynamic engine support).Brent Cook
We do not build, test or ship any dynamic engines, so we can remove the dynamic engine loader as well. This leaves a stub initialization function in its place. ok beck@, reyk@, miod@
2015-06-19Convert tls1_alpn_handle_client_hello() to CBS.Doug Hogan
tweak + ok miod@ jsing@
2015-06-19Add CBS_dup() to initialize a new CBS with the same values.Doug Hogan
This is useful for when you need to check the data ahead and then continue on from the same spot. input + ok jsing@ miod@
2015-06-18Extend the input types for CBB_add_*() to help catch bugs.Doug Hogan
While the previous types were correct, they can silently accept bad data via truncation or signed conversion. We now take size_t as input for CBB_add_u*() and do a range check. discussed with deraadt@ input + ok jsing@ miod@
2015-06-18Remove Microsoft Server Gated Crypto.Doug Hogan
Another relic due to the old US crypto policy. From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and 95275599399e277e71d064790a1f828a99fc661a. ok jsing@ miod@
2015-06-18Change DTLS client cert request code to match TLS.Doug Hogan
DTLS currently doesn't check whether a client cert is expected. This change makes the logic in dtls1_accept() match that from ssl3_accept(). From OpenSSL commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65 input + ok jsing@ miod@
2015-06-17add DST Root CA X3 certificate, already present in most browser cert stores.Stuart Henderson
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing the issuing intermediates for letsencrypt.org so is expected to be important for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@
2015-06-17Clean up alert codes and add references.Joel Sing
2015-06-17Keep alerts sorted by alert code.Joel Sing
2015-06-17Remove pointless comments.Joel Sing
2015-06-17Convert ssl_next_proto_validate to CBS.Doug Hogan
ok miod@, tweak + ok jsing@
2015-06-17Convert tls1_check_curve to CBS.Doug Hogan
ok miod@ jsing@
2015-06-17KNF whitespace.Doug Hogan
ok miod@ jsing@
2015-06-17Use explicit int in bs_cbs.c.Doug Hogan
ok miod@ jsing@
2015-06-17Use explicit int in bs_ber.c.Doug Hogan
ok miod@ jsing@
2015-06-17Add CBS_write_bytes() to copy the remaining CBS bytes to the caller.Doug Hogan
This is a common operation when dealing with CBS. ok miod@ jsing@
2015-06-17Add a new function CBS_offset() to report the current offset in the data.Doug Hogan
"why not" miod@, sure jsing@
2015-06-17Cleanup SSL_OP_* compat flags in ssl.h.Doug Hogan
These were recently removed and are now set to 0: SSL_OP_NETSCAPE_CA_DN_BUG SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG SSL_OP_SSLEAY_080_CLIENT_DH_BUG The code associated with these was deleted in the past at some point and these are also now 0: SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_EPHEMERAL_RSA SSL_OP_MICROSOFT_SESS_ID_BUG SSL_OP_NETSCAPE_CHALLENGE_BUG SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG The SSL_OP_ALL macro has been updated to reflect the removals. ok miod@ jsing@
2015-06-17Set FUNC symbol sizes of auto-generated and hand-written syscall wrappers.Masao Uebayashi
Original diff from guenther@, adjusted by me. OK guenther@
2015-06-16Be more strict about BER and DER terminology.Doug Hogan
bs_ber.c does not convert BER to DER. It's a hack to convert a DER-like encoding with one violation (indefinite form) to strict DER. Rename the functions to reflect this. ok miod@ jsing@
2015-06-16Simplify cbs_get_any_asn1_element_internal based on comments from jsing@Doug Hogan
2015-06-15Make CBS_get_any_asn1_element() more compliant with DER encoding.Doug Hogan
CBS_get_any_asn1_element violates DER encoding by allowing indefinite form. All callers except bs_ber.c expect DER encoding. The callers must check to see if it was indefinite or not. Rather than exposing all callers to this behavior, cbs_get_any_asn1_element_internal() allows specifying whether you want to allow the normally forbidden indefinite form. This is used by CBS_get_any_asn1_element() for strict DER encoding and by a new static function in bs_ber.c for the relaxed version. While I was here, I added comments to differentiate between ASN.1 restrictions and CBS limitations. ok miod@
2015-06-15Remove ancient SSL_OP_NETSCAPE_CA_DN_BUG from SSLeay days.Doug Hogan
This commit matches the OpenSSL removal in commit 3c33c6f6b10864355553961e638514a6d1bb00f6. ok deraadt@
2015-06-15Remove ancient compat hack SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG.Doug Hogan
This was imported into OpenSSL from SSLeay. It was recently deleted in OpenSSL commit 7a4dadc3a6a487db92619622b820eb4f7be512c9
2015-06-15Remove 1997's compat hack SSL_OP_SSLEAY_080_CLIENT_DH_BUG.Doug Hogan
This is a hack for an old version of SSLeay which predates OpenSSL.
2015-06-15Update SSL_OP_* to remove ancient hacks that are no longer enabled.Doug Hogan
2015-06-13in glob() initialize the glob_t before the first failure check.Theo de Raadt
from j@pureftpd.org ok millert stsp
2015-06-13Split up the logic in CBB_flush to separately handle the lengths.Doug Hogan
Also, add comments about assuming short-form. ok miod@, tweak + ok jsing@
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-16 09:38:11 +0000