summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* graduate bn_expand() to a real function. the openssl version of thisderaadt2016-03-042-4/+16
| | | | | | | uses a macro with multiple-evaluations of arguments (different amount than the previous version..), but doug/bcook's inline version makes BIGNUM not opaque [problem spotted by naddy] ok doug
* Revert bn_expand until there's consensus on a fix.doug2016-03-041-14/+3
|
* fix the rest of the read_ledword() calls used as lengths to be bounded.beck2016-03-021-1/+5
| | | | | inspired by guido vranken https://guidovranken.wordpress.com/2016/03/01/public-disclosure-malformed-private-keys-lead-to-heap-corruption-in-b2i_pvk_bio/ ok doug@
* Add bounds checking for BN_hex2bn/BN_dec2bn.doug2016-03-022-10/+26
| | | | | | | | | Need to make sure i * 4 won't overflow. Based on OpenSSL: commit 99ba9fd02fd481eb971023a3a0a251a37eb87e4c input + ok bcook@ ok beck@
* bound lengths coming out of a pem file to something like realitybeck2016-03-021-3/+7
| | | | ok deraadt@
* Remove support for ancient, broken DSA implementations.doug2016-03-011-60/+20
| | | | | | | | | | | | | | | Based on a few OpenSSL commits: Remove ancient DSA workarounds commit ab4a81f69ec88d06c9d8de15326b9296d7f498ed Remove workaround for broken DSA implementations using negative integers commit dfb10af92e9663ce4eefaa1d6b678817fa85344d Typo in error name (EVP_R_DECODE_ERROR -> DSA_R_DECODE_ERROR) commit f6fb7f1856d443185c23f1a5968c08b4269dd37d ok beck@
* remove NULL checks for pqueue_free()mmcc2016-02-291-11/+6
| | | | ok doug@
* Therefor -> Therefore (where appropriate)tb2016-01-292-2/+2
| | | | from ray@, ok jmc@
* deprecate SSL_OP_SINGLE_DH_USEbeck2016-01-272-37/+6
| | | | ok jsing@
* Document that the ssl free() functions are NULL safe. OK mmcc@millert2015-12-303-6/+21
|
* More adress -> addressmmcc2015-12-242-2/+2
|
* remove NULL-checks before free()mmcc2015-12-233-19/+11
|
* assign pointer NULL rather than 0mmcc2015-12-231-2/+2
|
* assign pointer to NULL rather than 0mmcc2015-12-231-2/+2
|
* initialize a pointer to NULL rather than 0mmcc2015-12-221-2/+2
|
* initialize ext_len to 0.beck2015-12-141-2/+6
| | | | ok guenther@
* initialize ok to 0beck2015-12-141-2/+2
| | | | ok guenther@
* initialize md_len to 0 for readability to quell warnings.beck2015-12-141-3/+3
| | | | ok guenther@
* decipher comment. ok bcook@mmcc2015-12-121-2/+2
|
* move initialization of buf up to quell warnings and make it obvious the err case is ok.beck2015-12-121-4/+5
| | | | ok bcook@
* prevent possibly use of uninitialized variablebeck2015-12-121-2/+2
| | | | ok bcook@
* make the counter a size_t as well, which quells a warning on visual studio 2015beck2015-12-121-2/+3
| | | | ok bcook@
* Change the counter argument for CRYPTO_chacha_20 to be 64-bits on all platforms.bcook2015-12-092-5/+6
| | | | | | | | | | | The recently-added EVP_aead_chacha20_poly1305_ietf() function, which implements informational RFC 7539, "ChaCha20 and Poly1305 for IETF Protocols", needs a 64-bit counter to avoid truncation on 32-bit platforms. The existing TLS ChaCha20-Poly1305 ciphersuite is not impacted by this, but making this change requires an ABI bump. ok jsing@, "Looks sane" beck@
* Remove SHA0 check, as we did in v1.21 of sha.h.bcook2015-12-071-2/+2
| | | | | | This enables ENGINE_get_digest to work again with SHA1. noted by NARUSE, Yui, @nurse from github
* Fix for OpenSSL CVE-2015-3195beck2015-12-041-3/+8
| | | | ok djm@ jsing@
* Fix for OpenSSL CVE-2015-3194beck2015-12-031-2/+2
| | | | ok krw@
* fix references to lhash(3);jmc2015-11-151-7/+8
|
* mutli -> multimiod2015-11-141-1/+1
|
* Various *syncron* -> *synchron* typos.miod2015-11-141-1/+1
|
* update cross references after deleting the imaginary MLINKSschwarze2015-11-122-2/+2
| | | | bn_internal(3) and lhash(3)
* Convert the handful of manuals that had imaginary names,schwarze2015-11-126-1055/+0
| | | | | give them names that really exist. This also helps jmc@'s ongoing work on improving NAME sections.
* add missing functions to NAME, or otherwise correct the mlinkjmc2015-11-1115-27/+48
| | | | | | entry for them; feedback/ok schwarze
* Convert five more manuals from POD to mdoc.schwarze2015-11-115-458/+0
| | | | | I found drafts of these in my tree, probably originally from Max Fillinger, that just needed minor polishing.
* Convert and enable CMS manuals.schwarze2015-11-1116-1234/+0
| | | | Already some time ago, bcook@ said these can be installed.
* Fix gcc version preprocessor checks to cope with gcc 5.x and beyond;miod2015-11-061-2/+2
| | | | reported by Ruslan Babayev.
* Cast Td4[] values (which are uint8_t) to uint32_t before shifting them left bymiod2015-11-051-5/+5
| | | | | | | | | 24 bits; if we don't, Td4[] gets cast to signed int, and according to C>=99 6.5.7, signed int shifted by enough bits to cause a the sign bit to be set is an UB. Reported by Pascal Cuoq on behalf of the trust-in-soft.com mafia I am {partial,slightly related} to.
* Mention ROTL() is always invoked with a proper shift value, due to the way themiod2015-11-051-1/+2
| | | | | CAST_KEY is constructed. This is expected to reduce blood pressure in auditors.
* bump to 2.3.2, format LIBRESSL_VERSION_NUMBER like OPENSSL_VERSION_NUMBER.bcook2015-11-031-3/+3
| | | | | | Suggested by WubTheCaptain so the same comparison code can be used with LibreSSL. https://www.openssl.org/docs/manmaster/crypto/OPENSSL_VERSION_NUMBER.html
* Fix typo in comment of previous commit: "that that".reyk2015-11-021-3/+3
|
* Add EVP_aead_chacha20_poly1305_ietf() - The informational RFC 7539,reyk2015-11-022-19/+113
| | | | | | | | | "ChaCha20 and Poly1305 for IETF Protocols", introduced a modified AEAD construction that is incompatible with the common style that has been already used in TLS with EVP_aead_chacha20_poly1305(). The IETF version also adds a constant (salt) that is prepended to the nonce. OK mikeb@ jsing@
* Pull in <sys/types.h> to get ssize_t or <stdint.h> to get uint32_t, instead ofmiod2015-10-301-1/+2
| | | | | relying upon previously included headers to do this, to enhance portability; from Pascal Cuoq, libressl github pull request #52
* Sort the obsolete flags.doug2015-10-251-6/+6
|
* Mark SSL_OP_NO_{COMPRESSION,SSLv2,SSLv3} as obsolete.doug2015-10-251-5/+4
| | | | | | For backward compatibility, the flags are redefined as 0. ok jsing@
* Remove last vestige of SSL_OP_NO_SSLv3 support.doug2015-10-251-4/+1
| | | | | | No part of LibreSSL checks for this flag any longer. ok jsing@
* Simplify ssl23_get_client_hello error handling.doug2015-10-251-26/+26
| | | | | | | | | | ssl23_get_client_hello sets type=1 on error and continues processing. It should return an error immediately to simplify things. This also allows us to start removing the last of SSL_OP_NO_SSL*. Added extra paranoia for s->version to make sure it is set properly. ok jsing@
* Another change that is needed to restore the previous behaviour ofjsing2015-10-221-5/+3
| | | | | | | ASN1_{GENERALIZED,UTC}TIME_set_string(), which allows it to be called with a NULL pointer. ok beck@
* Restore previous behaviour and allowjsing2015-10-221-2/+7
| | | | | | | | ASN1_{GENERALIZED,UTC,}TIME_set_string() to be called with a NULL pointer. Found the hard way by @kinichiro on github. ok beck@
* Reject too small bits value in BN_generate_prime_ex(), so that it does not riskmiod2015-10-213-4/+22
| | | | | | | | becoming negative in probable_prime_dh_safe(). Reported by Franck Denis who noticed `openssl gendh 0' would segfault. Fix adapted from OpenSSL RT#2701. ok beck@ jsing@
* In the case where len is not a multiple of sizeof(RC4_CHUNK) the RC4 codejsing2015-10-211-63/+1
| | | | | | | | | | | | | | will end up doing a read and write of up to 7 bytes beyond the specified length. This is effectively a non-issue since we read and write back the same data and due to alignment it is within a page boundary. Regardless, avoid this by removing the "special" handling for the remaining length and allow the standard (non-chunk) code to process the remaining bytes, which does not result in overrun. Reported by Pascal Cuoq <cuoq at trust-in-soft.com> - thanks! ok beck@ miod@
* Lob a style(9) grenade in here.jsing2015-10-203-172/+185
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.