summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* Plug a leak of cont in CMS_dataInit()tb2023-08-221-11/+12
| | | | | | This and ts/ts_rsp_sign.c r1.32 were part of OpenSSL 309e73df. ok jsing
* Plug a leak of ASN1_INTEGR in def_serial_cb()tb2023-08-221-4/+7
| | | | ok jsing
* ec_ameth: clean up eckey_{pub,priv}_encode()tb2023-08-211-62/+67
| | | | | | | | | | | | | | | | | | | Factor eckey_param_free() out of eckey_pub_encode(). ASN1_OBJECT_free() is not actually needed. This will be addressed later. i2o_ECPublicKey() allocates internally if *out == NULL, so no need to do the two-call dance. Its return value is documented to be <= 0 on error, which is wrong in the sense that only 0 is returned. Keep using the same check for <= 0 as everywhere else. Set of EC_PKEY_NO_PARAMETERS after the poorly named eckey_param2type() to avoid potential underhanded side effects. In eckey_priv_encode(), error exits would leak pval was leaked a few times. Avoid this and simplify using i2d's internal allocation. Reinstate the flags in a single error path. ok jsing
* spellingjsg2023-08-211-4/+4
|
* Make some global variables consttb2023-08-201-14/+15
|
* Bye bye to all people out theretb2023-08-201-28/+1
|
* Add some spaces after commatb2023-08-201-6/+6
|
* unifdef -D FULL_TESTtb2023-08-201-7/+1
|
* knfmt(1) to the rescuetb2023-08-201-139/+146
|
* Another OPENSSL_NO_DEPRECATED hits the bit buckettb2023-08-201-7/+1
|
* Drop unnecessary OPENSSL_NO_DEPRECATED dancetb2023-08-201-7/+1
|
* Use a separate flags variable for the error flags in DH_check()tb2023-08-201-7/+8
|
* Check X509_digest() return in x509v3_cache_extensions()tb2023-08-181-2/+3
| | | | | | | | On failure invalidate the cert with EXFLAG_INVALID. It's unlikely that a cert would make it through to the end of this function without setting the flag, but it's bad style anyway. ok jsing
* Garbage collect two commented abort()tb2023-08-171-3/+1
|
* Make the local ASN1_OBJECTs consttb2023-08-171-2/+2
| | | | ok jsing
* Remove some unnecessary else branchestb2023-08-171-7/+5
|
* Remove some parents from return statementstb2023-08-171-8/+8
|
* Use cmp instead of i for the result of a comparisontb2023-08-171-5/+5
| | | | ok jsing
* Use OBJ_cmp() instead of inlining two variantstb2023-08-171-12/+4
| | | | | | | | | | This also avoids more undefined behavior with memcmp(). ok jsing PS: Unsolicited advice for no one in particular: there is this awesome tool called grep. If someone reports an issue, you might want to use it to find more instances.
* Avoid memcmp(NULL, x, 0) in OBJ_cmp()tb2023-08-171-6/+7
| | | | | | | | If a->length is 0, either a->data or b->data could be NULL and memcmp() will rely on undefined behavior to compare them as equal. So avoid this comparison in the first place. ok jsing
* add the missing entry for EVP_CIPHER_CTX_ctrl(3) to the RETURN VALUES sectionschwarze2023-08-161-2/+11
|
* Describe more precisely how these functions are supposed to be used,schwarze2023-08-161-19/+185
| | | | | | | | document the control operations supported by EVP_chacha20_poly1305(3), and add the missing STANDARDS and HISTORY sections. This replaces all text written by Matt Caswell and all text Copyrighted by OpenSSL in the year 2019.
* Add regress coverage for ASN1_STRING_cmp()tb2023-08-151-1/+147
|
* Add some regress coverage for various ASN1_STRING types to codify sometb2023-08-151-1/+229
| | | | quirks and invariants.
* Zap extra parenstb2023-08-151-2/+2
|
* Fix typo in previoustb2023-08-151-2/+2
|
* Avoid undefined behavior with memcmp(NULL, x, 0) in ASN1_STRING_cmp()tb2023-08-151-4/+6
| | | | ok jsing miod
* SHA-3 is not a symmetric cipher.schwarze2023-08-151-3/+3
| | | | | | | | | Fix a copy and paste mistake that Ronald Tse introduced in 2017 even though Richard Levitte and Bernd Edlinger reviewed his commit - and that i unwittingly copied. Even in the OpenSSL 3 main trunk, it wasn't fixed until 2022, and in OpenSSL-1.1.1, it is still wrong. Unfortunately, we need to be really careful before believing anything the OpenSSL documentation says...
* Import the EVP_chacha20(3) manual page from the OpenSSL 1.1 branch,schwarze2023-08-154-14/+102
| | | | | | which is still under a free license, to work on it in the tree. The required content changes have not been done yet, i only tweaked the markup and wording so far.
* Avoid memcmp() with NULL pointer and 0 lengthtb2023-08-151-3/+3
|
* Clean up alignment handling.jsing2023-08-152-57/+67
| | | | | | | | Instead of using HOST_{c2l,l2c} macros, provide and use crypto_load_le32toh() and crypto_store_htole32(). In some cases just use htole32() directly. ok tb@
* Use MD5_LONG instead of unsigned int for consistency.jsing2023-08-151-3/+3
| | | | ok tb@
* Condition only on #ifdef MD5_ASM.jsing2023-08-151-15/+5
| | | | | | | There are a bunch of unnecessary preprocessor directives - just condition on MD5_ASM, the same as we do elsewhere. ok tb@
* Prepare tlsfuzzer.py for ports updatetb2023-08-141-3/+13
|
* Inline INIT_DATA_* defines.jsing2023-08-141-10/+7
| | | | ok tb@
* style(9)jsing2023-08-141-6/+6
|
* Below SEE ALSO, point to all pages documenting the evp.h sub-library, andschwarze2023-08-141-11/+56
| | | | | | | | also point to a selection of functions from other sub-libraries that rely on evp.h objects, in particular on EVP_CIPHER, EVP_MD, and EVP_PKEY. While here, merge a few trivial improvements to orthography and punctuation from the OpenSSL 1.1 branch.
* import EVP_sha3_224(3) from the OpenSSL 1.1 branch, which is still underschwarze2023-08-143-3/+97
| | | | a free license, tweaked by me
* netcat: avoid issuing syscalls on fd -1tb2023-08-141-3/+9
| | | | | | | | | | | In case a socket error condition occurs, readwrite() invalidates the corresponding fd. Later on, readwrite() may still issue a syscall on it. Avoid that by adding a couple of checks for fd == -1. Reported and fix suggested by Leah Neukirchen. Fixes https://github.com/libressl/openbsd/issues/143 "looks right" deraadt
* fix whitespacetb2023-08-131-14/+13
|
* Extent the modf() tests; from Willemijn Coene.miod2023-08-131-18/+50
|
* document return values of the control function in EVP_MD_meth_set_ctrl(3)schwarze2023-08-121-5/+15
|
* first batch of intentionally undocumented EVP constants:schwarze2023-08-121-1/+10
| | | | some EVP_MD_CTRL_*, some EVP_MD_CTX_FLAG_*, and all of EVP_F_* and EVP_R_*
* 1. Tweak the descriptions of EVP_MD_CTX_ctrl(3), EVP_MD_CTX_set_flags(3),schwarze2023-08-121-52/+107
| | | | | | | | EVP_MD_CTX_clear_flags(3), EVP_MD_CTX_test_flags(3), and the atrocious EVP_MD_CTX_set_pkey_ctx(3) for precision. 2. Tweak the description of EVP_MD_type(3) and EVP_MD_CTX_type(3) for conciseness. 3. Add a few missing HISTORY bits.
* Remove a blatant lie about DSA_dup_DHtb2023-08-121-6/+2
| | | | | q is copied across since OpenSSL 31360957 which hit our tree with OpenSSL 1.0.1c in October 2012.
* The int_ prefix also leaves the ec_ameth messtb2023-08-121-5/+5
| | | | The prefixes in here are all over the place... This removes one variety.
* RSA's _free and _size also lose their int_ prefixtb2023-08-121-7/+7
|
* Drop silly int_ prefix from _free() and _size()tb2023-08-122-10/+10
|
* Free {priv,pub}_key before assigning to ittb2023-08-122-2/+7
| | | | | | | | While it isn't the case for the default implementations, custom DH and DSA methods could conceivably populate private and public keys, which in turn would result in leaks in the pub/priv decode methods. ok jsing
* Readability tweak for key parameters in DSAtb2023-08-121-2/+2
| | | | ok jsing