summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix typo and label indent.jsing2019-05-281-3/+3
|
* Tidy up some names/structures following the renaming of TLS extensionjsing2019-05-281-35/+35
| | | | | | | | | functions based on message type (clienthello/serverhello), to which side is handling the processing. No intended functional change. ok beck@
* Enable the use of the kernel __realpath() system call in the libc wrapper.beck2019-05-281-3/+136
| | | | | | | | For now, this also still uses the existing realpath implmentation and emits a syslog if we see differening results. Once we have run with that for a little while we will remove the old code ok deraadt@
* Throw malloc_conceal and freezero into the mix.otto2019-05-231-3/+8
|
* Only override size of chunk if we're not given the actual length.otto2019-05-231-2/+3
| | | | Fixes malloc_conceal...freezero with malloc options C and/or G.
* bump to LibreSSL 3.0.0bcook2019-05-231-3/+3
| | | | ok tb@
* add stdlib.h for reallocarraybcook2019-05-231-1/+2
|
* *an* RSA;jmc2019-05-203-9/+9
|
* clarify that later flags modify earlier flags;schwarze2019-05-191-2/+4
| | | | | triggered by a question from Jan Stary <hans at stare dot cz> on misc@; OK otto@
* More consistently put remarks about the less useful LC_* categoties,schwarze2019-05-162-14/+26
| | | | | | i.e. those other than LC_CTYPE, into the CAVEATS section, and standardize wording somewhat. OK jmc@
* delete two stray blank linesschwarze2019-05-151-4/+2
|
* check result of ftruncate() as we do write() belowbcook2019-05-151-2/+4
| | | | ok beck@
* s3 is never NULL since s2 (formerly used for SSLv2) does not exist, so there isbcook2019-05-153-29/+20
| | | | | | | no need to check for it. Fixes COV-165788, identified with help from Alex Bumstead. ok jsing@
* Correct missing test to determine if length is in bytes or in bits.beck2019-05-141-1/+3
| | | | | Issue found by Guido Vranken <guidovranken@gmail.com> ok tedu@ tb@
* Use propper regress target to integrate better into test framework.bluhm2019-05-141-2/+4
|
* Remove unused pad check, which is handled by tls1_cbc_remove_padding() now.bcook2019-05-131-4/+2
| | | | | | Fixes COV-174858 ok tb@
* Acquire mutex before incrementing the refcount. Fixes COV-186144bcook2019-05-131-1/+3
| | | | ok tb@
* Move 'how this works' details from namespace.h to DETAILSguenther2019-05-132-112/+136
|
* explicitly mention that RES_NOALIASES has no effect;schwarze2019-05-131-3/+4
| | | | | jmc@ noticed that the text wasn't completely clear; OK jmc@
* Mention introduction of *_conceal.otto2019-05-131-2/+8
|
* The call to fseek(fp, -1, SEEK_END) also sets the reported size tobluhm2019-05-131-10/+10
| | | | | | this value. To match the expectation of the test again, move this line before the the code that sets the final position. OK yasuoka@
* Fix signed overflow in X509_CRL_print().tb2019-05-121-1/+4
| | | | | | fixes oss-fuzz #14558 ok beck jsing
* Revert the other hunk of r1.36 as well: in the case of CCM, ccm.key istb2019-05-121-1/+11
| | | | | | | | | assigned from aesni_ccm_init_key() via CRYPTO_ccm128_init(), so it needs to be copied over... Pointed out by Guido Vranken. ok jsing
* Stop the eyebleed in here and just use callocbeck2019-05-121-31/+8
|
* $OpenBSD$tb2019-05-114-0/+4
|
* Remove commented out rc5 bitstb2019-05-117-20/+6
|
* Initialize EC_KEY_METHOD before use.bcook2019-05-101-2/+2
| | | | | | Fixes COV-186146 ok tb, beck
* Revert part of r1.36: in the case of GCM, gcm.key is assigned fromtb2019-05-101-1/+7
| | | | | | | | | aesni_gcm_init_key() via CRYPTO_gcm128_init(), so it needs to be copied over... Fixes cryptofuzz issue #14352 and likely also #14374. ok beck jsing
* Inroduce malloc_conceal() and calloc_conceal(). Similar to theirotto2019-05-102-199/+219
| | | | | counterparts but return memory in pages marked MAP_CONCEAL and on free() freezero() is actually called.
* Add a test vector for Streebog 512 from Guido Vrankentb2019-05-091-1/+2
|
* Fix incorrect carry operation in 512 bit addition: in the casetb2019-05-091-6/+8
| | | | | | | | | that there is already a carry and Sigma[i-1] == -1, the carry must be kept. From Dmitry Eremin-Solenik. Fixes incorrect Streebog result reported by Guido Vranken.
* Proper prototype for main(). Make sparc64 happier.claudio2019-05-091-2/+4
|
* In DTLS, use_srtp is part of the extended server hello while in TLSv1.3,tb2019-05-081-2/+3
| | | | | | | | | | it is an encrypted extension. Include it in the server hello for now. This will have to be revisited once TLSv1.3 gets there. Fixes SRTP negotiation. Problem found by two rust-openssl regress failures reported by mikeb. with & ok beck
* initialize safestack pointersbcook2019-05-083-6/+6
| | | | ok beck@, tb@
* Make sure that the tag buffer size is equal to the tag sizetb2019-05-081-2/+2
| | | | | | | | | in CRYPTO_ccm128_tag(). Otherwise the caller might end up using the part of the tag buffer that was left uninitialized. Issue found by Guido Vranken. ok inoguchi
* Add test fseek(,-1) works properly.yasuoka2019-05-021-3/+8
|
* Avoid an undefined shift in ASN1_ENUMERATED_get().tb2019-04-281-4/+9
| | | | | | | | (same fix as in a_int.c rev 1.34) Fixes oss-fuzz issue #13809 ok beck, jsing
* Avoid an undefined shift in ASN1_INTEGER_get().tb2019-04-281-4/+8
| | | | | | Fixes oss-fuzz issue #13804 ok beck, jsing
* Use calloc/freezero when allocating and freeing the session ticket data.jsing2019-04-251-4/+6
| | | | | | The decrypted session ticket contains key material. ok tb@
* Use EVP_CIPHER_CTX_{new,free}() and HMAC_CTX_{new,free}() instead ofjsing2019-04-251-24/+29
| | | | | | | | | allocating on stack. While here also check the return values from EVP_DecryptInit_ex() and HMAC_Init_ex(). ok tb@
* Rename some variables in tls_decrypt_ticket().jsing2019-04-251-18/+18
| | | | | | | | | Rename mlen to hlen since it is a hmac (and this matches hctx and hmac). Rename ctx to cctx since it is a cipher context and ctx is usually used to mean SSL_CTX in this code. ok tb@
* Do not check for working go executable during make clean cleandir obj.bluhm2019-04-241-1/+3
| | | | reminded by jsing@
* Do not check for working go executable during make clean cleandir obj.bluhm2019-04-241-1/+3
|
* Convert tls_decrypt_ticket() to CBS.jsing2019-04-231-44/+72
| | | | | | This removes various pointer arithmetic and manual length checks. ok tb@
* Add error checking to i2v_POLICY_MAPPINGS().tb2019-04-221-9/+26
| | | | ok jsing
* Add error checking to i2v_POLICY_CONSTRAINTS().tb2019-04-221-5/+19
| | | | ok jsing
* Add error checking to i2v_EXTENDED_KEY_USAGE().tb2019-04-221-8/+23
| | | | ok jsing
* Add error checking to i2v_ASN1_BIT_STRING().tb2019-04-221-4/+18
| | | | ok jsing
* Add error checking to i2v_BASIC_CONSTRAINTS().tb2019-04-221-3/+18
| | | | ok jsing
* Add error checking to i2v_AUTHORITY_INFO_ACCESS(). While there, replacetb2019-04-221-19/+27
| | | | | | an ugly strlen + malloc + strcat/strcpy dance by a simple asprintf(). ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 02:50:52 +0000