summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* bn_prime.pl: fix shebang and a couple more whitespace tweakstb2023-03-261-3/+4
|
* Last arg is also a pointer, so pass NULL instead of 0; ok deraadt@otto2023-03-251-2/+2
|
* Change malloc chunk sizes to be fine grained.otto2023-03-251-102/+142
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The basic idea is simple: one of the reasons the recent sshd bug is potentially exploitable is that a (erroneously) freed malloc chunk gets re-used in a different role. malloc has power of two chunk sizes and so one page of chunks holds many different types of allocations. Userland malloc has no knowledge of types, we only know about sizes. So I changed that to use finer-grained chunk sizes. This has some performance impact as we need to allocate chunk pages in more cases. Gain it back by allocation chunk_info pages in a bundle, and use less buckets is !malloc option S. The chunk sizes used are 16, 32, 48, 64, 80, 96, 112, 128, 160, 192, 224, 256, 320, 384, 448, 512, 640, 768, 896, 1024, 1280, 1536, 1792, 2048 (and a few more for sparc64 with its 8k sized pages and loongson with its 16k pages). If malloc option S (or rather cache size 0) is used we use strict multiple of 16 sized chunks, to get as many buckets as possible. ssh(d) enabled malloc option S, in general security sensitive programs should. See the find_bucket() and bin_of() functions. Thanks to Tony Finch for pointing me to code to compute nice bucket sizes. ok tb@
* Use strict and warningstb2023-03-251-1/+6
|
* Make an attempt at reducing the eyebleed in bn_prime.pltb2023-03-251-24/+18
| | | | | Use a style more resembling KNF and drop lots of parentheses. Simplify a few things. No change in generated output on success.
* Use Eric Young's usual license in the proper place rather than a weirdtb2023-03-251-12/+57
| | | | commented-out license stub in a HERE document.
* Add RCSIDtb2023-03-251-1/+1
|
* Add checks to ensure the uint16_t array isn't overflowed when thistb2023-03-251-0/+4
| | | | | script is run. This is more of an issue with uint16_t now than it was with prime_t aka BN_ULONG before r1.6.
* Zap an empty linetb2023-03-251-2/+1
|
* Drop unnecessary casts from and to void *tb2023-03-251-8/+6
|
* Unindent asn1_bio_get_ex()tb2023-03-251-6/+7
|
* Guard GF2m-specifics with OPENSSL_NO_EC2Mtb2023-03-251-2/+7
|
* Enable FRP256v2 teststb2023-03-251-6/+2
| | | | | This was previously disabled because tb apparently can't grep. Exercise this curve as well as part of the new test cases in ECDH wycheproof.
* Remove dead/unreachable codetb2023-03-251-7/+1
| | | | | A copy-paste error would have resulted in a modified msg in case ctLen == 0 or msgLen == 0. So obviously this is unreachable code.
* Pull in <openssl/rsa.h> directlytb2023-03-251-1/+2
| | | | | | This is needed for many reasons. It is currently pulled in via x509.h but only when OPENSSL_NO_DEPRECATED is undefined. Again this should be fixed in the public header as well.
* BN_free() is defined in <openssl/bn.h>tb2023-03-252-4/+7
| | | | | | This is currently pulled in via dsa.h and ecdsa.h, but only when OPENSSL_NO_DEPRECATED is not defined. We should fix this in the public header, too - let's wait a bit with that.
* KNF: some missing spaces after commatb2023-03-181-5/+5
|
* Rename bn_mod_exp_zero to the more appropriate bn_mod_exptb2023-03-182-4/+4
|
* Retire the bn_mod_exp test.tb2023-03-182-222/+1
| | | | Its is fully covered by bn_mod_exp_zero now.
* Reimplement a variant of the bn_mod_exp tests from scratchtb2023-03-181-2/+202
| | | | | This exercises the same corner cases as bn_mod_exp and a few more. With input from jsing
* fixes for mandoc -Tlintjsg2023-03-181-5/+5
| | | | ok tb@
* Consistent phrasing: function -> function pointerjob2023-03-161-2/+2
|
* Add X509_STORE_{set,get}_check_issued and X509_STORE_CTX_get_check_issued to ↵job2023-03-161-3/+75
| | | | | | manpage with and OK tb@
* Install EVP_CIPHER_meth_new.3tb2023-03-161-1/+2
|
* Add EVP_CIPHER_meth_* documentation from OpenSSL 1.1tb2023-03-161-0/+335
| | | | | | | | This is essentially the original text with a few tweaks and fixes by me, removing parts inapplicable to LibreSSL. There are dangling references to EVP_CIPHER_CTX_copy(3) and EVP_CIPHER_CTX_get_cipher_data(3). This all isn't great, but it's better than nothing. Probably good enough for these rarely used functions.
* Update manpage for X509_CRL_get0_tbs_sigalg()libressl-v3.7.1job2023-03-161-4/+18
| | | | OK tb@
* Bump LibreSSL version to 3.7.2tb2023-03-161-3/+3
|
* Fix a number of out of bound reads in DNS response parsing.millert2023-03-151-1/+7
| | | | Originally from djm@. OK deraadt@ florian@ bluhm@
* Return the signature length after successful signing operationtb2023-03-151-1/+3
| | | | | | | | | This is required behavior of the EVP_DigestSign() API, but seemingly almost nothing uses this. Well, turns out ldns does. Reported by Stephane. Helpful comments by sthen. ok jsing
* Add comments that explain why things are done in this strange order.tb2023-03-151-3/+13
| | | | | | There's some method to this madness. ok jsing
* Push calloc() of ndef_aux down as far as possible andtb2023-03-151-7/+8
| | | | | | | pull the setting of the ex_arg up, so we can do error checking. ok jsing
* Error check BIO_asn1_set_{prefix,suffix}() callstb2023-03-151-3/+5
| | | | ok jsing
* Streaming BIOs assume they can write to NULL BIOstb2023-03-151-5/+4
| | | | | | | | | | At least SMIME_text() relies on this. Pushing an error on the stack trips PKCS7 regress in py-cryptography, so indicate nothing was written instead of throwing an error. Reported by Alex Gaynor a while back ok jsing
* Ensure negative input to BN_mod_exp_mont_consttime() is correctly reduced.jsing2023-03-151-7/+4
| | | | | | | | | | A negative input to BN_mod_exp_mont_consttime() is not correctly reduced, remaining negative (when it should be in the range [0, m)). Fix this by unconditionally calling BN_nnmod() on the input. Fixes ossfuzz #55997. ok tb@
* Include tests with negative values in BN_mod_exp* regress.jsing2023-03-151-2/+15
| | | | This currently fails.
* bn_mod_exp_zero: rename result into gottb2023-03-151-14/+14
|
* Stop confusing out and asn_bio in BIO_new_NDEF()tb2023-03-131-4/+4
| | | | | | | | | | BIO_new_NDEF() sets up an ASN.1 BIO to the output chain and then adds even more BIOs. Since BIO_push(bio, new_tail) returns bio on success, after the if ((out = BIO_push(asn_bio, out)) != NULL) the 'out' BIO and the 'asn_bio' are the same. The code then goes on and uses one or the other. This is very confusing. Simply stop using out once it's appended to asn_bio. ok jsing
* pk7_cb() and cms_cb()tb2023-03-122-5/+8
| | | | | | Add and fix FALLTHROUGH statement. I was confused for way too long since I hadn't noticed that this case fell through to the next. Also add and move some empty lines in the cms_cb() to make this resemble KNF more.
* Avoid an 1 byte out-of-bounds read in ASN1_PRINTABLE_type()tb2023-03-121-2/+2
| | | | | | | | | | | In case the input is not NUL terminated, the reversed check for length and terminating NUL results in a one-byte overread. The documentation says that the input should be a string, but in ASN.1 land you never know... Reported by Guido Vranken a while back ok beck
* Remove a few extra spacestb2023-03-111-2/+2
|
* Switch an early return into goto errtb2023-03-111-2/+2
|
* Tiny cleanup for readabilitytb2023-03-111-4/+5
| | | | | Turn a malloc() into calloc() and check two function calls directly forever instead of a combined check afterward.
* Use "if (ptr == NULL)" instead of "if (!ptr)"tb2023-03-111-3/+3
| | | | Requested by jsing
* Fix double free after BIO_new_NDEF()tb2023-03-111-6/+7
| | | | | | | | | | | | Once the asn_bio is prepended to the out chain, and before the asn1_cb() has done its thing, asn_bio needs to be popped off again on error. Failing to do this can cause write after frees or double frees when the out BIO is used after the function returned. Based on a very complicated diff by Matt Caswell and Viktor Dukhovni. This was part of the fixes in OpenSSL 1.1.1t. ok jsing
* Fix an off-by-one in dsa_check_key()tb2023-03-111-2/+2
| | | | | | | | | | The private key is a random number in [1, q-1], so 1 must be allowed. Since q is at least an 160-bit prime and 2^159 + 1 is not prime (159 is not a power of 2), the probability that this is hit is < 2^-159, but a tiny little bit wrong is still wrong. Found while investigating a report by bluhm ok jsing
* Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup().jsing2023-03-111-0/+1
| | | | | | Issue reported by Graham Percival (@gperciva) ok tb@
* Add OPENSSL_cleanup() calls to some regress.jsing2023-03-112-2/+6
| | | | This gets us some minimal test coverage.
* Avoid -0 in BN_div_word().jsing2023-03-111-1/+5
| | | | | | | | | Currently, the use of BN_div_word() can result in -0 - avoid this by setting negative again, at the end of the computation. Should fix oss-fuzz 56667. ok tb@
* Correct sign handling in BN_add_word().jsing2023-03-111-3/+3
| | | | | | | | | | | | A sign handling bug was introduced to BN_add_word() in bn_word.c r1.18. When handling addition to a negative bignum, the BN_sub_word() call can result in the sign being flipped, which we need to account for. Use the same code in BN_sub_word() - while not technically needed here it keeps the code consistent. Issue discovered by tb@ ok tb@
* Remove a pesky space.jsing2023-03-111-2/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-02 07:45:15 +0000