summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix a potential NULL-deref in EVP_PKEY_keygen()tb2024-04-121-6/+8
| | | | | | | After a EVP_PKEY_new() failure, a NULL pointer would be passed to the keygen pmeth, which could result in tears. ok beck jsing
* Remove parentheses after returntb2024-04-111-40/+40
| | | | | This file was very undecided what style to choose and often changed its mind in the middle of a function. No change in the generated assembly.
* Rework internal tm_to_*() converterstb2024-04-111-69/+66
| | | | | | | | | | | | Make them static. Don't make them allocate if passed a NULL ASN1_TIME to avoid leaks. This currently means that we accept a NULL and succeed. That's very ugly but better than what we have now. Simplify ASN1_TIME_set_string_internal() accordingly and allocate an ASN1_TIME at the API boundary of ASN1_TIME_adj_internal() and of ASN1_TIME_to_generalized_time(). ok beck (after a lot of squealing and distress)
* symbols test: Remove a few things that are long gonetb2024-04-101-19/+5
|
* Re-guard the crypto_malloc macros.beck2024-04-101-1/+3
| | | | | | accidentally not included in crypto.h commit requested and ok tb@
* Remove the prototype of BN_gcd_nonct()tb2024-04-101-2/+1
|
* Hide deprecated functions in ec.hbeck2024-04-105-12/+31
| | | | | | use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard ok tb@
* Hide deprecated functions in evp.hbeck2024-04-105-14/+19
| | | | | | use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard around them. ok tb@
* Add HMAC_init and HMAC_CTX_reset to Symbols.namespace.beck2024-04-101-0/+2
| | | | ok tb@
* Hide symbols in bn.hbeck2024-04-106-19/+21
| | | | | | | Mark them LCRYPTO_UNUSED appropriately and remove the LIBRESSL_INTERNAL guards around them ok tb@
* Hide a couple of LCRYPTO_UNUSED in asn1.hbeck2024-04-104-10/+8
| | | | | | and remove the LIBRESSL_INTERNAL guards around them ok tb@
* Add RC2 symbols to Symbols.namespace.beck2024-04-101-0/+7
| | | | | | These got missed when they were hidden ok tb@
* Finish hiding symbols in rand.hbeck2024-04-105-6/+34
| | | | | This removes the LIBRESSL_INTERNAL guards and marks the functions within as LCRYPTO_UNUSED
* Finish Hiding symbols in crypto.hbeck2024-04-109-18/+101
| | | | | | | | | | | | | crypto.h already had the symbols not hidden behind LIBRESSL_INTERNAL hidden - This now picks up the reset of them marking them as LCRYPTO_UNUSED, and removes the LIBRESSL_INTERNAL guard. These symbols will now be hidden, but if we use them inside the library in a namespaced build we will get a deprecation warning. use outside the library will be as with any other hidden symbol, so fine. ok tb@
* whirlpool_test: avoid calling arc4random_uniform(0)tb2024-04-091-2/+4
| | | | | This causes a SIGFPE on solaris Fixes https://github.com/libressl/portable/issues/1042
* whirlpool_test: zap lots of trailing whitespacetb2024-04-091-58/+58
|
* bn_convert: plug leak spotted by ASANtb2024-04-091-2/+4
|
* Add a comment on abuse of EXFLAG_INVALIDtb2024-04-091-1/+8
| | | | | | | We added things we probably shouldn't have, and so did BoringSSL and OpenSSL. Terrible API is terrible. discussed with jsing
* Add initial regress for BN_set_bit(), BN_clear_bit() and BN_mask_bits().jsing2024-04-092-1/+229
|
* Add hidden conf.h, missed in an earlier committb2024-04-091-0/+74
|
* Add regress coverage for BN_bn2mpi()/BN_mpi2bn().jsing2024-04-091-6/+123
|
* Hide symbols in conf.hbeck2024-04-097-6/+96
| | | | | | This guentherizes the public symbols from conf.h ok tb@
* Plug leaks in ASN1_TIME_set_string_internal()tb2024-04-091-6/+17
| | | | | | | | | | This API can be called with s == NULL, in which case the tm_to_*() functions helpfully allocate a new s and then leak. This is a rather ugly fix to make portable ASAN regress happy again, the better fix will be to rewrite the tm_to_*() functions and adjust their callers. That is more intrusive and will be done in a later pass. ok bcook jsing
* Hide public symbols in x509.hbeck2024-04-0924-23/+606
| | | | | | | This picks up most of the remaining public symbols in x509.h ok tb@
* Hide public symbols in evp.hbeck2024-04-0947-45/+1121
| | | | | | largely mechanically done by the guentherizer 9000 ok tb@
* Rename EVP_aes_XXX_cfb to EVP_aes_XXX_cfb128.beck2024-04-091-4/+4
| | | | | | For consitency with everything else. ok tb@
* Clean up Symbols.namespacebeck2024-04-091-68/+0
| | | | | | | These did not get removed from here when they got removed from Symbols.list after a major bump. ok tb@
* Remove notBefore and notAfter cacheing.beck2024-04-084-63/+16
| | | | | | | | | | | | | | | | | | | | | | This cache was added because our time conversion used timegm() and gmtime() which aren't very cheap. These calls were noticably expensive when profiling things like rpki-client which do many X.509 validations. Now that we convert times using julien seconds from the unix epoch, BoringSSL style, instead of a julien days from a Byzantine date, we no longer use timegm() and gmtime(). Since the julien seconds calculaitons are cheap for conversion, we don't need to bother caching this, it doesn't have a noticable performance impact. While we are at this correct a bug where x509_verify_asn1_time_to_time_t was not NULL safe. Tested for performance regressions by tb@ and job@ ok tb@ job@
* Remove spaces before tabstb2024-04-081-2/+2
|
* Make ASN1_TIME_set_string_X509 and ASN1_TIME_set_string match the man pagebeck2024-04-083-39/+60
| | | | | | | | | | | This makes it where people can't put dumb values in certs without trying harder, and changes the regress to test this. GENERALIZED times outside of the RFC5280 spec are required for OCSP but these should be constructed with the GENERALIZED time string setters. ok tb@
* Rework CMS_add_simple_smimecap()tb2024-04-071-24/+43
| | | | | | | | | | | | | | | This is an API to add an OID attribute to the set of SMIMECapabilities. While attributes are complicated in general, this only supports simple capabilities encoded as an OID with an optional integer parameter (e.g., the key size of a cipher). Make this API transactional, i.e., don't leave a new empty set behind on failure or leak the key size if setting the parameter on the X509_ALGOR fails. Also convert to single exit and add a doc comment with a reference. ok beck
* Remove incorrect function countstb2024-04-041-4/+4
| | | | | | | | | Vincent Lee spotted that I failed to update numbers that count how many functions are documented here when removing {CRYPTO,OPENSSL}_realloc. This isn't helpful information and nobody will remember to go look for such numbers next time this page is adjusted, so remove the counts. agreement from jmc
* Recommit a better version of the removal of the F5 workaroundtb2024-04-041-9/+12
| | | | | | | | | | | | | | | | Unlike for previous TLS versions, TLSv1.3 servers can send the supported groups extension to inform a client of the server's preferences. The intention is that a client can adapt for subsequent commits. We ignore this info for now, but sthen ran into java-based servers that do this. Thus, rejecting the extension outright was incorrect. Instead, only allow the extension in TLSv1.3 encrypted extensions. This way the F5 workaround is also disabled, but we continue to interoperate with TLSv1.3 servers that do follow the last paragraph of RFC 8446, section 4.2.7. This mostly adjusts outdated/misleading comments. ok jsing sthen
* Backout previous commit (intending that libressl client rejects a supportedsthen2024-04-021-3/+17
| | | | | | | | groups extension from the server). It triggers 'CONNECT_CR_SRVR_HELLO:tlsv1 alert decode error' when connecting to a (modern) java server (tomcat 10.1.18 on openjdk 17.0.10). "please revert" tb@
* Simplify ecx_cms_sign_or_verify() using X509_ALGOR_set0_by_nid()tb2024-04-021-5/+3
| | | | ok jsing
* Mention that port can be specified as 0 in some situations, so that thederaadt2024-04-011-2/+3
| | | | system will allocate a port.
* Add missing LCRYPTO_ALIAS()tb2024-03-301-1/+3
| | | | | | HMAC_CTX_reset() and HMAC_Init() had missing LCRYPTO_ALIAS(). ok beck jsing
* Fix LCRYPTO_UNUSED() in namespace buildstb2024-03-301-4/+7
| | | | | | | | | If namespace builds are enabled, static links don't work due to missing _lcry_* symbols. Make LCRYPTO_UNUSED() match LCRYPTO_USED() with an extra deprecated attribute. This way we can remove the !LIBRESSL_INTERNAL #ifdef wrapping in public headers. ok beck joshua
* Initialize quic_method in tlsexttesttb2024-03-301-3/+3
| | | | | | | This is only there to pretend a quic method was set on the SSL, but apparently some compilers warn about an uninitialized variable. from Christian Andersen
* Replace silly test1_exit() with exit()tb2024-03-301-21/+15
| | | | | | Appeases some compiler. from Christian Andersen
* Remove call to lh_FUNCTION_free()tb2024-03-301-3/+1
| | | | | | This is a wrapper around lh_free() which is already tested. From Christian Andersen
* In _malloc_init(), round up the region being mprotected RW to the mallocmiod2024-03-301-11/+11
| | | | | | | | | | page size, rather than relying upon mprotect to round up to the actual mmu page size. This repairs malloc operation on systems where the malloc page size (1 << _MAX_PAGE_SHIFT) is larger than the mmu page size. ok otto@
* Hide symbols in aesjoshua2024-03-305-3/+74
| | | | ok jsing
* Hide symbols in camelliajoshua2024-03-303-1/+60
| | | | ok tb
* Rewrite RSA_padding_add_PKCS1_type_{1,2}() with CBS/CBB.jsing2024-03-301-33/+99
| | | | ok tb@
* Hide symbols in whrlpooljoshua2024-03-303-1/+45
| | | | ok tb
* Do multiple padding add/check iterations.jsing2024-03-301-24/+34
| | | | | This increases the chance of triggering bugs due to input and/or randomised padding.
* Hide symbols in CMSjoshua2024-03-305-4/+30
| | | | ok jsing
* Add initial regress for RSA padding.jsing2024-03-302-2/+328
|
* Remove pointless guard in cms headerjoshua2024-03-301-4/+2
| | | | ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 07:53:31 +0000