| Commit message (Collapse) | Author | Files | Lines |
|---|
|
while here, improve some of the existing text in minor ways
|
|
discussed with jsing@
|
|
as intentionally undocumented; discussed with jsing@
|
|
|
|
|
|
* handle multiple qualifiers on the function return type
* handle function pointer type declarations
* handle unions inside structs
* handle forward struct declarations
* handle "typedef const"
* handle ASN1_F_, ASN1_R_, and X509V3_R_ error constants
* handle "#if defined" in the same way as "#ifdef"
* skip whitespace between "#" and "define"
* skip whitespace before C comments
* ignore TYPEDEF_D2I2D_OF
|
|
If the key overlaps the end of the array, memcpy(3) mutates the key
and copies a corrupted value into the end of the array.
If we use memmove(3) instead we at least end up with a clean copy of
the key at the end of the array. This is closer to the intended
behavior.
With input from millert@ and deraadt@.
Thread: https://marc.info/?l=openbsd-tech&m=163880307403606&w=2
ok millert@
|
|
In order to not forget it, already remove the statements
that these APIs are currently implemented as macros:
Not saying that doesn't make the documentation wrong.
|
|
jsg's analysis tool flagged a potential double free in do_server().
While this looks like a false positive, we can clean this code up
a little: the host name passed to the callbacks isn't used by either
sv_body() and www_body(), so it can be made local to do_accept()
(an extra variable would not even be needed). Simplify the callbacks'
signatures accordingly. Remove some commented out linger code that
would never be used again anyway.
ok inoguchi jsg
|
|
It makes no sense to allocate an entire BN_CTX if we only use it to
get a single BIGNUM, from which we subtract 1 to compare it to g.
We can just use a plain BIGNUM and delete a bunch of lines.
ok inoguchi jsing
|
|
This provides test coverage for SCT encoding/decoding.
|
|
|
|
|
|
conflicts in my work on making much of libcrypto opaque.
discussed with jsing
|
|
ok inoguchi jsing
|
|
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
BN_abs_is_word, BN_is_{zero,one,word,odd}, BN_one, BN_zero_ex are
now implemented as functions for internal use. They will be exposed
publicly to replace the macros reaching into BIGNUM in the next bump.
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
The function implementations are necessary to make BIGNUM opaque.
They will be used in libcrypto internally until they will replace
the macro implementations with the next bump.
ok inoguchi jsing
|
|
Currently there are two files for private key ASN.1 (d2i_pr.c, i2d_pr.c)
and two files for public key ASN.1 (d2i_pu.c, i2d_pu.c). All of the other
ASN.1 code has d2i and i2d in the same per-object file.
Consolidate d2i_pr.c/i2d_pr.c into a_pkey.c and consolidate
d2i_pu.c/i2d_pu.c into a_pubkey.c before making any further changes to
this code.
ok tb@
|
|
Provide ssl_kex_generate_dhe_params_auto() which handles DHE key generation
based on parameters determined by the specified key bits. Convert the
existing DHE auto parameter selection code into a function that just tells
us how many key bits to use.
Untangle and rework the server side DHE key exchange to use the ssl_kex_*
functions.
ok inoguchi@ tb@
|
|
ok inoguchi@ tb@
|
|
Call DH_check_pub_key() after decoding the peer public key - this will be
needed for the server DHE key exchange, but also benefits the client.
ok inoguchi@ tb@
|
|
Reported by Ilya Shipitsine, discussed with jsing
|
|
|
|
|
|
|
|
Call the replacement asn1_tlc_invalidate() since it does not actually
clear the ASN1_TLC.
While here, name the ASN1_TLC variables consistently as ctx, remove a
pointless comment and simplify ASN1_item_d2i() slightly.
ok inoguchi@ tb@
|
|
|
|
ASN1_item_ex_d2i() is just a wrapper around the internal asn1_item_ex_d2i()
function, so call asn1_item_ex_d2i() directly.
ok inoguchi@ tb@
|
|
Rather than using malloc() and then initialising all struct members to zero
values, use calloc().
ok schwarze@ tb@
|
|
This ensures that if any members are added to this struct, they will be
initialised.
ok schwarze@ tb@
|
|
This removes nested ifs and uses more sensible variable names.
ok schwarze@ tb@
|
|
Rather than using malloc() and then initialising all struct members, use
calloc() and only initialise the single non-zero value member.
ok schwarze@ tb@
|
|
Rather than using malloc() and then initialising all struct members, use
calloc() and only initialise the single non-zero value member.
ok schwarze@ tb@
|
|
These functions previously used the old ASN1_{d2i,i2d}_{bio,fp}()
interfaces.
ok inoguchi@ tb@
|
|
almost all members to 0. Just set the two things that need setting.
ok jsing
|
|
It is very easy to forget to copy over newly added methods. Everyone
working in this corner has run into this. Instead, preserve what needs
preserving and use a struct copy, so all methods get copied from src
to dest.
tweak/ok jsing
|
|
The "lim" variable needs to be a size_t to match nmemb, otherwise we
get undefined behavior when nmemb exceeds INT_MAX.
Prompted by a blog post by Joshua Bloch:
https://ai.googleblog.com/2006/06/extra-extra-read-all-about-it-nearly.html
Fixed by Chris Torek a long time ago:
https://svnweb.freebsd.org/csrg/lib/libc/stdlib/bsearch.c?revision=51742&view=markup
ok millert@
|
|
Other regress tests do it differently; just fix/thouch those that did not
mention any package name at all.
This helps grepping logs for SKIPPED to find instructions for the next run.
|
|
|
|
ok schwarze
|
|
|
|
|
|
|
|
This commit adds generic EVP_CTRL_AEAD_{SET,GET}_TAG and _SET_IVLEN
defines and aliases the GCM and CCM versions to those.
This is the publicly visible part of OpenSSL's e640fa02005.
ok inoguchi jsing
|
|
sk is commonly used for a STACK_OF(), so call the shared key simply key.
ok jsing
|
