summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/bio (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Streaming BIOs assume they can write to NULL BIOstb2023-03-151-5/+4
| | | | | | | | | | At least SMIME_text() relies on this. Pushing an error on the stack trips PKCS7 regress in py-cryptography, so indicate nothing was written instead of throwing an error. Reported by Alex Gaynor a while back ok jsing
* spelling fixes; from paul tagliamontejmc2022-12-261-2/+2
| | | | | | | i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
* in case of failure, always report the error with BIOerror();schwarze2022-12-221-4/+14
| | | | OK tb@
* Revert BIO_push(3) cycle prevention (bio_lib.c rev. 1.42).schwarze2022-12-161-7/+1
| | | | | | | | | | | | | | | | | | | jsing@ worries that cycle prevention might increase risk because software that is not checking return values (and indeed, not checking is likely common in practice) might silently behave incorrectly with cycle prevention whereas without, it will likely either crash right away through infinite recursion or at least hang in an infinite loop when trying to use the cyclic chain, in both cases making it likely that the bug will be found and fixed. Besides, tb@ points out that BIO_set_next(3) ought to behave as similarly as possible to BIO_push(3), but adding cycle prevention to BIO_set_next(3) would be even less convincing because that function does not provide a return value, encouraging users to expect that it will always succeed. While a safe idiom for checking the success of BIO_set_next(3) could easily be designed, let's be realistic: application software would be highly unlikely to pick up such an idiom.
* Improve the implementation of BIO_push(3) such that it changes nothingschwarze2022-12-071-1/+7
| | | | | | and reports failure if a call would result in a cycle. The algorithm used was originally suggested by jsing@. Feedback and OK tb@.
* Make sure BIO_push(3) always preserves all invariants of the prev_bioschwarze2022-12-061-3/+10
| | | | | | | | | | | | | | | | | | | | and next_bio fields of all BIO objects in all affected chains, no matter what the arguments are. In particular, if the second argument (the one to be appended) is not at the beginning of its chain, properly detach the beginning of its chain before appending. We have weak indications that this bug might affect real-world code. For example, in FreeRDP, file libfreerdp/crypto/tls.c, function bio_rdp_tls_ctrl(), case BIO_C_SET_SSL, BIO_push(3) is definitely called with a second argument that is *not* at the beginning of its chain. Admittedly, that code is hard to fathom, but it does appear to result in a bogus prev_bio pointer without this patch. The practical impact of this bug in this and other software remains unknown; the consequences might possibly escalate up to use-after-free issues if BIO_pop(3) is afterwards called on corrupted BIO objects. OK tb@
* Improve the poorly designed BIO_set_next(3) API to always preserve allschwarze2022-12-061-3/+18
| | | | | | | | | | | | | | | | | invariants of the prev_bio and next_bio fields of all BIO objects in all involved chains, no matter which arguments this function is called with. Both real-world uses of this function (in libssl and freerdp) have been audited to make sure this makes nothing worse. We believe libssl behaves correctly before and after the patch (mostly because the second argument is NULL there), and we believe the code in freerdp behaves incorrectly before and after the patch, leaving a prev_bio pointer in place that is becoming bogus, only in a different object before and after the patch. But after the patch, that bogus pointer is due to a separate bug in BIO_push(3), which we are planning to fix afterwards. Joint work with and OK tb@.
* Revert bio_prev removaltb2022-12-022-2/+12
| | | | | | | | | As schwarze points out, you can pop any BIO in a chain, not just the first one (bonus points for a great name for this API). The internal doubly linked was used to fix up the BIO chain bio was part of when you BIO_pop() a bio that wasn't in the first position, which is explicitly allowed in our documentation and implied by OpenSSL's.
* Mostly align BIO_read()/BIO_write() return values with OpenSSL 3.x.jsing2022-11-301-7/+21
| | | | | | | | | | For various historical reasons, there are a number of cases where our BIO_read() and BIO_write() return slightly different values to what OpenSSL 3.x does (of course OpenSSL 1.0 differs from OpenSSL 1.1 which differs from OpenSSL 3.x). Mostly align these - some further work will be needed. Issue raised by tb@ who also wrote some test code.
* Retire prev_biotb2022-11-282-12/+2
| | | | | | | | | | | | | While BIO chains are doubly linked lists, nothing has ever made use of this fact internally. Even libssl has failed to maintain prev_bio properly in two places for a long time. When BIO was made opaque, the opportunity to fix that was missed. Instead, BIO_set_next() now allows breaking the lists from outside the library, which freerdp has long done. Problem found by schwarze while trying to document BIO_set_next(). schwarze likes the idea ok jsing
* Avoid potential divide by zero in BIO_dump_indent_cb()jsing2022-10-171-8/+7
| | | | | | | | | | | | | Passing an indent value of 67 results in DUMP_WIDTH_LESS_IDENT returning a value of zero, which is promptly used for division. Likewise, passing a value larger than 67 results in a negative value being returned. Prevent this by limiting indent to 64 (which matches OpenSSL's current behaviour), as well as ensuring that dump_width is > 0. Should fix oss-fuzz #52464 and #52467. ok miod@ tb@
* Make BIO_info_cb() identical to bio_info_cb()tb2022-09-111-2/+3
| | | | | | | | | | | | | Various projects use bio_info_cb and BIO_info_cb interchangeably, for example mupdf and freerdp. This is because this was changed in OpenSSL commit fce78bd4 (2017), triggered by new warnings in gcc 8. https://github.com/openssl/openssl/pull/4493 This results in some scary compiler warnings and useless patches in ports. Nobody seems to be using the old bio_info_cb() version. ok jsing
* Initialize readbytes in BIO_gets()tb2022-08-151-2/+2
| | | | | | | | If the bgets() callback returns <= 0, we currently rely on the user provided callback to set readbytes, which isn't ideal. This also matches what's done in BIO_read() and BIO_write(). ok jsing
* Remove mkerr.pl remnants from LibreSSLkn2022-07-122-12/+2
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* Reduce memmoves in memory BIOs.jsing2022-02-191-22/+38
| | | | | | | | | | | | | | | | | Currently, a read/write memory BIO pulls up the data via memmove() on each read. This becomes very expensive when a lot of small reads are performed, especially if there is a reasonable amount of data stored in the memory BIO. Instead, store a read offset into the buffer and only perform a memmove() to pull up the data on a write, if we have read more than 4096 bytes. This way we only perform memmove() when the space saving will potentially be of benefit, while avoiding frequent memmove() in the case of small interleaved reads and writes. Should address oss-fuzz #19881. ok inoguchi@ tb@
* Provide a struct bio_mem for memory BIO specific data.jsing2022-02-191-47/+58
| | | | | | | | | In order to fix and improve the memory BIO, we need to be able to track more than just a single BUF_MEM *. Provide a struct bio_mem (which currently only contains a BUF_MEM *) and rework the internals to use this struct. ok inoguchi@ tb@
* Clean up and simplify memory BIO code.jsing2022-02-181-124/+139
| | | | | | | | This is a first pass that uses sensible and consistent names for variables. Call the BIO 'bio' (instead of 'a', 'b', 'bp', or 'h'), drop a bunch of unnecessary casts, simplify some logic and add additional error checking. With input from and ok tb@
* Implement new-style OpenSSL BIO callbackstb2022-01-1410-130/+251
| | | | | | | | | | This provides support for new-style BIO callbacks in BIO_{read,write,gets,puts}() and a helper function to work out whether it should call the new or the old style callback. It also adds a few typedefs and minor code cleanup as well as the BIO_{get,set}_callback_ex() from jsing, ok tb
* Make structs in bio.h opaquetb2022-01-142-60/+60
| | | | | | | Move BIO, BIO_METHOD and BIO_F_BUFFER_CTX to bio_local.h and provide BIO typedef in ossl_typ.h. ok inoguchi jsing
* Remove BIO_s_file_internaltb2022-01-141-4/+1
| | | | | | | Pointed out by schwarze. How something with this name ever made its way into a public header will remain a mystery. ok inoguchi jsing
* Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_APItb2022-01-141-5/+1
| | | | | This marks the start of major surgery in libcrypto. Do not attempt to build the tree for a while (~50 commits).
* Add a new, mostly empty, bio_local.h and include it in the filestb2022-01-0717-16/+114
| | | | | | that will need it in the upcoming bump. discussed with jsing
* Prepare to provide BIO_set_retry_reason()tb2022-01-052-2/+11
| | | | | | Needed by freerdp. ok inoguchi jsing
* Prepare to provide BIO_set_next().tb2022-01-052-2/+11
| | | | | | This will be needed in libssl and freerdp after the next bump. ok inoguchi jsing
* Fix an issue that might possibly turn into a DOS depending onschwarze2021-12-091-3/+3
| | | | | | | | | | how application software uses the API function BIO_indent(3): If the caller asks for some output, but not more than some negative number of bytes, give them zero bytes of output rather than drowning them in nearly INT_MAX bytes. OK tb@
* Hide BIO_s_file_internal() from internal view.tb2021-11-291-2/+4
| | | | ok jsing
* Unifdef LIBRESSL_NEW_API. Now that the library is bumped, this istb2021-11-011-3/+1
| | | | | | no longer needed. ok jsing
* Prepare to provide BIO_get_init()tb2021-10-242-5/+14
| | | | ok beck jsing
* While the traditional OpenSSL return value and behaviour of BIO_dump(3)beck2021-07-111-5/+10
| | | | | | | | | | | is pure comedy gold, and now documented as such, sadly this bit of pure Muppet genius can't really in good consience stay in the tree as is. Change BIO_dump to always return the number of bytes printed on success and to stop printing and return -1 on failure if a writing function fails. ok tb@, jsing@
* Avoid mangled output in BIO_debug_callbacktb2021-03-251-4/+12
| | | | | | | Instead of blindly skipping 14 characters, we can use the return value of snprintf() to determine how much we should skip. From Martin Vahlensieck with minor tweaks by me
* failed to detect asprintf() error by observing return of -1, instead thederaadt2019-06-281-6/+3
| | | | | code was inspecting the pointer (which is, sadly, undefined on error, because the current specification of asprintf is crazy sloppy)
* Add input validation to BIO_read()/BIO_write().jsing2019-04-141-4/+14
| | | | | | | | | Some bread/bwrite functions implement this themselves, while others do not. This makes it consistent across all BIO implementations. Addresses an issue that Guido Vranken found with his fuzzer. ok tb@
* Add const to the argument of the following callback getters:tb2018-06-022-18/+18
| | | | | | | | BIO_meth_get_callback_ctrl, BIO_meth_get_create, BIO_meth_get_ctrl, BIO_meth_get_destroy, BIO_meth_get_gets, BIO_meth_get_puts, BIO_meth_get_read, and BIO_meth_get_write. ok jsing
* Add a const qualifier to the return value of BIO_s_file().tb2018-05-302-5/+5
| | | | | tested in a bulk build by sthen ok bcook, jsing
* const qualifiers for BIO_new_mem_buf(), BIO_new_connect() andtb2018-05-124-11/+11
| | | | | | | | BIO_new_accept(). The one for BIO_new_mem_buf() is a bit ugly since it needs to cast away the newly added const qualifier, as in OpenSSL commit 8ab31975bac. ok jsing
* Add const qualifiers to the return values of BIO_s_mem() andtb2018-05-123-9/+9
| | | | | | BIO_s_datagram(). ok jsing
* const for BIO_{new,set}() and most of the BIO_{f,s}_*() family oftb2018-05-0112-47/+47
| | | | | | functions. ok beck, jsing
* Bring in compatibility for OpenSSL 1.1 style init functions.beck2018-03-171-1/+3
| | | | | | | | | This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL ok jsing@, nits by tb@ and deraadt@
* Make BIO_meth_get_write() public. Omission spotted by schwarze.tb2018-03-171-1/+2
| | | | ok jsing
* Provide BIO_up_ref().jsing2018-02-222-2/+10
|
* whitespace nittb2018-02-201-2/+2
|
* Provide BIO_meth_{g,s}et_callback_ctrl()tb2018-02-202-2/+22
| | | | with & ok jsing
* Provide BIO_meth_get_{create,ctrl,destroy,gets,puts,read}()tb2018-02-202-2/+50
| | | | ok jsing
* Zap an 'int' that snuck in.tb2018-02-201-3/+2
| | | | ok jsing
* Provide BIO_{g,s}et_shutdown().tb2018-02-202-2/+16
| | | | ok jsing
* Provide BIO_get_new_index().jsing2018-02-202-2/+23
| | | | Based on BoringSSL.
* Provide BIO_meth_set_gets().tb2018-02-182-2/+10
| | | | ok jsing
* Provide BIO_{g,s}et_data() and BIO_set_init().tb2018-02-182-2/+23
| | | | ok jsing
* Provide BIO_meth_{free,new}() and BIO_meth_set_{create,crtl,destroy}()tb2018-02-172-1/+94
| | | | | | and BIO_meth_set_{puts,read,write}(). ok jsing
* Restore the old behavior when a port number without a host name isbluhm2018-02-071-10/+12
| | | | | | passed to BIO_get_accept_socket(). This is part of the API and it fixes "openssl ocsp -port 12345" in server mode. from markus@; OK jsing@ beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 16:40:21 +0000