|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | DSA_size() and ECDSA_size() have a very special hack. They fudge up an
ASN1_INTEGER with a size which is typically > 100 bytes, backed by a
buffer of size 4. This was "fine", however, since they set buf[0] = 0xff,
where the craziness that was i2c_ASN1_INTEGER() only looks at the first
octet (one may then ask why a buffer of size 4 was necessary...).
This changed with the rewrite of i2c_ASN1_INTEGER(), which doesn't
respect this particular hack and rightly assumes that it is fed an
actual ASN1_INTEGER...
Instead, create an appropriate signature and use i2d to determine its
size.
Fixes an out-of-bounds read flagged by ASAN and oss-fuzz.
ok jsing | 
| | 
| 
| 
| | ok beck jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | This was obtained by porting the OpenSSL commit below and then using
expand_crypto_asn1.go to unroll the new ASN.1 macros - actually the
ones from 987157f6f63 which fixed the omission of dsa_cb() in the
first commit.
ok inoguchi jsing
commit ea6b07b54c1f8fc2275a121cdda071e2df7bd6c1
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Thu Mar 26 14:35:49 2015 +0000
    Simplify DSA public key handling.
    DSA public keys could exist in two forms: a single Integer type or a
    SEQUENCE containing the parameters and public key with a field called
    "write_params" deciding which form to use. These forms are non standard
    and were only used by functions containing "DSAPublicKey" in the name.
    Simplify code to only use the parameter form and encode the public key
    component directly in the DSA public key method.
    Reviewed-by: Richard Levitte <levitte@openssl.org> | 
| | 
| 
| 
| 
| 
| | including the local header where it will be needed.
discussed with jsing | 
| | 
| 
| 
| 
| 
| | it will be needed in the upcoming bump.
discussed with jsing | 
| | 
| 
| 
| 
| 
| | Used by Qt5 and Qt6 and slightly reduces the patching in there.
ok inoguchi jsing | 
| | 
| 
| 
| | ok inoguchi jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | OpenSSL commit 7c96dbcdab9 by Rich Salz.
This cleans up the caller side quite a bit and reduces the number of
lines enclosed in #ifndef OPENSSL_NO_ENGINE.  codesearch.debian.net
shows that almost nothing checks the return value of ENGINE_finish().
While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'.
ok jsing, tested by & ok inoguchi | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| 
| 
| | EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key().
ok jsing | 
| | 
| 
| 
| 
| 
| | as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | If you didn't enable deprecated code, there were missing err.h and
bn.h includes.  This commit allows building with or without deprecated
code.
This was not derived from an OpenSSL commit.  However, they recently
enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems
in a different way.
Verified with clang that this only changes line numbers in the generated
asm.
ok miod@ | 
| | 
| 
| 
| 
| 
| 
| | Improves readability, keeps the code smaller so that it is warmer in your
cache.
review & ok deraadt@ | 
| | 
| 
| 
| 
| 
| 
| 
| | Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers. | 
| | 
| 
| 
| 
| 
| | Also remove unused des_ver.h, which exports some of these strings, but is not installed.
ok miod@ tedu@ | 
| | |  | 
| | |  | 
| | 
| 
| 
| | ok miod | 
| | 
| 
| 
| | ok miod | 
| | 
| 
| 
| 
| 
| 
| 
| | OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free | 
| | 
| 
| 
| 
| | meets their needs, but dumping it in here only penalizes the rest of us.
ok beck deraadt | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| | *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs | 
| | |  | 
|  | functionality for shared libs.
Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in this library.
Needs documentation and help from ports for easy upgrade to full
functionality where legally possible. |