summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/txt_db (unfollow)
Commit message (Collapse)AuthorFilesLines
7 daysImplement s_client starttls protocol sieve.martijn2-4/+62
OK on previous diff concept sthen@ Suggestions, feedback and OK current diff tb@
8 daysopenssl asn1pars: move tmplen next to tmpbuftb1-4/+4
8 daysopenssl asn1pars: avoid a few unnecessary caststb1-11/+11
If str is a const unsigned char * rather than a char *, we can get away with a single cast and do not need to cast away const either. Reduce the scope of tmpbuf and ctmpbuf (now p) while there. ok kenjiro
9 daysEVP_SealInit.3: fix RETURN VALUES sectiontb1-2/+12
While normal calls return 0 for error and npubk for success, there is a case where it returns the usual 1/0 thing. Make that explicit. Prompted by a report by Niels Dossche ok jsing kenjiro
9 daysEVP_OpenInit.3: fix RETURN VALUES sectiontb1-6/+4
This has been incorrectly documented since forever. The function only ever returned 0/1. ok jsing kenjiro
9 daysEVP_SealInit(): clear random key on exittb1-2/+4
ok jsing kenjiro
9 daysEVP_{Open,Seal}Init(): remove redundant EVP_CIPHER_CTX_reset() callstb1-5/+1
The subsequent EVP_{Decrypt,Encrypt}Init_ex() calls already do that. pointed out by jsing
9 daysEVP_SealInit(): minor cleanup.tb1-11/+25
Explicitly compare pointers against NULL, turn the function into single exit, add hint at why npubk <= 0 or pubk == NULL are a success path: The documentation briefly explains that EVP_OpenInit() and EVP_SealInit() is able to initialize the EVP_CIPHER_CTX in two steps exactly like the EVP_CipherInit_ex() API they wrap: the first call with non-NULL cipher (aka type) only sets the cipher on the ctx, then it returns to allow callers to customize the EVP_CIPHER_CTX, and a second call with cipher == NULL skips the initialization and finishes the ctx setup by setting key and iv. Prompted by a report by Niels Dossche. ok jsing kenjiro
9 daysEVP_SealInit: do not return -1 on errortb1-2/+2
It is documented that EVP_SealInit() returns 0 on error. So -1 is wrong. Reported by Niels Dossche ok jsing kenjiro
9 daysEVP_OpenInit(): minor cleanuptb1-9/+16
Explicitly compare pointers against NULL, turn the function into single exit and explain why priv == NULL is a success (hint: muppet API). Prompted by a report by Niels Dossche. ok jsing kenjiro
12 daysAvoid type confusion in the timestamp response parsingtb1-1/+3
A malformed v2 signing cert can lead to a type confusion, and the result is a read from an invalid memory address or NULL, so a crash. Unlike for OpenSSL, v1 signing certs aren't affected since miod fixed this in '14. Reported by Luigino Camastra, fix by Bob Beck, via OpenSSL, CVE 2025-69420. ok jsing
12 daysAvoid type confusion in PKCS#12 parsingtb1-3/+9
A type confusion can lead to a 1-byte read at address 0x00-0xff, so a crash. Reported by Luigino Camastra, fix by Bob Beck, via OpenSSL, CVE 2025-22795 ok jsing
12 daysAdd NULL pointer check to PKCS12_item_decrypt_d2i()tb1-1/+6
Avoids a NULL pointer dereference triggerable by a malformed PCKS#12 file. From Luigino Camastra via OpenSSL (CVE-2025-69421) ok jsing
14 daysassembly regress: use make's MACHINE_ARCH rather than handrolling ittb1-4/+3
discussed with jsing
14 daysFix tyojsing1-2/+2
14 daysHook assembly regressjsing1-1/+2