summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* check_cert(): be sure to reset ctx->current_crl to NULL before freeing it.miod2014-09-291-10/+5
| | | | | | | | | X509_STORE_CTX_init(): do not free the X509_STORE_CTX * parameter upon failure, for we did not allocate it and it might not come from the heap, such as in check_crl_path() in this very same file where X509_STORE_CTX_init() gets invoked with a stack address. ok bcook@
* X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size tomiod2014-09-291-3/+5
| | | | | memcpy(). ok bcook@
* X509_VERIFY_PARAM_set1_name(): if invoked with NULL as the secondmiod2014-09-291-1/+2
| | | | | parameter, correctly set param->name to NULL after having freed it. ok bcook@
* X509v3_add_ext(): do not free stuff we did not allocate in the error path.miod2014-09-281-2/+2
| | | | ok bcook@
* X509_TRUST_add(): check X509_TRUST_get0() return value before dereferencing it,miod2014-09-281-15/+23
| | | | | | for it may be NULL. Do not leak memory upon error. ok bcook@
* Someone (TM) thought it was smart to save memory by using malloc(1) andmiod2014-09-281-5/+4
| | | | | | | | | | | | | manual field fiddling to create an ASN1_INTEGER object, instead of using M_ASN1_INTEGER_new() which will allocate sizeof(long) bytes. That person had probably never looked into malloc(3) and never heard of allocation size rounding. Thus, replace the obfuscated code with M_ASN1_INTEGER_new() followed by ASN1_INTEGER_set(), to achieve a similar result, without the need for /* version == 0 */ comments. ok bcook@
* Revert r1.5 and reenable assembler version of ghash now that it has beenmiod2014-09-272-6/+6
| | | | fixed.
* Doh, rev 1.4 had left out one routine with both 32-bit and 64-bit code, wheremiod2014-09-271-0/+2
| | | | the 64-bit code has to be disabled under OpenBSD/hppa.
* Disable assembler code for ghash on hppa, causes wrong computations in somemiod2014-09-274-8/+8
| | | | | cases and breaks TLS 1.2; crank libcrypto.so minor version out of safety and to be able to tell broken versions apart easily.
* X509_STORE_new(): do not leak memory upon error.miod2014-09-261-14/+17
| | | | | | | X509_STORE_get1_certs(), X509_STORE_get1_crls(): check the result of allocations. ok tedu@
* X509_issuer_and_serial_hash(): do not leak memory if an error occurs duringmiod2014-09-261-1/+3
| | | | | | the first EVP block. ok tedu@
* X509at_add1_attr(): do not free stuff we did not allocate in the error path.miod2014-09-261-3/+3
| | | | ok tedu@
* Fix regression introduced in revision 1.15 by using strndup() instead ofmiod2014-09-231-6/+6
| | | | | | strdup() to allocated directory list components. ok jsing@
* a_enum.c used to be a copy of a_int.c with s/INTEGER/ENUMERATED/g , butmiod2014-09-211-4/+9
| | | | | | | | some changes an a_int.c did not get applied to a_enum.c; despite style changes, make sure BN_to_ASN1_ENUMERATED() correctly handles a zero value the same way BN_to_ASN1_INTEGER() does. ok bcook@ beck@ jsing@
* Fix a memory leak in the error path in ASN1_mbstring_ncopy().miod2014-09-211-19/+29
| | | | | | | Replace an if() posse with a switch() statement in traverse_string(). Remove unnecessary casts in cpy_*(), with tweaks from guenther@; ok bcook@ jsing@ guenther@
* A few more MLINKs.miod2014-09-161-1/+7
|
* preserve errno value on success.bcook2014-08-282-8/+12
| | | | | If getrandom returns a temporary failure, make sure errno is not polluted when it succeeds. Thanks to deraadt@ for pointing it out.
* constify strerror return valuebcook2014-08-241-2/+2
| | | | | | | | | There is no intention to modify the string returned by strerror and doing so is forbidden by the standard. from Jonas 'Sortie' Termansen ok tedu@ deraadt@
* Include <sys/time.h> to get struct timevalbcook2014-08-241-1/+2
| | | | | | | | | The crypto/bio/bss_dgram.c file assumes that another file indirectly includes <stdlib.h> that includes <sys/time.h>. from Jonas 'Sortie' Termansen ok deraadt@ tedu@
* Three independent typos for `independent' or `independently'.miod2014-08-191-1/+1
|
* replace more ROTATE macros with plain-old C code.bcook2014-08-182-40/+19
| | | | | | | Let the compiler optimize these. Even older versions of gcc generate equal or better quality code than the inline asm. ok miod@
* remove return value from HOST_c2l/l2c macrosbcook2014-08-188-106/+106
| | | | | | | | | | | These macros and asm inlines simulate a function returning a value, but nothing ever uses this return value. Remove the pseudo-returns and (void) casts discarding the unused values. This, maybe unsurprisingly, speeds things up a bit. It also removes the GCC 4.9 warnings about unused values. ok miod@ deraadt@
* only build the getrandom path if SYS_getrandom is defined.bcook2014-08-162-6/+14
| | | | like the sysctl path
* getrandom(2) support for getentropy_linuxbcook2014-08-162-26/+20
| | | | | | | | | | | This enables support for the new getrandom(2) syscall in Linux 3.17. If the call exists and fails, return a failure in getentropy(2) emulation as well. This adds a EINTR check in case the urandom pool is not initialized. Tested on Fedora Rawhide with 3.17rc0 and Ubuntu 14.04 ok deraadt@
* fixed overrid(d)en typotobias2014-08-142-3/+3
| | | | millert@ and jmc@ agree that "overriden" is wrong
* munmap correct object in (extremely unlikely, and effectively terminal)deraadt2014-08-136-12/+12
| | | | | case of failing to map the 2nd object. found by Paul Maurers
* Replace intrinsic ROTATE macros with an inline.bcook2014-08-121-41/+10
| | | | | Without the cast/mask, the compiler is allowed to optimize this directly to the correct CPU intrinsic for rotate.
* Guard RSA / RC4-5 ASM when NO_ASM is not definedbcook2014-08-114-7/+12
| | | | | | | | | Most assembly blocks remain inactive if OPENSSL_NO_ASM is not defined, only enabling inline assembly, but the RSA / RC4-5 blocks (used only in amd64 systems) turn on implicitly. Guard these two as well. This simplifies enabling just inline ASM in portable, no effective change in OpenBSD.
* Fix CVE-2014-3508, pretty printing and OID validation:guenther2014-08-082-12/+28
| | | | | | | | | | | - make sure the output buffer is always NUL terminated if buf_len was initially greater than zero. - reject OIDs that are too long, too short, or not in proper base-127 Based on https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87 ok bcook@
* Allow B64_EOF to follow a base64 padding character. This restores previousjsing2014-08-061-2/+3
| | | | | | | | behaviour that allows a PEM block to be fed through the base64 decoder. Reported by Dmitry Eremin-Solenikov on tech@ ok deraadt@ tedu@
* Correct error checks in EVP_read_pw_string_min(): UI_add_input_string()guenther2014-08-061-3/+3
| | | | | | | | and UI_add_verify_string() return -1 (and maybe -2?) on failure and >=0 on success, instead of always zero on success problem reported by Mark Patruck (mark (at) wrapped.cx) ok miod@
* In chacha_init(), allow for a NULL iv. Reported by znz on github.miod2014-08-041-2/+3
| | | | ok guenther@ jsing@
* Remove SRP code. It contains a bug (this should not surprise anyone), buttedu2014-07-286-1819/+1
| | | | | | | | | | | the details are under embargo. The original plan was to wait for the embargo to lift, but we've been waiting for quite some time, and there's no indication of when or even if it will end. No sense in dragging this out any longer. The SRP code has never been enabled in OpenBSD, though I understand it is in use by some other people. However, in light of this and other issues, we're officially saying SRP is outside the scope of libressl. (For now.)
* Add missing year to copyright.jsing2014-07-252-4/+4
|
* BIO_free() returns immediately when the sole input is NULL.doug2014-07-257-25/+16
| | | | | | Remove unnecessary NULL check. ok miod@
* level_add_node(): if a memory allocation failure causes us to attempt to cleanmiod2014-07-231-4/+7
| | | | | | | up and return failure, be sure the cleanup work does NOT free objects which are still being referenced by other objects. ok guenther@
* Make sure PEM_def_callback() correctly handles negative buffer sizes; all usesmiod2014-07-231-10/+17
| | | | | | | within libcrypto are safe, but until we can change this function prototype to use size_t instead of int, better be safe than sorry. tweaks and ok guenther@
* Check the return value of the UI functions (including UI_new() which returnmiod2014-07-231-6/+11
| | | | | | value is happily dereferenced without checking it for being non-NULL). ok beck@
* Now that DES_random_key() can be trusted, use it to generate DES keys in themiod2014-07-222-12/+10
| | | | | | | EVP_CTRL_RAND_KEY method handlers, rather than generating a random odd key and not even checking it against the weak keys list. ok beck@
* In DES_random_key(), force the generated key to the odd parity before checkingmiod2014-07-221-8/+8
| | | | | | | | | | | it is not one of the weak and semi-weak keys. Even though the probability of generating a weak key with incorrect parity is abysmally small, there is no reason to be correct (although, if you're in a need for fresh DES keys nowadays, you should seriously consider switching to a stronger symmetric cipher algorithm). ok beck@
* Kill a bunch more BUF_strdup's - these are converted to have a check forbeck2014-07-226-15/+20
| | | | | NULL before an intrinsic strdup. ok miod@
* better match proposed syscall apibcook2014-07-222-16/+4
|
* protect sysctl path with SYS__sysctl instead; from enh@google, ok bcookderaadt2014-07-212-12/+12
|
* Use explicit_bzero() instead of memset() on buffers going out of scope.guenther2014-07-216-12/+18
| | | | | | | Also, zero the SHA256 context. suggested by "eric" in a comment on an opensslrampage.org post ok miod@ deraadt@
* cast from void * before math; enh@googlederaadt2014-07-212-4/+4
|
* Move more OS-specific functionality to arc4random.h headers.bcook2014-07-208-8/+74
| | | | | | | | Move <sys/mman.h> and raise(SIGKILL) calls to OS-specific headers. On OpenBSD, move thread_private.h as well to arc4random.h. On Windows, use TerminateProcess on getentropy failure. ok deraadt@
* initial win32 ARC4_LOCK/UNLOCK implementation.bcook2014-07-202-2/+42
| | | | | It may make sense to later replace this with a Critical Section later. ok guenther@
* Demonstrate how new linux getrandom() will be called, at least untilderaadt2014-07-202-2/+74
| | | | | | it shows up in libraries. Even the system call is probably not finalized. Bit dissapointed it has turned out to be a descriptor-less read() with EINVAL and EINTR error conditions, but we can work with it.
* Mark the format string argument to BIO_*printf as not being allowed to be NULLguenther2014-07-201-5/+7
| | | | ok bcook@
* remove disabled main hook; we use phdr now; ok bcookderaadt2014-07-196-42/+6
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-21 16:53:04 +0000