summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Disable DSA_FLAG_NO_EXP_CONSTTIME, always enable constant-time behavior.bcook2016-06-213-88/+46
| | | | | | | Improved patch from Cesar Pereida. See https://github.com/libressl-portable/openbsd/pull/61 for more details. ok beck@
* Set BN_FLG_CONSTTIME on the correct variable. beck committed wrong fix.libressl-v2.4.1tedu2016-06-061-2/+2
| | | | Mistake noted by Billy Brumley. Many thanks.
* Correct a problem that prevents the DSA signing algorithm from runningbeck2016-06-061-4/+6
| | | | | | | in constant time even if the flag BN_FLG_CONSTTIME is set. This issue was reported by Cesar Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by Cesar Pereida.
* LibreSSL 2.4.1bcook2016-06-061-3/+3
|
* deprecate internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.beck2016-05-302-8/+16
| | | | | | | 14 years ago these were changed in OpenSSL to be the same as the _ex functions. We use the _ex functions only internally to ensure it is obvious the ctx must be cleared. ok bcook@
* use -nameopt esc_msb so "NetLock Kft" cert has the non-asciijsg2016-05-251-2/+2
| | | | | | and non-utf8 bytes escaped. ok sthen@
* Fix a short-read bug in the previous version of asn1_d2i_read_biobcook2016-05-201-26/+28
| | | | The outer while() loop is missing, so we only read up to chunk_max bytes.
* remove hppa64 port, which we never got going beyond broken single users.deraadt2016-05-112-314/+0
| | | | | | hppa reverse-stack gives us a valuable test case, but most developers don't have a 2nd one to proceed further with this. ok kettenis
* fix for integer overflow in encode and encrypt update functions.tedu2016-05-042-6/+11
| | | | | | additionally, in EncodeUpdate, if the amount written would overflow, return 0 instead to prevent bugs in the caller. CVE-2016-2105 and CVE-2016-2106 from openssl.
* fix a padding oracle in aesni cbc mac check. there must be enough datatedu2016-05-041-1/+4
| | | | | for both the mac and padding bytes. CVE-2016-2107 from openssl
* internal only negative types should not be handled here.tedu2016-05-043-9/+3
| | | | CVE-2016-2108 from openssl.
* be careful about consuming excessive memory by reading in chunks.tedu2016-05-041-14/+37
| | | | CVE-2016-2109 from openssl.
* revert the big change from yesterday to prepare for smaller commits.tedu2016-05-047-55/+30
|
* prefer limits.h over sys/limits.hbcook2016-05-031-2/+2
|
* patch from openssl for multiple issues:tedu2016-05-038-30/+265
| | | | | | | missing padding check in aesni functions overflow in evp encode functions use of invalid negative asn.1 types ok beck
* Crank majors for lib{crypto,ssl,tls} due to symbol removals, symboljsing2016-04-282-2/+2
| | | | additions and functionality changes.
* don't go into an unbreakable infinite loop during operations suchtedu2016-04-281-1/+2
| | | | | as reading passwords. allow ^C to break. the pain was mine, the fix is miod's.
* Rename EVP_aead_chacha20_poly1305() to EVP_aead_chacha20_poly1305_old()jsing2016-04-282-13/+13
| | | | | | | and replace with EVP_aead_chacha20_poly1305_ietf(). The IETF version will become the standard version. Discussed with many.
* fix typo in comment; ok becktj2016-04-192-4/+4
|
* Use the correct iv and counter when decrypting the ciphertext forjsing2016-04-131-4/+4
| | | | EVP_aead_chacha20_poly1305_ietf().
* for some time now mandoc has not required MLINKS to functionjmc2016-03-301-903/+1
| | | | | | | | | | | | correctly - logically complete that now by removing MLINKS from base; authors need only to ensure there is an entry in NAME for any function/ util being added. MLINKS will still work, and remain for perl to ease upgrades; ok nicm (curses) bcook (ssl) ok schwarze, who provided a lot of feedback and assistance ok tb natano jung
* fix the last bunch of NAME sections that were overlooked earlierschwarze2016-03-261-2/+9
| | | | | such that the MLINKS removal can be committed after this; OK jmc@
* Return zero from two functions on allocation failure instead of alwaysmmcc2016-03-212-4/+4
| | | | | | | | | | | returning one (indicating success). Each function has only a single usage, and both usages check the return value. Merged from BoringSSL 0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c: https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!/#F0 ok beck@
* " the the " -> " the ", or in a couple of cases replace the superfluouskrw2016-03-202-3/+3
| | | | | | "the" with the obviously intended word. Started with a "the the" spotted by Mihal Mazurek.
* explicit_bzero for asn1 objects on free. Too often these contain sensitive ↵beck2016-03-171-24/+27
| | | | | | | information and they should not be a performance bottleneck ok miod@ krw@
* 'accomodate' -> 'accommodate' in comments.krw2016-03-155-9/+9
| | | | Started by diff from Mical Mazurek.
* Fix examples for EVP_PKEY_CTX_set_rsa_padding.bcook2016-03-132-2/+2
| | | | | | | | Noted here, https://github.com/libressl-portable/portable/issues/161, we document a non-existent constant in the examples for EVP_PKEY_CTX_set_rsa_padding. ok deraadt@
* Add error handling to the remaining calls to bn_wexpand().bcook2016-03-122-16/+23
| | | | | | | Noticed by pascal-cuoq from Github: https://github.com/libressl-portable/openbsd/issues/56 ok beck@
* Remove sentences in RETURN VALUES sections saying that functions withmmcc2016-03-1213-31/+4
| | | | | | | | | | | | | void return types 'return no value'. This is obvious and therefore unneccessary to mention. We spare rewind(3)'s sentence because espie@ pointed out that it's a warning - the function masks a potential error. This commit also adds a sentence to X509_free clarifying that it's NULL-safe. This bit was discussed with doug@. ok martijn@, sentiment supported by schwarze@
* Bump for LibreSSL 2.4.0bcook2016-03-121-3/+3
|
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-118-29/+19
| | | | ok doug@
* http -> https for a few more IETF URLs in comments or man pagesmmcc2016-03-101-2/+2
|
* explict_bzero for some asn1 free's - ok miod@beck2016-03-062-3/+9
|
* graduate bn_expand() to a real function. the openssl version of thisderaadt2016-03-042-4/+16
| | | | | | | uses a macro with multiple-evaluations of arguments (different amount than the previous version..), but doug/bcook's inline version makes BIGNUM not opaque [problem spotted by naddy] ok doug
* Revert bn_expand until there's consensus on a fix.doug2016-03-041-14/+3
|
* fix the rest of the read_ledword() calls used as lengths to be bounded.beck2016-03-021-1/+5
| | | | | inspired by guido vranken https://guidovranken.wordpress.com/2016/03/01/public-disclosure-malformed-private-keys-lead-to-heap-corruption-in-b2i_pvk_bio/ ok doug@
* Add bounds checking for BN_hex2bn/BN_dec2bn.doug2016-03-022-10/+26
| | | | | | | | | Need to make sure i * 4 won't overflow. Based on OpenSSL: commit 99ba9fd02fd481eb971023a3a0a251a37eb87e4c input + ok bcook@ ok beck@
* bound lengths coming out of a pem file to something like realitybeck2016-03-021-3/+7
| | | | ok deraadt@
* Remove support for ancient, broken DSA implementations.doug2016-03-011-60/+20
| | | | | | | | | | | | | | | Based on a few OpenSSL commits: Remove ancient DSA workarounds commit ab4a81f69ec88d06c9d8de15326b9296d7f498ed Remove workaround for broken DSA implementations using negative integers commit dfb10af92e9663ce4eefaa1d6b678817fa85344d Typo in error name (EVP_R_DECODE_ERROR -> DSA_R_DECODE_ERROR) commit f6fb7f1856d443185c23f1a5968c08b4269dd37d ok beck@
* Sync some root certificates with Mozilla's cert store. ok bcook@sthen2016-02-171-84/+1016
| | | | | | | | | | | | | | | | | | | - Add new root certificates present in Mozilla cert store from CA organizations who are already in cert.pem (AddTrust, Comodo, DigiCert, Entrust, GeoTrust, USERTrust). - Replace Startcom's root with their updated sha256 version present in Mozilla cert store. (They maintained serial# etc so this is still valid for existing signed certificates). - Add two root certificates from CA not previously present: "C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority" "C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru) We are still listing some certificates that have been removed from Mozilla's store (1024-bit etc) however these cannot be removed until cert validation is improved (we don't currently accept a certificate as valid unless the CA is at the end of a chain).
* Sort cert.pem alphabetically, first by organisation, then by CA namesthen2016-02-011-1604/+1584
| | | | | | | | | | | (CN if available, otherwise OU). Add a comment identifying the org. Now to get an easy-to-read list of certificates in the file you can use "grep ^[#=] cert.pem". Prepared with https://spacehopper.org/format-pem.20160201. If you would like to verify this commit to ensure that I didn't sneak in any other changes, it will be easier to use the script rather than do it by hand.
* Revamp cert.pem certificate information formatting. Skip headers whichsthen2016-01-311-2459/+184
| | | | | | | | | aren't really useful (the information can be obtained by feeding the cert into "openssl x509 -in filename -text") and add a separator between certs showing the CA's CN or OU (similar to the display format in web browsers). Include both SHA1 and SHA256 fingerprints for all certificates. ok beck@ zhuk@ jung@
* Calling clone(2) with CLONE_NEWPID yields multiple processes with pid=1.bcook2016-01-042-4/+6
| | | | | | | | | | | | | Work around this particular case by reseeding whenever pid=1, but as guenther@ notes, directly calling clone(2), and then forking to match another pid, provides other ways to bypass new process detection on Linux. Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and does not invent a corresponding mechanism to subvert it. Noted by Sebastian Krahmer and the opmsg team. See http://stealth.openwall.net/crypto/randup.c for a test program. ok beck@
* More adress -> addressmmcc2015-12-242-2/+2
|
* remove NULL-checks before free()mmcc2015-12-233-19/+11
|
* assign pointer NULL rather than 0mmcc2015-12-231-2/+2
|
* assign pointer to NULL rather than 0mmcc2015-12-231-2/+2
|
* initialize a pointer to NULL rather than 0mmcc2015-12-221-2/+2
|
* Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certificationsthen2015-12-151-49/+0
| | | | | | | | | | | | | | | | | Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root certificate from cert.pem. ok rpe@ Symantec/VeriSign say "Browsers/root store operators are encouraged to remove/untrust this root from their root stores" and "hasn't been used to generate new certificates in several years, and will now be repurposed to provide transition support for some of our enterprise customers' legacy, non-public applications" (https://www.symantec.com/page.jsp?id=roots, http://www.scmagazine.com/google-will-remove-trust-of-symantecs-pca3-g1-certificate/article/459688/). Also see https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941 https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-digital.html
* initialize ext_len to 0.beck2015-12-141-2/+6
| | | | ok guenther@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-18 16:27:55 +0000