summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Use explicit_bzero() rather than memset() when clearing a BIGNUM.jsing2018-05-121-2/+2
| | | | ok bcook@ tb@
* begin LibreSSL 2.8.0 dev branchbcook2018-05-031-3/+3
|
* In evp.h rev. 1.59 2018/05/02 15:51:41, tb@ added a const qualifierschwarze2018-05-023-9/+9
| | | | | to the return value of BIO_f_base64(3), BIO_f_cipher(3), and BIO_f_base64(3). Update the documentation.
* Add const qualifiers to return value of BIO_f_{base64,cipher,md}().tb2018-05-024-13/+13
| | | | | tested in bulk by sthen ok jsing
* Remove incorrect NULL checks in DH_set0_key().tb2018-05-021-5/+1
| | | | | | Reported by Ondřej Surý, LibreSSL-portable issue #92. ok inoguchi, jsing
* In x509.h rev. 1.46 2018/05/01 19:01:28, tb@ added const qualifiersschwarze2018-05-012-6/+6
| | | | to some function arguments. Update the documentation.
* Convert a handful of X509_*() functions to take const as in OpenSSL.tb2018-05-0110-43/+44
| | | | | tested in a bulk by sthen ok jsing
* In bio.h rev. 1.41 2018/05/01 13:29:09, tb@ added const qualifiersschwarze2018-05-019-28/+28
| | | | to the prototypes of several functions. Update the documentation.
* Fix whitespace on a few lines to reduce noise in an upcoming diff.tb2018-05-011-5/+5
|
* const for BIO_{new,set}() and most of the BIO_{f,s}_*() family oftb2018-05-0114-52/+52
| | | | | | functions. ok beck, jsing
* In view of the recent BN_FLG_CONSTTIME vulnerabilities in OpenSSL,schwarze2018-04-294-28/+104
| | | | | | | | | | | | | | | | carefully document constant time vs. non-constant time operation of BN_div(3), BN_mod_exp(3), and BN_mod_inverse(3). Until the work that is required on the ill-designed BN_exp(3) and BN_gcd(3) interfaces can be undertaken, also document the imperfections in their behaviour, for now. Finally, mention BN_mod_exp(3) behaviour for even moduli. Delete the vague statement about some functions automatically setting BN_FLG_CONSTTIME. It created a false sense of security. Do not rely on it: not all relevant functions do that. Topic brought up by beck@, significant feedback and OK jsing@.
* Fix a small timing side channel in dsa_sign_setup(). Simple adaptationtb2018-04-281-12/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | of OpenSSL commit c0caa945f6ef30363e0d01d75155f20248403df4 to our version of this function. ok beck, jsing Original commit message: commit c0caa945f6ef30363e0d01d75155f20248403df4 Author: Pauli <paul.dale@oracle.com> Date: Wed Nov 1 06:58:13 2017 +1000 Address a timing side channel whereby it is possible to determine some information about the length of the scalar used in DSA operations from a large number (2^32) of signatures. This doesn't rate as a CVE because: * For the non-constant time code, there are easier ways to extract more information. * For the constant time code, it requires a significant number of signatures to leak a small amount of information. Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4576)]
* Fix a small timing side channel in ecdsa_sign_setup(). Up to whitespacetb2018-04-281-8/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this is OpennSSL commit 4a089bbdf11f9e231cc68f42bba934c954d81a49. ok beck, jsing Original commit message: commit 4a089bbdf11f9e231cc68f42bba934c954d81a49 Author: Pauli <paul.dale@oracle.com> Date: Wed Nov 1 06:58:39 2017 +1000 Address a timing side channel whereby it is possible to determine some information about the length of the scalar used in ECDSA operations from a large number (2^32) of signatures. This doesn't rate as a CVE because: * For the non-constant time code, there are easier ways to extract more information. * For the constant time code, it requires a significant number of signatures to leak a small amount of information. Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4576)]
* Put function name on a separate line and zap stray whitespace.tb2018-04-251-3/+4
|
* In asn1.h rev. 1.46 2018/04/25 11:48:21, tb@ added const qualifiersschwarze2018-04-257-30/+30
| | | | | to some parameters of some functions. Update the documentation. Add a few additional missing const qualifiers while here.
* remove whitespace before closing parenstb2018-04-251-5/+5
|
* Add const to functions in asn1/asn1.h as they did in OpenSSL.tb2018-04-2519-92/+96
| | | | | | | BIO_f_asn1() will be taken care of later. Tested in a bulk by sthen ok bcook jca jsing
* Make the NULL check a separate if statement for readability andtb2018-04-231-2/+4
| | | | | | grepability. Req. by jsing
* Make whitespace between functions and structs a bit more consistent.tb2018-04-231-3/+7
|
* Make X509_CRL_METHOD_free() NULL-safe.tb2018-04-231-2/+2
| | | | ok bcook
* Document the "f" callback argument that tb@ asked about.schwarze2018-04-191-2/+16
| | | | | While here, include a patch from tb@ adding the missing return type to ENGINE_ctrl() in the SYNOPSIS.
* tweak previous;jmc2018-04-181-2/+3
|
* SEE ALSO and HISTORYschwarze2018-04-1812-26/+301
|
* delete engine(3); nothing of value left in that pageschwarze2018-04-182-537/+1
|
* link to ENGINE_register_RSA(3) rather than engine(3)schwarze2018-04-181-8/+7
|
* * Document DH_up_ref(3), DSA_up_ref(3), and RSA_up_ref(3).schwarze2018-04-183-16/+73
| | | | | | * Correct documentation of DH_new(3), DH_free(3), DSA_new(3), DSA_free(3), RSA_new(3), and RSA_free(3) with respect to reference counting. * Stop referencing engine(3).
* * Make the description of method selection simpler, more precise,schwarze2018-04-182-128/+67
| | | | | | | and more concise. * Correct the description of the return values of DH_set_method(3) and DSA_set_method(3). * Stop referencing engine(3).
* * Do not document the non-existent function RSA_null_method(3).schwarze2018-04-181-105/+43
| | | | | | | | | | * Add three missing const qualifiers to function prototypes. * Correct the argument type of RSA_new_method(3). * Remove duplicate decsription of RSA_flags(3) and RSA_new_method(3). * Make the description of method selection simpler, more precise, and more concise. * Correct description of the return value of RSA_set_method(3). * Stop referencing engine(3).
* add a few new sentences regarding the big pictureschwarze2018-04-152-2/+15
|
* Rewrite the ENGINE_*(3) documentation from scratch - step 2,schwarze2018-04-158-395/+633
| | | | | | covering the remaining functions that were documented in engine(3), except for seven functions that are completely pointless and that were merely listed but not really documented.
* Rewrite the ENGINE_*(3) documentation from scratch (step 1,schwarze2018-04-1510-530/+1303
| | | | | covering 60% of the documented functions). The old, abominable engine(3) manual page shall die soon.
* In eng_lib.c rev. 1.14 2018/04/14 07:18:37, tb@ allowed ENGINE_free(3)schwarze2018-04-141-53/+46
| | | | | | to accept a NULL argument. Document that. While here, make the related sentences more precise and less verbose. Tweaks and OK tb@.
* Make ENGINE_free() succeed on NULL. Matches OpenSSL's behavior andtb2018-04-146-30/+27
| | | | | | simplifies the caller side. tested by & ok inoguchi; discussed with schwarze
* make ENGINE_finish() succeed on NULL and simplify callers as intb2018-04-1412-97/+56
| | | | | | | | | | | OpenSSL commit 7c96dbcdab9 by Rich Salz. This cleans up the caller side quite a bit and reduces the number of lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net shows that almost nothing checks the return value of ENGINE_finish(). While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'. ok jsing, tested by & ok inoguchi
* Fail early if an X509_VERIFY_PARAM is poisoned - don't allowbeck2018-04-081-8/+10
| | | | | this to be "overridden" by the user supplied callback. ok jsing@
* sort the list of data structures and add the missing ECDH and ECDSA;schwarze2018-04-081-57/+13
| | | | | triggered by OpenSSL commit a73d990e Feb 27 19:02:24 2018 +0100, but with different content
* tweak previous;jmc2018-04-071-4/+4
|
* Correct man page for OpenSSL_no_config() to indicate that itbeck2018-04-071-4/+8
| | | | | suppresses any future config file loading. ok schwarze@ with a nit from jsing@
* tweak previous;jmc2018-04-071-8/+8
|
* Revert revision 1.12 commit. Although *pval looks like a C pointer,bluhm2018-04-061-2/+5
| | | | | | | | it may be something else. For primitive types it is possible that a boolean int has been casted to an ASN1_VALUE pointer. Then the 64 bit read access to *pval may crash due to alignent or 32 bit size. bug report Anton Borowka; OK tedu@ jsing@ miod@
* Avoid leaking str if EVP_Digest() fails.tb2018-04-061-3/+6
| | | | | | | Found and fixed by Bernd Edlinger as part of OpenSSL commit 83b4049ab75e9da1815e9c854a9297bca3d4af6b ok jsing, deraadt, bcook
* poison for X509_VERIFY_PARAM'sbeck2018-04-064-45/+107
| | | | | | | | | | | | Tighten up checks for various X509_VERIFY_PARAM functions, and allow for the verify param to be poisoned (preculding future successful cert validation) if the setting of host, ip, or email for certificate validation fails. (since many callers do not check the return code in the wild and blunder along anyway) Inspired by some discussions with Adam Langley. ok jsing@
* Fix two bugs in X509_NAME_add_entry(3):schwarze2018-04-041-7/+4
| | | | | | | | | | | | | | | | | | | | | | | | (1) Evaluate the "set" argument, which says whether to create a new RDN or to prepend or append to an existing one, before reusing it for a different purpose, i.e. for the "set" field of the new X509_NAME_ENTRY structure. (2) When incrementing of some "set" fields is needed, increment the correct ones: All those to the right of the newly inserted entry, but not the one of that entry itself. These two bugs caused wrong results whenever using loc != -1, i.e. whenever inserting rather than appending entries, even when using set == 0 only, that is, even when using single-values RDNs only. Both bugs have been continuously present since at least SSLeay-0.8.1 (released July 18, 1997) and the second one since at least SSLeay-0.8.0 (released June 25, 1997), so both are over twenty years old. I found these bugs by code inspection while trying to document the function X509_NAME_ENTRY_set(3), which is public, but undocumented in OpenSSL. OK beck@, jsing@
* KNF: move two opening curly braces of function bodies to their own linestb2018-04-032-4/+6
|
* Typo: typdef -> typedef.tb2018-04-031-3/+3
| | | | From Edgar Pettijohn
* Add missing $OpenBSD$ tags.tb2018-04-032-0/+2
|
* In x509_vfy.h rev. 1.26 2018/03/17 15:43:32, tb@ providedschwarze2018-04-021-6/+14
| | | | X509_STORE_get0_param(3); write the documentation from scratch.
* In x509_vfy.h rev. 1.25 2018/03/17 15:39:43, tb@ providedschwarze2018-04-021-4/+21
| | | | | X509_OBJECT_get_type(3). It is undocumented in OpenSSL, so write some documentation from scratch.
* When you replace an element in a sorted array with somethingschwarze2018-04-012-13/+6
| | | | | | | | | | | | | | | | arbitrarily different, the array is in general no longer sorted. This commit copies a small hidden bugfix from the OpenSSL commit https://github.com/openssl/openssl/commit/fbb7b33b the rest of which is merely cosmetics. I discovered the bug independently while documenting sk_find(3). Keep the library's idea of when an empty stack or a one-element stack is sorted and when it is not bug-compatible with OpenSSL, even though in fact, empty and one-element stacks are of course always sorted. OK beck@
* jsing@ points out to me that our X25519 interface was copied fromschwarze2018-03-301-98/+85
| | | | | | | | | | | | BoringSSL rather than from OpenSSL and that it is not hooked into evp(3). So delete all text from OpenSSL including the Copyright and license and replace it by some text assembled from comments in BoringSSL code and headers and some text written myself, all under ISC license. In particular, also describe X25519_keypair(3), add SYNOPSIS, RETURN VALUES, STANDARDS, and a reference to D. J. Bernsteins instructions on how to use the algorithm. Delete the text related to EVP_PKEY describing features we do not support.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 13:02:24 +0000