summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Add error checking to i2v_BASIC_CONSTRAINTS().tb2019-04-221-3/+18
| | | | ok jsing
* Add error checking to i2v_AUTHORITY_INFO_ACCESS(). While there, replacetb2019-04-221-19/+27
| | | | | | an ugly strlen + malloc + strcat/strcpy dance by a simple asprintf(). ok jsing
* Avoid potential double frees in i2v_AUTHORITY_KEYID(), i2v_GENERAL_NAME()tb2019-04-222-6/+22
| | | | | | | | | | | | | | and i2v_GENERAL_NAMES() by taking ownership of the extlist only if we were passed NULL. Otherwise it remains the caller's responsibility to free it. To do so, we allocate the extlist explicitly instead of using X509V3_add_value()'s implicit allocation feature. Preserve behavior in i2v_AUTHORITY_KEYID() by adding an explicit check that something was pushed onto the stack. The other i2v_* functions will receive a similar treatment in upcoming commits. ok jsing
* Add error checking to i2v_AUTHORITY_KEYID(), i2v_GENERAL_NAME()tb2019-04-212-32/+80
| | | | | | | and i2v_GENERAL_NAMES(). This fixes a couple of leaks and other ugliness. tweaks & ok jsing
* The noop v2i_PKEY_USAGE_PERIOD() has been commented out since becktb2019-04-211-14/+2
| | | | imported OpenSSL 0.9.4 in 1999. It won't ever be used.
* Fix awful whitespace in OBJ_bsearch_ext()tb2019-04-211-5/+6
|
* KNF: use proper wrapping of function return type and nametb2019-04-213-9/+9
|
* fix some style nits to reduce noise in an upcoming difftb2019-04-211-9/+8
|
* Avoid undefined behaviour that results from negating a signed long withjsing2019-04-201-2/+2
| | | | | | | | minimum value. Fixes oss-fuzz #14354. ok beck@ bcook@ tb@
* Allocate md_data with calloc to avoid use of uninitialised memory.jsing2019-04-191-6/+6
| | | | | | Found by Guido Vranken when fuzzing and trying to use GOST with HMAC. Fix confirmed by Guido; ok tb@
* Allocate fixed NIDs for SM3/SM4.jsing2019-04-191-0/+12
|
* Rewrite & fix X509V3_add_value()tb2019-04-161-17/+24
| | | | | | | | | | | | | | X509V3_add_value() helpfully allocates a STACK_OF(CONF_VALUE) if it receives a pointer to a NULL pointer. If anything fails along the way, it is however the caller's responsibility to free it. This can easily be fixed by freeing *extlist in the error path and zeroing it to avoid a double free if there happens to be a caller out there that avoids the leak. Polish a few things so the function conforms a bit better to our usual style. tweak & ok jsing
* indent err: labelstb2019-04-161-7/+7
|
* wrap an overlong line and kill a space before a tabtb2019-04-161-3/+4
|
* Move function types to their own lines; rewrap.tb2019-04-161-30/+40
|
* Avoid signed integer overflow.jsing2019-04-151-2/+2
| | | | | | Fixes oss-fuzz issue #13843. ok tb@
* Add input validation to BIO_read()/BIO_write().jsing2019-04-141-4/+14
| | | | | | | | | Some bread/bwrite functions implement this themselves, while others do not. This makes it consistent across all BIO implementations. Addresses an issue that Guido Vranken found with his fuzzer. ok tb@
* Some more malloc() to calloc() conversions.jsing2019-04-141-7/+5
| | | | ok tb@
* Remove two pointless chunks of code.jsing2019-04-141-16/+1
| | | | | | | | This reverts part of OpenSSL c2fd5d79, which added the same code to AES CCM, GCM and XTS. In the case of CCM and GCM nothing assigns {ccm,gcm}.key so there is never going to be anything to update (unlike XTS). ok tb@
* Use calloc() when allocating cipher_data.jsing2019-04-141-5/+5
| | | | | | Avoids use of uninitialised memory. ok tb@
* Annotate a future improvement.jsing2019-04-141-1/+2
|
* Avoid potential double-frees following EVP_CIPHER_CTX_copy().jsing2019-04-141-4/+17
| | | | | | | | | | | In the case of a cipher with a custom copy control, if that control fails we may still have pointers that we do not own in the previously copied cipher data. Avoid potential double-frees by zeroing and freeing the copied cipher data in this case. Issue reported by Guido Vranken. ok tb@
* Fix previous: I forgot to rename the bn_to_string() prototype.tb2019-04-141-2/+2
|
* Avoid quadratic behavior of decimal BIGNUM conversiontb2019-04-131-9/+36
| | | | | | | | | | | | | | | | | | | The complexity of BN_bn2dec(bn) is quadratic in the length of bn. This function is used for printing numbers in CRLs which are typically small. If a BN is larger than 127 bits, dump it as hex because that's cheap and for numbers this size not significantly harder for humans to parse. OpenSSL commit 10a3195fcf7d04ba519651cf12e945a8fe470a3c by David Benjamin (still under the old licence), but significantly simplified. Ideally, we would catch excessively large numbers on deserialization, but that is made trickier by the templated ASN1. Erroring out is also not an option since the relevant part of the x509v3/ directory doesn't like to do proper error checking (looking at you v2i and i2v). Timeout found by oss-fuzz, should fix issues #13823 and #14130. input & ok jsing
* Avoid an overread caused by d2i_PrivateKey().jsing2019-04-101-1/+3
| | | | | | | | | | | There are cases where the old_priv_decode() function can fail but consume bytes. This will result in the pp pointer being advanced, which causes d2i_PKCS8_PRIV_KEY_INFO() to be called with an advanced pointer and incorrect length. Fixes oss-fuzz #13803 and #14142. ok deraadt@ tb@
* Revert tasn_prn.c r1.18.jsing2019-04-071-6/+2
| | | | | | | | | | | In this code, just because something is cast to a type doesn't mean it is necessarily that type - in this case we cannot check the length of the ASN1_STRING here, since it might be another data type and later handled as an int (for example, in the V_ASN1_BOOLEAN case). We will revisit this post release. ok tb@
* update root CAs in cert.pem in sync with Mozillasthen2019-04-041-287/+440
| | | | ok millert@
* Avoid some out of bound accesses in aesni_cbc_hmac_sha1_cipher().tb2019-04-031-7/+13
| | | | | | | | | | | | | | | The plen variable can be NO_PAYLOAD_LENGTH == (size_t)-1, so doing tls_aad[plen-4] is no good. Also check that the length of the AAD set via the control interface is equal to 13 since the whole file is written with that case in mind. Note that we no longer use this code in LibreSSL/OpenBSD. We eliminated the use of these control interfaces and stitched cipher modes in libssl a while ago. Problem found by Guido Vranken with his cryptofuzz - thanks! input & ok beck, jsing
* fix broken commentsthen2019-04-021-1/+1
|
* Implement a print function for BIGNUM_it.jsing2019-04-011-2/+18
| | | | ok beck@, tb@
* Correct the return values from long_print.jsing2019-04-011-2/+5
| | | | | | | BIO_print() returns -1 on failure, whereas the ASN print functions need to return 0. ok beck@, tb@
* Require all ASN1_PRIMITIVE_FUNCS functions to be provided.jsing2019-04-015-26/+42
| | | | | | | | | | | | If an ASN.1 item provides its own ASN1_PRIMITIVE_FUNCS functions, require all functions to be provided (currently excluding prim_clear). This avoids situations such as having a custom allocator that returns a specific struct but then is then printed using the default primative print functions, which interpret the memory as a different struct. Found by oss-fuzz, fixes issue #13799. ok beck@, tb@
* Wrap long lines and apply some style(9).jsing2019-03-311-7/+10
|
* Use named field initialisers.jsing2019-03-312-16/+18
|
* Use correct capitalization of EC_GROUP_get_curve_GF{2m,p}(3).tb2019-03-291-4/+4
|
* Cast nonce bytes to avoid undefined behaviour when left shifting.jsing2019-03-271-3/+3
| | | | | | Reported by oss-fuzz, really fixes issue #13805. ok beck@ tb@
* bump to 2.9.1bcook2019-03-271-3/+3
|
* Use limits.h instead of sys/limits.h for portability.jsing2019-03-261-3/+2
| | | | From phrocker via github.
* Don't allow asn1_parse2 to recurse arbitrarily deep. Constrain to a maxbeck2019-03-241-1/+5
| | | | | depth of 128 - For oss-fuzz issue 13802 ok jsing@
* Cast nonce bytes to avoid undefined behaviour when left shifting.jsing2019-03-241-3/+3
| | | | | | Reported by oss-fuzz, fixes issue #13805. ok beck@ tb@
* Add range checks to varios ASN1_INTEGER functions to ensure thebeck2019-03-233-6/+62
| | | | | | sizes used remain a positive integer. Should address issue 13799 from oss-fuzz ok tb@ jsing@
* import EVP_camellia_128_cbc(3) from OpenSSL 1.1.1,schwarze2019-03-214-3/+156
| | | | still under a free license, tweaked by me
* space before punct;jmc2019-03-211-3/+3
|
* Split EVP_rc4(3) out of EVP_EncryptInit(3) to reduce clutter.schwarze2019-03-214-21/+116
| | | | | | The algorithm is insecure and yet its description would spread over three paragraphs in the cipher list, including remarkable advice like using a 40 bit key length.
* Split EVP_des_cbc(3) out of EVP_EncryptInit(3) to reduce clutter:schwarze2019-03-214-55/+230
| | | | | this moves a large number of functions out of the way that are no longer the latest and greatest. Also mention a few that were missing.
* add a handful of missing functionsschwarze2019-03-211-5/+38
| | | | that are also documented in OpenSSL 1.1.1 (still under a free license)
* Bring back EVP_chacha20 list item that was accidentally removedtb2019-03-211-2/+3
| | | | in r1.28 when the AES ciphers were split into their own manual.
* escape backslashes;schwarze2019-03-201-8/+8
| | | | patch from Peter Piwowarski <peterjpiwowarski at gmail dot com>
* Document the flag EVP_CIPHER_CTX_FLAG_WRAP_ALLOW needed for the EVPschwarze2019-03-192-4/+71
| | | | | | | AES wrap modes, the function EVP_CIPHER_CTX_set_flags(3) needed to set it, and the companion functions EVP_CIPHER_CTX_clear_flags(3) and EVP_CIPHER_CTX_test_flags(3). With help and an OK from tb@.
* Insert a missing input line break after a .Vt macro;schwarze2019-03-181-4/+5
| | | | | from Jan Stary <hans at stare dot cz>. Where here, correct one .Vt NULL -> .Dv NULL.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 16:49:30 +0000