summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Make AES CCM available in tables.tb2018-12-261-1/+4
| | | | | | Omission reported by reyk and Alice Wonder. ok bcook jsing
* Make this page much more readable by deleting as much text as possibleschwarze2018-12-241-28/+9
| | | | | | | | | about functions that are deprecated, identical to other functions, and never made sense in the first place. As deraadt@ points out, we should not hide the information that matters in a heap of clutter. It would waste reader's time and make confusion and accidental misuse more likely. OK deraadt@ jmc@
* EVP_MD_CTX_cleanup() is deprecated and doesn't free, so recommend usingtb2018-12-234-12/+12
| | | | | | EVP_MD_CTX_free() instead if the goal is to avoid leaking memory. From my corresponding upstream commit, reminded by schwarze
* Document EVP_PKEY_new_mac_key(3);schwarze2018-12-221-8/+50
| | | | | from Matt Caswell <matt at openssl dot org> via OpenSSL commit d45a97f4 Mar 5 17:41:49 2018 +0000.
* Delete irrelevant HISTORY details. Simply use BN_rand(3); thereschwarze2018-12-221-12/+2
| | | | | | | is no need to know at which time BN_pseudo_rand(3) was made the same as BN_rand(3). Considering that question might even mislead people to attempt ill-advised #ifdef'ing. Pointed out by deraadt@.
* The wrong header file was given for EVP_PKEY_CTX_set_signature_md(3).schwarze2018-12-211-13/+69
| | | | | | | | | | | | | Also clarify to which algorithms it applies. From Matt Caswell <matt at openssl dot org> via OpenSSL commit d45a97f4 Mar 5 17:41:49 2018 +0000. Document EVP_PKEY_CTX_get_rsa_padding(3), EVP_PKEY_CTX_get_rsa_pss_saltlen(3), EVP_PKEY_CTX_set_rsa_mgf1_md(3), and EVP_PKEY_CTX_get_rsa_mgf1_md(3). From Antoine Salon <asalon at vmware dot com> via OpenSSL commit 87103969 Oct 1 14:11:57 2018 -0700 from the OpenSSL_1_1_1-stable branch, which is still under a free license.
* Document the ECDSA_SIG_new(3) return value.schwarze2018-12-211-2/+10
| | | | | | Inspired by OpenSSL commit 6da34cfb Jun 2 16:17:32 2018 -0400 by Ken Goldman <kgoldman at us dot ibm dot com>, but use the same wording as in ASN1_item_new(3) instead.
* Clarify behaviour of DH_get0_pqg(3) and DH_get0_key(3) with NULL arguments;schwarze2018-12-211-4/+19
| | | | | from <Matthias dot St dot Pierre at ncp dash e dot com> via OpenSSL commit 5777254b May 27 09:07:07 2018 +0200.
* grammar and style fixes from wesinator at githubschwarze2018-12-211-13/+14
| | | | via OpenSSL commit 521738e9 Oct 5 14:58:30 2018 -0400
* Since OpenBSD 6.1, BN_pseudo_rand*(3) does the same as BN_rand*(3).schwarze2018-12-211-10/+18
| | | | | Say so, and note that OpenSSL followed suit in 1.1.0 according to OpenSSL commit 5ecff87d Jun 21 13:55:02 2017 +0100.
* Mention that some functions call BN_GENCB_call(3) with a secondschwarze2018-12-211-4/+15
| | | | | argument of 3; from Beat Bolli <dev at drbeat dot li> via OpenSSL commit bd93f1ac Jul 28 16:45:22 2018 -0400.
* Correctly describe the return values of BN_hex2bn(3) and BN_dec2bn(3).schwarze2018-12-191-5/+8
| | | | | | Inspired by OpenSSL commit a130950d Aug 23 12:06:41 2017 -0400 by Rich Salz <rsalz at openssl dot org>, but using a more explicit wording, and fixing *both* places rather than only half of them.
* Specify the return values of some of these functions more precisely;schwarze2018-12-191-15/+16
| | | | | | | | inspired by OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800 by Paul Yang <yang sot yang at baishancloud dot com>, but without creating a RETURN VALUES section because that makes no sense here: it would either result in a confusing order of information or in duplicate information.
* typo;schwarze2018-12-191-4/+5
| | | | | from Jakub Wilk <jwilk at jwilk dot net> via OpenSSL commit a21285b3 Aug 21 18:30:34 2018 +0200
* Regenerate root CA list using updated format-pem.pl. Specifically thissthen2018-12-161-101/+1
| | | | | | | | | | | | | drops CA certificates whose validity dates don't comply with the rules on ASN.1 encoding in RFC 5280 (and predecessors - same rule goes back to at least RFC 2459, section 4.1.2.5). LibreSSL strictly enforces this, so attempting to validate certificates signed by these CAs just result in the following: error 13 at 1 depth lookup:format error in certificate's notBefore field "probably" beck@
* Add a check that libressl is actually able to verify CA certs.sthen2018-12-161-12/+28
| | | | Skip outputting them if invalid (e.g. GENERALIZEDTIME date before 2050).
* Restore function prototype for ASN1_dup, fixing usage on I32LP64 platforms.jeremy2018-11-301-1/+7
| | | | | | This prototype was removed inadvertantly in r1.50. OK jsing@
* Correct lock initialisation for libcrypto.jsing2018-11-282-16/+55
| | | | | | | | | | | | The current crypto_lock_init() function is not called early enough, meaning that locks are already in use before it gets called. Worse, locks could be in use when they are then initialised. Furthermore, since functions like CRYPTO_lock() are public API, these could be called directly bypassing initialisation. Avoid these issues by using static initialisers. ok bcook@
* spelling; from miodjmc2018-11-251-2/+2
|
* zap 10 tab leading whitespace before 'struct evp_pkey_ctx_st {'tb2018-11-241-2/+2
|
* Store and return the locking callbacks, restoring previous behaviour.jsing2018-11-241-6/+12
| | | | | | | | | | | The previous code meant that a caller could set the locking callback, after which CRYPTO_get_locking_callback() would return non-NULL. Some existing code depends on this behaviour, specifically to identify if lock handling has been configured. As such, always returning NULL from CRYPTO_get_locking_callback() can result in unexpected application behaviour. ok bcook@
* Saw a mention somewhere a while back that the gotdata() function inderaadt2018-11-205-144/+27
| | | | | | | | here could creates non-uniformity since very short fetches of 0 would be excluded. blocks of 0 are just as random as any other data, including blocks of 4 4 4.. This is a misguided attempt to identify errors from the entropy churn/gather code doesn't make sense, errors don't happen. ok bcook
* Fix whitespace around assignment operators.tb2018-11-171-7/+7
|
* Port OpenSSL commit 99540ec79491f59ed8b46b4edf130e17dc907f52 -- mitigationtb2018-11-151-4/+4
| | | | | | | | | | for a timing vullnerability in ECDSA signature generation (CVE-2018-0735). Note that the blinding that we introduced back in June for ECDSA and DSA should mitigate this and related issues. This simply adds an additional layer of protection. discussed with jsing
* Missing initialization for pub_key. CID 184303.tb2018-11-121-2/+2
| | | | ok bcook
* Add back a few missing compatibility stubsbcook2018-11-112-4/+37
| | | | ok beck@
* Add EVP_sm3() to OpenSSL_add_all_digests_internal().tb2018-11-111-1/+4
| | | | ok beck inoguchi
* bump minors after symbol addition.tb2018-11-111-1/+1
|
* Add Ribose Inc's implementation of the SM3 hashing function withtb2018-11-118-3/+437
| | | | | | | | | tweaks from jsing and myself. The SM2/SM3/SM4 algorithms are mandatory for legal use of cryptography within China and [are] widely applied in the country, covering identification/financial cards, contactless, TPM 2.0 and PKI. ok beck inoguchi jsing
* Add automatic threading initialization for libcrypto.bcook2018-11-116-452/+140
| | | | | | | | | | | | | | This implements automatic thread support initialization in libcrypto. This does not remove any functions from the ABI, but does turn them into no-ops. Stub implementations of pthread_mutex_(init|lock|unlock) are provided for ramdisks. This does not implement the new OpenSSL 1.1 thread API internally, keeping the original CRYTPO_lock / CRYPTO_add_lock functions for library locking. For -portable, crypto_lock.c can be reimplemented with OS-specific primitives as needed. ok beck@, tb@, looks sane guenther@
* include crypto.h from the correct path, remove unused variablebcook2018-11-111-5/+2
|
* Initialize priv_key and pub_key on first use instead of at the top.tb2018-11-091-6/+4
| | | | | | While there, eliminate a flag that was only used once. ok beck jsing mestre
* Initialize priv_key and pub_key on first use instead of at the top.tb2018-11-091-4/+4
| | | | ok beck jsing mestre
* Avoid dereferencing eckey before checking it for NULL.tb2018-11-091-5/+6
| | | | | | CID 184282 ok beck jsing mestre
* Avoid leaking memory that was already allocated in ASN1_item_new().tb2018-11-091-5/+1
| | | | From Ben L <bobsayshilol () live ! co ! uk>
* Fix a buffer overrun in asn1_parse2().tb2018-11-091-4/+7
| | | | | From Ben L bobsayshilol () live ! co ! uk Similar fixes in BoringSSL and OpensSSL.
* Add const to the data argument of ASN1_set{,_int}_octetstring().tb2018-11-092-6/+6
| | | | | | From Ben L bobsayshilol () live ! co ! uk ok jsing
* Remove some function prototypes that should have been removed in thejsing2018-11-081-10/+2
| | | | | | previous clean up. Spotted by bcook@
* LibreSSL 2.9.0bcook2018-11-081-3/+3
|
* Use memmove() instead of memcpy() to get rid of the need fortb2018-11-071-3/+3
| | | | | | | | | non-overlapping *in and *out buffers as we're already implementing the "in place (un)wrapping" algorithms as given in RFC 3394. This removes a gratuitous API difference to OpenSSLin these undocumented functions. Found while working on wycheproof regress tests. ok beck jsing
* unrevert the use of bn_rand_interval().tb2018-11-066-35/+26
| | | | ok beck jsing
* Unset Z_is_zero after applying coordinate blinding andtb2018-11-061-3/+4
| | | | | | re-enable coordinate blinding. ok jsing
* Flip reversed test in bn_rand_interval().tb2018-11-061-2/+2
| | | | ok jsing
* disable EC_POINT coordinate blinding due to failures in ECDHE and TLStb2018-11-061-1/+3
|
* revert use of bn_rand_interval due to failures with ECDHE and TLStb2018-11-065-24/+33
|
* Start working towards adding feature flags (rather than anti-feature flags)jsing2018-11-061-1/+10
| | | | | | | for LibreSSL. Add a (commented out) feature flag for TLSv1.3 and define the OPENSSL_NO_TLS1_3 anti-feature flag based on the feature flag. ok beck@ bluhm@ tb@
* Make use of bn_rand_interval() where appropriate.tb2018-11-055-33/+24
| | | | ok beck jsing
* Introduce bn_rand_interval() that allows specifying an interval [a, b)tb2018-11-052-2/+30
| | | | | | from which a a BIGNUM is chosen uniformly at random. ok beck jsing
* Eliminate a few "} else" branches, a few unneeded NULL checks beforetb2018-11-053-43/+33
| | | | | | freeing and indent nearby labels. ok beck jsing
* Remove two unnecessary BN_FLG_CONSTTIME dances: BN_mod_exp_ct() alreadytb2018-11-052-21/+7
| | | | | | takes care of this internally. ok beck jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 16:57:20 +0000