summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Disallow the use of zero length IVs in AES-GCM viatb2020-04-273-3/+15
| | | | | | | | | | | EVP_AEAD_CTX_{open,seal}, as this leaks the authentication key. Issue reported and fix tested by Guido Vranken. ok beck, jsing This commit adds a constant to a public header despite library lock, as discussed with deraadt and sthen.
* sync cert.pem with Mozilla's root ca list, ok beck@sthen2020-04-101-276/+343
|
* When printing the serialNumber, fall back to the colon separated hextb2020-04-101-2/+4
| | | | | | | | | bytes in case ASN1_INTEGER_get() failed. This happens more often since asn1/a_int.c -r1.34. Matches OpenSSL behavior. Issue in openssl x509 -text output reported by sthen ok jsing sthen
* Void functions obviously do not return values; no need to elaborate.schwarze2020-03-294-23/+8
| | | | Patch from Martin Vahlensieck <academicsolutions dot ch>.
* Be concise: do not say that void functions return no values, that's obvious.schwarze2020-03-283-22/+6
| | | | Useless text reported by Martin Vahlensieck (academicsolutions.ch) on tech@.
* Fix ASN1 print functionsinoguchi2020-03-241-6/+13
| | | | | | | | | | | | Check and print out boolean type properly. Based on OpenSSL commit ad72d9fdf7709ddb97a58d7d45d755e6e0504b96. Reduced unneeded parentheses from if condition. Check return value from i2s_ASN1_INTEGER. Based on OpenSSL commit 5e3553c2de9a365479324b8ba8b998f0cce3e527. Added if condition expression and return 0 if NULL is returned. ok tb@
* Check high bit for base64 decodeinoguchi2020-03-041-2/+10
| | | | | | | Referred to this OpenSSL commit and adopted to the codebase. b785504a10310cb2872270eb409b70971be5e76e suggest and ok tb@
* Fix base64 processing of long linesinoguchi2020-03-031-99/+66
| | | | | | | | | | Fix the problem that long unbroken line of base64 text is not decoded. Referred to this OpenSSL commit and adapted to the codebase. 3cdd1e94b1d71f2ce3002738f9506da91fe2af45 Reported by john.a.passaro <at> gmail.com to the LibreSSL ML. ok tb@
* Describe the restriction for length of openssl conf value stringinoguchi2020-02-171-2/+4
| | | | ok and suggestion jmc@
* Restrict the length of openssl conf value stringinoguchi2020-02-173-5/+14
| | | | | | | | There was no limitation for the length of openssl conf value. This brings possibility of out-of-memory problem as oss-fuzz had detected. This diff restricts the length of conf value up to 64k. ok jsing@
* Avoid 32 bit right shift with unsigned int in crypto/cast/cast_lcl.hinoguchi2020-01-261-2/+2
| | | | ok tb@
* tweak previous; ok tbjmc2020-01-261-3/+3
|
* typotb2020-01-261-2/+2
|
* Document the change in EVP_chacha20(3).tb2020-01-261-3/+5
| | | | Discussed with jsing
* Improve the comment explaining why the previous change matches OpenSSL'stb2020-01-261-8/+15
| | | | | | behavior. ok jsing
* Adjust EVP_chacha20()'s behavior to match OpenSSL's semantics:tb2020-01-261-7/+14
| | | | | | | | | | | | | | | | | The new IV is 128 bit long and is actually the 64 bit counter followed by 64 the bit initialization vector. This is needed by an upcoming change in OpenSSH and is a breaking change for all current callers. There are language bindings for Node.js, Rust and Erlang, but none of our ports use them. Note that EVP_chacha20() was first introduced in LibreSSL on May 1, 2014 while the entirely incompatible version in OpenSSL was committed on Dec 9, 2015. Initial diff from djm and myself, further refinements by djm. Ports grepping by sthen ok jsing
* The length of the IV of EVP_chacha20 is currently 64 bits, not 96.tb2020-01-221-3/+3
| | | | ok beck
* Add checks to ensure that lib{crypto,ssl,tls} public headers have actuallyjsing2020-01-221-1/+11
| | | | | | been installed prior to building. Requested by and ok tb@
* Simplify header installation by combining the HDRS and HDRS_GEN loops.jsing2020-01-221-9/+2
| | | | ok beck@
* Remove redundant ASN1_INTEGER_set call in PKCS7_set_typeinoguchi2020-01-211-2/+1
| | | | ok bcook@
* Free pss in RSA_freeinoguchi2020-01-171-1/+2
| | | | | ok bcook@ ok and "move it down two lines" jsing@
* bump to 3.1.0bcook2020-01-141-3/+3
|
* Avoid leak in error path of PKCS5_PBE_keyivgeninoguchi2020-01-121-1/+2
| | | | ok jsing@ tb@
* Avoid leak in error path of asn1_parse2inoguchi2020-01-091-17/+21
| | | | ok tb@
* Avoid leak in error path of dh_priv_decodeinoguchi2020-01-041-1/+2
| | | | ok jsing@ tb@
* Fix documented signatures of HMAC(3) and HMAC_Update(3). The n and lentb2019-12-141-4/+4
| | | | | arguments were changed from int to size_t with the import of OpenSSL 0.9.8h in 2008.
* Document X509_STORE_CTX_set_flags() which is a handy way to change theclaudio2019-12-051-3/+18
| | | | | | | verification param flags of a context. While this function is marked as likely to be deprecated in OpenSSL it seems that this may not happen. This is why we decided to still document it. OK and input from ingo@ tb@
* A touch of style(9)tim2019-11-211-6/+6
| | | | OK tb@ tedu@
* Use explicit_bzero() to clear key materialtim2019-11-211-1/+2
| | | | OK tb@ tedu@
* Fix rsa key output formatinoguchi2019-11-201-5/+12
| | | | | | This fixes openssl(1) rsa -text output format ok tb@
* Reshuffle RSA_PSS_PARAMS and RSA_OAEP_PARAMS to avoid duplicate typedef.jsing2019-11-041-21/+19
| | | | | | Issue spotted by bcook@ ok bcook@ inoguchi@
* Sort standard_methods by pkey_id.inoguchi2019-11-021-4/+4
| | | | ok jsing@
* CMS didn't make the 6.6 release: adjust the text in the HISTORY sectionsschwarze2019-11-0223-69/+69
|
* .Xr CMS_ContentInfo_new 3schwarze2019-11-021-2/+3
|
* .Xr BIO_new_CMS 3schwarze2019-11-021-2/+3
|
* document PEM_read_CMS(3), PEM_read_bio_CMS(3), PEM_write_CMS(3), andschwarze2019-11-021-3/+46
| | | | PEM_write_bio_CMS(3) which jsing@ just enabled in Symbols.list rev. 1.91
* In Symbols.list rev. 1.91, jsing enabled many CMS functions.schwarze2019-11-021-1/+24
| | | | Install the new manual pages documenting the majority of them.
* Bring back some icky buffer allocation code so that pkey_rsa_print()jsing2019-11-021-9/+41
| | | | | | works again with the horrific API that is ASN1_bn_print(). Issue spotted by inoguchi@
* Bump libcrypto, libssl and libtls minors due to symbol additions.jsing2019-11-021-1/+1
|
* Provide RSA_PKCS1_OpenSSL().jsing2019-11-023-3/+10
| | | | Prompted by inoguchi@
* Make RSA_padding_{add,check}_PKCS1_OAEP_mgf1() public.jsing2019-11-023-9/+10
|
* Make RSA_OAEP_PARAMs public.jsing2019-11-023-17/+22
|
* Enable CMS in LibreSSL.jsing2019-11-023-2/+135
| | | | ok bcook@ deraadt@ inoguchi@ job@ tb@
* In evp/pmeth_lib.c rev. 1.16, jsing@ enabled EVP_PKEY_RSA_PSS.schwarze2019-11-011-3/+5
| | | | Document it.
* In rsa.h rev. 1.45, jsing@ providedschwarze2019-11-011-8/+16
| | | | | | the three macro constants RSA_PSS_SALTLEN_*; document them. The wording is a combination of our existing text and the wording in the OpenSSL 1.1.1 branch, which is still under a free license.
* Add DSA CMS support.jsing2019-11-011-1/+25
| | | | | | From OpenSSL 1.1.1d. ok tb@
* Add RSA CMS support.jsing2019-11-013-5/+262
| | | | | | From OpenSSL 1.1.1d. ok tb@
* Provide NID for pSpecified.jsing2019-11-012-0/+2
| | | | ok tb@
* Wire up PKEY methods for RSA-PSS.jsing2019-11-011-2/+6
| | | | ok tb@
* Wire up ASN.1 methods for RSA-PSS.jsing2019-11-011-1/+5
| | | | ok tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-20 23:46:32 +0000