summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix arbitrary memory read in GENERAL_NAME_cmp()bluhm2023-02-071-2/+3
| | | | | | | | | | | | | | | | | | | | The ASN.1 template for GENERAL_NAME and its corresponding C structure disagree on the type of the x400Address member. This results in an ASN.1 string to be considered as an ASN.1 type, which allows an attacker to read (essentially) arbitrary memory. Fix this by forcing comparison as strings. While the underlying type confusion has been present since time immemorial, this particular bug came with the EdiPartyName fix (6.8/008_asn1.patch.sig). Reported by David Benjamin, fix suggested by jsing. Release date for this was set to be January 31. Unilaterally pushed back to February 7 by OpenSSL by way of announcement of many completely unrelated embargoed issues, some of which they had been sitting on since July 2020. from tb@; OK beck@ jsing@ this is errata/7.2/018_x509.patch.sig
* Unbreak ASN.1 indefinite length encoding.libressl-v3.6.2libressl-v3.6.1tb2022-10-201-4/+4
| | | | | | | | | | | | | In r1.25 of tasn_enc.c a check was added to ensure that asn1_ex_i2c() returned the same value on both calls, however in the ndef case the len variable gets changed between calls. Keep a copy of the original value to test against. Issue reported by niklas, who encountered a test failure in rust-openssl. ok miod@ tb@; from jsing This is errata/7.2/002_asn1.patch.sig
* Store errors that result from leaf certificate verification.tb2022-10-201-8/+12
| | | | | | | | | | | | | | | | | In the case that a verification callback is installed that tells the verifier to continue when a certificate is invalid (e.g. expired), any error resulting from the leaf certificate verification is not stored and made available post verification, resulting in an incorrect error being returned. Also perform leaf certificate verification prior to adding the chain, which avoids a potential memory leak (as noted by tb@). Issue reported by Ilya Shipitsin, who encountered haproxy regress failures. ok tb@; from jsing This is errata/7.2/001_x509.patch.sig
* Remove PKCS12_MAKE_{,SH}KEYBAG from Symbols.listtb2022-09-191-2/+0
| | | | | | | | | | | | | | These functions were renamed in the last bump #define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf #define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt They don't appear in the compiled library itself, so no further bump required. Fixes libressl-portable/portable#791 Found the hard way by vollkommenheit ok deraadt jsing
* Add OID for RPKI signedTAL objectsjob2022-09-152-0/+2
| | | | | | | | | IANA made a permanent registration in the SMI Security for S/MIME CMS Content Type registry at https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 for signed objects conforming to draft-ietf-sidrops-signed-tal. OK tb@
* Use LONG_MAX as the limit for ciphers with long based APIs.jsing2022-09-156-169/+120
| | | | | | | | | | | These ciphers have long based APIs, while EVP has a size_t based API. The intent of these loops is to handle sizes that are bigger than LONG_MAX. Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX rounded down to a large block size, ensuring that it is a block size multiple. Revert the recently added overflow checks now that this is handled more appropriately. ok tb@
* Stop pretending that EVP_CIPHER cleanup can fail.jsing2022-09-134-14/+15
| | | | | | | Now that EVP_CIPHER is opaque, stop pretending that EVP_CIPHER cleanup can fail. ok tb@
* zap extra .Pptb2022-09-121-2/+1
|
* Stop documenting i2c_ASN1_INTEGER.tb2022-09-122-48/+4
| | | | | This is no longer public API. Also remove some comments about i2c and c2i functions being intentionally undocumented since they are no longer public.
* Define LIBRESSL_HAS_QUICtb2022-09-111-0/+1
| | | | ok jsing
* Bump major after symbol addition and removal and struct visibility changestb2022-09-111-2/+2
|
* Update Symbols.listtb2022-09-111-9/+31
| | | | ok jsing
* Make structs in ts.h opaquetb2022-09-112-215/+223
| | | | ok jsing
* Make structs in pkcs12.h opaquetb2022-09-114-162/+45
| | | | ok jsing
* Expose EVP_chacha20_poly1305()tb2022-09-111-3/+1
| | | | ok jsing
* Expose various EVP AEAD constants for EVP ChaCha and QUICtb2022-09-111-3/+1
| | | | ok jsing
* Expose OPENSL_cleanup()tb2022-09-111-3/+1
| | | | ok jsing
* Make BIO_info_cb() identical to bio_info_cb()tb2022-09-111-2/+3
| | | | | | | | | | | | | Various projects use bio_info_cb and BIO_info_cb interchangeably, for example mupdf and freerdp. This is because this was changed in OpenSSL commit fce78bd4 (2017), triggered by new warnings in gcc 8. https://github.com/openssl/openssl/pull/4493 This results in some scary compiler warnings and useless patches in ports. Nobody seems to be using the old bio_info_cb() version. ok jsing
* Remove c2i_* and i2c_* from public visibilitytb2022-09-112-10/+11
| | | | | | | | This removes c2i_ASN1_OBJECT(), {c2i,i2c}_ASN1_BIT_STRING() and {c2i,i2c}_ASN1_INTEGER(). These are not part of the OpenSSL 1.1 API and should never have been exposed in the first place. ok jsing
* fix repeated wordsjsg2022-09-112-6/+6
|
* Increment the input and output position for EVP AES CFB1.jsing2022-09-101-1/+3
| | | | | | | | | | The length is decremented, however the input is repeatedly read from and output written to the same position. Correct this by actually incrementing the input and output pointers. Found via OpenSSL 604e591ed7, ok tb@
* Use correct length for EVP CFB mode ciphers.jsing2022-09-107-22/+22
| | | | | | | | | | The BLOCK_CIPHER_* macros contained a bug where the total length is passed to the underlying cipher implementation, rather than the length of the current chunk. Correct this and use the chunk length instead. Should address the remaining issues reported by Coverity. ok tb@
* carrier return character -> carriage return characterjsg2022-09-101-2/+2
| | | | ok jmc@ miod@
* fix repeated wordsjsg2022-09-104-12/+12
| | | | ok ok miod@ ack ack jmc@
* fix repeated wordsjsg2022-09-101-3/+3
| | | | ok miod@ jmc@
* Remove more mkerr.pl remnants, missed in previouskn2022-09-061-54/+3
| | | | | Noticed by jsg Feedback OK jsg
* Replace aes_{ccm,xts}_cleanup usage with NULL.jsing2022-09-061-16/+11
| | | | Only change in generated assembly is due to line numbers.
* Stop casting a size_t to a long and then passing it as a size_t.jsing2022-09-063-31/+31
| | | | | | | | | These cipher implementations take a size_t length argument, so stop casting it to a long. Found by Coverity. ok tb@
* Remove dead code.jsing2022-09-042-36/+12
| | | | No change in generated assembly.
* Add bounds checks for various EVP cipher implementations.jsing2022-09-046-7/+98
| | | | | | | | | | The EVP cipher API uses size_t, however a number of the underlying implementations use long in their API. This means that an input with size > LONG_MAX will go negative. Found by Coverity, hiding under a large pile of macros. ok tb@
* Remove dead code.jsing2022-09-045-25/+10
| | | | Only change to generated assembly is due to line numbers.
* Expand the looney M_do_cipher macro.jsing2022-09-041-11/+9
| | | | Only change in generated assembly is due to line numbers.
* Rearrange some functions.jsing2022-09-048-177/+141
| | | | | | | Pull the init_key and ctrl (if present) functions up to the top. This improves readability and allows for the removal of function prototypes. No functional change.
* Remove now unused EVP_C_DATA macro.jsing2022-09-041-3/+1
|
* Remove now unused BLOCK_CIPHER_* macros.jsing2022-09-041-186/+1
|
* Expand BLOCK_CIPHER_* macros.jsing2022-09-041-15/+108
| | | | No change in generated assembly.
* Mechanically expand BLOCK_CIPHER_* macros.jsing2022-09-042-32/+387
| | | | No change in generated assembly.
* Mechanically expand BLOCK_CIPHER_* ciphers.jsing2022-09-041-17/+145
| | | | | | This includes the wonderful BLOCK_CIPHER_ecb_loop - a for loop in a macro. No change in generated assembly.
* Remove now unused IMPLEMENT_CFBR macro.jsing2022-09-041-10/+1
|
* Mechanically expand IMPLEMENT_CFBR macros.jsing2022-09-041-8/+267
| | | | Only change to generated assembly is due to the use of EVPerror().
* Remove now unused IMPLEMENT_BLOCK_CIPHER macro.jsing2022-09-034-19/+4
| | | | | | Also remove various comments noting that it cannot be used for certain block ciphers (which kinda defeats the purpose of having a generic implementation in the first place).
* Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.jsing2022-09-031-21/+486
| | | | | Only change to generated assembly is due to EVPerror()'s use of line numbers.
* Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.jsing2022-09-031-4/+162
| | | | No change in generated assembly.
* Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.jsing2022-09-031-8/+161
| | | | | | Only change to generated assembly is due to EVPerror()'s use of line numbers. CVS ----------------------------------------------------------------------
* Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.jsing2022-09-031-6/+162
| | | | No change to generated assembly.
* Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.jsing2022-09-031-5/+163
| | | | | | | | | These macros make the ASN.1 macros seem sane - there are layers and layers and layers here, which are hiding bugs. No change to generated assembly. Discussed with tb@
* Rewrap some lines, no functional change.jsing2022-09-031-4/+6
|
* Tidy up asn1_c2i_primitive() slightly.jsing2022-09-031-8/+8
| | | | | | Rename some variables and consistently goto error. ok tb@
* Avoid recycling ASN1_STRINGs when decoding ASN.1.jsing2022-09-031-14/+12
| | | | | | | | Rather than recycling an existing ASN1_STRING and changing its type, free it and allocate a replacement. This simplifies the code and potentially avoids bugs resulting from reuse. ok tb@
* Remove duplicate prototype that just snuck in.jsing2022-09-031-3/+1
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 20:11:25 +0000