summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* The bell tolls for BUF_strdup - Start the migration to usingbeck2014-07-1315-60/+63
| | | | | | intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
* Fix memory leak.logan2014-07-131-1/+2
| | | | OK from beck@ and miod@
* OPENSSL_{malloc,free} -> {malloc,free}miod2014-07-138-12/+12
|
* unbreak build this needed to be an and..beck2014-07-134-8/+8
| | | | ok jsing@
* Use dl_iterate_phdr() to iterate over the segments and throw the addressesderaadt2014-07-134-4/+56
| | | | | | | into the hash; hoping the system has some ASLR or PIE. This replaces and substantially improves upon &main which proved problematic with some picky linkers. Work with kettenis, testing by beck
* Provide a link to the canonical API specification.deraadt2014-07-138-8/+32
| | | | ok beck
* Make sure all error conditions in RSA_padding_add_PKCS1_PSS_mgf1() causemiod2014-07-131-3/+4
| | | | EVP_MD_CTX_cleanup() to be called.
* Possible PBEPARAM leak in the error path.miod2014-07-131-6/+8
|
* dsa_priv_decode(): only destroy the object we've created, and with themiod2014-07-131-3/+5
| | | | | | appropriate function. Checking for privkey != NULL is not enough since privkey points to a member of ndsa if ndsa != NULL. dsa_priv_encode(): possible double free in error path.
* Check X509_NAME_oneline() return value when it will have to allocate memory.miod2014-07-131-1/+3
|
* EVP_DigestInit_ex() may be used to recycle an existing EVP_MD_CTX without havingmiod2014-07-131-3/+9
| | | | | | | | | | | | | to reinitialize all of it, especially if it is used with the same MD algorithm. However, when the MD algorithm changes, it needs to perform more cleanups. Make that code more closer to what EVP_MD_CTX_cleanup() does by: - only freeing md_data if EVP_MD_CTX_FLAG_REUSE is not set - performing an explicit_bzero of md_data before freeing it - making sure we call EVP_PKEY_CTX_free on the pctx if the allocation for the new md_data fails. ok tedu@
* Don't include asn1_mac.h if all you need is asn1.h.miod2014-07-131-2/+2
|
* Take out __bounded__ in the include files we use it in when not on OpenBSD.beck2014-07-134-5/+16
| | | | | | | while we can take it out in portable at compile time, it is still a problem when we install this header file on a system that doesn't support __bounded__ if this is unguarded. ok miod@ bcook@
* No need to include evp_locl.h in there.miod2014-07-136-18/+6
|
* Take away the use of the address of main as a source of entropy. Causesbeck2014-07-136-6/+30
| | | | | | distractions to people testing and seeing link errors in some setups. This will come back in another form ok deraadt@
* remove silly castderaadt2014-07-131-2/+2
|
* No need to include asn1_mac.h here.miod2014-07-122-4/+2
|
* Remove this sentence:miod2014-07-121-3/+2
| | | | | | | ``The probability that a randomly generated key is weak is -1/2^52, so it is not really worth checking for them.'' This kind of naively optimistic attitude is not compatible with security.
* more MLINKSmiod2014-07-121-1/+56
|
* getentropy on Windows. It compiles but has not been thoroughly tested yet.wouter2014-07-122-0/+112
| | | | OK: beck@
* Remove signed/unsigned warning, statement before declaration andwouter2014-07-126-58/+64
| | | | | | add a function to use function pointers that does not take sizeof(fptr). OK beck@
* We have EVP_CIPH_FLAG_DEFAULT_ASN1 in evp.h; no need to keep constructs tomiod2014-07-121-34/+28
| | | | | | build on pre-EVP_CIPH_FLAG_DEFAULT_ASN1 codebases. ok jsing@
* Remove private_{Camellia,RC4}_set_key FIPS indirection tentacles, as has beenmiod2014-07-1210-159/+37
| | | | done for other symmetric algorithms recently.
* Make the BLOCK_CIPHER_{generic,custom} macros expand to more readable structmiod2014-07-121-67/+102
| | | | definitions using C99 field initializers. No functional change.
* jsing and I are investigating removal of all? most? 'getenv from library'deraadt2014-07-121-1/+3
| | | | | | | instances. This one for OPENSSL_ALLOW_PROXY_CERTS gets turned off first, especially since it had this special comment: /* A hack to keep people who don't want to modify their software happy */ ok beck jsing
* A few fixes/improvements:miod2014-07-121-20/+19
| | | | | | | | | | | | | | | | - first, BN_free == BN_clear_free in our libcrypto, so we do not need to treat CBIGNUM (crypto BN) separately from BIGNUM (regular BN). - then, in bn_i2c(), since BN_bn2bin returns BN_num_bytes(input), take advantage of this to avoid calling BN_num_bytes() a second time. BN_num_bytes() is cheap, but this not a reason to perform redundant work. - finally, in bn_c2i, if bn_new() fails, return early. Otherwise BN_bin2bn will try to create a BN too, and although this will probably fail since we were already out of memory, if we are on a threaded process and suddenly the allocation succeeds, we will leak it since it will never be stored in *pval. ok jsing@
* Make sure the return value of X509_NAME_oneline(, NULL,) is checked againstmiod2014-07-122-5/+13
| | | | | NULL. ok deraadt@ guenther@ jsing@
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-1262-535/+311
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* more MLINKsmiod2014-07-121-1/+4
|
* guard inclusion of sys/sysctl.h so we can detect at compile time andbeck2014-07-122-2/+6
| | | | | keep linux distros happy that don't have it. ok bcook@
* Principle of least surprise: make CMAC_CTX_free(), OCSP_REQ_CTX_free() andmiod2014-07-123-3/+12
| | | | | X509_STORE_CTX_free() accept NULL pointers as input without dereferencing them, like all the other well-behaved *_CTX_free() functions do.
* remove gratuitous differences, ok beckderaadt2014-07-122-78/+80
|
* remove gratuitous differences, ok beck bcookderaadt2014-07-124-24/+24
|
* Solaris uses a symbolic link for /dev/urandom which harms best practice ofbeck2014-07-122-36/+68
| | | | | using O_NOFOLLOW - cope with it as best as possible by trying two different paths. - written by deraadt@ and kettenis@
* typosmiod2014-07-123-5/+5
|
* odds are that some ABI change occured today, no matter how careful everyonederaadt2014-07-122-2/+2
| | | | is
* Provide LIBRESSL_VERSION_NUMBER for people who use such things tobeck2014-07-111-1/+2
| | | | | detect versions distinct from OPENSSL_BLAH_WOOF.. ok jsing@ tedu@ deraadt@
* add comment about format requirementsbeck2014-07-111-1/+3
| | | | ok miod@
* adapt addapt spelling to adapt; request from miodderaadt2014-07-111-3/+3
|
* Huge documentation update for libcrypto and libssl, mostly from Matt Caswell,miod2014-07-1131-91/+1376
| | | | | | Jeff Trawick, Jean-Paul Calderone, Michal Bozon, Jeffrey Walton and Rich Salz, via OpenSSL trunk (with some parts not applying to us, such as SSLv2 support, at least partially removed).
* Avoid invoking EVP_CIPHER_CTX_cleanup() on uninitialized memory; frommiod2014-07-111-2/+2
| | | | Coverity via OpenSSL trunk
* Fix a memory leak in BIO_free() which no current BIO can trigger; OpenSSLmiod2014-07-111-4/+3
| | | | PR #3439 via OpenSSL trunk
* Prevent infinite loop during configuration file parsing; OpenSSL PR #2985miod2014-07-111-2/+2
| | | | via OpenSSL trunk.
* Missing bounds check in do_PVK_body(); OpenSSL RT #2277, from OpenSSL trunk,miod2014-07-111-4/+10
| | | | but without a memory leak.
* OPENSSL_ALGORITHM_DEFINES has been removed from conf.h, no need for it nowtedu2014-07-111-8/+2
|
* In RSA_eay_private_encrypt(), correctly return the smaller BN; OpenSSLmiod2014-07-111-2/+2
| | | | PR #3418 via OpenSSL trunk
* it has been 4888 days since the transient feature to define short macrostedu2014-07-111-58/+1
| | | | | for apps that haven't had time to make the appropriate changes was added. time's up.
* Apparently better fix for OpenSSL PR #3397 (Joyent bug #7704), from OpenSSLmiod2014-07-111-2/+2
| | | | trunk
* In ASN1_get_object(), reject primitive encodings using the indefinite lengthmiod2014-07-111-1/+4
| | | | constructed form. OpenSSL PR #2438 via OpenSSL trunk
* Fix copy for CCM, GCM and XTS.miod2014-07-111-12/+70
| | | | | | | | Internal pointers in CCM, GCM and XTS contexts should either be NULL or set to point to the appropriate key schedule. This needs to be adjusted when copying contexts. OpenSSL PR #3272 with further fixes, from OpenSSL trunk
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-09-02 17:05:52 +0000