summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_methods.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-05-07Rewrite asn1_d2i_ex_primitive() with CBS.jsing1-72/+86
ok tb@
2022-05-07Refactor asn1_ex_c2i()jsing1-39/+59
The asn1_ex_c2i() function currently handles the V_ASN1_ANY case inline, which means there multiple special cases, with pointer fudging and restoring. Instead, split asn1_ex_c2i() into three functions - one that only handles storage into a primitive type (asn1_ex_c2i_primitive()), one that handles the V_ASN1_ANY case (asn1_ex_c2i_any()) and calls asn1_ex_c2i_primitive() with the correct pointer and an asn1_ex_c2i() that handles the custom functions case, before dispatching to asn1_ex_c2i_any() or asn1_ex_c2i_primitive(), as appropriate. This results in cleaner and simpler code. With input from and ok tb@
2022-05-07Avoid strict aliasing violations in BN_nist_mod_*()jsing1-86/+137
The optimised code path switches from processing data via unsigned long to processing data via unsigned int, which requires type punning. This is currently attempted via a union (for one case), however this fails since a pointer to a union member is passed to another function (these unions were added to "fix strict-aliasing compiler warning" - it would seem the warnings stopped but the undefined behaviour remained). The second case does not use a union and simply casts from one type to another. Undefined behaviour is currently triggered when compiling with clang 14 using -03 and -fstrict-aliasing, while disabling assembly (in order to use this C code). The resulting binary produces incorrect results. Avoid strict aliasing violations by copying from an unsigned long array to an unsigned int array, then copying back the result. Any sensible compiler will omit the copies, while avoiding undefined behaviour that would result from unsafe type punning via pointer type casting. Thanks to Guido Vranken for reporting the issue and testing the fix. ok tb@
2022-05-06Add missing ERR_load_{COMP,CT,KDF}_strings()tb1-1/+11
ok beck
2022-05-06Also check EVP_PKEY_CTX_new_id() return in example code. Letting thistb1-2/+4
be caught by the error check of EVP_PKEY_derive_init() is a dubious pattern.
2022-05-06Install EVP_PKEY_CTX_set_hkdf_md.3tb1-1/+2