summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls_buffer.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2023-08-25Add more cross referencestb2-4/+7
2023-08-25Document EVP_add_{cipher,digest} and friendstb3-3/+163
These and EVP_{add,remove}_{cipher,digest}_alias() are mostly for internal use.
2023-08-25zap a stray spacetb1-2/+2
2023-08-24cms_content_bio() is not used outside of cms_lib.ctb2-5/+3
Make it a static function and remove its prototype from the internal header.
2023-08-24Some tweaking of cms_content_bio()tb1-10/+10
More idiomatic error checking and drop an always false test for !*pos. Use a slightly closer approximation to actual English sentences in comments. ok jsing
2023-08-24Better names for the BIOs in CMS_dataInit()tb1-14/+14
Rename cmsbio into cms_bio and use {,in_}content_bio for {,i}cont. ok jsing
2023-08-24Update references from RFC 7539 to RFC 8439tb3-10/+10
RFC 7539 was superseded by RFC 8439, incorporating errata and making editorial improvements. Very little of substance changed, in particular section numbers remain the same. Prompted by a question from schwarze
2023-08-24Align the documentation of EVP_chacha20() with actual behaviortb1-6/+6
Incorrect OpenSSL documentation was moved here and inherited parts of a comment that was fixed in evp/e_chacha.c r1.13. Adjust the manual page accordingly. Discussed with schwarze
2023-08-24Clarify how the EVP IV is used with ChaChatb1-8/+6
EVP_chacha20() was aligned to follow OpenSSL's nonconformant implementation during a2k20 by djm and myself in an effort to allow OpenSSH to use the OpenSSL 1.1 API. Some corresponding OpenSSL 1.1 documentation was imported at the same time. A comment attempted to translate between implementation and the incorrect documentation, which was necessarily gibberish. Improve the situation by rephrasing and dropping nonsensical bits. Prompted by a question of schwarze
2023-08-23Mention key and nonce lengths of AEAD ciphers.schwarze2-33/+105
Mention portability considerations regarding the EVP_AEAD API. Avoid confusing words like "older" and "native" API, be specific. Mention RFC 7905. Move publications we don't implement from STANDARDS to CAVEATS. Based on input from jsing@ and tb@, OK tb@.
2023-08-22Pull the NULL check for cmsbio into the switchtb1-14/+10
ok jsing
2023-08-22Plug a leak of cont in CMS_dataInit()tb1-11/+12
This and ts/ts_rsp_sign.c r1.32 were part of OpenSSL 309e73df. ok jsing
2023-08-22Plug a leak of ASN1_INTEGR in def_serial_cb()tb1-4/+7
ok jsing
2023-08-21ec_ameth: clean up eckey_{pub,priv}_encode()tb1-62/+67
Factor eckey_param_free() out of eckey_pub_encode(). ASN1_OBJECT_free() is not actually needed. This will be addressed later. i2o_ECPublicKey() allocates internally if *out == NULL, so no need to do the two-call dance. Its return value is documented to be <= 0 on error, which is wrong in the sense that only 0 is returned. Keep using the same check for <= 0 as everywhere else. Set of EC_PKEY_NO_PARAMETERS after the poorly named eckey_param2type() to avoid potential underhanded side effects. In eckey_priv_encode(), error exits would leak pval was leaked a few times. Avoid this and simplify using i2d's internal allocation. Reinstate the flags in a single error path. ok jsing
2023-08-21spellingjsg1-4/+4
2023-08-20Make some global variables consttb1-14/+15
2023-08-20Bye bye to all people out theretb1-28/+1
2023-08-20Add some spaces after commatb1-6/+6
2023-08-20unifdef -D FULL_TESTtb1-7/+1
2023-08-20knfmt(1) to the rescuetb1-139/+146
2023-08-20Another OPENSSL_NO_DEPRECATED hits the bit buckettb1-7/+1
2023-08-20Drop unnecessary OPENSSL_NO_DEPRECATED dancetb1-7/+1
2023-08-20Use a separate flags variable for the error flags in DH_check()tb1-7/+8
2023-08-18Check X509_digest() return in x509v3_cache_extensions()tb1-2/+3
On failure invalidate the cert with EXFLAG_INVALID. It's unlikely that a cert would make it through to the end of this function without setting the flag, but it's bad style anyway. ok jsing
2023-08-17Garbage collect two commented abort()tb1-3/+1
2023-08-17Make the local ASN1_OBJECTs consttb1-2/+2
ok jsing
2023-08-17Remove some unnecessary else branchestb1-7/+5
2023-08-17Remove some parents from return statementstb1-8/+8
2023-08-17Use cmp instead of i for the result of a comparisontb1-5/+5
ok jsing
2023-08-17Use OBJ_cmp() instead of inlining two variantstb1-12/+4
This also avoids more undefined behavior with memcmp(). ok jsing PS: Unsolicited advice for no one in particular: there is this awesome tool called grep. If someone reports an issue, you might want to use it to find more instances.
2023-08-17Avoid memcmp(NULL, x, 0) in OBJ_cmp()tb1-6/+7
If a->length is 0, either a->data or b->data could be NULL and memcmp() will rely on undefined behavior to compare them as equal. So avoid this comparison in the first place. ok jsing
2023-08-16add the missing entry for EVP_CIPHER_CTX_ctrl(3) to the RETURN VALUES sectionschwarze1-2/+11
2023-08-16Describe more precisely how these functions are supposed to be used,schwarze1-19/+185
document the control operations supported by EVP_chacha20_poly1305(3), and add the missing STANDARDS and HISTORY sections. This replaces all text written by Matt Caswell and all text Copyrighted by OpenSSL in the year 2019.
2023-08-15Add regress coverage for ASN1_STRING_cmp()tb1-1/+147
2023-08-15Add some regress coverage for various ASN1_STRING types to codify sometb1-1/+229
quirks and invariants.
2023-08-15Zap extra parenstb1-2/+2
2023-08-15Fix typo in previoustb1-2/+2
2023-08-15Avoid undefined behavior with memcmp(NULL, x, 0) in ASN1_STRING_cmp()tb1-4/+6
ok jsing miod
2023-08-15SHA-3 is not a symmetric cipher.schwarze1-3/+3
Fix a copy and paste mistake that Ronald Tse introduced in 2017 even though Richard Levitte and Bernd Edlinger reviewed his commit - and that i unwittingly copied. Even in the OpenSSL 3 main trunk, it wasn't fixed until 2022, and in OpenSSL-1.1.1, it is still wrong. Unfortunately, we need to be really careful before believing anything the OpenSSL documentation says...
2023-08-15Import the EVP_chacha20(3) manual page from the OpenSSL 1.1 branch,schwarze4-14/+102
which is still under a free license, to work on it in the tree. The required content changes have not been done yet, i only tweaked the markup and wording so far.
2023-08-15Avoid memcmp() with NULL pointer and 0 lengthtb1-3/+3
2023-08-15Clean up alignment handling.jsing2-57/+67
Instead of using HOST_{c2l,l2c} macros, provide and use crypto_load_le32toh() and crypto_store_htole32(). In some cases just use htole32() directly. ok tb@
2023-08-15Use MD5_LONG instead of unsigned int for consistency.jsing1-3/+3
ok tb@
2023-08-15Condition only on #ifdef MD5_ASM.jsing1-15/+5
There are a bunch of unnecessary preprocessor directives - just condition on MD5_ASM, the same as we do elsewhere. ok tb@
2023-08-14Prepare tlsfuzzer.py for ports updatetb1-3/+13
2023-08-14Inline INIT_DATA_* defines.jsing1-10/+7
ok tb@
2023-08-14style(9)jsing1-6/+6
2023-08-14Below SEE ALSO, point to all pages documenting the evp.h sub-library, andschwarze1-11/+56
also point to a selection of functions from other sub-libraries that rely on evp.h objects, in particular on EVP_CIPHER, EVP_MD, and EVP_PKEY. While here, merge a few trivial improvements to orthography and punctuation from the OpenSSL 1.1 branch.
2023-08-14import EVP_sha3_224(3) from the OpenSSL 1.1 branch, which is still underschwarze3-3/+97
a free license, tweaked by me
2023-08-14netcat: avoid issuing syscalls on fd -1tb1-3/+9
In case a socket error condition occurs, readwrite() invalidates the corresponding fd. Later on, readwrite() may still issue a syscall on it. Avoid that by adding a couple of checks for fd == -1. Reported and fix suggested by Leah Neukirchen. Fixes https://github.com/libressl/openbsd/issues/143 "looks right" deraadt
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-22 06:27:11 +0000