summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Enable the use of the kernel __realpath() system call in the libc wrapper.beck2019-05-281-3/+136
| | | | | | | | For now, this also still uses the existing realpath implmentation and emits a syslog if we see differening results. Once we have run with that for a little while we will remove the old code ok deraadt@
* Throw malloc_conceal and freezero into the mix.otto2019-05-231-3/+8
|
* Only override size of chunk if we're not given the actual length.otto2019-05-231-2/+3
| | | | Fixes malloc_conceal...freezero with malloc options C and/or G.
* bump to LibreSSL 3.0.0bcook2019-05-231-3/+3
| | | | ok tb@
* add stdlib.h for reallocarraybcook2019-05-231-1/+2
|
* *an* RSA;jmc2019-05-203-9/+9
|
* clarify that later flags modify earlier flags;schwarze2019-05-191-2/+4
| | | | | triggered by a question from Jan Stary <hans at stare dot cz> on misc@; OK otto@
* More consistently put remarks about the less useful LC_* categoties,schwarze2019-05-162-14/+26
| | | | | | i.e. those other than LC_CTYPE, into the CAVEATS section, and standardize wording somewhat. OK jmc@
* delete two stray blank linesschwarze2019-05-151-4/+2
|
* check result of ftruncate() as we do write() belowbcook2019-05-151-2/+4
| | | | ok beck@
* s3 is never NULL since s2 (formerly used for SSLv2) does not exist, so there isbcook2019-05-153-29/+20
| | | | | | | no need to check for it. Fixes COV-165788, identified with help from Alex Bumstead. ok jsing@
* Correct missing test to determine if length is in bytes or in bits.beck2019-05-141-1/+3
| | | | | Issue found by Guido Vranken <guidovranken@gmail.com> ok tedu@ tb@
* Use propper regress target to integrate better into test framework.bluhm2019-05-141-2/+4
|
* Remove unused pad check, which is handled by tls1_cbc_remove_padding() now.bcook2019-05-131-4/+2
| | | | | | Fixes COV-174858 ok tb@
* Acquire mutex before incrementing the refcount. Fixes COV-186144bcook2019-05-131-1/+3
| | | | ok tb@
* Move 'how this works' details from namespace.h to DETAILSguenther2019-05-132-112/+136
|
* explicitly mention that RES_NOALIASES has no effect;schwarze2019-05-131-3/+4
| | | | | jmc@ noticed that the text wasn't completely clear; OK jmc@
* Mention introduction of *_conceal.otto2019-05-131-2/+8
|
* The call to fseek(fp, -1, SEEK_END) also sets the reported size tobluhm2019-05-131-10/+10
| | | | | | this value. To match the expectation of the test again, move this line before the the code that sets the final position. OK yasuoka@
* Fix signed overflow in X509_CRL_print().tb2019-05-121-1/+4
| | | | | | fixes oss-fuzz #14558 ok beck jsing
* Revert the other hunk of r1.36 as well: in the case of CCM, ccm.key istb2019-05-121-1/+11
| | | | | | | | | assigned from aesni_ccm_init_key() via CRYPTO_ccm128_init(), so it needs to be copied over... Pointed out by Guido Vranken. ok jsing
* Stop the eyebleed in here and just use callocbeck2019-05-121-31/+8
|
* $OpenBSD$tb2019-05-114-0/+4
|
* Remove commented out rc5 bitstb2019-05-117-20/+6
|
* Initialize EC_KEY_METHOD before use.bcook2019-05-101-2/+2
| | | | | | Fixes COV-186146 ok tb, beck
* Revert part of r1.36: in the case of GCM, gcm.key is assigned fromtb2019-05-101-1/+7
| | | | | | | | | aesni_gcm_init_key() via CRYPTO_gcm128_init(), so it needs to be copied over... Fixes cryptofuzz issue #14352 and likely also #14374. ok beck jsing
* Inroduce malloc_conceal() and calloc_conceal(). Similar to theirotto2019-05-102-199/+219
| | | | | counterparts but return memory in pages marked MAP_CONCEAL and on free() freezero() is actually called.
* Add a test vector for Streebog 512 from Guido Vrankentb2019-05-091-1/+2
|
* Fix incorrect carry operation in 512 bit addition: in the casetb2019-05-091-6/+8
| | | | | | | | | that there is already a carry and Sigma[i-1] == -1, the carry must be kept. From Dmitry Eremin-Solenik. Fixes incorrect Streebog result reported by Guido Vranken.
* Proper prototype for main(). Make sparc64 happier.claudio2019-05-091-2/+4
|
* In DTLS, use_srtp is part of the extended server hello while in TLSv1.3,tb2019-05-081-2/+3
| | | | | | | | | | it is an encrypted extension. Include it in the server hello for now. This will have to be revisited once TLSv1.3 gets there. Fixes SRTP negotiation. Problem found by two rust-openssl regress failures reported by mikeb. with & ok beck
* initialize safestack pointersbcook2019-05-083-6/+6
| | | | ok beck@, tb@
* Make sure that the tag buffer size is equal to the tag sizetb2019-05-081-2/+2
| | | | | | | | | in CRYPTO_ccm128_tag(). Otherwise the caller might end up using the part of the tag buffer that was left uninitialized. Issue found by Guido Vranken. ok inoguchi
* Add test fseek(,-1) works properly.yasuoka2019-05-021-3/+8
|
* Avoid an undefined shift in ASN1_ENUMERATED_get().tb2019-04-281-4/+9
| | | | | | | | (same fix as in a_int.c rev 1.34) Fixes oss-fuzz issue #13809 ok beck, jsing
* Avoid an undefined shift in ASN1_INTEGER_get().tb2019-04-281-4/+8
| | | | | | Fixes oss-fuzz issue #13804 ok beck, jsing
* Use calloc/freezero when allocating and freeing the session ticket data.jsing2019-04-251-4/+6
| | | | | | The decrypted session ticket contains key material. ok tb@
* Use EVP_CIPHER_CTX_{new,free}() and HMAC_CTX_{new,free}() instead ofjsing2019-04-251-24/+29
| | | | | | | | | allocating on stack. While here also check the return values from EVP_DecryptInit_ex() and HMAC_Init_ex(). ok tb@
* Rename some variables in tls_decrypt_ticket().jsing2019-04-251-18/+18
| | | | | | | | | Rename mlen to hlen since it is a hmac (and this matches hctx and hmac). Rename ctx to cctx since it is a cipher context and ctx is usually used to mean SSL_CTX in this code. ok tb@
* Do not check for working go executable during make clean cleandir obj.bluhm2019-04-241-1/+3
| | | | reminded by jsing@
* Do not check for working go executable during make clean cleandir obj.bluhm2019-04-241-1/+3
|
* Convert tls_decrypt_ticket() to CBS.jsing2019-04-231-44/+72
| | | | | | This removes various pointer arithmetic and manual length checks. ok tb@
* Add error checking to i2v_POLICY_MAPPINGS().tb2019-04-221-9/+26
| | | | ok jsing
* Add error checking to i2v_POLICY_CONSTRAINTS().tb2019-04-221-5/+19
| | | | ok jsing
* Add error checking to i2v_EXTENDED_KEY_USAGE().tb2019-04-221-8/+23
| | | | ok jsing
* Add error checking to i2v_ASN1_BIT_STRING().tb2019-04-221-4/+18
| | | | ok jsing
* Add error checking to i2v_BASIC_CONSTRAINTS().tb2019-04-221-3/+18
| | | | ok jsing
* Add error checking to i2v_AUTHORITY_INFO_ACCESS(). While there, replacetb2019-04-221-19/+27
| | | | | | an ugly strlen + malloc + strcat/strcpy dance by a simple asprintf(). ok jsing
* Avoid potential double frees in i2v_AUTHORITY_KEYID(), i2v_GENERAL_NAME()tb2019-04-222-6/+22
| | | | | | | | | | | | | | and i2v_GENERAL_NAMES() by taking ownership of the extlist only if we were passed NULL. Otherwise it remains the caller's responsibility to free it. To do so, we allocate the extlist explicitly instead of using X509V3_add_value()'s implicit allocation feature. Preserve behavior in i2v_AUTHORITY_KEYID() by adding an explicit check that something was pushed onto the stack. The other i2v_* functions will receive a similar treatment in upcoming commits. ok jsing
* Provide a derr label (decode/decrypt error) in tls1_decrypt_ticket().jsing2019-04-221-41/+29
| | | | | | This handles the ret = 2 case and makes the code more readable. ok tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-27 19:43:54 +0000