IABSD.fr/src/lib

Branch :


Log

Author Commit Date CI Message
cfb416a1 2023-09-05 15:01:39 add a BUGS section warning about the creation of incomplete objects
281c2125 2023-09-05 14:59:00 Improve error handling in OBJ_add_object() There is no need for a helper function to obfuscate lh_ADDED_OBJ_new(). Just call the real thing directly. Adding an object with a NID of NID_undef basically amounts to disabling a built-in OID. It does so in an incoherent fashion and the caller can't easily tell success from failure of the operation. Arguably the result is a corrupted objects table. Let's not allow adding such an object in an attempt at keeping things slightly more coherent. Issue noted and initial diff by schwarze while writing documentation ok schwarze
0c4652a2 2023-09-05 14:54:21 document EVP_CIPHER_name(3)
aac644ea 2023-09-05 14:37:00 add the missing .Dv macros to the list of flags
7fd26e6c 2023-09-05 14:19:02 improve the descriptions of almost all flags, in particular saying which API functions each flag affects
3de9d62f 2023-09-05 13:50:22 Partial rewrite: * Integrate the leftovers of the former NOTES section into the main text, resulting in a more logical order of information. * Make many descriptions more precise and tweak many wordings. For example, the description of OBJ_cmp(3) was totally misleading. Add a CAVEATS section explaining the scary ownership contracts of the functions returning ASN1_OBJECT pointers. Move the discussion of NID_undef to the BUGS section because the statement "objects which are not in the table have the NID value NID_undef" was misleading in more than one way. Considering that an API as fundamental as this one contains such a gigantic amount of quirks and traps and gaps makes me shudder.
ae39aee5 2023-09-04 08:43:41 Make wp_local.h and cmll_local.h self-standing
8e130001 2023-09-04 08:36:48 unbreak build with llvm-16 by including sys/types.h for __BEGIN_HIDDEN_DECLS /usr/src/lib/libcrypto/whrlpool/wp_local.h:5:1: error: unknown type name '__BEGIN_HIDDEN_DECLS' ok tb@
d91eab06 2023-09-02 04:55:18 whitespace
a521a55f 2023-09-02 04:15:39 Align EVP_PKEY_get1_RSA() with EVP_PKEY_get0_RSA()
6bf59eda 2023-09-01 17:28:21 Many improvements, almost amounting to a partial rewrite: * more precision what the CIPHER_CTX functions do * more precision what an NID is * avoid talking about RC2, use AES-256 for an example instead * clarify that block sizes are measured in bytes * mention additional restrictions regarding valid block sizes * add the missing description of the *_flags(3) functions * mention the public mask constant EVP_CIPH_MODE * add three missing modes that can occur as return values * add the missing entries for *_flags(3) and *_mode(3) below RETURN VALUES * tweak various wordings for precision and conciseness
bce02283 2023-09-01 17:12:19 Fix EVP_PKEY_get0_RSA() for RSA-PSS It currently returns NULL. This is OpenSSL 4088b926 + De Morgan. ok jsing
f75e7c0e 2023-09-01 12:13:13 fix an obvious typo in the OBJ_NAME_add(3) prototype
d1527b6e 2023-08-31 17:27:41 Split three new manual pages EVP_CIPHER_nid(3), EVP_CIPHER_CTX_ctrl(3), and EVP_CIPHER_CTX_set_flags(3) out of the excessively large and unwieldy EVP_EncryptInit(3). This causes a number of inaccuracies and gaps to stand out, but i'm not mixing text changes or content additions into this split. Using very useful feedback from tb@ regarding what belongs together and how important the various functions are. I refrained from bothering him with the complete patch, but he likes the general direction.
4ee6c374 2023-08-30 10:13:12 Ensure no memory is leaked after passing NULL to ASN1_TIME_normalize() OK tb@
2bc73dbd 2023-08-30 00:58:57 Document EVP_{CIPHER,MD}_do_all{,_sorted}(3) The function prototypes in the SYNOPSIS don't look great, but schwarze assures me that this is how it is supposed to be. It is rather strange that OpenSSL chose to sprinkle OPENSSL_init_crypto() calls into these four functions rather than two inside OBJ_NAME_do_all{,_sorted}(3). Surely there was a good reason for that. With input and fixes from schwarze
c44a4196 2023-08-30 00:49:32 Fix leaks in copy_issuer() The stack of subject alternative names from the issuer is parsed using X509V3_EXT_d2i(), so it must be freed with sk_GENERAL_NAME_pop_free(). It's not worth doing complicated ownership handling when the individual alternative names can be copied with GENERAL_NAME_dup(). Previously, ialt and its remaining members would be leaked when the call to sk_GENERAL_NAME_push() failed halfway through. This is only reachable via the issuer:copy x509v3.cnf(5) directive. ok jsing
4e4f5e48 2023-08-29 10:07:42 Replace last ecdh.h and ecdsa.h occurrences with ec.h Except if backward compatibility with older LibreSSL and OpenSSL versions is explicitly needed, ecdsa.h and ecdh.h should no longer be used. They are now trivial wrappers of ec.h.
4a9745e0 2023-08-27 15:33:08 Move the weak SHA-1 and MD5 hashes out of EVP_DigestInit(3) into a new EVP_sha1(3) manual page, and also mention EVP_md4(3) there. Using input from tb@ and jsing@, who like the general direction.
55e5f7f1 2023-08-27 13:23:12 document the return value of EVP_PKEY_asn1_find(3) and the "len" argument and the return value of EVP_PKEY_asn1_find_str(3)
3d821fad 2023-08-27 13:15:29 EVP_PKEY_set_type_str(3) is now documented, so switch from .Fn to .Xr
7b125ae7 2023-08-27 13:08:15 document EVP_PKEY_set_type_str(3)
c37e9688 2023-08-26 15:14:28 add the missing information that and how flags can be combined, and add the missing link to evp(3)
0e80ab9d 2023-08-26 15:12:04 Write documentation for EVP_CIPHER_CTX_buf_noconst(3) from scratch. Put it here rather than into EVP_EncryptInit(3) because similar to EVP_CIPHER_CTX_get_cipher_data(3), application software should not use it. These functions will likely not be needed except by people implementing custom encryption algorithms.
a934d56a 2023-08-26 15:01:56 write documentation for EVP_CIPHER_CTX_copy(3) and EVP_CIPHER_CTX_encrypting(3) from scratch
143c7089 2023-08-26 06:19:09 transfering -> transferring
43456e64 2023-08-26 02:59:13 Remove two unnecessary local variables
10d7aa8c 2023-08-25 18:39:04 make the one-line description read better and be more specific below RETURN VALUES; OK tb@
550a68d8 2023-08-25 18:22:41 In evp.h rev.s 1.90 and 1.97, tb@ provided EVP_CIPHER_CTX_get_cipher_data(3) and EVP_CIPHER_CTX_set_cipher_data(3). Import the manual page from the OpenSSL 1.1 branch, which is still under a free licence, with several improvements by me.
b430849a 2023-08-25 13:26:27 fix eight more instances of copy & paste glitches
2f83904e 2023-08-25 12:45:45 new manual page MB_CUR_MAX(3) written from scratch; OK guenther@ stsp@ jmc@
51323fa6 2023-08-25 12:37:33 KNF, no assembly change OK tb@ jsing@
fa8582a1 2023-08-25 11:43:14 Mention another bug for EVP_add_{cipher,digest}(3)
7059fb95 2023-08-25 10:54:44 Improve EVP_add_cipher.3 a bit Fix some copy-paste errors in the prototypes, tweak the explanatory text and add some more details.
44186a5c 2023-08-25 05:38:52 Add more cross references
b36e491b 2023-08-25 05:29:35 Document EVP_add_{cipher,digest} and friends These and EVP_{add,remove}_{cipher,digest}_alias() are mostly for internal use.
962d8697 2023-08-25 02:17:41 zap a stray space
90fa8d06 2023-08-24 04:56:36 cms_content_bio() is not used outside of cms_lib.c Make it a static function and remove its prototype from the internal header.
3a0e71e8 2023-08-24 04:54:26 Some tweaking of cms_content_bio() More idiomatic error checking and drop an always false test for !*pos. Use a slightly closer approximation to actual English sentences in comments. ok jsing
37128564 2023-08-24 04:46:56 Better names for the BIOs in CMS_dataInit() Rename cmsbio into cms_bio and use {,in_}content_bio for {,i}cont. ok jsing
229d624c 2023-08-24 04:33:08 Update references from RFC 7539 to RFC 8439 RFC 7539 was superseded by RFC 8439, incorporating errata and making editorial improvements. Very little of substance changed, in particular section numbers remain the same. Prompted by a question from schwarze
a82f2364 2023-08-24 04:23:30 Align the documentation of EVP_chacha20() with actual behavior Incorrect OpenSSL documentation was moved here and inherited parts of a comment that was fixed in evp/e_chacha.c r1.13. Adjust the manual page accordingly. Discussed with schwarze
3299449a 2023-08-24 04:20:57 Clarify how the EVP IV is used with ChaCha EVP_chacha20() was aligned to follow OpenSSL's nonconformant implementation during a2k20 by djm and myself in an effort to allow OpenSSH to use the OpenSSL 1.1 API. Some corresponding OpenSSL 1.1 documentation was imported at the same time. A comment attempted to translate between implementation and the incorrect documentation, which was necessarily gibberish. Improve the situation by rephrasing and dropping nonsensical bits. Prompted by a question of schwarze
a16ee84e 2023-08-23 13:46:42 Mention key and nonce lengths of AEAD ciphers. Mention portability considerations regarding the EVP_AEAD API. Avoid confusing words like "older" and "native" API, be specific. Mention RFC 7905. Move publications we don't implement from STANDARDS to CAVEATS. Based on input from jsing@ and tb@, OK tb@.
ad1cd115 2023-08-22 12:50:27 Don't fail in ober_scanf_elements() when encountering empty sequences. Ok martijn@
71d39bbe 2023-08-22 08:59:44 Pull the NULL check for cmsbio into the switch ok jsing
6590b22d 2023-08-22 08:44:15 Plug a leak of cont in CMS_dataInit() This and ts/ts_rsp_sign.c r1.32 were part of OpenSSL 309e73df. ok jsing
f78746b6 2023-08-22 08:09:36 Plug a leak of ASN1_INTEGR in def_serial_cb() ok jsing
2b293404 2023-08-21 09:52:30 ec_ameth: clean up eckey_{pub,priv}_encode() Factor eckey_param_free() out of eckey_pub_encode(). ASN1_OBJECT_free() is not actually needed. This will be addressed later. i2o_ECPublicKey() allocates internally if *out == NULL, so no need to do the two-call dance. Its return value is documented to be <= 0 on error, which is wrong in the sense that only 0 is returned. Keep using the same check for <= 0 as everywhere else. Set of EC_PKEY_NO_PARAMETERS after the poorly named eckey_param2type() to avoid potential underhanded side effects. In eckey_priv_encode(), error exits would leak pval was leaked a few times. Avoid this and simplify using i2d's internal allocation. Reinstate the flags in a single error path. ok jsing
2880ad15 2023-08-21 03:26:42 spelling
00d87da4 2023-08-20 19:52:40 remove "flag" from the Dv line;
f0c5c122 2023-08-20 16:25:09 Bump zlib version to 1.3 We have been pulling in all actual changes over the past months, so this is only a version number bump. The relevant entries of the ChangeLog are: * Building using K&R (pre-ANSI) function definitions is no longer supported. * Fixed a bug in deflateBound() for level 0 and memLevel 9. * Fixed a bug when gzungetc() is used immediately after gzopen(). * Fixed a bug when using gzflush() with a very small buffer. * Fixed a crash when gzsetparams() is attempted for a transparent write. ok deraadt miod millert
29a332bc 2023-08-20 15:17:53 Add syscall stub for kqueue1(2) This rides previous libc minor bump. Feedback and OK guenther@
46c354aa 2023-08-20 15:02:50 Provide C11 <uchar.h>. OK millert@. Tested by naddy@ in a bulk and by matthieu@ in the new foot(1) port. I originally wrote the code in 2022 at the prodding of espie@. Using one improvement to a manual page from jmc@.
5f814157 2023-08-18 08:42:41 Check X509_digest() return in x509v3_cache_extensions() On failure invalidate the cert with EXFLAG_INVALID. It's unlikely that a cert would make it through to the end of this function without setting the flag, but it's bad style anyway. ok jsing
f457475c 2023-08-18 06:08:19 sync with zlib.h "that's fine" jmc
0f55603f 2023-08-18 06:08:03 Sync doc comment with upstream
6071e9eb 2023-08-17 09:28:43 Garbage collect two commented abort()
812e19bf 2023-08-17 09:27:43 Make the local ASN1_OBJECTs const ok jsing
b0b039de 2023-08-17 09:26:09 Remove some unnecessary else branches
a55266cc 2023-08-17 09:24:50 Remove some parents from return statements
acdf279e 2023-08-17 09:22:56 Use cmp instead of i for the result of a comparison ok jsing
8128758f 2023-08-17 09:18:21 Use OBJ_cmp() instead of inlining two variants This also avoids more undefined behavior with memcmp(). ok jsing PS: Unsolicited advice for no one in particular: there is this awesome tool called grep. If someone reports an issue, you might want to use it to find more instances.
fdad50ce 2023-08-17 09:13:01 Avoid memcmp(NULL, x, 0) in OBJ_cmp() If a->length is 0, either a->data or b->data could be NULL and memcmp() will rely on undefined behavior to compare them as equal. So avoid this comparison in the first place. ok jsing
0496c2bd 2023-08-17 05:45:51 add space needed in punctuation; from josiah frentsos
fb09b7fc 2023-08-16 13:50:05 add the missing entry for EVP_CIPHER_CTX_ctrl(3) to the RETURN VALUES section
e0edf616 2023-08-16 13:47:18 Describe more precisely how these functions are supposed to be used, document the control operations supported by EVP_chacha20_poly1305(3), and add the missing STANDARDS and HISTORY sections. This replaces all text written by Matt Caswell and all text Copyrighted by OpenSSL in the year 2019.
2e0be48d 2023-08-15 18:05:15 Zap extra parens
c489c5d0 2023-08-15 17:40:06 Fix typo in previous
2c8a0eae 2023-08-15 17:38:00 Avoid undefined behavior with memcmp(NULL, x, 0) in ASN1_STRING_cmp() ok jsing miod
cb4f93b0 2023-08-15 12:18:46 Fix bug when using gzflush() with a very small buffer. from upstream
df03c47c 2023-08-15 11:54:38 SHA-3 is not a symmetric cipher. Fix a copy and paste mistake that Ronald Tse introduced in 2017 even though Richard Levitte and Bernd Edlinger reviewed his commit - and that i unwittingly copied. Even in the OpenSSL 3 main trunk, it wasn't fixed until 2022, and in OpenSSL-1.1.1, it is still wrong. Unfortunately, we need to be really careful before believing anything the OpenSSL documentation says...
5918e05c 2023-08-15 11:26:49 Import the EVP_chacha20(3) manual page from the OpenSSL 1.1 branch, which is still under a free license, to work on it in the tree. The required content changes have not been done yet, i only tweaked the markup and wording so far.
f4c5b171 2023-08-15 08:39:27 Clean up alignment handling. Instead of using HOST_{c2l,l2c} macros, provide and use crypto_load_le32toh() and crypto_store_htole32(). In some cases just use htole32() directly. ok tb@
d697bab7 2023-08-15 08:35:33 Use MD5_LONG instead of unsigned int for consistency. ok tb@
5d245864 2023-08-15 08:30:49 Condition only on #ifdef MD5_ASM. There are a bunch of unnecessary preprocessor directives - just condition on MD5_ASM, the same as we do elsewhere. ok tb@
647e2446 2023-08-14 15:48:16 Inline INIT_DATA_* defines. ok tb@
30c27baa 2023-08-14 15:26:01 style(9)
c1b14449 2023-08-14 14:46:40 Below SEE ALSO, point to all pages documenting the evp.h sub-library, and also point to a selection of functions from other sub-libraries that rely on evp.h objects, in particular on EVP_CIPHER, EVP_MD, and EVP_PKEY. While here, merge a few trivial improvements to orthography and punctuation from the OpenSSL 1.1 branch.
bed12096 2023-08-14 14:22:32 import EVP_sha3_224(3) from the OpenSSL 1.1 branch, which is still under a free license, tweaked by me
b91cf01f 2023-08-13 12:25:12 Conditionally disable MSAN from upstream
ce5197b5 2023-08-13 12:09:14 fix whitespace
65043abd 2023-08-13 10:23:26 simplify previous;
471dbed6 2023-08-13 08:29:28 kevent: Add precision and abstimer flags for EVFILT_TIMER Add timer precision flags NOTE_SECONDS, NOTE_MSECONDS, NOTE_USECONDS and NOTE_NSECONDS for EVFILT_TIMER. Also, add an initial implementation of NOTE_ABSTIME timers. Similar kevent(2) flags exist on FreeBSD, NetBSD and XNU. Initial diff by and OK aisha@ OK mpi@
21122c7b 2023-08-13 06:56:10 Make sure modff() returns correct values for infinities. Reported by Willemijn Coene.
f78f1c7c 2023-08-13 06:55:37 Make sure modf() returns correct values for infinities. While there, drop the few assembler versions as has been done on other *BSD systems; this function (modf) turns out to be non-trivial enough, having only one known-to-work version is preferrable. Reported by Willemijn Coene.
7d234dcc 2023-08-12 16:48:23 document return values of the control function in EVP_MD_meth_set_ctrl(3)
4d855df4 2023-08-12 16:12:19 1. Tweak the descriptions of EVP_MD_CTX_ctrl(3), EVP_MD_CTX_set_flags(3), EVP_MD_CTX_clear_flags(3), EVP_MD_CTX_test_flags(3), and the atrocious EVP_MD_CTX_set_pkey_ctx(3) for precision. 2. Tweak the description of EVP_MD_type(3) and EVP_MD_CTX_type(3) for conciseness. 3. Add a few missing HISTORY bits.
caf6bd1d 2023-08-12 13:49:29 Fix bug when gzungetc() is used immediately after gzopen(). from upstream
eef95d0b 2023-08-12 13:48:37 fix typo from upstream
79ea6785 2023-08-12 08:26:38 Remove a blatant lie about DSA_dup_DH q is copied across since OpenSSL 31360957 which hit our tree with OpenSSL 1.0.1c in October 2012.
6eda6f29 2023-08-12 08:07:35 The int_ prefix also leaves the ec_ameth mess The prefixes in here are all over the place... This removes one variety.
c5ca9a16 2023-08-12 08:02:43 RSA's _free and _size also lose their int_ prefix
7244e844 2023-08-12 07:59:48 Drop silly int_ prefix from _free() and _size()
52d22fd7 2023-08-12 07:50:47 Free {priv,pub}_key before assigning to it While it isn't the case for the default implementations, custom DH and DSA methods could conceivably populate private and public keys, which in turn would result in leaks in the pub/priv decode methods. ok jsing
741c2858 2023-08-12 07:46:14 Readability tweak for key parameters in DSA ok jsing
a13d6b7a 2023-08-12 07:43:48 Simplify and unify missing_parameters() for DH and DSA ok jsing
e498bf2d 2023-08-12 06:14:36 Convert {DH,DSA}_new_method() to using calloc() Due to OPENSSL_NO_ENGINE the engine member of dh and dsa is currently uninitialized. As a consequence, {DH,DSA}_get0_engine() will return a garbage pointer, which is particularly bad because the only reason we kept them in the first place is that they are used by some software... A side effect of freeing with {DH,DSA}_free() instead of a hand-rolled version is that we may call ->meth->finish() before ->meth->init() was called. We need a NULL check for ->meth to be on the safe side in case we should need to bring ENGINE back. with nits from djm ok deraadt djm
94cbdd02 2023-08-11 18:08:43 Merge various improvements from the OpenSSL 1.1 branch, which is still under a free license. * document EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags * document EVP_MD_flags, EVP_MD_CTX_md_data * document EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx * correct arg type of EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type * more information about EVP_MD_CTX_ctrl * add missing <string.h> and correct one variable type below EXAMPLES * two orthographic improvements with a few wording tweaks by me
2d2b9ed9 2023-08-11 15:27:28 Stop including md32_common.h. Now that we're no longer dependent on md32_common.h, stop including it. Remove various defines that only existed for md32_common.h usage.