src - OpenBSD base system

Age	Commit message (Collapse)	Author
2022-09-04	Remove dead code.	Joel Sing
	No change in generated assembly.
2022-09-04	Remove dead code.	Joel Sing
	No change in generated assembly.
2022-09-04	Add bounds checks for various EVP cipher implementations.	Joel Sing
	The EVP cipher API uses size_t, however a number of the underlying implementations use long in their API. This means that an input with size > LONG_MAX will go negative. Found by Coverity, hiding under a large pile of macros. ok tb@
2022-09-04	Remove dead code.	Joel Sing
	Only change to generated assembly is due to line numbers.
2022-09-04	Expand the looney M_do_cipher macro.	Joel Sing
	Only change in generated assembly is due to line numbers.
2022-09-04	Rearrange some functions.	Joel Sing
	Pull the init_key and ctrl (if present) functions up to the top. This improves readability and allows for the removal of function prototypes. No functional change.
2022-09-04	Remove now unused EVP_C_DATA macro.	Joel Sing

2022-09-04	Remove now unused BLOCK_CIPHER_* macros.	Joel Sing

2022-09-04	Expand BLOCK_CIPHER_* macros.	Joel Sing
	No change in generated assembly.
2022-09-04	Mechanically expand BLOCK_CIPHER_* macros.	Joel Sing
	No change in generated assembly.
2022-09-04	Mechanically expand BLOCK_CIPHER_* macros.	Joel Sing
	No change in generated assembly.
2022-09-04	Mechanically expand BLOCK_CIPHER_* ciphers.	Joel Sing
	This includes the wonderful BLOCK_CIPHER_ecb_loop - a for loop in a macro. No change in generated assembly.
2022-09-04	Remove now unused IMPLEMENT_CFBR macro.	Joel Sing

2022-09-04	Make ssl_create_cipher_list() have a single exit	Theo Buehler
	This simplifies memory management and makes it easier to see the leak that were introduced in the previous commit. Sprinkle a few malloc errors for consistency. CID 278396 with/ok jsing
2022-09-04	Mechanically expand IMPLEMENT_CFBR macros.	Joel Sing
	Only change to generated assembly is due to the use of EVPerror().
2022-09-03	Remove now unused IMPLEMENT_BLOCK_CIPHER macro.	Joel Sing
	Also remove various comments noting that it cannot be used for certain block ciphers (which kinda defeats the purpose of having a generic implementation in the first place).
2022-09-03	Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.	Joel Sing
	Only change to generated assembly is due to EVPerror()'s use of line numbers.
2022-09-03	Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.	Joel Sing
	No change in generated assembly.
2022-09-03	Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.	Joel Sing
	Only change to generated assembly is due to EVPerror()'s use of line numbers. CVS ----------------------------------------------------------------------
2022-09-03	Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.	Joel Sing
	No change to generated assembly.
2022-09-03	Mechanically expand IMPLEMENT_BLOCK_CIPHER macro.	Joel Sing
	These macros make the ASN.1 macros seem sane - there are layers and layers and layers here, which are hiding bugs. No change to generated assembly. Discussed with tb@
2022-09-03	Rewrap some lines, no functional change.	Joel Sing

2022-09-03	Tidy up asn1_c2i_primitive() slightly.	Joel Sing
	Rename some variables and consistently goto error. ok tb@
2022-09-03	Avoid recycling ASN1_STRINGs when decoding ASN.1.	Joel Sing
	Rather than recycling an existing ASN1_STRING and changing its type, free it and allocate a replacement. This simplifies the code and potentially avoids bugs resulting from reuse. ok tb@
2022-09-03	Remove duplicate prototype that just snuck in.	Joel Sing

2022-09-03	Ensure ASN.1 types are appropriately encoded.	Joel Sing
	Per X.690, some ASN.1 types must be primitive encoded, some must be constructed and some may be either. Add this data to our types table and check the encoding against this information when decoding. ok tb@
2022-09-03	Provide c2i_ASN1_ENUMERATED_cbs() and call it from asn1_c2i_primitive().	Joel Sing
	This avoids asn1_c2i_primitive() from needing knowledge about the internals of ASN1_INTEGER and ASN1_ENUMERATED. ok tb@
2022-09-03	Prepare to provide OPENSSL_cleanup.	Joel Sing
	OPENSSL_cleanup() cleans up and deallocates memory in use by the library. There are a couple of use cases for this, primarily related to memory leak testing. This will not be called automatically in LibreSSL, which means that OpenSSL's OPENSSL_NO_INIT_ATEXIT is implied. If code wants to clean up then they need to explicitly call this themselves. ok tb@
2022-09-03	Stop using CBIGNUM_it internal to libcrypto.	Joel Sing
	CBIGNUM_it is supposed to be the "clear bignum" or "secure" bignum - that is one which zeros its memory after use and ensures that the constant time flags are set... in LibreSSL we always do both of these things for BIGNUMs, so just use BIGNUM_it instead. ok tb@
2022-09-03	Fix the failing libm/rint regress test by adding ieee754 implementations	Moritz Buhl
	for the rounding functions. Input from kettenis@, OK miod@
2022-09-02	Use a shorter system call invocation template for system calls in the range	Miod Vallat
	0-127, where immediate addressing can be used to load the system call number in r0, rather than performing a memory load using pc-relative addressing. No functional change, but rm(1) runs a couple cycles faster per file now.
2022-09-01	Check sk_SSL_CIPHER_push() return value	Theo Buehler
	CID 24797 ok jsing
2022-09-01	Drop support for unused attributes 'bs' (d_bbsize) and 'sb'	Kenneth R Westerback
	(d_sbsize). ok otto@ as part of larger diff
2022-09-01	Do not embed ident(1) strings in object code.	Miod Vallat
	ok daniel@ deraadt@ jca@
2022-08-31	Add an empty line for consistency.	Theo Buehler

2022-08-31	Recommit -r1.45 but without error checking EVP_PKEY_copy_parameters()	Theo Buehler
	EVP_PKEY_copy_parameters() will unconditionally fail if the pkey's ameth has no copy_params(). Obviously this is indistinguishable from actual failure... ok jsing
2022-08-31	Revert r1.46. Causes fireworks in regress.	Theo Buehler

2022-08-31	Remove most mentions of contexts on the stack.	Theo Buehler

2022-08-31	nasty whitespace	Theo Buehler

2022-08-31	Rework DSA_size() and ECDSA_size()	Theo Buehler
	DSA_size() and ECDSA_size() have a very special hack. They fudge up an ASN1_INTEGER with a size which is typically > 100 bytes, backed by a buffer of size 4. This was "fine", however, since they set buf[0] = 0xff, where the craziness that was i2c_ASN1_INTEGER() only looks at the first octet (one may then ask why a buffer of size 4 was necessary...). This changed with the rewrite of i2c_ASN1_INTEGER(), which doesn't respect this particular hack and rightly assumes that it is fed an actual ASN1_INTEGER... Instead, create an appropriate signature and use i2d to determine its size. Fixes an out-of-bounds read flagged by ASAN and oss-fuzz. ok jsing
2022-08-31	Switch loop bounds from size_t to int in check_hosts()	Theo Buehler
	sk_num() can return a negative value, in which case the upper bound is SIZE_MAX, which results in a very long for loop. CID 153997 ok jsing
2022-08-31	Avoid potential NULL dereference in ssl_set_pkey()	Theo Buehler
	Switch from X509_get_pubkey() to X509_get0_pubkey() to avoid an unnecessary EVP_PKEY_free(). Check the return values of X509_get0_pubkey() and EVP_PKEY_copy_parameters(). If the former returns NULL, the latter will dereference NULL. CID 25020 ok jsing
2022-08-31	backport Xr fix	Jonathan Gray
	ok djm@
2022-08-30	Remove a commented-out sk_push that has been hanging around for > 20 years	Theo Buehler

2022-08-30	chacha20_poly1305_cleanup() should return 1	Theo Buehler
	Otherwise EVP_CIPHER_CTX_cleanup() leaks, as spotted by the ASAN CI. ok jsing
2022-08-30	Plug leak of BIO in tls13_quic_init()	Theo Buehler
	If rbio and wbio are the same, SSL_free() only frees one BIO, so the BIO_up_ref() before SSL_set_bio() leads to a leak. ok jsing
2022-08-30	Plug memory leak in X509_REQ_print_ex()	Theo Buehler
	CID 356353 ok jsing
2022-08-29	missing period	Theo Buehler

2022-08-29	Fix a case where EndOfMibView wasn't honoured.	Martijn van Duren
	OK tb@
2022-08-29	Provide ERR_R_INIT_FAIL.	Joel Sing
	Needed for an upcoming change. ok tb@