![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / lib / libcrypto / asn1
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.13 / (download) - annotate - [select for diffs], Fri Jul 7 19:37:52 2023 UTC (2 years, 1 month ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_7_7_BASE,
OPENBSD_7_7,
OPENBSD_7_6_BASE,
OPENBSD_7_6,
OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.12: +1 -2 lines
Diff to previous 1.12 (colored)
Unbreak the namespace build after a broken mk.conf and tool misfire had me aliasing symbols not in the headers I was procesing. This unbreaks the namespace build so it will pass again ok tb@
Revision 1.12 / (download) - annotate - [select for diffs], Wed Jul 5 21:23:36 2023 UTC (2 years, 1 month ago) by beck
Branch: MAIN
Changes since 1.11: +2 -1 lines
Diff to previous 1.11 (colored)
Hide symbols in asn1 and bio ok jsing@
Revision 1.11 / (download) - annotate - [select for diffs], Sat Nov 26 16:08:50 2022 UTC (2 years, 9 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)
Make internal header file names consistent Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
Revision 1.10 / (download) - annotate - [select for diffs], Mon Nov 1 20:53:08 2021 UTC (3 years, 9 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.9: +4 -3 lines
Diff to previous 1.9 (colored)
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds. ok jsing
Revision 1.8.16.1 / (download) - annotate - [select for diffs], Fri Aug 20 19:54:59 2021 UTC (4 years ago) by benno
Branch: OPENBSD_6_9
Changes since 1.8: +3 -3 lines
Diff to previous 1.8 (colored) next main 1.9 (colored)
In LibreSSL, printing a certificate can result in a crash in
X509_CERT_AUX_print().
Commit in -current:
CVSROOT: /cvs
Module name: src
Changes by: schwarze@cvs.openbsd.org 2021/07/10 11:45:16
Modified files:
lib/libcrypto/asn1: t_x509a.c
Log message:
Fix a read buffer overrun in X509_CERT_AUX_print(3),
which by implication also affects X509_print(3).
The ASN1_STRING_get0_data(3) manual explitely cautions the reader
that the data is not necessarily NUL-terminated, and the function
X509_alias_set1(3) does not sanitize the data passed into it in
any way either, so we must assume the alias->data field is merely
a byte array and not necessarily a string in the sense of the C
language.
I found this bug while writing manual pages for these functions.
OK tb@
As an aside, note that the function still produces incomplete and
misleading results when the data contains a NUL byte in the middle
and that error handling is consistently absent throughout, even
though the function provides an "int" return value obviously intended
to be 1 for success and 0 for failure, and even though this function
is called by another function that also wants to return 1 for success
and 0 for failure and even does so in many of its code paths, though
not in others. But let's stay focussed. Many things would be nice
to have in the wide wild world, but a buffer overflow must not be
allowed to remain in our backyard.
This is patches/6.9/common/015_x509.patch.sig
Revision 1.8.18.1 / (download) - annotate - [select for diffs], Fri Aug 20 19:54:16 2021 UTC (4 years ago) by benno
Branch: OPENBSD_6_8
Changes since 1.8: +3 -3 lines
Diff to previous 1.8 (colored) next main 1.9 (colored)
In LibreSSL, printing a certificate can result in a crash in
X509_CERT_AUX_print().
Commit in -current:
CVSROOT: /cvs
Module name: src
Changes by: schwarze@cvs.openbsd.org 2021/07/10 11:45:16
Modified files:
lib/libcrypto/asn1: t_x509a.c
Log message:
Fix a read buffer overrun in X509_CERT_AUX_print(3),
which by implication also affects X509_print(3).
The ASN1_STRING_get0_data(3) manual explitely cautions the reader
that the data is not necessarily NUL-terminated, and the function
X509_alias_set1(3) does not sanitize the data passed into it in
any way either, so we must assume the alias->data field is merely
a byte array and not necessarily a string in the sense of the C
language.
I found this bug while writing manual pages for these functions.
OK tb@
As an aside, note that the function still produces incomplete and
misleading results when the data contains a NUL byte in the middle
and that error handling is consistently absent throughout, even
though the function provides an "int" return value obviously intended
to be 1 for success and 0 for failure, and even though this function
is called by another function that also wants to return 1 for success
and 0 for failure and even does so in many of its code paths, though
not in others. But let's stay focussed. Many things would be nice
to have in the wide wild world, but a buffer overflow must not be
allowed to remain in our backyard.
This is patches/6.8/common/029_x509.patch.sig
Revision 1.9 / (download) - annotate - [select for diffs], Sat Jul 10 17:45:16 2021 UTC (4 years, 1 month ago) by schwarze
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.8: +3 -3 lines
Diff to previous 1.8 (colored)
Fix a read buffer overrun in X509_CERT_AUX_print(3), which by implication also affects X509_print(3). The ASN1_STRING_get0_data(3) manual explitely cautions the reader that the data is not necessarily NUL-terminated, and the function X509_alias_set1(3) does not sanitize the data passed into it in any way either, so we must assume the alias->data field is merely a byte array and not necessarily a string in the sense of the C language. I found this bug while writing manual pages for these functions. OK tb@ As an aside, note that the function still produces incomplete and misleading results when the data contains a NUL byte in the middle and that error handling is consistently absent throughout, even though the function provides an "int" return value obviously intended to be 1 for success and 0 for failure, and even though this function is called by another function that also wants to return 1 for success and 0 for failure and even does so in many of its code paths, though not in others. But let's stay focussed. Many things would be nice to have in the wide wild world, but a buffer overflow must not be allowed to remain in our backyard.
Revision 1.8 / (download) - annotate - [select for diffs], Fri Jul 11 08:44:47 2014 UTC (11 years, 1 month ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_8_BASE,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1
Branch point for: OPENBSD_6_9,
OPENBSD_6_8
Changes since 1.7: +3 -3 lines
Diff to previous 1.7 (colored)
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
Revision 1.7 / (download) - annotate - [select for diffs], Thu Jun 12 15:49:27 2014 UTC (11 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.6: +1 -1 lines
Diff to previous 1.6 (colored)
tags as requested by miod and tedu
Revision 1.6 / (download) - annotate - [select for diffs], Fri Apr 18 13:14:31 2014 UTC (11 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.5: +33 -25 lines
Diff to previous 1.5 (colored)
More KNF.
Revision 1.5 / (download) - annotate - [select for diffs], Fri Jan 9 12:15:27 2009 UTC (16 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.4: +1 -1 lines
Diff to previous 1.4 (colored)
resolve conflicts
Revision 1.1.1.3 / (download) - annotate - [select for diffs] (vendor branch), Fri Jan 9 12:13:51 2009 UTC (16 years, 7 months ago) by djm
Changes since 1.1.1.2: +1 -1 lines
Diff to previous 1.1.1.2 (colored)
import openssl-0.9.8j
Revision 1.4 / (download) - annotate - [select for diffs], Mon May 12 02:18:35 2003 UTC (22 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
Revision 1.1.1.2 / (download) - annotate - [select for diffs] (vendor branch), Sun May 11 21:34:36 2003 UTC (22 years, 3 months ago) by markus
Changes since 1.1.1.1: +2 -2 lines
Diff to previous 1.1.1.1 (colored)
import 0.9.7b (without idea and rc5)
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Thu Sep 5 12:49:50 2002 UTC (22 years, 11 months ago) by markus
Changes since 1.1: +9 -1 lines
Diff to previous 1.1 (colored)
import openssl-0.9.7-beta1
Revision 1.3 / (download) - annotate - [select for diffs], Wed May 15 02:29:11 2002 UTC (23 years, 3 months ago) by beck
Branch: MAIN
Changes since 1.2: +1 -1 lines
Diff to previous 1.2 (colored)
OpenSSL 0.9.7 stable 2002 05 08 merge
Revision 1.2 / (download) - annotate - [select for diffs], Fri Dec 15 02:57:13 2000 UTC (24 years, 8 months ago) by beck
Branch: MAIN
Changes since 1.1: +8 -0 lines
Diff to previous 1.1 (colored)
openssl-engine-0.9.6 merge
Revision 1.1 / (download) - annotate - [select for diffs], Sun Mar 19 11:08:50 2000 UTC (25 years, 5 months ago) by beck
Branch: MAIN
OpenSSL 0.9.5 merge *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs