openbsd/src/lib/libcrypto/pem, branch OPENBSD_5_7

openbsd/src/lib/libcrypto/pem, branch OPENBSD_5_7_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_5_7_BASE 2015-03-08T16:48:48+00:00 This commit was manufactured by cvs2git to create tag 'OPENBSD_5_7_BASE'. 2015-03-08T16:48:48+00:00 cvs2svn admin@example.com 2015-03-08T16:48:48+00:00 urn:sha1:da1a9ad3a4a867ba6569c05e6fca66d7f296c553 Guenther has plans for OPENSSL_NO_CMS, so revert this for the moment. 2015-02-11T04:05:14+00:00 beck 2015-02-11T04:05:14+00:00 urn:sha1:3fb89787679dd239a55ca0a4e366ad4e2051fe84 get rid of OPENSSL_NO_CMS code we do not use. 2015-02-11T03:55:42+00:00 beck 2015-02-11T03:55:42+00:00 urn:sha1:1d3b395bb02124e944ce4abc2f2eab59e2cde925 ok miod@ Enable building with -DOPENSSL_NO_DEPRECATED. 2015-02-11T03:19:37+00:00 doug 2015-02-11T03:19:37+00:00 urn:sha1:e816a1ec1d4411707051912b945e8eab7a5a94e8 If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@ Replace assert() and OPENSSL_assert() calls with proper error return paths. 2015-02-10T09:52:35+00:00 miod 2015-02-10T09:52:35+00:00 urn:sha1:edf340ccfb8b64c1c344e29963a2093fe1298a86 Careful review, feedback & ok doug@ jsing@ Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes(). 2014-10-22T13:02:04+00:00 jsing 2014-10-22T13:02:04+00:00 urn:sha1:fa457604779ff38b511fdfdae3c6a78664281c22 arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@ None of these need to include <openssl/rand.h> 2014-10-18T17:20:40+00:00 jsing 2014-10-18T17:20:40+00:00 urn:sha1:0bad55f54f7132a386746f23ba4f2d106d115563 Make sure PEM_def_callback() correctly handles negative buffer sizes; all uses 2014-07-23T20:43:56+00:00 miod 2014-07-23T20:43:56+00:00 urn:sha1:84c446e5e0e079bc7255416b7793d2433fd6a6e7 within libcrypto are safe, but until we can change this function prototype to use size_t instead of int, better be safe than sorry. tweaks and ok guenther@ if (x) FOO_free(x) -> FOO_free(x). 2014-07-12T16:03:37+00:00 miod 2014-07-12T16:03:37+00:00 urn:sha1:068bf464df6ef084067943863d776f59762bfaf0 Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@ Missing bounds check in do_PVK_body(); OpenSSL RT #2277, from OpenSSL trunk, 2014-07-11T15:35:53+00:00 miod 2014-07-11T15:35:53+00:00 urn:sha1:8c090a5fea97972d423ae8567b3355c106f1c3fc but without a memory leak.