openbsd/src/lib/libcrypto/pem, branch libressl-v2.1.2A mirror of https://github.com/libressl/openbsd.git
https://git.lua4.win/openbsd/atom?h=libressl-v2.1.22014-10-22T13:02:04+00:00Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().2014-10-22T13:02:04+00:00jsing2014-10-22T13:02:04+00:00urn:sha1:fa457604779ff38b511fdfdae3c6a78664281c22
arc4random_buf() is guaranteed to always succeed - it is worth noting
that a number of the replaced function calls were already missing return
value checks.
ok deraadt@
None of these need to include <openssl/rand.h>2014-10-18T17:20:40+00:00jsing2014-10-18T17:20:40+00:00urn:sha1:0bad55f54f7132a386746f23ba4f2d106d115563Make sure PEM_def_callback() correctly handles negative buffer sizes; all uses2014-07-23T20:43:56+00:00miod2014-07-23T20:43:56+00:00urn:sha1:84c446e5e0e079bc7255416b7793d2433fd6a6e7
within libcrypto are safe, but until we can change this function prototype to
use size_t instead of int, better be safe than sorry.
tweaks and ok guenther@
if (x) FOO_free(x) -> FOO_free(x).2014-07-12T16:03:37+00:00miod2014-07-12T16:03:37+00:00urn:sha1:068bf464df6ef084067943863d776f59762bfaf0
Improves readability, keeps the code smaller so that it is warmer in your
cache.
review & ok deraadt@
Missing bounds check in do_PVK_body(); OpenSSL RT #2277, from OpenSSL trunk,2014-07-11T15:35:53+00:00miod2014-07-11T15:35:53+00:00urn:sha1:8c090a5fea97972d423ae8567b3355c106f1c3fc
but without a memory leak.
Only import cryptlib.h in the four source files that actually need it.2014-07-11T08:44:49+00:00jsing2014-07-11T08:44:49+00:00urn:sha1:74e2c009c83ad374bd6acdcfc376a384e25ab007
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@
Explicitly include <openssl/opensslconf.h> in every file that references2014-07-10T22:45:58+00:00jsing2014-07-10T22:45:58+00:00urn:sha1:62348213609ef233110561d1a6ed67ad66df1c7e
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
Stop including standard headers via cryptlib.h - pull in the headers that2014-07-10T13:58:23+00:00jsing2014-07-10T13:58:23+00:00urn:sha1:c917c683bc93c68fbf4310ac181f7906e76b3c94
are needed in the source files that actually require them.
ok beck@ miod@
delete some casts. ok miod2014-07-10T11:25:13+00:00tedu2014-07-10T11:25:13+00:00urn:sha1:9421b506453fdfe6759d65eb72db5aba17690e4fMissing allocation checks and potential NULL pointer dereference in the2014-07-10T11:20:49+00:00miod2014-07-10T11:20:49+00:00urn:sha1:aa22740588e4aeab3c1a484a1a1ca986a4545a95
error path in PEM_X509_INFO_read_bio(); ok guenther@ jsing@