summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Add check for BIO_indent return valueinoguchi2022-01-201-2/+3
| | | | | | CID 24778 ok jsing@ millert@ tb@
* Add check for BIO_indent return valueinoguchi2022-01-201-3/+5
| | | | | | CID 24812 ok jsing@ millert@ tb@
* Add check for EVP_CIPHER_CTX_set_key_length return valueinoguchi2022-01-201-2/+2
| | | | | | It returns 1 on success and 0 for failure, never negative value. ok jsing@ millert@ tb@
* Add and fix check for BN functions return valueinoguchi2022-01-201-4/+5
| | | | ok jsing@ millert@ tb@
* Add check for BN functions return valueinoguchi2022-01-201-3/+5
| | | | | | | CID 21665 24835 comment from jsing@ and tb@ ok jsing@ millert@ tb@
* Add check for BIO_indent return valueinoguchi2022-01-201-2/+3
| | | | | | CID 24869 ok jsing@ millert@ tb@
* Document the bizarre fact that {CMS,PCKS7}_get0_signers() needs sometb2022-01-192-4/+12
| | | | | | | | | | | freeing of what they return despite being get0 functions: the stack of X509s that they return must be freed with sk_X509_free(). The get0 thus probably refers to the individual certs, but not to the stack itself. The libcrypto and libssl APIs never cease to amaze with new traps. ok inoguchi
* Check return value from EVP_CIPHER_CTX_new in cms_pwri.cinoguchi2022-01-191-2/+4
| | | | | | CID 345137 ok jsing@ tb@
* Check function return value in libtlsinoguchi2022-01-191-9/+21
| | | | | | | | | | | | EVP_EncryptInit_ex, EVP_DecryptInit_ex and HMAC_Init_ex are possible to fail and return error. Error from these functions will be fatal for the callback, and I choose to return -1. SSL_CTX_set_tlsext_ticket_key_cb.3 explains the return value of callback. This also could fix Coverity CID 345319. ok jsing@ tb@
* Avoid memory leak in error path with openssl(1) smimeinoguchi2022-01-161-1/+2
| | | | | | CID 345316 ok tb@
* Avoid memory leak in error path with openssl(1) cmsinoguchi2022-01-161-1/+3
| | | | | | CID 345314 345320 ok tb@
* spellingjsg2022-01-1512-39/+39
| | | | ok tb@
* Add back an accidentally dropped .Pptb2022-01-151-1/+2
|
* Update for HMAC_CTX_{init,cleanup} hand HMAC_cleanup removaltb2022-01-151-50/+2
|
* Stop documenting clone digests.tb2022-01-153-47/+7
|
* Minor cleanup and simplification in dsa_pub_encode()tb2022-01-151-15/+8
| | | | | | | | | This function has a weird dance of allocating an ASN1_STRING in an inner scope and assigning it to a void pointer in an outer scope for passing it to X509_PUBKEY_set0_param() and ASN1_STRING_free() on error. This can be simplified and streamlined. ok inoguchi
* Add ct.h and x509_vfy.hinoguchi2022-01-151-1/+3
|
* Avoid buffer overflow in asn1_parse2inoguchi2022-01-141-2/+2
| | | | | | | | | | | | asn1_par.c r1.29 changed to access p[0] directly, and this pointer could be overrun since ASN1_get_object advances pointer to the first content octet. In case invalid ASN1 Boolean data, it has length but no content, I thought this could be happen. Adding check p with tot (diff below) will avoid this failure. Reported by oss-fuzz 43633 and 43648(later) ok tb@
* Enable openssl pkey -{,pub}check and pkeyparam -checktb2022-01-142-6/+2
|
* Undo static linking and other workarounds that are no longer neededtb2022-01-146-19/+15
| | | | after the bump
* Convert wycheproof.go for opaque EVP_AEAD_CTXtb2022-01-141-11/+18
|
* The cttest can link dynamically nowtb2022-01-141-2/+2
|
* Simplify BN_mont test slightly using a new accessor.tb2022-01-141-4/+2
|
* openssl(1) dgst: fix build after clones removaltb2022-01-141-4/+1
| | | | ok inoguchi jsing
* Convert openssl(1) speed for opaque EVP_AEAD_CTXtb2022-01-141-13/+31
| | | | ok inoguchi jsing
* Convert openssl(1) rsa.c for opaque RSAtb2022-01-141-2/+2
| | | | ok inoguchi jsing
* openssl(1) genrsa: simplify access to rsa->etb2022-01-141-5/+3
| | | | ok inoguchi jsing
* Convert openssl(1) gendsa.c to opaque DSAtb2022-01-141-2/+2
| | | | ok inoguchi jsing
* Convert openssl(1) dsaparam to opaque dsatb2022-01-141-11/+13
| | | | ok inoguchi jsing
* Convert openssl(1) dsa.c to opaque DSAtb2022-01-141-2/+2
| | | | ok inoguchi jsing
* Convert openssl(1) dhparam to opaque DHtb2022-01-141-12/+14
| | | | ok inoguchi jsing
* Convert openssl(1) dh.c to opaque DHtb2022-01-141-10/+12
| | | | ok inoguchi jsing
* bump libcrypto, libssl, libtls majors after struct visibility changestb2022-01-143-3/+3
| | | | and Symbol addition and removal in libcrypto.
* Use the correct type for ssl_callback_ctrl()tb2022-01-141-3/+3
|
* Convert the new record layers to opaque EVP_AEAD_CTXtb2022-01-142-12/+6
| | | | ok jsing
* Convert ssl_kex.c to opaque DHtb2022-01-141-11/+11
| | | | | | Stop reaching into DH internals and use the new API functions instead. ok inoguchi jsing
* Use BIO_next/BIO_set_next in ssl_lib.ctb2022-01-141-3/+3
| | | | Trivial conversion to cope with opaque BIO.
* bio_ssl.c needs to peek into bio_local.htb2022-01-142-2/+4
|
* Update Symbols.listtb2022-01-141-49/+190
| | | | ok inoguchi
* Unconditionally comment out OPENSSL_NO_RFC3779tb2022-01-141-3/+1
| | | | ok inoguchi jsing
* Remove header guard around RFC 3779 declarationstb2022-01-141-3/+1
| | | | ok inoguchi jsing
* Expose Certificate Transparency symbols in headerstb2022-01-143-11/+3
| | | | ok inoguchi jsing
* Hide OBJ_bsearch_ from public visibility,tb2022-01-141-84/+4
| | | | | | | | | This removes OBJ_bsearch_ex_() from the exported symbols and makes OBJ_bsearch_() semi-private. It is still used in libssl. While here, remove some hideous unused macros ok inoguchi jsing
* Move ASN1_BOOLEAN to internal only.tb2022-01-142-5/+5
| | | | | | | This moves {d2i,i2d}_ASN1_BOOLEAN() to internal only. They are unused, but help us testing the encoding. ok jsing
* Remove check_defer and obj_cleanup_defer from public visibilitytb2022-01-141-1/+3
| | | | ok inoguchi jsing
* Remove name_cmp from public visibilitytb2022-01-142-2/+3
| | | | ok inoguchi jsing
* Remove all asn1_* symbols from public visibilitytb2022-01-142-18/+18
| | | | ok inoguchi jsing
* Implement new-style OpenSSL BIO callbackstb2022-01-1415-145/+266
| | | | | | | | | | This provides support for new-style BIO callbacks in BIO_{read,write,gets,puts}() and a helper function to work out whether it should call the new or the old style callback. It also adds a few typedefs and minor code cleanup as well as the BIO_{get,set}_callback_ex() from jsing, ok tb
* Garbage collect last use of EVP_ecdsa()tb2022-01-141-2/+1
| | | | ok inoguchi jsing
* Remove legacy sign/verify from EVP_MD.tb2022-01-1420-657/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This removes m_dss.c, m_dss1.c, and m_ecdsa.c and the corresponding public API EVP_{dss,dss1,ecdsa}(). This is basically the following OpenSSL commit. The mentioned change in RSA is already present in rsa/rsa_pmeth.c. ok inoguchi jsing commit 7f572e958b13041056f377a62d3219633cfb1e8a Author: Dr. Stephen Henson <steve@openssl.org> Date: Wed Dec 2 13:57:04 2015 +0000 Remove legacy sign/verify from EVP_MD. Remove sign/verify and required_pkey_type fields of EVP_MD: these are a legacy from when digests were linked to public key types. All signing is now handled by the corresponding EVP_PKEY_METHOD. Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms already block unsupported types. Remove now obsolete EVP_dss1() and EVP_ecdsa(). Reviewed-by: Richard Levitte <levitte@openssl.org> Plus OpenSSL commit 625a9baf11c1dd94f17e5876b6ee8d6271b3921d for m_dss.c
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 12:17:04 +0000