| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Use pkey instead of x, remove the pointless variable i, no need to check
for NULL before sk_X509_ATTRIBUTE_pop_free(), switch to freezero() to
leave fewer invalid pointers around.
ok jsing
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
|
|
| |
Rename the variable from x into pkey, make it NULL safe and unindent.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
There is no need for a local variable and a ternary operator here.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
| |
While here, also switch the argument placeholder from *impl to *engine
as suggested by tb@.
|
| |
|
|
|
|
| |
It really makes no sense to have the mess that is EVP_MD_CTX_copy{,_ex}()
live between EVP_Digest{Init{,_ex},Update,Final{,_ex}}() and EVP_Digest(),
the latter being a relatively simple wrapper of Init_ex/Update/Final_ex.
|
| |
|
|
|
|
|
| |
Consistently implement the _ex() version after the non-extended versions,
First Cipher Init/Update/Final, then Encrypt, then Decrypt. This only
switches the order of CipherFinal{,_ex} and move the DecryptInit* down,
so they are no longer somewhere in the middle of the Encrypt* functions.
|
| | |
|
| |
|
|
|
| |
I guess I'm getting old. Next time I'll have to add a reminder not to
forget to remove the reminder.
|
| | |
|
| |
|
|
|
|
|
| |
These remove a few more potential out-of-bounds accesses and ensure in
particular that the padding is between 1 and block_size (inclusive).
ok joshua jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
These are only ever set to one particular function which is either local
to this file or part of the public API and we never added the public API
to set them to something else. Prefix the local functions touched in this
commit with x509_vfy_. More cleanup to follow.
ok joshua jsing
|
| |
|
|
|
|
|
|
|
|
| |
Pull up the EVP_R_NO_CIPHER_SET check that was hidden somewhere down in the
middle of the function. Handle the reuse case outside of the big non-NULL
cipher case for now. This looks a bit odd but relies on the invariant that
cipher_data is only set if the cipher is set. It will be reworked in a
subsequent commit.
ok jsing
|
| | |
|
| |
|
|
| |
ok joshua jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
| |
The struct underlying the X509_STORE type is opaque ars and nothing uses
the accessors that OpenSSL added blindly for these. Therefore we didn't
add them in the first place. So this rips out several dozens of lines of
dead code.
ok beck joshua jsing
|
| |
|
|
|
|
| |
This API was recently neutered and will be removed in the next major bump.
Mark it as intentionally undocumented in EVP_PKEY_asn1_new.3 and remove it
from all other manuals.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using a loop to print pieces of a static buffer containing 20 spaces to
indent things is just silly. Even sillier is making this buffer const
without looking what it's actually used for... There is BIO_indent() or
BIO_printf() that can handle "%*s".
Add a length check to preserve behavior since BIO_indent() succeeds for
negattive indent.
However, peak silliness must be how BIO_dump_indent_cb() indents things.
That's for another day.
ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The block mask is only used in EVP_{De,En}cryptUpdate(). There's no need to
hang it off the EVP_CIPHER_CTX since it is easy to compute and validate.
ok joshua jsing
|
| |
|
|
|
|
|
| |
Ensure that the nid and key length are non-negative and that the block
size is one of the three sizes 1, 8, or 16 supported by the EVP subsystem.
ok joshua jsing
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
Rename the slightly awkward buf_offset into partial_len and rename
buf_avail into partial_needed to match.
suggested by jsing
|
| |
|
|
| |
suggested by jsing
|
| |
|
|
|
|
|
|
|
|
| |
Rework the code to use the usual variable names, return early if we
have block size 1 and unindent the remainder of the code for block
sizes 8 and 16. Rework the padding check to be less acrobatic and
copy the remainder of the plain text into out using memcpy() rather
than a for loop.
input/ok jsing
|
| |
|
|
|
|
|
| |
This switches to the variable names used in other functions, adds a
reminder to add a missing length check and uses memset for the padding.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This time the block size is called b and there's some awful length
fiddling with fix_len, which until recently also served as store
for the return value for do_cipher()...
If we land on a block boundary, we keep the last block decrypted and
don't count it as part of the output. So in the next call we need to
feed it back in. Feeding it back in counts as output written this time
around, so instead of remembering that we need to adjust outl, keep a
tally of the bytes written. This way we can also do some overflow and
underflow checking.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
This was done the worst possible way. It would be much simpler to invert
the logic and use a single #ifdef. jsing prefers keeping the current
logic and suggested we ditch the preprocessor mess altogether.
ok jsing, claudio agreed with the initial diff
|
| | |
|
| |
|
|
|
| |
There's no need to have 60 lines of license for 4 lines of actual code.
Move DES_random_key() to set_key.c.
|
| | |
|
| |
|
|
| |
bit of optimization; ok tb@ asou@
|
