| Commit message (Collapse) | Author | Files | Lines |
|---|
|
This no longer does anything on this architecture.
ok bcook@ beck@
|
|
because these functions no longer exist.
OK tb@
|
|
OK tb@
|
|
is no longer public. Even though ASN1_add_oid_module() still exists
as an internal function, this file contains more misleading (DSO,
OPENSSL_load_builtin_modules) than useful information, so delete it.
OK tb@
|
|
reported by smatch via jsg
ok beck
|
|
"sounds good" tb@
|
|
|
|
that no longer exists, and add .Lb libssl libcrypto;
OK tb@
|
|
|
|
|
|
that no longer exists, and add .Lb;
OK tb@
|
|
|
|
|
|
|
|
These are unused internally and very few things look at them, none of
which should really matter to us, except possibly free pascal on Windows.
sizeof has been available since forever...
ok jsing
|
|
has been read or that has not.
|
|
Fix some things that got missed in the last pass - the majority is use of
post-increment rather than unnecessary pre-increment.
|
|
|
|
pointed out by/ok jsing
|
|
codesearch.debian.net only shows some legacy openssl patches plus binkd
(a FidoNet mailer) as sole potential user. net-snmp and a strongswan DES
plugin bundle some opt-in libdes/openssl legacy things. If this should
break any of this, I don't think we need to care. If you're really going
to use DES you can also use non bleeding edge libressl.
We can remove the big 'default values' block because one of
DES_RISC1, DES_RISC2, DES_UNROLL is always defined (you can ignore
DES_PTR for this), so this is dead support code for mostly dead
platforms.
ok kenjiro
|
|
|
|
|
|
Switch argument order and use sizeof(*ctx) rather than sizeof(struct ...).
ok jsg
|
|
ok jsg
|
|
enctmp is only allocated if saltlen > 0, so there is no harm in checking
for that, but it's also pointless. Unconfuses smatch who thinks there
might be a memory leak:
pem/pvkfmt.c:808 do_PVK_body() warn: possible memory leak of 'enctmp'
found by jsg
|
|
Remove unnecessary and inconsistent NULL check for 'it', which the only
caller, asn1_item_print_ctx(), already dereferenced.
found by jsg
ok kenjiro
|
|
|
|
|
|
The old default is still available with rc2-40.
https://github.com/pyca/cryptography/issues/12949
https://github.com/libressl/portable/issues/1168
ok kenjiro
|
|
The old default is still available with "des3"
https://github.com/pyca/cryptography/issues/12949
https://github.com/libressl/portable/issues/1168
ok kenjiro
|
|
classes_new is an array of pointers to struct crypto_ex_data, not
an array of struct crypto_ex_data_index, so this overallocated by
240 or 480 bytes on ILP32 or LP64, respectively.
found by jsg using smatch
ok jsing
|
|
There is an old trap that you must not call EVP_*Final() when
using AES-CCM. While encrypting this happens to be a noop and
succeeds, but when decrypting, the call fails. This behavior
changed in OpenSSL and BoringSSL, making the trap even worse
since we now fail when the others succeed.
This is an adaptation of OpenSSL commit 197421b1 to fix this.
See also https://github.com/sfackler/rust-openssl/pull/1805#issuecomment-2734788336
ok beck kenjiro
|
|
|
|
libdes is dead, Jim. Only its successors continue to haunt us.
discussed with jsing
|
|
This was the header guard for des_old.h introduced in 2002 and removed
in 2014. The header guard for des.h is HEADER_NEW_DES_H for the sake of
inconsistency (ostensibly due to backward compat concerns with libdes).
ok jsing
|
|
md2.h left on Apr 15, 2014, along with jpake and seed. In particular,
HEADER_MD2_H is never defined. These bits have been dead ever since.
ok jsing
|
|
This currently only tests the behavior for successful protocol negotiations
since the test expects all handshakes to complete.
|
|
RFC 7301, section 3.2: In the event that the server supports no
protocols that the client advertises, then the server SHALL respond
with a fatal "no_application_protocol" alert.
This change makes tlsext_alpn_server_process() send the alert
rather than pretending no callback was present.
ok jsing
|
|
by my previous commit.
|
|
And switch test___freadahead to use another version that uses fflush().
|
|
POSIX-2008 requirements for setting the underlying file position when
flushing read-mode streams, and make an fseek()-after-fflush() not
change the underlying file position. This commit fixes some minor
problems of the previous.
previous diff from guenther
Much testing, review, assistence form tb@
ok tb@ millert@ for the previous
ok asou
|
|
|
|
|
|
Replace memcmp() with timingsafe_memcmp() for authentication tag
comparison in AES-CCM, GCM, PKCS12 and AES key unwrap code paths
to ensure constant-time behavior and avoid potential timing side
channels.
This aligns with OpenSSL 1e4a355.
ok tb@
|
|
Extend aes_test.c to include non-EVP tests for AES CFB128 and OFB128 modes
using AES_cfb128_encrypt() and AES_ofb128_encrypt(). These additions improve
test coverage by exercising the low-level interfaces with the same vectors
used in the EVP-based tests.
ok tb@
|
|
via/ok jsg
|
|
found with smatch, ok tb@
|
|
ok kenjiro
|
|
Add missing BN_CTX_end() and free prod_Z.
CID 552848 (for prod_Z)
|
|
|
