| Commit message (Collapse) | Author | Files | Lines |
|---|
|
ok bcook@ jsing@
|
|
Move the documentation for tls_error() down so that both the special return
values for tls_{handshake,read,write,close}() directly follow the standard
return values for the same functions.
Prompted by deraadt@.
ok deraadt@ schwarze@
|
|
Add missing -camellia*/-idea description to genrsa section.
ok jmc@
|
|
ok tb@ jsing@
|
|
- dsa : add missing -pvk-none, -pvk-strong and -pvk-weak
add pvk format to -inform and -outform
- ocsp : add missing -header, -ignore_err, -no_explicit and -timeout
- rsa : add missing -pvk-none, -pvk-strong and -pvk-weak
add missing -RSAPublicKey_in and -RSAPublicKey_out
add pvk format to -inform and -outform
- smime : add missing -nosmimecap
- add pvk description at common format part
ok jmc@
|
|
- Replace EVP_CIPHER_CTX_init with EVP_CIPHER_CTX_new and handle return value
- Replace EVP_CIPHER_CTX_cleanup with EVP_CIPHER_CTX_free
- Change two 'return -1;' to 'goto err;' for avoiding leak
- Remove the case if enclevel == 0
- Change enclevel checking to make more consistent
- Change all goto label to 'err' and insert space before goto label
ok and advise from tb@
|
|
- Return the valid pointer in i2b_PVK()
- Use EVP_Decrypt* instead of EVP_Encrypt*
- Fix error handling after BIO_write() in i2b_PVK_bio()
ok tb@
|
|
- For pkcs12, add -camellia*/-idea, -LMK and -password
- For req, add -multivalue-rdn, -pkeyopt and -sigopt
- For verify, add -CRLfile and -trusted, and down -check_ss_sig description
- For x509, add -next_serial and -sigopt
- Remove the escape in -multivalue-rdn from ca section
ok jmc@
|
|
- For ec, add -param_out description
- For enc, add -v usage and description
- For pkcs7, add -print usage and description
ok jmc@
|
|
ok guenther jmc
|
|
- Add undocumented option -r
ok jmc@
|
|
requiring it (sftp-server).
Remove the /exists///// behaviour from here. The /nonexistant
behaviour remains in the kernel and needs to be shot next.
There may be ports fallout, but we doubt it.
ok beck djm
|
|
- Add undocumented options -crlnumber, -hash_old, -nameopt and -verify
ok jmc@
|
|
- Add undocumented options -crlsec and -sigopt
- Sync argument name between usage and options description
ok jmc@
|
|
|
|
hardware crypto features are available.
"no objections" kettenis@
|
|
|
|
have a different calling convention than the standard function...as seen
in kdump output.
ok deraadt@ schwarze@
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
code was inspecting the pointer (which is, sadly, undefined on error, because
the current specification of asprintf is crazy sloppy)
|
|
ok millert nicm tb, etc
|
|
on error, so checking for -1 only is potentially non-portable.
Also mention that the C89 standard does not require errno to be set.
OK deraadt@ millert@
|
|
|
|
|
|
|
|
|
|
|
|
TLS_WANT_POLLIN, -1, or 0. After handling the first two, check for -1
rather than vaguely "< 0".
ok jsing
|
|
-1 to mark failure, not arbitrary values < 0. I believe manual pages
should follow the described contract precisely and accurately.
|
|
- Move local variables in genrsa_main() to struct genrsa_config
- Leave long lines more than 80, still
ok bcook@
|
|
Previously, this function would leak the most significant word of its
argument due to branching and memory access pattern. This patch is
enough to fix the use of BN_num_bits() on RSA prime factors in the
library.
The diff is a simplified and more readable (but perhaps less efficient)
version of https://github.com/openssl/openssl/commit/972c87df
by Andy Polyakov and David Benjamin (pre license change). Consult that
commit message for details. Subsequent fixes to follow in the near future.
Issue pointed out by David Schrammel and Samuel Weiser as part of
a larger report.
tests & ok inoguchi, ok jsing
|
|
code. We now user the simple userland wrapper on top of __realpath(2).
The non-POSIX behaviour still remains, that is the next component to fix.
From a diff by beck, but I managed to chainsaw it a bit further. Tested
in snaps for a couple of days.
ok beck
|
|
|
|
it is a thin wrapper over the syscall __readlink(2). Improve the list
of possible errors.
ok millert beck jmc
|
|
but failed to provide any real information.
OK tb@ jmc@
|
|
Among other improvements:
* Use a uniform wording at the top of the DECSRIPTION for obsolete pages.
* Better explain how to use a non-standard configuration file.
* Remove obsolete functions from SEE ALSO.
Triggered by some suggestions from tb@.
Tweaks and OK tb@.
|
|
|
|
recommended by otto@
|
|
|
|
Split some excessively long lists into useful sub-categories.
Add a new, very short subsection "Obsolete functions" at the end.
OK tb@ jmc@
|
|
memory arm64 machines.
found by patrick@; OK otto@
|
|
references were already given below RETURN VALUES right above
|
|
- Add some options to pkcs12 test.
- Add smime tests for encrypt, decrypt and pk7out.
|
|
and to isolated obsolete pages;
OK bcook@ jmc@
|
|
|
|
which is now supposed to be opaque.
OK tb@
I checked that all the information contained in comments in the
display is available from the appropriate places in RSA_meth_new(3)
and RSA_set_flags(3). Note that the comments regarding "mod_exp",
"init", and "finish" were half-misleading simplifications, anyway.
|
|
Update the documentation.
OK tb@ jmc@
|
|
OK tb@ jmc@
|
|
These references were misleading because these functions are no
longer used internally and applications should not call them either.
Issue brought up by tb@.
|
|
|
