| Commit message (Collapse) | Author | Files | Lines |
|---|
|
ok jsing@ millert@ tb@
|
|
CID 21665 24835
comment from jsing@ and tb@
ok jsing@ millert@ tb@
|
|
CID 24869
ok jsing@ millert@ tb@
|
|
freeing of what they return despite being get0 functions: the stack
of X509s that they return must be freed with sk_X509_free(). The get0
thus probably refers to the individual certs, but not to the stack
itself.
The libcrypto and libssl APIs never cease to amaze with new traps.
ok inoguchi
|
|
CID 345137
ok jsing@ tb@
|
|
EVP_EncryptInit_ex, EVP_DecryptInit_ex and HMAC_Init_ex are possible to
fail and return error.
Error from these functions will be fatal for the callback, and I choose to
return -1.
SSL_CTX_set_tlsext_ticket_key_cb.3 explains the return value of callback.
This also could fix Coverity CID 345319.
ok jsing@ tb@
|
|
CID 345316
ok tb@
|
|
CID 345314 345320
ok tb@
|
|
ok tb@
|
|
|
|
|
|
|
|
This function has a weird dance of allocating an ASN1_STRING in an
inner scope and assigning it to a void pointer in an outer scope for
passing it to X509_PUBKEY_set0_param() and ASN1_STRING_free() on error.
This can be simplified and streamlined.
ok inoguchi
|
|
|
|
asn1_par.c r1.29 changed to access p[0] directly, and this pointer could be
overrun since ASN1_get_object advances pointer to the first content octet.
In case invalid ASN1 Boolean data, it has length but no content, I thought
this could be happen.
Adding check p with tot (diff below) will avoid this failure.
Reported by oss-fuzz 43633 and 43648(later)
ok tb@
|
|
|
|
after the bump
|
|
|
|
|
|
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
and Symbol addition and removal in libcrypto.
|
|
|
|
ok jsing
|
|
Stop reaching into DH internals and use the new API functions instead.
ok inoguchi jsing
|
|
Trivial conversion to cope with opaque BIO.
|
|
|
|
ok inoguchi
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
This removes OBJ_bsearch_ex_() from the exported symbols and makes
OBJ_bsearch_() semi-private. It is still used in libssl.
While here, remove some hideous unused macros
ok inoguchi jsing
|
|
This moves {d2i,i2d}_ASN1_BOOLEAN() to internal only. They are unused,
but help us testing the encoding.
ok jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
ok inoguchi jsing
|
|
This provides support for new-style BIO callbacks in
BIO_{read,write,gets,puts}() and a helper function to
work out whether it should call the new or the old
style callback. It also adds a few typedefs and minor
code cleanup as well as the BIO_{get,set}_callback_ex()
from jsing, ok tb
|
|
ok inoguchi jsing
|
|
This removes m_dss.c, m_dss1.c, and m_ecdsa.c and the corresponding
public API EVP_{dss,dss1,ecdsa}().
This is basically the following OpenSSL commit. The mentioned change in
RSA is already present in rsa/rsa_pmeth.c.
ok inoguchi jsing
commit 7f572e958b13041056f377a62d3219633cfb1e8a
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Wed Dec 2 13:57:04 2015 +0000
Remove legacy sign/verify from EVP_MD.
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a
legacy from when digests were linked to public key types. All signing is
now handled by the corresponding EVP_PKEY_METHOD.
Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms
already block unsupported types.
Remove now obsolete EVP_dss1() and EVP_ecdsa().
Reviewed-by: Richard Levitte <levitte@openssl.org>
Plus OpenSSL commit 625a9baf11c1dd94f17e5876b6ee8d6271b3921d for m_dss.c
|
|
Move the struct internals to rsa_locl.h and provide a missing
typedef in ossl_typ.h.
ok inoguchi jsing
|
|
This adds a little order to this pig sty.
ok inoguchi jsing
|
|
We can't make ECDSA_METHOD opaque since it is still used in smtpd(8)
ok inoguchi jsing
|
