| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2022-01-22 | Use memmove instead of memcpy for overlapping memory | inoguchi | 1 | -5/+5 | |
| CID 250936 251103 OK beck@ jsing@ millert@ tb@ | |||||
| 2022-01-22 | X509_GET_PUBKEY(3) return value check in libcrypto | inoguchi | 1 | -2/+3 | |
| CID 345116 ok beck@ tb@ | |||||
| 2022-01-22 | X509_GET_PUBKEY(3) return value check in libcrypto | inoguchi | 1 | -3/+4 | |
| CID 25131 ok beck@ tb@ suggest using X509_REQ_get0_pubkey() and remove the EVP_PKEY_free() from tb@ | |||||
| 2022-01-22 | X509_GET_PUBKEY(3) return value check in libcrypto | inoguchi | 1 | -3/+3 | |
| ok beck@ tb@ suggest using X509_get0_pubkey() and remove EVP_PKEY_free() from tb@ | |||||
| 2022-01-22 | X509_GET_PUBKEY(3) return value check in libcrypto | inoguchi | 2 | -4/+7 | |
| ok beck@ tb@ | |||||
| 2022-01-20 | Remove the remaining three parens in return statements. | tb | 1 | -4/+4 | |
| 2022-01-20 | Use correct spelling of NULL. | tb | 1 | -2/+2 | |
| 2022-01-20 | remove unused variable from all copies of _asr_strdname() | naddy | 2 | -6/+6 | |
| ... including those inlined into print_dname(). This also fixes -Wunused-but-set-variable warnings warnings in smtpd and smtpctl. The code was imported with asr and then copied around. ok deraadt@ guenther@ | |||||
| 2022-01-20 | Add check for EVP_CIPHER_CTX_ctrl | inoguchi | 1 | -4/+6 | |
| suggestion from tb@ | |||||
| 2022-01-20 | Add check for EVP_CIPHER_CTX_set_key_length return value | inoguchi | 1 | -2/+3 | |
| CID 21653 ok jsing@ millert@ tb@ | |||||
| 2022-01-20 | Add check for OBJ_nid2obj return value | inoguchi | 1 | -2/+3 | |
| input from tb@ | |||||
| 2022-01-20 | Add check for ASN1_INTEGER_set | inoguchi | 1 | -2/+3 | |
| CID 24893 ok jsing@ millert@ tb@ | |||||
| 2022-01-20 | Fix check for BN_mod_inverse_ct return value | inoguchi | 5 | -13/+13 | |
| ok jsing@ millert@ tb@ | |||||
| 2022-01-20 | Add check for BN_sub return value | inoguchi | 1 | -2/+3 | |
| CID 24839 ok jsing@ millert@ tb@ | |||||
| 2022-01-20 | Add check for BIO_indent return value | inoguchi | 1 | -2/+3 | |
| CID 24778 ok jsing@ millert@ tb@ | |||||
| 2022-01-20 | Add check for BIO_indent return value | inoguchi | 1 | -3/+5 | |
| CID 24812 ok jsing@ millert@ tb@ | |||||
| 2022-01-20 | Add check for EVP_CIPHER_CTX_set_key_length return value | inoguchi | 1 | -2/+2 | |
| It returns 1 on success and 0 for failure, never negative value. ok jsing@ millert@ tb@ | |||||
| 2022-01-20 | Add and fix check for BN functions return value | inoguchi | 1 | -4/+5 | |
| ok jsing@ millert@ tb@ | |||||
| 2022-01-20 | Add check for BN functions return value | inoguchi | 1 | -3/+5 | |
| CID 21665 24835 comment from jsing@ and tb@ ok jsing@ millert@ tb@ | |||||
| 2022-01-20 | Add check for BIO_indent return value | inoguchi | 1 | -2/+3 | |
| CID 24869 ok jsing@ millert@ tb@ | |||||
| 2022-01-19 | Document the bizarre fact that {CMS,PCKS7}_get0_signers() needs some | tb | 2 | -4/+12 | |
| freeing of what they return despite being get0 functions: the stack of X509s that they return must be freed with sk_X509_free(). The get0 thus probably refers to the individual certs, but not to the stack itself. The libcrypto and libssl APIs never cease to amaze with new traps. ok inoguchi | |||||
| 2022-01-19 | Check return value from EVP_CIPHER_CTX_new in cms_pwri.c | inoguchi | 1 | -2/+4 | |
| CID 345137 ok jsing@ tb@ | |||||
| 2022-01-19 | Check function return value in libtls | inoguchi | 1 | -9/+21 | |
| EVP_EncryptInit_ex, EVP_DecryptInit_ex and HMAC_Init_ex are possible to fail and return error. Error from these functions will be fatal for the callback, and I choose to return -1. SSL_CTX_set_tlsext_ticket_key_cb.3 explains the return value of callback. This also could fix Coverity CID 345319. ok jsing@ tb@ | |||||
| 2022-01-16 | Avoid memory leak in error path with openssl(1) smime | inoguchi | 1 | -1/+2 | |
| CID 345316 ok tb@ | |||||
| 2022-01-16 | Avoid memory leak in error path with openssl(1) cms | inoguchi | 1 | -1/+3 | |
| CID 345314 345320 ok tb@ | |||||
| 2022-01-15 | spelling | jsg | 12 | -39/+39 | |
| ok tb@ | |||||
| 2022-01-15 | Add back an accidentally dropped .Pp | tb | 1 | -1/+2 | |
| 2022-01-15 | Update for HMAC_CTX_{init,cleanup} hand HMAC_cleanup removal | tb | 1 | -50/+2 | |
| 2022-01-15 | Stop documenting clone digests. | tb | 3 | -47/+7 | |
| 2022-01-15 | Minor cleanup and simplification in dsa_pub_encode() | tb | 1 | -15/+8 | |
| This function has a weird dance of allocating an ASN1_STRING in an inner scope and assigning it to a void pointer in an outer scope for passing it to X509_PUBKEY_set0_param() and ASN1_STRING_free() on error. This can be simplified and streamlined. ok inoguchi | |||||
| 2022-01-15 | Add ct.h and x509_vfy.h | inoguchi | 1 | -1/+3 | |
| 2022-01-14 | Avoid buffer overflow in asn1_parse2 | inoguchi | 1 | -2/+2 | |
| asn1_par.c r1.29 changed to access p[0] directly, and this pointer could be overrun since ASN1_get_object advances pointer to the first content octet. In case invalid ASN1 Boolean data, it has length but no content, I thought this could be happen. Adding check p with tot (diff below) will avoid this failure. Reported by oss-fuzz 43633 and 43648(later) ok tb@ | |||||
| 2022-01-14 | Enable openssl pkey -{,pub}check and pkeyparam -check | tb | 2 | -6/+2 | |
| 2022-01-14 | Undo static linking and other workarounds that are no longer needed | tb | 6 | -19/+15 | |
| after the bump | |||||
| 2022-01-14 | Convert wycheproof.go for opaque EVP_AEAD_CTX | tb | 1 | -11/+18 | |
| 2022-01-14 | The cttest can link dynamically now | tb | 1 | -2/+2 | |
| 2022-01-14 | Simplify BN_mont test slightly using a new accessor. | tb | 1 | -4/+2 | |
| 2022-01-14 | openssl(1) dgst: fix build after clones removal | tb | 1 | -4/+1 | |
| ok inoguchi jsing | |||||
| 2022-01-14 | Convert openssl(1) speed for opaque EVP_AEAD_CTX | tb | 1 | -13/+31 | |
| ok inoguchi jsing | |||||
| 2022-01-14 | Convert openssl(1) rsa.c for opaque RSA | tb | 1 | -2/+2 | |
| ok inoguchi jsing | |||||
| 2022-01-14 | openssl(1) genrsa: simplify access to rsa->e | tb | 1 | -5/+3 | |
| ok inoguchi jsing | |||||
| 2022-01-14 | Convert openssl(1) gendsa.c to opaque DSA | tb | 1 | -2/+2 | |
| ok inoguchi jsing | |||||
| 2022-01-14 | Convert openssl(1) dsaparam to opaque dsa | tb | 1 | -11/+13 | |
| ok inoguchi jsing | |||||
| 2022-01-14 | Convert openssl(1) dsa.c to opaque DSA | tb | 1 | -2/+2 | |
| ok inoguchi jsing | |||||
| 2022-01-14 | Convert openssl(1) dhparam to opaque DH | tb | 1 | -12/+14 | |
| ok inoguchi jsing | |||||
| 2022-01-14 | Convert openssl(1) dh.c to opaque DH | tb | 1 | -10/+12 | |
| ok inoguchi jsing | |||||
| 2022-01-14 | bump libcrypto, libssl, libtls majors after struct visibility changes | tb | 3 | -3/+3 | |
| and Symbol addition and removal in libcrypto. | |||||
| 2022-01-14 | Use the correct type for ssl_callback_ctrl() | tb | 1 | -3/+3 | |
| 2022-01-14 | Convert the new record layers to opaque EVP_AEAD_CTX | tb | 2 | -12/+6 | |
| ok jsing | |||||
| 2022-01-14 | Convert ssl_kex.c to opaque DH | tb | 1 | -11/+11 | |
| Stop reaching into DH internals and use the new API functions instead. ok inoguchi jsing | |||||
