| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
| |
In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new()
call above it will have allocated a ctx without calling BN_CTX_start() on
it. The error handling calls BN_CTX_end() when ctx is allocated.
Move the BN_MONT_CTX_new() call up so it will fail first without splitting
up the BN_CTX_new() and BN_CTX_start().
tweak + ok miod@, ok bcook@
|
| |
|
|
|
|
|
|
| |
large enough, do it correctly so that the local seed buffer on the stack
gets properly initialized in the first iteration of the loop.
While there, remove an outdated and bogus comment.
Coverity CID 21785
ok doug@ jsing@
|
| |
|
|
| |
ok doug@ jsing@
|
| |
|
|
|
|
|
|
|
| |
data structures visible and easier to review, without having to wade
through layers and layers of asn1t.h macros.
Change has been scripted and there is no change to the generated assembly.
Discussed with beck@ miod@ tedu@
|
| | |
|
| |
|
|
| |
ok miod@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you didn't enable deprecated code, there were missing err.h and
bn.h includes. This commit allows building with or without deprecated
code.
This was not derived from an OpenSSL commit. However, they recently
enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems
in a different way.
Verified with clang that this only changes line numbers in the generated
asm.
ok miod@
|
| |
|
|
|
|
|
|
| |
the code is visible and functions can be readily located.
Change has been scripted and there is no change to the generated assembly.
Discussed with beck@ miod@ tedu@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are currently cases where the return from each call is checked,
the return from only the last call is checked and cases where it is not
checked at all (including code in bn, ec and engine).
Checking the last return value is valid as once the function fails it will
continue to return NULL. However, in order to be consistent check each
call with the same idiom. This makes it easy to verify.
Note there are still a handful of cases that do not follow the idiom -
these will be handled separately.
ok beck@ doug@
|
| |
|
|
|
|
| |
from OpenSSL with a hint of boring and some things done here. Addresses
CVE-2014-8275 for OpenSSL fully
ok miod@ doug@
|
| |
|
|
|
|
|
|
| |
arc4random_buf() is guaranteed to always succeed - it is worth noting
that a number of the replaced function calls were already missing return
value checks.
ok deraadt@
|
| | |
|
| |
|
|
|
|
| |
appropriate function. Checking for privkey != NULL is not enough since
privkey points to a member of ndsa if ndsa != NULL.
dsa_priv_encode(): possible double free in error path.
|
| |
|
|
|
|
|
| |
Improves readability, keeps the code smaller so that it is warmer in your
cache.
review & ok deraadt@
|
| |
|
|
|
|
|
|
| |
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@
|
| |
|
|
|
|
|
|
|
| |
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
| |
|
|
|
|
| |
are needed in the source files that actually require them.
ok beck@ miod@
|
| | |
|
| |
|
|
|
|
| |
Also remove unused des_ver.h, which exports some of these strings, but is not installed.
ok miod@ tedu@
|
| |
|
|
| |
8-line if() tests.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
manual page strictly. Return -2 if the strings are not strict numbers.
The numbers remain in the range of "int". Range checking for these parameters
is done later in the pkey_*_ctl() functions, or sometimes in functions much
further downstream... but not always!!!
ok millert miod mikeb
|
| | |
|
| |
|
|
|
|
| |
and others to the regress framework. These remaining ones just
muddle us up when re-reading code repeatedly.
ok jsing
|
| |
|
|
| |
ok miod
|
| | |
|
| |
|
|
| |
ok tedu guenther
|
| |
|
|
| |
ok to firebomb from tedu@
|
| |
|
|
|
|
|
| |
including it they get <openssl/opensslconf.h>. So instead of pulling in
<openssl/e_os2.h>, just pull in <openssl/opensslconf.h>.
"go ahead" miod@
|
| |
|
|
| |
eyeballed before applying. Contributed by Cyril Roelandt on tech@
|
| |
|
|
|
|
| |
that were not wrapped with #if PEDANTIC.
ok miod@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
avoid unreadable/unmaintainable constructs like that:
const EVP_PKEY_ASN1_METHOD cmac_asn1_meth =
{
EVP_PKEY_CMAC,
EVP_PKEY_CMAC,
0,
"CMAC",
"OpenSSL CMAC method",
0,0,0,0,
0,0,0,
cmac_size,
0,
0,0,0,0,0,0,0,
cmac_key_free,
0,
0,0
};
ok matthew@ deraadt@
|
| |
|
|
| |
ok miod
|
| |
|
|
|
|
|
|
| |
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
|
| |
|
|
|
|
|
|
|
|
| |
2. Even passing a digest in as entropy is sloppy.
But apparently the OpenSSL guys could find no objects of lesser value to
pass to the pluggable random subsystem, and had to resort to private keys
and digests. Classy.
ok djm
|
| | |
|
| |
|
|
|
| |
meets their needs, but dumping it in here only penalizes the rest of us.
ok beck deraadt
|
| | |
|
| |
|
|
|
| |
that it is easier to find code pieces. They are getting in the way.
ok miod
|
| | |
|
| |\
| |
| | |
branch.
|
| | | |
|
| | | |
|
| |\|
| |
| | |
branch.
|
| | | |
|
| | | |
|
| |\|
| |
| | |
branch.
|
| | | |
|
| | | |
|
