Commit message (Collapse) | Author | Files | Lines | ||
---|---|---|---|---|---|
2022-01-20 | Add check for BN_sub return value | inoguchi | 1 | -2/+3 | |
CID 24839 ok jsing@ millert@ tb@ | |||||
2022-01-20 | Add check for BIO_indent return value | inoguchi | 1 | -2/+3 | |
CID 24778 ok jsing@ millert@ tb@ | |||||
2022-01-20 | Add check for BIO_indent return value | inoguchi | 1 | -3/+5 | |
CID 24812 ok jsing@ millert@ tb@ | |||||
2022-01-20 | Add check for EVP_CIPHER_CTX_set_key_length return value | inoguchi | 1 | -2/+2 | |
It returns 1 on success and 0 for failure, never negative value. ok jsing@ millert@ tb@ | |||||
2022-01-20 | Add and fix check for BN functions return value | inoguchi | 1 | -4/+5 | |
ok jsing@ millert@ tb@ | |||||
2022-01-20 | Add check for BN functions return value | inoguchi | 1 | -3/+5 | |
CID 21665 24835 comment from jsing@ and tb@ ok jsing@ millert@ tb@ | |||||
2022-01-20 | Add check for BIO_indent return value | inoguchi | 1 | -2/+3 | |
CID 24869 ok jsing@ millert@ tb@ | |||||
2022-01-19 | Document the bizarre fact that {CMS,PCKS7}_get0_signers() needs some | tb | 2 | -4/+12 | |
freeing of what they return despite being get0 functions: the stack of X509s that they return must be freed with sk_X509_free(). The get0 thus probably refers to the individual certs, but not to the stack itself. The libcrypto and libssl APIs never cease to amaze with new traps. ok inoguchi | |||||
2022-01-19 | Check return value from EVP_CIPHER_CTX_new in cms_pwri.c | inoguchi | 1 | -2/+4 | |
CID 345137 ok jsing@ tb@ | |||||
2022-01-19 | Check function return value in libtls | inoguchi | 1 | -9/+21 | |
EVP_EncryptInit_ex, EVP_DecryptInit_ex and HMAC_Init_ex are possible to fail and return error. Error from these functions will be fatal for the callback, and I choose to return -1. SSL_CTX_set_tlsext_ticket_key_cb.3 explains the return value of callback. This also could fix Coverity CID 345319. ok jsing@ tb@ | |||||
2022-01-16 | Avoid memory leak in error path with openssl(1) smime | inoguchi | 1 | -1/+2 | |
CID 345316 ok tb@ | |||||
2022-01-16 | Avoid memory leak in error path with openssl(1) cms | inoguchi | 1 | -1/+3 | |
CID 345314 345320 ok tb@ | |||||
2022-01-15 | spelling | jsg | 12 | -39/+39 | |
ok tb@ | |||||
2022-01-15 | Add back an accidentally dropped .Pp | tb | 1 | -1/+2 | |
2022-01-15 | Update for HMAC_CTX_{init,cleanup} hand HMAC_cleanup removal | tb | 1 | -50/+2 | |
2022-01-15 | Stop documenting clone digests. | tb | 3 | -47/+7 | |
2022-01-15 | Minor cleanup and simplification in dsa_pub_encode() | tb | 1 | -15/+8 | |
This function has a weird dance of allocating an ASN1_STRING in an inner scope and assigning it to a void pointer in an outer scope for passing it to X509_PUBKEY_set0_param() and ASN1_STRING_free() on error. This can be simplified and streamlined. ok inoguchi | |||||
2022-01-15 | Add ct.h and x509_vfy.h | inoguchi | 1 | -1/+3 | |
2022-01-14 | Avoid buffer overflow in asn1_parse2 | inoguchi | 1 | -2/+2 | |
asn1_par.c r1.29 changed to access p[0] directly, and this pointer could be overrun since ASN1_get_object advances pointer to the first content octet. In case invalid ASN1 Boolean data, it has length but no content, I thought this could be happen. Adding check p with tot (diff below) will avoid this failure. Reported by oss-fuzz 43633 and 43648(later) ok tb@ | |||||
2022-01-14 | Enable openssl pkey -{,pub}check and pkeyparam -check | tb | 2 | -6/+2 | |
2022-01-14 | Undo static linking and other workarounds that are no longer needed | tb | 6 | -19/+15 | |
after the bump | |||||
2022-01-14 | Convert wycheproof.go for opaque EVP_AEAD_CTX | tb | 1 | -11/+18 | |
2022-01-14 | The cttest can link dynamically now | tb | 1 | -2/+2 | |
2022-01-14 | Simplify BN_mont test slightly using a new accessor. | tb | 1 | -4/+2 | |
2022-01-14 | openssl(1) dgst: fix build after clones removal | tb | 1 | -4/+1 | |
ok inoguchi jsing | |||||
2022-01-14 | Convert openssl(1) speed for opaque EVP_AEAD_CTX | tb | 1 | -13/+31 | |
ok inoguchi jsing | |||||
2022-01-14 | Convert openssl(1) rsa.c for opaque RSA | tb | 1 | -2/+2 | |
ok inoguchi jsing | |||||
2022-01-14 | openssl(1) genrsa: simplify access to rsa->e | tb | 1 | -5/+3 | |
ok inoguchi jsing | |||||
2022-01-14 | Convert openssl(1) gendsa.c to opaque DSA | tb | 1 | -2/+2 | |
ok inoguchi jsing | |||||
2022-01-14 | Convert openssl(1) dsaparam to opaque dsa | tb | 1 | -11/+13 | |
ok inoguchi jsing | |||||
2022-01-14 | Convert openssl(1) dsa.c to opaque DSA | tb | 1 | -2/+2 | |
ok inoguchi jsing | |||||
2022-01-14 | Convert openssl(1) dhparam to opaque DH | tb | 1 | -12/+14 | |
ok inoguchi jsing | |||||
2022-01-14 | Convert openssl(1) dh.c to opaque DH | tb | 1 | -10/+12 | |
ok inoguchi jsing | |||||
2022-01-14 | bump libcrypto, libssl, libtls majors after struct visibility changes | tb | 3 | -3/+3 | |
and Symbol addition and removal in libcrypto. | |||||
2022-01-14 | Use the correct type for ssl_callback_ctrl() | tb | 1 | -3/+3 | |
2022-01-14 | Convert the new record layers to opaque EVP_AEAD_CTX | tb | 2 | -12/+6 | |
ok jsing | |||||
2022-01-14 | Convert ssl_kex.c to opaque DH | tb | 1 | -11/+11 | |
Stop reaching into DH internals and use the new API functions instead. ok inoguchi jsing | |||||
2022-01-14 | Use BIO_next/BIO_set_next in ssl_lib.c | tb | 1 | -3/+3 | |
Trivial conversion to cope with opaque BIO. | |||||
2022-01-14 | bio_ssl.c needs to peek into bio_local.h | tb | 2 | -2/+4 | |
2022-01-14 | Update Symbols.list | tb | 1 | -49/+190 | |
ok inoguchi | |||||
2022-01-14 | Unconditionally comment out OPENSSL_NO_RFC3779 | tb | 1 | -3/+1 | |
ok inoguchi jsing | |||||
2022-01-14 | Remove header guard around RFC 3779 declarations | tb | 1 | -3/+1 | |
ok inoguchi jsing | |||||
2022-01-14 | Expose Certificate Transparency symbols in headers | tb | 3 | -11/+3 | |
ok inoguchi jsing | |||||
2022-01-14 | Hide OBJ_bsearch_ from public visibility, | tb | 1 | -84/+4 | |
This removes OBJ_bsearch_ex_() from the exported symbols and makes OBJ_bsearch_() semi-private. It is still used in libssl. While here, remove some hideous unused macros ok inoguchi jsing | |||||
2022-01-14 | Move ASN1_BOOLEAN to internal only. | tb | 2 | -5/+5 | |
This moves {d2i,i2d}_ASN1_BOOLEAN() to internal only. They are unused, but help us testing the encoding. ok jsing | |||||
2022-01-14 | Remove check_defer and obj_cleanup_defer from public visibility | tb | 1 | -1/+3 | |
ok inoguchi jsing | |||||
2022-01-14 | Remove name_cmp from public visibility | tb | 2 | -2/+3 | |
ok inoguchi jsing | |||||
2022-01-14 | Remove all asn1_* symbols from public visibility | tb | 2 | -18/+18 | |
ok inoguchi jsing | |||||
2022-01-14 | Implement new-style OpenSSL BIO callbacks | tb | 15 | -145/+266 | |
This provides support for new-style BIO callbacks in BIO_{read,write,gets,puts}() and a helper function to work out whether it should call the new or the old style callback. It also adds a few typedefs and minor code cleanup as well as the BIO_{get,set}_callback_ex() from jsing, ok tb | |||||
2022-01-14 | Garbage collect last use of EVP_ecdsa() | tb | 1 | -2/+1 | |
ok inoguchi jsing |