openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2022-01-22	X509_GET_PUBKEY(3) return value check in libcrypto	inoguchi	1	-3/+3
	ok beck@ tb@ suggest using X509_get0_pubkey() and remove EVP_PKEY_free() from tb@
2022-01-22	X509_GET_PUBKEY(3) return value check in libcrypto	inoguchi	2	-4/+7
	ok beck@ tb@
2022-01-20	Remove the remaining three parens in return statements.	tb	1	-4/+4

2022-01-20	Use correct spelling of NULL.	tb	1	-2/+2

2022-01-20	remove unused variable from all copies of _asr_strdname()	naddy	2	-6/+6
	... including those inlined into print_dname(). This also fixes -Wunused-but-set-variable warnings warnings in smtpd and smtpctl. The code was imported with asr and then copied around. ok deraadt@ guenther@
2022-01-20	Add check for EVP_CIPHER_CTX_ctrl	inoguchi	1	-4/+6
	suggestion from tb@
2022-01-20	Add check for EVP_CIPHER_CTX_set_key_length return value	inoguchi	1	-2/+3
	CID 21653 ok jsing@ millert@ tb@
2022-01-20	Add check for OBJ_nid2obj return value	inoguchi	1	-2/+3
	input from tb@
2022-01-20	Add check for ASN1_INTEGER_set	inoguchi	1	-2/+3
	CID 24893 ok jsing@ millert@ tb@
2022-01-20	Fix check for BN_mod_inverse_ct return value	inoguchi	5	-13/+13
	ok jsing@ millert@ tb@
2022-01-20	Add check for BN_sub return value	inoguchi	1	-2/+3
	CID 24839 ok jsing@ millert@ tb@
2022-01-20	Add check for BIO_indent return value	inoguchi	1	-2/+3
	CID 24778 ok jsing@ millert@ tb@
2022-01-20	Add check for BIO_indent return value	inoguchi	1	-3/+5
	CID 24812 ok jsing@ millert@ tb@
2022-01-20	Add check for EVP_CIPHER_CTX_set_key_length return value	inoguchi	1	-2/+2
	It returns 1 on success and 0 for failure, never negative value. ok jsing@ millert@ tb@
2022-01-20	Add and fix check for BN functions return value	inoguchi	1	-4/+5
	ok jsing@ millert@ tb@
2022-01-20	Add check for BN functions return value	inoguchi	1	-3/+5
	CID 21665 24835 comment from jsing@ and tb@ ok jsing@ millert@ tb@
2022-01-20	Add check for BIO_indent return value	inoguchi	1	-2/+3
	CID 24869 ok jsing@ millert@ tb@
2022-01-19	Document the bizarre fact that {CMS,PCKS7}_get0_signers() needs some	tb	2	-4/+12
	freeing of what they return despite being get0 functions: the stack of X509s that they return must be freed with sk_X509_free(). The get0 thus probably refers to the individual certs, but not to the stack itself. The libcrypto and libssl APIs never cease to amaze with new traps. ok inoguchi
2022-01-19	Check return value from EVP_CIPHER_CTX_new in cms_pwri.c	inoguchi	1	-2/+4
	CID 345137 ok jsing@ tb@
2022-01-19	Check function return value in libtls	inoguchi	1	-9/+21
	EVP_EncryptInit_ex, EVP_DecryptInit_ex and HMAC_Init_ex are possible to fail and return error. Error from these functions will be fatal for the callback, and I choose to return -1. SSL_CTX_set_tlsext_ticket_key_cb.3 explains the return value of callback. This also could fix Coverity CID 345319. ok jsing@ tb@
2022-01-16	Avoid memory leak in error path with openssl(1) smime	inoguchi	1	-1/+2
	CID 345316 ok tb@
2022-01-16	Avoid memory leak in error path with openssl(1) cms	inoguchi	1	-1/+3
	CID 345314 345320 ok tb@
2022-01-15	spelling	jsg	12	-39/+39
	ok tb@
2022-01-15	Add back an accidentally dropped .Pp	tb	1	-1/+2

2022-01-15	Update for HMAC_CTX_{init,cleanup} hand HMAC_cleanup removal	tb	1	-50/+2

2022-01-15	Stop documenting clone digests.	tb	3	-47/+7

2022-01-15	Minor cleanup and simplification in dsa_pub_encode()	tb	1	-15/+8
	This function has a weird dance of allocating an ASN1_STRING in an inner scope and assigning it to a void pointer in an outer scope for passing it to X509_PUBKEY_set0_param() and ASN1_STRING_free() on error. This can be simplified and streamlined. ok inoguchi
2022-01-15	Add ct.h and x509_vfy.h	inoguchi	1	-1/+3

2022-01-14	Avoid buffer overflow in asn1_parse2	inoguchi	1	-2/+2
	asn1_par.c r1.29 changed to access p[0] directly, and this pointer could be overrun since ASN1_get_object advances pointer to the first content octet. In case invalid ASN1 Boolean data, it has length but no content, I thought this could be happen. Adding check p with tot (diff below) will avoid this failure. Reported by oss-fuzz 43633 and 43648(later) ok tb@
2022-01-14	Enable openssl pkey -{,pub}check and pkeyparam -check	tb	2	-6/+2

2022-01-14	Undo static linking and other workarounds that are no longer needed	tb	6	-19/+15
	after the bump
2022-01-14	Convert wycheproof.go for opaque EVP_AEAD_CTX	tb	1	-11/+18

2022-01-14	The cttest can link dynamically now	tb	1	-2/+2

2022-01-14	Simplify BN_mont test slightly using a new accessor.	tb	1	-4/+2

2022-01-14	openssl(1) dgst: fix build after clones removal	tb	1	-4/+1
	ok inoguchi jsing
2022-01-14	Convert openssl(1) speed for opaque EVP_AEAD_CTX	tb	1	-13/+31
	ok inoguchi jsing
2022-01-14	Convert openssl(1) rsa.c for opaque RSA	tb	1	-2/+2
	ok inoguchi jsing
2022-01-14	openssl(1) genrsa: simplify access to rsa->e	tb	1	-5/+3
	ok inoguchi jsing
2022-01-14	Convert openssl(1) gendsa.c to opaque DSA	tb	1	-2/+2
	ok inoguchi jsing
2022-01-14	Convert openssl(1) dsaparam to opaque dsa	tb	1	-11/+13
	ok inoguchi jsing
2022-01-14	Convert openssl(1) dsa.c to opaque DSA	tb	1	-2/+2
	ok inoguchi jsing
2022-01-14	Convert openssl(1) dhparam to opaque DH	tb	1	-12/+14
	ok inoguchi jsing
2022-01-14	Convert openssl(1) dh.c to opaque DH	tb	1	-10/+12
	ok inoguchi jsing
2022-01-14	bump libcrypto, libssl, libtls majors after struct visibility changes	tb	3	-3/+3
	and Symbol addition and removal in libcrypto.
2022-01-14	Use the correct type for ssl_callback_ctrl()	tb	1	-3/+3

2022-01-14	Convert the new record layers to opaque EVP_AEAD_CTX	tb	2	-12/+6
	ok jsing
2022-01-14	Convert ssl_kex.c to opaque DH	tb	1	-11/+11
	Stop reaching into DH internals and use the new API functions instead. ok inoguchi jsing
2022-01-14	Use BIO_next/BIO_set_next in ssl_lib.c	tb	1	-3/+3
	Trivial conversion to cope with opaque BIO.
2022-01-14	bio_ssl.c needs to peek into bio_local.h	tb	2	-2/+4

2022-01-14	Update Symbols.list	tb	1	-49/+190
	ok inoguchi