| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
ensuring that the buffer contents are zeroed on allocation and not leaked
when resizing.
It is worth noting that BUF_MEM_grow_clean() already did this manually by
avoiding realloc().
ok beck@ inoguchi@
|
| |
|
|
| |
ok beck@ inoguchi@
|
| |
|
|
|
|
|
|
| |
Ensure both MD and key have been initialized before processing HMAC.
Releasing HMAC_CTX in error path of HMAC().
In regress test, added test 4,5,6 and cleaned up the code.
ok jsing@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
used in various parts of TLS 1.0/1.1.
This will allow for code simplification in libssl.
The same interface exists in OpenSSL 1.1.
ok beck@ deraadt@ inoguchi@ millert@
|
| | |
|
| |
|
|
|
|
|
|
| |
of Japan, they are present in Mozilla's CA store. OK ajacoutot@
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
|
| | |
|
| |
|
|
|
| |
and document ERR_asprintf_error_data as their replacement.
ok jsing@, ingo@
|
| | |
|
| | |
|
| |
|
|
|
| |
provided error code matches the error that is currently on the top of the
error stack.
|
| |
|
|
|
|
|
| |
1989, VMS, or MS/DOS and we all run Brobdingnagian C compilers that have
can now be counted on to achieve this level of sophistication nearly
everywhere.
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
| |
This patch is originally from master branch of OpenSSL.
- 2198b3a crypto/evp: harden AEAD ciphers.
- 8e20499 crypto/evp: harden RC4_MD5 cipher.
ok tom@
|
| |
|
|
| |
jsing@ confirmed that these are public and worth documenting.
|
| | |
|
| |
|
|
| |
jsing@ confirmed that these macros are public and worth documenting.
|
| |
|
|
|
|
|
| |
and BN_RECP_CTX_init(3). They are not only deprecated but so
dangerous that they are almost unusable. I found these scary
traps while reading the code in order to document BN_set_flags(3).
While here, delete ERR_get_error(3) from SEE ALSO.
|
| |
|
|
|
|
| |
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
| |
|
|
|
| |
using it anymore
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
jsing@ confirmed that this function is public and worth documenting.
This page needs much more work, it is outrageously incomplete and
unclear. For example, it remains unexplained what error strings
are, what "registering" means and what the benefit for the application
is, what happens if it is not done, or what happens if an error
occurs after calling ERR_free_strings(3). I tried to read the code,
but it is so contorted that i postponed that work. For example,
it looks like there are hooks for applications to replace the
functions used for registering strings by other, application-supplied
functions, and, of course, there are many levels of macro and
function wrappers.
For now, i only documented the most obvious BUGS.
|
| |
|
|
| |
jsing@ confirmed that it is a public function worth documenting
|
| |
|
|
|
|
|
|
|
|
|
| |
by Alejandro Cabrera <aldaya@gmail.com> to avoid the possibility of a
sidechannel timing attack during RSA private key generation.
Modify BN_gcd to become not visible under LIBRESSL_INTERNAL and force
the use of the _ct or _nonct versions of the function only within
the library.
ok jsing@
|
| |
|
|
| |
ok guenther@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
matter for constant time, and make the public interface only used
external to the library.
This moves us to a model where the important things are constant time
versions unless you ask for them not to be, rather than the opposite.
I'll continue with this method by method.
Add regress tests for same.
ok jsing@
|
| |
|
|
| |
LIBRESSL_INTERNAL.
|
| |
|
|
| |
No change to generated assembly excluding line numbers.
|
| |
|
|
|
| |
with some style cleanup after. no binary change
ok jsing@
|
| |
|
|
| |
No change to generated assembly excluding line numbers.
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
| |
with the caveat that we force V_OK when a user provided callback has
us returning success.
ok inoguchi@ jsing@
|
| |
|
|
|
| |
towards cleaning up the V_OK stuff.
ok kinichiro@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
(slightly) more readable.
|
| | |
|
| |
|
|
|
|
|
| |
returning ok == 1, with ctx->error not being X509_V_OK. Hopefully we can
restore this behaviour once these are ironed out.
Discussed with beck@
|
| | |
|
| |
|
|
|
|
|
|
| |
fixing a dead link reported by jmc@.
Only about half of X509_VERIFY_PARAM is documented so far,
and the extensible lookup table feels like one of the more
arcane features and probably not the next thing to document.
|
| |
|
|
|
|
|
| |
jmc@ reported that X509_LOOKUP_hash_dir(3) references it.
Even though OpenSSL does not document it, given that it is used for
file names that users have to create, it is sufficiently exposed
to users to be worth documenting.
|
| |
|
|
|
|
|
|
|
|
|
| |
Not documented by OpenSSL, but listed in <openssl/x509_vfy.h>
and referenced from X509_LOOKUP_hash_dir(3), and clearly more
important than the latter. Fixes three dead links reported by jmc@.
Most of the information from SSL_CTX_load_verify_locations(3) should
probably be moved here, but not all, since the SSL page also talks
about SSL servers and clients and the like. As i'm not completely
sure regarding the boundaries, i'm leaving that as it is for now.
|
| |
|
|
|
|
|
| |
and X509_STORE_add_lookup(3) reported by jmc@.
Even though these functions are public, they seem more useful internally
than for application programs, so now is not the time to document them.
|
| |
|
|
|
|
|
| |
function that had the the sole purpose of discouraging its use.
Not talking about it at all discourages using it even more.
Dangling cross reference reported by jmc@.
|
