| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
The pkey is only used in one scope. i2o allocates if passed a pointer
to NULL, so use that to drop two unnecessary local variables.
ok jsing
|
| |
|
|
|
|
|
| |
This looks like a use after free, but setting the unused bits to 0
can't actually fail.
ok jsing
|
| |
|
|
|
|
| |
Also use ret instead of rv.
ok jsing
|
| |
|
|
|
|
|
|
| |
ASN1_TYPE_get() returns V_ASN1_* constants. Checking the return for
NID_undef instead means that we actually check for V_ASN1_EOC, which
makes absolutely no sense here. Clearly V_ASN1_UNDEF was intended.
ok jsing
|
| |
|
|
|
|
|
|
| |
If EVP_PKEY_new() returns NULL, it would be passed to the paramgen() pmeth
which would typically dereference it. This is identical to a recent change
in keygen().
ok jsing
|
| |
|
|
|
|
| |
This results in simpler code.
Suggested by tb@ during review.
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
| |
This will be used in an upcoming change.
ok tb@
|
| |
|
|
|
|
|
| |
Also change the bits type from int to size_t, since that's what the callers
are passing and we can avoid unnecessary input validation.
ok tb@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
It's always good to see something called internal in the public API.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
We only need the ASN.1 items.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
This was only ever semi-public and libtls no longer uses it since it was
switched to the BoringSSL POSIX time API.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Both BN_clear_bit() and BN_mask_bits() can create zero values - in both
cases ensure that the negative sign is correctly handled if the value
becomes zero.
Thanks to Guido Vranken for providing a reproducer.
Fixes oss-fuzz #67901
ok tb@
|
| |
|
|
| |
pointed out by jsing
|
| |
|
|
|
|
|
|
| |
When I unifdefed GOST support, the tree wasn't fully unlocked, so I didn't
want to touch a public header. All this code is in #ifndef OPENSSL_NO_GOST,
which we define.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
These are four versions of near identical code: PKCS#7 and CMS controls
for DSA and EC. The checks are rather incomplete and should probably be
merged somehow (see the Ed25519 version in ecx_methods(). For now, only
replace X509_ALGOR_set0() with its internal by_nid() version and, while
there, spell NULL correctly.
ok jca
|
| | |
|
| |
|
|
|
|
|
|
| |
Call a BIO bio rather than bi, a, or b; don't cast when assigning from
or to a (void *). Drop loads of silly redundant parentheses, use better
order of variable declarations.
No change in the generated assembly
|
| |
|
|
|
|
|
|
| |
It's unclear whether the functions these support were ever really
used for anything else than kicking off an overenginerred state
machine.
ok jsing
|
| |
|
|
|
|
|
| |
After a EVP_PKEY_new() failure, a NULL pointer would be passed to the
keygen pmeth, which could result in tears.
ok beck jsing
|
| |
|
|
|
| |
This file was very undecided what style to choose and often changed its
mind in the middle of a function. No change in the generated assembly.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Make them static. Don't make them allocate if passed a NULL ASN1_TIME to
avoid leaks. This currently means that we accept a NULL and succeed. That's
very ugly but better than what we have now.
Simplify ASN1_TIME_set_string_internal() accordingly and allocate an
ASN1_TIME at the API boundary of ASN1_TIME_adj_internal() and of
ASN1_TIME_to_generalized_time().
ok beck (after a lot of squealing and distress)
|
| |
|
|
|
|
| |
accidentally not included in crypto.h commit
requested and ok tb@
|
| | |
|
| |
|
|
|
|
| |
use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard
ok tb@
|
| |
|
|
|
|
| |
use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard around them.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
Mark them LCRYPTO_UNUSED appropriately and remove the LIBRESSL_INTERNAL
guards around them
ok tb@
|
| |
|
|
|
|
| |
and remove the LIBRESSL_INTERNAL guards around them
ok tb@
|
| |
|
|
|
|
| |
These got missed when they were hidden
ok tb@
|
| |
|
|
|
| |
This removes the LIBRESSL_INTERNAL guards and marks
the functions within as LCRYPTO_UNUSED
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
crypto.h already had the symbols not hidden behind LIBRESSL_INTERNAL
hidden - This now picks up the reset of them marking them as
LCRYPTO_UNUSED, and removes the LIBRESSL_INTERNAL guard.
These symbols will now be hidden, but if we use them inside
the library in a namespaced build we will get a deprecation
warning. use outside the library will be as with any other hidden
symbol, so fine.
ok tb@
|
| |
|
|
|
|
|
| |
We added things we probably shouldn't have, and so did BoringSSL and
OpenSSL. Terrible API is terrible.
discussed with jsing
|
| | |
|
| |
|
|
|
|
| |
This guentherizes the public symbols from conf.h
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
This API can be called with s == NULL, in which case the tm_to_*()
functions helpfully allocate a new s and then leak. This is a rather
ugly fix to make portable ASAN regress happy again, the better fix
will be to rewrite the tm_to_*() functions and adjust their callers.
That is more intrusive and will be done in a later pass.
ok bcook jsing
|
| |
|
|
|
|
|
| |
This picks up most of the remaining public symbols in
x509.h
ok tb@
|
| |
|
|
|
|
| |
largely mechanically done by the guentherizer 9000
ok tb@
|
