| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These functions were renamed in the last bump
#define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf #define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt
They don't appear in the compiled library itself, so no further bump
required.
Fixes libressl-portable/portable#791
Found the hard way by vollkommenheit
ok deraadt jsing
|
| |
|
|
|
|
|
|
|
| |
IANA made a permanent registration in the SMI Security for S/MIME CMS
Content Type registry at
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1
for signed objects conforming to draft-ietf-sidrops-signed-tal.
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
These ciphers have long based APIs, while EVP has a size_t based API. The
intent of these loops is to handle sizes that are bigger than LONG_MAX.
Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX
rounded down to a large block size, ensuring that it is a block size
multiple. Revert the recently added overflow checks now that this is
handled more appropriately.
ok tb@
|
| |
|
|
|
|
|
| |
Now that EVP_CIPHER is opaque, stop pretending that EVP_CIPHER cleanup can
fail.
ok tb@
|
| | |
|
| |
|
|
|
| |
This is no longer public API. Also remove some comments about i2c and c2i
functions being intentionally undocumented since they are no longer public.
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Various projects use bio_info_cb and BIO_info_cb interchangeably, for
example mupdf and freerdp. This is because this was changed in OpenSSL
commit fce78bd4 (2017), triggered by new warnings in gcc 8.
https://github.com/openssl/openssl/pull/4493
This results in some scary compiler warnings and useless patches in ports.
Nobody seems to be using the old bio_info_cb() version.
ok jsing
|
| |
|
|
|
|
|
|
| |
This removes c2i_ASN1_OBJECT(), {c2i,i2c}_ASN1_BIT_STRING() and
{c2i,i2c}_ASN1_INTEGER(). These are not part of the OpenSSL 1.1
API and should never have been exposed in the first place.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
The length is decremented, however the input is repeatedly read from and
output written to the same position. Correct this by actually incrementing
the input and output pointers.
Found via OpenSSL 604e591ed7,
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
The BLOCK_CIPHER_* macros contained a bug where the total length is passed
to the underlying cipher implementation, rather than the length of the
current chunk. Correct this and use the chunk length instead.
Should address the remaining issues reported by Coverity.
ok tb@
|
| |
|
|
| |
ok jmc@ miod@
|
| |
|
|
| |
ok ok miod@ ack ack jmc@
|
| |
|
|
| |
ok miod@ jmc@
|
| |
|
|
|
| |
Noticed by jsg
Feedback OK jsg
|
| |
|
|
| |
Only change in generated assembly is due to line numbers.
|
| |
|
|
|
|
|
|
|
| |
These cipher implementations take a size_t length argument, so stop
casting it to a long.
Found by Coverity.
ok tb@
|
| |
|
|
| |
No change in generated assembly.
|
| |
|
|
|
|
|
|
|
|
| |
The EVP cipher API uses size_t, however a number of the underlying
implementations use long in their API. This means that an input with
size > LONG_MAX will go negative.
Found by Coverity, hiding under a large pile of macros.
ok tb@
|
| |
|
|
| |
Only change to generated assembly is due to line numbers.
|
| |
|
|
| |
Only change in generated assembly is due to line numbers.
|
| |
|
|
|
|
|
| |
Pull the init_key and ctrl (if present) functions up to the top. This
improves readability and allows for the removal of function prototypes.
No functional change.
|
| | |
|
| | |
|
| |
|
|
| |
No change in generated assembly.
|
| |
|
|
| |
No change in generated assembly.
|
| |
|
|
|
|
| |
This includes the wonderful BLOCK_CIPHER_ecb_loop - a for loop in a macro.
No change in generated assembly.
|
| | |
|
| |
|
|
| |
Only change to generated assembly is due to the use of EVPerror().
|
| |
|
|
|
|
| |
Also remove various comments noting that it cannot be used for certain
block ciphers (which kinda defeats the purpose of having a generic
implementation in the first place).
|
| |
|
|
|
| |
Only change to generated assembly is due to EVPerror()'s use of line
numbers.
|
| |
|
|
| |
No change in generated assembly.
|
| |
|
|
|
|
| |
Only change to generated assembly is due to EVPerror()'s use of line
numbers.
CVS ----------------------------------------------------------------------
|
| |
|
|
| |
No change to generated assembly.
|
| |
|
|
|
|
|
|
|
| |
These macros make the ASN.1 macros seem sane - there are layers and layers
and layers here, which are hiding bugs.
No change to generated assembly.
Discussed with tb@
|
| | |
|
| |
|
|
|
|
| |
Rename some variables and consistently goto error.
ok tb@
|
| |
|
|
|
|
|
|
| |
Rather than recycling an existing ASN1_STRING and changing its type, free
it and allocate a replacement. This simplifies the code and potentially
avoids bugs resulting from reuse.
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
| |
Per X.690, some ASN.1 types must be primitive encoded, some must be
constructed and some may be either. Add this data to our types table
and check the encoding against this information when decoding.
ok tb@
|
| |
|
|
|
|
|
| |
This avoids asn1_c2i_primitive() from needing knowledge about the internals
of ASN1_INTEGER and ASN1_ENUMERATED.
ok tb@
|
