| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
Turn the function into single exit and error check EVP_PKEY_assign()
for style.
ok jsing
|
| |
|
|
|
|
|
| |
Again change this function into the single exit idiom, and error check
EVP_PKEY_assign().
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A void pointer can be passed without any cast or assigning it to an
intermediate variable. That's one of hte puzzling things in old OpenSSL
code: there are plenty of unnecessary casts and assignments of void
pointers.
Make use of this fact and rework the function to be single exit, error
check consistently, including the EVP_PKEY_assign() call that can't
really fail and free the cmkey on exit.
Why coverity didn't flag this one is another mystery.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
Calling EVP_KEY_assign_GOST(pkey, NULL) has the same effect as calling
EVP_PKEY_set_type(pkey, EVP_PKEY_GOSTR01). The only difference is that
the latter form allows for error checking while the former won't let
you do that. Add comments explaining what we're actually doing: freeing
and zeroing the pkey->pkey union.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Again this can't actually fail, but if it did, things would leak.
Call GOST_KEY_free() in the error path.
ok jsing
CID 471706 (false positive)
|
| |
|
|
|
|
|
|
|
|
| |
Make this function single exit, check and assign and finally error
check EVP_PKEY_assign(). This can't actually fail currently, but
if it did, things would leak. Free the key data with freezero.
ok jsing
CID 471704 (false positive)
|
| |
|
|
|
|
|
| |
That we are still calling this (NB without error check because heritage),
made coverity unhappy.
CID 471705
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
in particular s/inl/in_len/ and s/outl/out_len/ as suggested by tb@.
While here, also get rid of the "outm" placeholder that has been
around since the file was added to OpenSSL in 2000, replacing it
with the usual "out" in the four function prototypes affected; tb@
and myself suspect it was simply a typo followed by copy and paste.
Slightly improve variable naming in the examples, too, for clarity and
consistency, even though that doesn't turn the examples into good examples.
OK tb@
|
| |
|
|
|
| |
and describe EVP_CIPHER_CTX_init(3) in a less misleading way.
Joint work with and OK tb@.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a bizarre EVP_CIPHER_CTX_cleanup() call in EVP_CipherInit()
leading to a subtle behavior difference with EVP_CipherInit_ex().
The history is that before EVP_CIPHER_CTX was made opaque, a context would
often live on the stack (hello, MariaDB) and the EVP_CIPHER_CTX_cleanup()
call was in fact an EVP_CIPHER_CTX_init() which just zeroes out the struct.
The problem with doing this is that on context reuse there could be data
hanging off it, causing leaks. Attempts were made to clean up things in
EVP_CipherFinal*(), but that broke applications reaching into the context
afterward, so they were removed again. Later on, opacity allowed changing
the _init() to a _cleanup() since EVP_CIPHER_CTX could no longer live on
the stack, so it would no longer contain garbage. I have to correct myself:
it would no longer contain stack garbage.
Now: EVP_CipherInit_ex() does some extra dances to preserve the AES key
wrap flag, which is cleared unconditionally in EVP_CipherInit(). That's
annoying to document and very likely never going to be an issue in the
wild: you'd need to do key wrap and then use the same context for use
with a cipher that does not allow key wrap for this to make a difference.
This way, all our EVP_{Cipher,Decrypt,Encrypt}*_ex() functions are now
trivially wrapped by their non-_ex() versions.
ok jsing
|
| |
|
|
|
|
|
|
| |
Clean up the cipher context unconditionally if the cipher is being set.
This allows doing the dance to retain the key wrap flag only once and
makes it more obvious that allocating the cipher data doesn't leak.
suggested by/ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
| |
None of these function pointers were ever set. Now that the structure is
opaque they won't ever be, so time for them to hit the bitbucket. Infinite
extensibility of the toolkit results in complications, bugs, and dead code.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If a negative n is passed, these functions would underrun the bitstring's
data array. So add checks for that and drop spades of unnecessary parens.
These functions are quite broken anyway. The setter attempts to zap the
unnecessary trailing zero octets, but fails to do so if the bit being
cleared isn't already set. Worse is the getter where you can't tell an
error (like attempting an out-of-bounds read) from the bit being unset.
ok joshua
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
These two functions previously wrapped a pkey_set_type() helper, which
was an utter mess because of ENGINE. With the long awaited departure of
ENGINE, this function became a lot simpler. A further simplification is
obtained by not doing the optimization to avoid an ameth lookup: this
requires walking a list of 11 ameths. We should consider bsearch()...
With this gone and a saner implementation of EVP_PKEY_free_it(), we can
implement these functions with a dozen lines of code each.
ok jsing
|
| |
|
|
|
|
|
|
| |
Use pkey instead of x, remove the pointless variable i, no need to check
for NULL before sk_X509_ATTRIBUTE_pop_free(), switch to freezero() to
leave fewer invalid pointers around.
ok jsing
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
|
|
| |
Rename the variable from x into pkey, make it NULL safe and unindent.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
There is no need for a local variable and a ternary operator here.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
| |
While here, also switch the argument placeholder from *impl to *engine
as suggested by tb@.
|
| |
|
|
|
|
| |
It really makes no sense to have the mess that is EVP_MD_CTX_copy{,_ex}()
live between EVP_Digest{Init{,_ex},Update,Final{,_ex}}() and EVP_Digest(),
the latter being a relatively simple wrapper of Init_ex/Update/Final_ex.
|
| |
|
|
|
|
|
| |
Consistently implement the _ex() version after the non-extended versions,
First Cipher Init/Update/Final, then Encrypt, then Decrypt. This only
switches the order of CipherFinal{,_ex} and move the DecryptInit* down,
so they are no longer somewhere in the middle of the Encrypt* functions.
|
| | |
|
| |
|
|
|
| |
I guess I'm getting old. Next time I'll have to add a reminder not to
forget to remove the reminder.
|
| | |
|
| |
|
|
|
|
|
| |
These remove a few more potential out-of-bounds accesses and ensure in
particular that the padding is between 1 and block_size (inclusive).
ok joshua jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
These are only ever set to one particular function which is either local
to this file or part of the public API and we never added the public API
to set them to something else. Prefix the local functions touched in this
commit with x509_vfy_. More cleanup to follow.
ok joshua jsing
|
| |
|
|
|
|
|
|
|
|
| |
Pull up the EVP_R_NO_CIPHER_SET check that was hidden somewhere down in the
middle of the function. Handle the reuse case outside of the big non-NULL
cipher case for now. This looks a bit odd but relies on the invariant that
cipher_data is only set if the cipher is set. It will be reworked in a
subsequent commit.
ok jsing
|
| | |
|
| |
|
|
| |
ok joshua jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
| |
The struct underlying the X509_STORE type is opaque ars and nothing uses
the accessors that OpenSSL added blindly for these. Therefore we didn't
add them in the first place. So this rips out several dozens of lines of
dead code.
ok beck joshua jsing
|
| |
|
|
|
|
| |
This API was recently neutered and will be removed in the next major bump.
Mark it as intentionally undocumented in EVP_PKEY_asn1_new.3 and remove it
from all other manuals.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using a loop to print pieces of a static buffer containing 20 spaces to
indent things is just silly. Even sillier is making this buffer const
without looking what it's actually used for... There is BIO_indent() or
BIO_printf() that can handle "%*s".
Add a length check to preserve behavior since BIO_indent() succeeds for
negattive indent.
However, peak silliness must be how BIO_dump_indent_cb() indents things.
That's for another day.
ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
