| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
Make it a static function and remove its prototype from the internal
header.
|
| |
|
|
|
|
|
| |
More idiomatic error checking and drop an always false test for !*pos. Use
a slightly closer approximation to actual English sentences in comments.
ok jsing
|
| |
|
|
|
|
| |
Rename cmsbio into cms_bio and use {,in_}content_bio for {,i}cont.
ok jsing
|
| |
|
|
|
|
|
|
| |
RFC 7539 was superseded by RFC 8439, incorporating errata and making
editorial improvements. Very little of substance changed, in particular
section numbers remain the same.
Prompted by a question from schwarze
|
| |
|
|
|
|
|
|
| |
Incorrect OpenSSL documentation was moved here and inherited parts of a
comment that was fixed in evp/e_chacha.c r1.13. Adjust the manual page
accordingly.
Discussed with schwarze
|
| |
|
|
|
|
|
|
|
|
|
| |
EVP_chacha20() was aligned to follow OpenSSL's nonconformant implementation
during a2k20 by djm and myself in an effort to allow OpenSSH to use the
OpenSSL 1.1 API. Some corresponding OpenSSL 1.1 documentation was imported
at the same time. A comment attempted to translate between implementation
and the incorrect documentation, which was necessarily gibberish. Improve
the situation by rephrasing and dropping nonsensical bits.
Prompted by a question of schwarze
|
| |
|
|
|
|
|
|
|
| |
Mention portability considerations regarding the EVP_AEAD API.
Avoid confusing words like "older" and "native" API, be specific.
Mention RFC 7905.
Move publications we don't implement from STANDARDS to CAVEATS.
Based on input from jsing@ and tb@, OK tb@.
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
This and ts/ts_rsp_sign.c r1.32 were part of OpenSSL 309e73df.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Factor eckey_param_free() out of eckey_pub_encode(). ASN1_OBJECT_free()
is not actually needed. This will be addressed later.
i2o_ECPublicKey() allocates internally if *out == NULL, so no need to do
the two-call dance. Its return value is documented to be <= 0 on error,
which is wrong in the sense that only 0 is returned. Keep using the same
check for <= 0 as everywhere else.
Set of EC_PKEY_NO_PARAMETERS after the poorly named eckey_param2type() to
avoid potential underhanded side effects.
In eckey_priv_encode(), error exits would leak pval was leaked a few times.
Avoid this and simplify using i2d's internal allocation. Reinstate the
flags in a single error path.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
On failure invalidate the cert with EXFLAG_INVALID. It's unlikely that
a cert would make it through to the end of this function without setting
the flag, but it's bad style anyway.
ok jsing
|
| | |
|
| |
|
|
| |
ok jsing
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
This also avoids more undefined behavior with memcmp().
ok jsing
PS: Unsolicited advice for no one in particular: there is this awesome tool
called grep. If someone reports an issue, you might want to use it to find
more instances.
|
| |
|
|
|
|
|
|
| |
If a->length is 0, either a->data or b->data could be NULL and memcmp()
will rely on undefined behavior to compare them as equal. So avoid this
comparison in the first place.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
document the control operations supported by EVP_chacha20_poly1305(3),
and add the missing STANDARDS and HISTORY sections.
This replaces all text written by Matt Caswell and all text Copyrighted
by OpenSSL in the year 2019.
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing miod
|
| |
|
|
|
|
|
|
|
| |
Fix a copy and paste mistake that Ronald Tse introduced in 2017 even
though Richard Levitte and Bernd Edlinger reviewed his commit - and that
i unwittingly copied. Even in the OpenSSL 3 main trunk, it wasn't fixed
until 2022, and in OpenSSL-1.1.1, it is still wrong.
Unfortunately, we need to be really careful before believing anything
the OpenSSL documentation says...
|
| |
|
|
|
|
| |
which is still under a free license, to work on it in the tree.
The required content changes have not been done yet,
i only tweaked the markup and wording so far.
|
| |
|
|
|
|
|
|
| |
Instead of using HOST_{c2l,l2c} macros, provide and use
crypto_load_le32toh() and crypto_store_htole32(). In some cases just
use htole32() directly.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
There are a bunch of unnecessary preprocessor directives - just condition
on MD5_ASM, the same as we do elsewhere.
ok tb@
|
| |
|
|
| |
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
| |
also point to a selection of functions from other sub-libraries that rely
on evp.h objects, in particular on EVP_CIPHER, EVP_MD, and EVP_PKEY.
While here, merge a few trivial improvements to orthography and
punctuation from the OpenSSL 1.1 branch.
|
| |
|
|
| |
a free license, tweaked by me
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
EVP_MD_CTX_clear_flags(3), EVP_MD_CTX_test_flags(3), and the atrocious
EVP_MD_CTX_set_pkey_ctx(3) for precision.
2. Tweak the description of EVP_MD_type(3) and EVP_MD_CTX_type(3)
for conciseness.
3. Add a few missing HISTORY bits.
|
| |
|
|
|
| |
q is copied across since OpenSSL 31360957 which hit our tree with
OpenSSL 1.0.1c in October 2012.
|
| |
|
|
| |
The prefixes in here are all over the place... This removes one variety.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
While it isn't the case for the default implementations, custom DH and DSA
methods could conceivably populate private and public keys, which in turn
would result in leaks in the pub/priv decode methods.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to OPENSSL_NO_ENGINE the engine member of dh and dsa is currently
uninitialized. As a consequence, {DH,DSA}_get0_engine() will return a
garbage pointer, which is particularly bad because the only reason we
kept them in the first place is that they are used by some software...
A side effect of freeing with {DH,DSA}_free() instead of a hand-rolled
version is that we may call ->meth->finish() before ->meth->init() was
called. We need a NULL check for ->meth to be on the safe side in case
we should need to bring ENGINE back.
with nits from djm
ok deraadt djm
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
which is still under a free license.
* document EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags
* document EVP_MD_flags, EVP_MD_CTX_md_data
* document EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx
* correct arg type of EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type
* more information about EVP_MD_CTX_ctrl
* add missing <string.h> and correct one variable type below EXAMPLES
* two orthographic improvements
with a few wording tweaks by me
|
| |
|
|
|
| |
Now that we're no longer dependent on md32_common.h, stop including it.
Remove various defines that only existed for md32_common.h usage.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace macros with static inline functions, as well as writing out the
variable rotations instead of trying to outsmart the compiler. Also pull
the message schedule update up and complete it prior to commencement of
the round. Also use rotate right, rather than transposed rotate left.
Overall this is more readable and more closely follows the specification.
On some platforms (e.g. aarch64) there is no noteable change in
performance, while on others there is a significant improvement (more than
25% on arm).
ok miod@ tb@
|
| |
|
|
|
|
|
|
| |
Use aint for the ASN1_INTEGER holding the key and astr for the ASN1_STRING
holding the parameters. This frees up key and params for their DER encoded
versions, matching the naming we use elsewhere much more closely.
ok jsing
|
