Factor eckey_param_free() out of eckey_pub_encode(). ASN1_OBJECT_free()
is not actually needed. This will be addressed later.
i2o_ECPublicKey() allocates internally if *out == NULL, so no need to do
the two-call dance. Its return value is documented to be <= 0 on error,
which is wrong in the sense that only 0 is returned. Keep using the same
check for <= 0 as everywhere else.
Set of EC_PKEY_NO_PARAMETERS after the poorly named eckey_param2type() to
avoid potential underhanded side effects.
In eckey_priv_encode(), error exits would leak pval was leaked a few times.
Avoid this and simplify using i2d's internal allocation. Reinstate the
flags in a single error path.
ok jsing
We have been pulling in all actual changes over the past months, so this
is only a version number bump. The relevant entries of the ChangeLog are:
* Building using K&R (pre-ANSI) function definitions is no longer supported.
* Fixed a bug in deflateBound() for level 0 and memLevel 9.
* Fixed a bug when gzungetc() is used immediately after gzopen().
* Fixed a bug when using gzflush() with a very small buffer.
* Fixed a crash when gzsetparams() is attempted for a transparent write.
ok deraadt miod millert
OK millert@.
Tested by naddy@ in a bulk and by matthieu@ in the new foot(1) port.
I originally wrote the code in 2022 at the prodding of espie@.
Using one improvement to a manual page from jmc@.
On failure invalidate the cert with EXFLAG_INVALID. It's unlikely that
a cert would make it through to the end of this function without setting
the flag, but it's bad style anyway.
ok jsing
This also avoids more undefined behavior with memcmp().
ok jsing
PS: Unsolicited advice for no one in particular: there is this awesome tool
called grep. If someone reports an issue, you might want to use it to find
more instances.
If a->length is 0, either a->data or b->data could be NULL and memcmp()
will rely on undefined behavior to compare them as equal. So avoid this
comparison in the first place.
ok jsing
document the control operations supported by EVP_chacha20_poly1305(3),
and add the missing STANDARDS and HISTORY sections.
This replaces all text written by Matt Caswell and all text Copyrighted
by OpenSSL in the year 2019.
Fix a copy and paste mistake that Ronald Tse introduced in 2017 even
though Richard Levitte and Bernd Edlinger reviewed his commit - and that
i unwittingly copied. Even in the OpenSSL 3 main trunk, it wasn't fixed
until 2022, and in OpenSSL-1.1.1, it is still wrong.
Unfortunately, we need to be really careful before believing anything
the OpenSSL documentation says...
which is still under a free license, to work on it in the tree.
The required content changes have not been done yet,
i only tweaked the markup and wording so far.
Instead of using HOST_{c2l,l2c} macros, provide and use
crypto_load_le32toh() and crypto_store_htole32(). In some cases just
use htole32() directly.
ok tb@
also point to a selection of functions from other sub-libraries that rely
on evp.h objects, in particular on EVP_CIPHER, EVP_MD, and EVP_PKEY.
While here, merge a few trivial improvements to orthography and
punctuation from the OpenSSL 1.1 branch.
Add timer precision flags NOTE_SECONDS, NOTE_MSECONDS, NOTE_USECONDS
and NOTE_NSECONDS for EVFILT_TIMER. Also, add an initial implementation
of NOTE_ABSTIME timers.
Similar kevent(2) flags exist on FreeBSD, NetBSD and XNU.
Initial diff by and OK aisha@
OK mpi@
the few assembler versions as has been done on other *BSD systems; this
function (modf) turns out to be non-trivial enough, having only one
known-to-work version is preferrable.
Reported by Willemijn Coene.
EVP_MD_CTX_clear_flags(3), EVP_MD_CTX_test_flags(3), and the atrocious
EVP_MD_CTX_set_pkey_ctx(3) for precision.
2. Tweak the description of EVP_MD_type(3) and EVP_MD_CTX_type(3)
for conciseness.
3. Add a few missing HISTORY bits.
While it isn't the case for the default implementations, custom DH and DSA
methods could conceivably populate private and public keys, which in turn
would result in leaks in the pub/priv decode methods.
ok jsing
