summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* improve the descriptions of most functionsschwarze2023-09-071-30/+45
|
* Split two new manual pages EVP_MD_nid(3) and EVP_MD_CTX_ctrl(3)schwarze2023-09-075-315/+501
| | | | out of the large EVP_DigestInit(3). No text change.
* Mark EVP_CIPHER_set_asn1_iv() and EVP_CIPHER_get_asn1_iv() as intentionallyschwarze2023-09-061-2/+7
| | | | | | | | undocumented because they are unused outside libcrypto according to codesearch.debian.net and should probably not be public: they seem hardly useful even for implementing custom EVP_CIPHER algorithms. tb@ came to similar conclusions regarding these two functions.
* Initialize afi & safi to zerojob2023-09-061-4/+5
| | | | OK tb@
* Avoid use-of-uninitialized in i2r_IPAddrBlocks()tb2023-09-061-1/+8
| | | | | | | Reported by Viktor Szakats in https://github.com/libressl/portable/issues/910 ok job
* Correct the RETURN VALUES of OBJ_add_object(3).schwarze2023-09-061-6/+33
| | | | | | | | The text was misleading before and after the improvement in obj_dat.c rev. 1.61. The way i'm fixing the documentation here takes that improvement into account. Also add a CAVEATS section about adding incomplete objects.
* add a BUGS section warning about the creation of incomplete objectsschwarze2023-09-051-3/+22
|
* Improve error handling in OBJ_add_object()tb2023-09-051-13/+7
| | | | | | | | | | | | | | | | | There is no need for a helper function to obfuscate lh_ADDED_OBJ_new(). Just call the real thing directly. Adding an object with a NID of NID_undef basically amounts to disabling a built-in OID. It does so in an incoherent fashion and the caller can't easily tell success from failure of the operation. Arguably the result is a corrupted objects table. Let's not allow adding such an object in an attempt at keeping things slightly more coherent. Issue noted and initial diff by schwarze while writing documentation ok schwarze
* document EVP_CIPHER_name(3)schwarze2023-09-051-2/+32
|
* add the missing .Dv macros to the list of flagsschwarze2023-09-051-13/+13
|
* improve the descriptions of almost all flags,schwarze2023-09-051-40/+101
| | | | in particular saying which API functions each flag affects
* Partial rewrite:schwarze2023-09-051-140/+231
| | | | | | | | | | | | | | | | | * Integrate the leftovers of the former NOTES section into the main text, resulting in a more logical order of information. * Make many descriptions more precise and tweak many wordings. For example, the description of OBJ_cmp(3) was totally misleading. Add a CAVEATS section explaining the scary ownership contracts of the functions returning ASN1_OBJECT pointers. Move the discussion of NID_undef to the BUGS section because the statement "objects which are not in the table have the NID value NID_undef" was misleading in more than one way. Considering that an API as fundamental as this one contains such a gigantic amount of quirks and traps and gaps makes me shudder.
* Make wp_local.h and cmll_local.h self-standingtb2023-09-044-9/+12
|
* unbreak build with llvm-16 by including sys/types.h for __BEGIN_HIDDEN_DECLSrobert2023-09-042-2/+6
| | | | | | /usr/src/lib/libcrypto/whrlpool/wp_local.h:5:1: error: unknown type name '__BEGIN_HIDDEN_DECLS' ok tb@
* whitespacetb2023-09-021-2/+2
|
* Align EVP_PKEY_get1_RSA() with EVP_PKEY_get0_RSA()tb2023-09-021-6/+7
|
* Many improvements, almost amounting to a partial rewrite:schwarze2023-09-011-48/+109
| | | | | | | | | | | | | * more precision what the CIPHER_CTX functions do * more precision what an NID is * avoid talking about RC2, use AES-256 for an example instead * clarify that block sizes are measured in bytes * mention additional restrictions regarding valid block sizes * add the missing description of the *_flags(3) functions * mention the public mask constant EVP_CIPH_MODE * add three missing modes that can occur as return values * add the missing entries for *_flags(3) and *_mode(3) below RETURN VALUES * tweak various wordings for precision and conciseness
* Fix EVP_PKEY_get0_RSA() for RSA-PSStb2023-09-011-6/+6
| | | | | | It currently returns NULL. This is OpenSSL 4088b926 + De Morgan. ok jsing
* fix an obvious typo in the OBJ_NAME_add(3) prototypeschwarze2023-09-011-3/+3
|
* Split three new manual pages EVP_CIPHER_nid(3), EVP_CIPHER_CTX_ctrl(3),schwarze2023-08-316-451/+727
| | | | | | | | | | | and EVP_CIPHER_CTX_set_flags(3) out of the excessively large and unwieldy EVP_EncryptInit(3). This causes a number of inaccuracies and gaps to stand out, but i'm not mixing text changes or content additions into this split. Using very useful feedback from tb@ regarding what belongs together and how important the various functions are. I refrained from bothering him with the complete patch, but he likes the general direction.
* Ensure no memory is leaked after passing NULL to ASN1_TIME_normalize()libressl-v3.8.1job2023-08-302-2/+7
| | | | OK tb@
* Document EVP_{CIPHER,MD}_do_all{,_sorted}(3)tb2023-08-303-3/+139
| | | | | | | | | | The function prototypes in the SYNOPSIS don't look great, but schwarze assures me that this is how it is supposed to be. It is rather strange that OpenSSL chose to sprinkle OPENSSL_init_crypto() calls into these four functions rather than two inside OBJ_NAME_do_all{,_sorted}(3). Surely there was a good reason for that. With input and fixes from schwarze
* Fix leaks in copy_issuer()tb2023-08-301-8/+14
| | | | | | | | | | | | | | The stack of subject alternative names from the issuer is parsed using X509V3_EXT_d2i(), so it must be freed with sk_GENERAL_NAME_pop_free(). It's not worth doing complicated ownership handling when the individual alternative names can be copied with GENERAL_NAME_dup(). Previously, ialt and its remaining members would be leaked when the call to sk_GENERAL_NAME_push() failed halfway through. This is only reachable via the issuer:copy x509v3.cnf(5) directive. ok jsing
* Replace last ecdh.h and ecdsa.h occurrences with ec.htb2023-08-294-16/+12
| | | | | | Except if backward compatibility with older LibreSSL and OpenSSL versions is explicitly needed, ecdsa.h and ecdh.h should no longer be used. They are now trivial wrappers of ec.h.
* Move the weak SHA-1 and MD5 hashes out of EVP_DigestInit(3)schwarze2023-08-274-46/+138
| | | | | into a new EVP_sha1(3) manual page, and also mention EVP_md4(3) there. Using input from tb@ and jsing@, who like the general direction.
* document the return value of EVP_PKEY_asn1_find(3) andschwarze2023-08-271-4/+20
| | | | the "len" argument and the return value of EVP_PKEY_asn1_find_str(3)
* EVP_PKEY_set_type_str(3) is now documented, so switch from .Fn to .Xrschwarze2023-08-271-3/+3
|
* document EVP_PKEY_set_type_str(3)schwarze2023-08-271-7/+46
|
* add the missing information that and how flags can be combined,schwarze2023-08-261-3/+7
| | | | and add the missing link to evp(3)
* Write documentation for EVP_CIPHER_CTX_buf_noconst(3) from scratch.schwarze2023-08-261-5/+42
| | | | | | | Put it here rather than into EVP_EncryptInit(3) because similar to EVP_CIPHER_CTX_get_cipher_data(3), application software should not use it. These functions will likely not be needed except by people implementing custom encryption algorithms.
* write documentation for EVP_CIPHER_CTX_copy(3)schwarze2023-08-261-4/+86
| | | | and EVP_CIPHER_CTX_encrypting(3) from scratch
* transfering -> transferringjsg2023-08-261-3/+3
|
* Remove two unnecessary local variablestb2023-08-261-9/+3
|
* make the one-line description read betterschwarze2023-08-251-3/+13
| | | | | and be more specific below RETURN VALUES; OK tb@
* In evp.h rev.s 1.90 and 1.97, tb@ provided EVP_CIPHER_CTX_get_cipher_data(3)schwarze2023-08-253-3/+114
| | | | | | and EVP_CIPHER_CTX_set_cipher_data(3). Import the manual page from the OpenSSL 1.1 branch, which is still under a free licence, with several improvements by me.
* fix eight more instances of copy & paste glitchesschwarze2023-08-251-9/+9
|
* KNF, no assembly changeschwarze2023-08-252-19/+15
| | | | OK tb@ jsing@
* Mention another bug for EVP_add_{cipher,digest}(3)tb2023-08-251-1/+4
|
* Improve EVP_add_cipher.3 a bittb2023-08-251-9/+26
| | | | | Fix some copy-paste errors in the prototypes, tweak the explanatory text and add some more details.
* Add more cross referencestb2023-08-252-4/+7
|
* Document EVP_add_{cipher,digest} and friendstb2023-08-253-3/+163
| | | | | These and EVP_{add,remove}_{cipher,digest}_alias() are mostly for internal use.
* zap a stray spacetb2023-08-251-2/+2
|
* cms_content_bio() is not used outside of cms_lib.ctb2023-08-242-5/+3
| | | | | Make it a static function and remove its prototype from the internal header.
* Some tweaking of cms_content_bio()tb2023-08-241-10/+10
| | | | | | | More idiomatic error checking and drop an always false test for !*pos. Use a slightly closer approximation to actual English sentences in comments. ok jsing
* Better names for the BIOs in CMS_dataInit()tb2023-08-241-14/+14
| | | | | | Rename cmsbio into cms_bio and use {,in_}content_bio for {,i}cont. ok jsing
* Update references from RFC 7539 to RFC 8439tb2023-08-243-10/+10
| | | | | | | | RFC 7539 was superseded by RFC 8439, incorporating errata and making editorial improvements. Very little of substance changed, in particular section numbers remain the same. Prompted by a question from schwarze
* Align the documentation of EVP_chacha20() with actual behaviortb2023-08-241-6/+6
| | | | | | | | Incorrect OpenSSL documentation was moved here and inherited parts of a comment that was fixed in evp/e_chacha.c r1.13. Adjust the manual page accordingly. Discussed with schwarze
* Clarify how the EVP IV is used with ChaChatb2023-08-241-8/+6
| | | | | | | | | | | EVP_chacha20() was aligned to follow OpenSSL's nonconformant implementation during a2k20 by djm and myself in an effort to allow OpenSSH to use the OpenSSL 1.1 API. Some corresponding OpenSSL 1.1 documentation was imported at the same time. A comment attempted to translate between implementation and the incorrect documentation, which was necessarily gibberish. Improve the situation by rephrasing and dropping nonsensical bits. Prompted by a question of schwarze
* Mention key and nonce lengths of AEAD ciphers.schwarze2023-08-232-33/+105
| | | | | | | | | Mention portability considerations regarding the EVP_AEAD API. Avoid confusing words like "older" and "native" API, be specific. Mention RFC 7905. Move publications we don't implement from STANDARDS to CAVEATS. Based on input from jsing@ and tb@, OK tb@.
* Pull the NULL check for cmsbio into the switchtb2023-08-221-14/+10
| | | | ok jsing