summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Change return type of module_add()tb2024-03-201-17/+21
| | | | | | | There is one caller of this function which returns module_add() != NULL. Make the function return an int instead. suggested by and ok jsing
* Implement imodule_free() and call it from module_finish()tb2024-03-201-4/+15
| | | | ok jsing
* Make module_free() NULL safetb2024-03-201-1/+4
| | | | ok jsing
* Use the new certificates/chains in regress.jsing2024-03-209-32/+33
| | | | | | | | | | The new certificates are more representative of the real world. The old certificates use weak algorithms and expire in the very near future. Most of our regress has already been switched over, this changes the remainder. Thanks to Bernhard M. Wiedemann for reminding us of the upcoming expiry. ok tb@
* Move the OPENSSL_init() stub from o_init.c to crypto_init.ctb2024-03-193-13/+7
|
* Remove OPENSSL/CRYPTO_realloc documentationtb2024-03-191-21/+4
|
* Remove X509_ALGOR_set_md() documentationtb2024-03-193-37/+8
| | | | | As far as LibreSSL is concerned, this terrible API is pushing up the daisies.
* Annotate RSA-PSS SHA parameter encoding as wrongtb2024-03-171-1/+9
| | | | | | | | | | | | | | A historic blunderfest in the ASN.1 module for RSA-PSS led to very confusing text in various RFCs. davidben and my current reading of this is that parameters for SHA-* should be encoded as an ASN.1 NULL rather than omitted. The use of X509_ALGOR_set_evp_md() leads to them being omitted, and is therefore counter to the specification (but allowed. We should fix this. For now, leave a reminder. See https://boringssl-review.googlesource.com/c/boringssl/+/67088 for a lot more details. ok davidben
* Remove ugly parens and thereby fix KNFtb2024-03-161-9/+9
|
* Fix signed integer overflow in bnrand()tb2024-03-161-1/+6
| | | | | | | | | | | | | | | If more bits than INT_MAX - 7 are requested, the calculation of number of bytes required to store the bignum triggers undefined behavior due to signed integer overflow. This will typically result in bytes becoming negative which will then make malloc() fail. If the ulimit should be high enough to make malloc() succeed, there is a bad out of bounds write in case bottom is set (an odd number was requested). On jsing's request this does not deal with another bug which we could catch with a similar check due to BN_bn2bin() failing later on as the number of words in a BIGNUM is some fraction of INT_MAX. ok jsing
* Add missing Nm entries for OBJ_NAME_do_all*tb2024-03-141-3/+5
|
* Mark up X509_STORE_get1_objects()tb2024-03-141-3/+3
|
* Add back a .Pptb2024-03-141-2/+3
|
* Clarify ownership in X509_STORE_add_lookup()tb2024-03-061-3/+4
| | | | | Whether an X509_LOOKUP with given method already exists or not, this API returns an internal pointer that must not be freed.
* POSIX defines inet_ntoa, not inet_aton.bentley2024-03-061-3/+3
| | | | ok deraadt@ jmc@
* Remove CRL method API documentationtb2024-03-067-243/+11
|
* lh_<type>_error() is no longer implemented as a macrotb2024-03-051-4/+2
|
* Ugly workaround to let this compile again on non-clang platforms.miod2024-03-051-1/+9
|
* Remove GOST documentationtb2024-03-057-42/+17
|
* Remove ASN1_time_parse documentationtb2024-03-056-157/+9
|
* Remove EVP_MD_meth* documentationtb2024-03-058-378/+70
| | | | | Move the description of the EVP_MD_FLAGs to EVP_MD_nid() and add a reference to the CMS specification.
* Remove EVP_add_{cipher,digest}* docstb2024-03-044-198/+5
|
* lh_new.3: zap a trailing commatb2024-03-041-3/+3
|
* EVP_CIPH_CUSTOM_KEY_LENGTH and EVP_CTRL_SET_KEY_LENGTH are gonetb2024-03-041-14/+2
|
* Remove docs for sk_find_ex()tb2024-03-041-47/+3
|
* Remove documentation of some CRYPTO_THREADID APItb2024-03-041-58/+2
| | | | | CRYPTO_THREADID_{cpm,cpy,current,hash}() are no longer public, so remove their documentation.
* Document X509_STORE_get1_objects and deprecate the get0 versiontb2024-03-041-4/+38
| | | | | This manual is ordered a bit strangely in that some functions are only documented in RETURN VALUES.
* Reinstate a test that was accidentally removed in previoustb2024-03-031-1/+7
|
* include <time.h> for time_t and struct tm, needed for macostb2024-03-021-1/+2
| | | | ok millert miod
* Remove some GOST relicstb2024-03-024-210/+2
|
* Unhook some gost teststb2024-03-021-121/+1
|
* Crank libressl version to 3.9.0 (finally!)tb2024-03-021-3/+3
|
* crank libtls majortb2024-03-021-1/+1
| | | | same bump as libcrypto and libssl
* crank libssl majortb2024-03-021-1/+1
| | | | same bump as libcrypto; symbol removal and addition
* Remove SSL_debugtb2024-03-024-13/+3
| | | | | | | The garbage truck is quite full by now. Collect the last symbol straggler for this bump. ok jsing
* Garbage collect TLS1_FLAGS_SKIP_CERT_VERIFYtb2024-03-021-2/+1
| | | | | | And here goes another weird-ass thing of dubious pedigree. ok jsing
* Make {SSL3,TLS}_CT_* internaltb2024-03-023-28/+8
| | | | | | | | And here goes a bunch of unused macros that just had to be in two headers so they could get out of sync. Three of these constants are used in a single function... ok jsing
* Remove SSL_CIPHER_get_by_{id,value}()tb2024-03-024-23/+3
| | | | | | | | | While this undocumented API would have been much nicer and saner than SSL_CIPHER_find(), nothing used this except for the exporter test. Let's get rid of it again. libssl uses ssl3_get_cipher_by_{id,value}() directly. ok jsing
* Export SSL_get_{peer_,}signature_type_nid()tb2024-03-025-8/+13
| | | | | | | | | Also move the prototypes to the correct header. Oversight reported by Frank Lichtenheld, thanks! Fixes https://github.com/libressl/openbsd/issues/147 ok jsing
* crank libcrypto majortb2024-03-021-1/+1
| | | | | There were symbol addition, removal, function signature changes and struct visibility changes.
* Change sk in CRYPTO_EX_DATA from STACK_OF(void) * to void *tb2024-03-021-2/+2
| | | | Requested by jsing
* tedu OPENSSL_isservice() prototypetb2024-03-021-3/+1
| | | | | | | | When tedu tedued OPENSSL_isservice(), tedus chainsaw missed crypto.h. Finish the teduing of the hack for Visual C++ 5.0 (!), which is still present in the latest and greatest OpenSSL. ok jsing
* Make CRYPTO_THREADID opaquetb2024-03-028-25/+149
| | | | | | | | With ERR_STATE out of the way, we can make CRYPTO_THREADID opaque. The type is still accessed by used public API, but some of the public API can also go away. ok jsing
* Fix CRYPTO_malloc/free signaturestb2024-03-022-10/+8
| | | | | | | Importantly, the size in malloc is now a size_t instead of an int. The API now also takes a file and line to match upstream's signature. ok jsing
* Remove CRYPTO_*infotb2024-03-025-43/+3
| | | | | | | Long time neutered, only used (pointlessly without error checking) in the error code until very recently. ok jsing
* Remove a bunch of CRYPTO memory APItb2024-03-026-354/+4
| | | | | | | | This was neutered early on in the fork and has been rotting ever since. Some parts of the API are still used, but it's easier to clean up when most of the mess is gone. ok jsing
* Update list of OPENSSL_NO_*tb2024-03-021-5/+25
| | | | | | | This syncs the list with some version of upstream and exposes a few OPENSSL_NO_* that may now be relevant. from jsing (a long time ago)
* Remove a few no longer used sk_FOO_* stanzastb2024-03-021-85/+1
| | | | ok jsing
* Remove sk_find_ex()tb2024-03-028-97/+5
| | | | | | | This API intends to find the closest match to the needle. M2Crypto exposes it because it can. This will be fixed by patching the port. ok jsing
* Unhook and remove GOST and STREEBOGtb2024-03-0225-6776/+5
| | | | | | | | | | | | This stops compiling the GOST source. The current implementation is low quality and got in the way, especially in libssl. While we would be open for GOST support, it needs to be significantly better than what we have had and it also needs a maintainer. Add OPENSSL_NO_GOST to opensslfeatures and stop installing gost.h. Some code wrapped in #ifndef OPENSSL_NO_GOST will be removed later. ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 11:49:12 +0000