| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
This way it doesn't do nonsensical work for all those who cargo culted an
init sequence. There's no point in having SSL_library_init() as a cheaper
version of OPENSSL_init_ssl(): once you do crypto, you'll init crypto...
Also move the now trivial implementation to ssl_init.c which has a good
license.
ok jsing
|
| |
|
|
|
|
|
|
| |
It's pointless: all the ciphers and digests added by SSL_library_init()
are already added by OPENSSL_init_crypto(), which was already called at
that point.
ok jsing
|
| |
|
|
|
|
|
| |
Its current position makes no sense and it will become a wrapper of the
latter in a subsequent commit.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Instead of printing to a temporary buffer with weird gymnastics, we can
simply write things out to the BIO using proper indent. This still isn't
perfect since we have a CBS version of this in ecx_buf_print(), which is
basically what used to be ASN1_buf_print(). Annotate this with an XXX for
future cleanup.
ok beck
|
| |
|
|
|
| |
This should allow us to constify a sizable table in libcrypto in an
upcoming bump.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If the offset is > 124, this function would overwrite between 1 and 5 bytes
of stack space after str[128]. So for a quick fix extend the buffer by 5
bytes. Obviously this is the permanent fix chosen elswehere. The proper fix
will be to rewrite this function from scratch.
Reported in detail by Masaru Masuda, many thanks!
Fixes https://github.com/libressl/openbsd/issues/145
begrudging ok from beck
|
| |
|
|
| |
But do away with the OPENSSL_NO_ENGINE dance.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
As usual, a few manual fixes to avoid duplicate lines.
ok jsing
|
| |
|
|
|
|
| |
This allows us to simplify ssl_do_client_cert_cb() a bit.
ok jsing
|
| | |
|
| |
|
|
|
|
|
| |
This is mechanical apart from a few manual edits to avoid doubled empty
lines.
ok jsing
|
| |
|
|
|
|
|
| |
This includes a manual intervention for the call to EVP_PKEY_meth_find()
which ended up in the middle of nowhere.
ok jsing
|
| |
|
|
|
|
|
| |
Also rip out all the gross, useless comments. There's still too much
garbage in here...
ok jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
They document functionality that no longer exists.
|
| | |
|
| |
|
|
|
| |
There's probably more that needs to be updated here, but that can be done
another day.
|
| | |
|
| |
|
|
| |
remove two Xr to ENGINE manuals.
|
| | |
|
| | |
|
| |
|
|
| |
In particular, do not use an uninitialized engine, simply pass NULL.
|
| |
|
|
|
|
|
|
|
| |
We can call ASN1_item_unpack() which will end up stuffing the same
arguments into ASN1_item_d2i() as d2i_PBEPARAM(). This eliminates
the last struct access into X509_ALGOR outside libcrypto in the base
tree.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok beck
|
| |
|
|
| |
CID 468015
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A recent change in EVP_CIPHER_CTX_iv_length() made it possible in principle
that this function returns -1. This can only happen for an incorrectly set
up EVP_CIPHER. Still it is better form to check for negative lengths before
stuffing it into a memcpy().
It would probably be desirable to cap the iv_length to something large
enough. This can be done another time.
ok beck
|
| |
|
|
| |
where that information was missing.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
I was told not to look since it will magically get fixed. Fine. I'd still
have expected a minimal amount of care so that the manpage isn't totally
dysfunctional and missing text in the right places. Sigh.
|
| | |
|
| |
|
|
| |
These use static helper functions which don't need prototypes this way.
|
| |
|
|
|
|
|
| |
This converts to proper single exit and undoes a number of unnecessarily
silly muppet antics.
ok beck
|
