|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| ... |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | in an upcoming bump.  This omits EVP_AEAD_CTX which will be dealt with
separately. EVP_CIPHER_INFO internals are still publicly visible in
OpenSSL, so it won't be moved.
Move typedefs for HMAC_CTX and EVP_ENCODE_CTX to ossl_typ.h.  These
typedefs will be visible by files including only hmac.h or evp.h since
hmac.h includes evp.h and evp.h includes ossl_typ.h.
ok inoguchi | 
| | 
| 
| 
| 
| 
| | evp.h will be moved to evp_locl.h in an upcoming bump.
ok inoguchi | 
| | 
| 
| 
| 
| 
| 
| | from hmac.h will be moved there in an umpcoming bump. Include this
file where it will be needed.
ok inoguchi | 
| | 
| 
| 
| | ok inoguchi | 
| | 
| 
| 
| | ok inoguchi | 
| | 
| 
| 
| | ok inoguchi | 
| | 
| 
| 
| | tweak/ok inoguchi | 
| | 
| 
| 
| | ok inoguchi | 
| | |  | 
| | 
| 
| 
| 
| 
| | X509_get_pubkey()
ok inoguchi | 
| | 
| 
| 
| | ok inoguchi | 
| | 
| 
| 
| | ok inoguchi | 
| | 
| 
| 
| | ok inoguchi | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | The API surrounding this is so complicated and streaming is so rarely
used in practice that describing this in more detail is not a priority
right now.  The documentation of the wrapper BIO_new_CMS(3) is also
rather vague, and BIO_new_PKCS7() isn't described at all so far. | 
| | 
| 
| 
| | ok inoguchi schwarze | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | from the OpenSSL 1.1.1 branch, which is still under a free license,
mostly this commit:
commit d35c0ff30b31be9fd5dcf3d552a16feb8de464bc
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Fri Oct 19 15:06:31 2012 +0000
fix ASN1_STRING_TABLE_add so it can override existing string table values
This fixes a segfault in ASN1_STRING_TABLE_add(3), which tried to change a
static const entry when called with an nid already in the default table,
and it switches the precedence of the two tables in ASN1_STRING_TABLE_get(3).
In addition, it changes behaviour in the following minor ways:
* Ignore negative minsize and maxsize arguments, not just -1.
* Ignore a zero mask and zero flags.
It's unclear whether these additional changes make the API absolutely
better, but we want compatibility with OpenSSL in these functions.
Tweaks & OK tb@. | 
| | 
| 
| 
| 
| 
| 
| | and some style improvements from the OpenSSL 1.1.1 branch,
which is still under a free license.
No functional change.
OK and additional tweaks tb@. | 
| | 
| 
| 
| 
| | mention which argument values can be used to not change the respective fields,
and tweak a few additional wordings | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | are unused in the end anyway and occupies needless space, especially in ftp(1)
shipped with the ramdisk.
ok tb@ | 
| | |  | 
| | 
| 
| 
| 
| | B_ASN1_DIRECTORYSTRING, B_ASN1_PRINTABLE, B_ASN1_DISPLAYTEXT, B_ASN1_TIME,
DIRSTRING_TYPE, PKCS9STRING_TYPE | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| | Seeing the symbolic names in addition to the magic numbers
makes it esier to understand the text. | 
| | |  | 
| | 
| 
| 
| 
| 
| | While here, tweak some wordings a bit to make it less likely that
readers confuse the type held by an ASN1_TYPE object with the type
of the ASN1_TYPE object itself, which is always V_ASN1_ANY. | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| | ok inoguchi jsing | 
| | 
| 
| 
| | ok inoguchi jsing | 
| | 
| 
| 
| | ok inoguchi jsing | 
| | 
| 
| 
| | ok inoguchi jsing | 
| | 
| 
| 
| 
| 
| | While here stop assigning a size_t to an int without bounds checks.
ok inoguchi@ tb@ | 
| | 
| 
| 
| | ok inoguchi@ tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| | asn1_collect() (and hence collect_data()) is never called without
a BUF_MEM - the only caller that passed NULL was removed in OpenSSL
commit e1cc0671ac5.
ok inoguchi@ tb@ | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | how application software uses the API function BIO_indent(3):
If the caller asks for some output, but not more than some negative
number of bytes, give them zero bytes of output rather than drowning
them in nearly INT_MAX bytes.
OK tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | There is no need to explain well-known acronyms that are widely
used outside OpenSSL, too (like AES, ASN.1, CMS, ECDSA, PKCS...),
but OpenSSL uses plenty of idiosyncratic naming elements that
deserve to be explained (like d2i, ex, get0, ndef, sk, ...).
Requested by jsing@; feedback and OK tb@. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | lsearch(3) is really just lfind(3) with an additional branch to append
the key if lfind(3) fails.  If we get rid of the underlying
linear_base() function and move the search portion into lfind(3) and
the key-copying portion into lsearch(3) we get smaller and simpler
code.
Misc. notes:
- We do not need to keep the historical comment about errno.  lsearch(3)
  is pure computation and does not set errno.  That's really all you
  need to know.  The specification reserves no errors, either.
- We are using lfind(3) internally now, so it switches from
  PROTO_DEPRECATED to PROTO_NORMAL in hidden/search.h and needs
  DEF_WEAK in stdlib/lsearch.c.
With advice from guenther@ on symbol housekeeping in libc.
Thread: https://marc.info/?l=openbsd-tech&m=163885187632449&w=2
ok millert@ | 
| | |  | 
| | 
| 
| 
| | while here, improve some of the existing text in minor ways |