summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Neuter the remainder of the ameth libtb2024-01-041-65/+13
| | | | | | | | | | | The few pieces of the ameth lib that will stay in libcrypto were moved to p_lib.c recently. The functions that still are in ameth_lib.c will be removed in the next major bump. With disabled EVP_PKEY_asn1_add{0,_alias}() API they are completely useless now and they are getting in the way of more ameth surgery. Rip out their guts and turn them into stubs that do nothing but push an error onto the stack. ok jsing
* Split ameth arrays into individual methodstb2024-01-044-149/+150
| | | | | | | | | | | | For some reason DSA, GOST, and RSA had their ASN.1 methods stored in an array. This is clumsy and the only benefit is that one saves a few externs in p_lib.c. They were also arranged by ascending NID because of bsearch() madness. Split them up and arrange the methods by name, which is much saner and simpler. ok jsing
* Improve length checks for oiv and ivtb2024-01-041-4/+5
| | | | | | | | | | There are two unsigned char arrays of size EVP_MAX_IV_LENGTH to store the IVs of block ciphers. In most modes, only iv is used, but in some modes iv is modified and oiv is used to store the original IV. At the moment nothing enforces that they are of the same length. Therefore make sure the correct one or both are checked before writing to or reading from them. ok miod
* Improve order in ancient CMS helperstb2024-01-031-25/+25
| | | | | | | First came EVP_CIPHER_param_to_asn1() which wraps EVP_CIPHER_set_asn1_iv() which was implemented last. Then came EVP_CIPHER_asn1_to_param() wrapping EVP_CIPHER_get_asn1_iv(). Move each param function below the iv function it wraps.
* Move a t to the right place in a commenttb2024-01-021-2/+2
|
* Match struct order for the EVP_CIPHER_CTX accessorstb2024-01-021-69/+73
| | | | | | This isn't great since the struct is ordered in about the silliest way imaginable, but it is better than it was before. Bringing order into this mess is harder than solving a Rubik's cube.
* Move down EVP_CIPHER_CTX accessors expose EVP_CIPHER internalstb2024-01-021-38/+42
| | | | | These confusingly named getters were added "for convenience" in 1.1. They fit best next to the EVP_CIPHER API.
* Move the trivial EVP_CIPHER getters downtb2024-01-021-31/+35
| | | | | They are now below the CMS ASN.1 IV stuff, but above the EVP_CIPHER_meth* API, which are setters, in a way.
* Simplify EVP_CIPHER_{asn1_to_param,parma_to_asn1}()tb2024-01-021-17/+13
| | | | There's no need for a ret variable and else if/else
* Move the EVP_CIPHER API that only exists for CMS/legacy a bit downtb2024-01-021-121/+125
|
* sm4: more NULL misspellingstb2024-01-021-4/+4
|
* Two spellings of key length are enoughtb2024-01-021-6/+7
| | | | | | The API is called EVP_CIPHER_CTX_set_key_length() it has an argument called keylen and, the EVP_CIPHER_CTX's member is called key_len. One of the three is trivial to adjust, so do it.
* Rename the poor outlier EVP_CIPHER *e into *ciphertb2024-01-021-3/+3
|
* Better variable names in EVP_CIPHER_type()tb2024-01-021-7/+8
| | | | | The EVP_CIPHER *ctx (yes) is renamed to cipher, otmp becomes an aobj. Change two !ptr to ptr == NULL checks.
* Consistently use ctx for an EVP_CIPHER_CTXtb2024-01-021-36/+36
| | | | Not c (which is most of the time an EVP_CIPHER) or a (?!).
* Fix bounds check in EVP_PKEY_CTX_get_keygen_info()tb2024-01-011-2/+2
| | | | | | | | | Replace > with >= for the upper array bound to disallow a 4 byte overread. For RSA you can read the padding mode and for DH past the DH_PKEY_CTX. Unfortunately, Ruby thought it important to use this, so we can't kill it easily. ok miod
* kill gross whitespacetb2024-01-011-6/+6
|
* pkey_is_pss() and pkey_ctx_is_pss() to rsa_ameth.ctb2024-01-012-6/+6
| | | | | These aren't particularly helpful and should probably both be expanded. For now move them to the only place where they are actually used.
* Remove EVP_PKEY's save_type membertb2024-01-012-6/+2
| | | | | | | This was only used to avoid an ameth lookup in EVP_PKEY_set_type(), a micro-optimization that was removed in p_lib.c r1.48. ok jsing
* KNF nittb2023-12-311-2/+2
|
* Sort the NIDs by nametb2023-12-311-8/+8
| | | | requested by jsing
* Replace the sorted extensions lookup with a switchtb2023-12-311-58/+23
| | | | | | | | | If all you have is OBJ_bsearch_(), everything looks like a nail. This changes a binary search over a list of 12 elements with a lookup via a switch. switch suggested by claudio ok jsing
* Sprinkle a handfull of missing continuetb2023-12-311-1/+10
|
* Make x509_issuer_cache_free_oldest() statictb2023-12-301-2/+2
| | | | | This is an internal function and you can't hold the required mutex to call it anyway since that's internal, too.
* Some Australians don't like voids eithertb2023-12-301-3/+3
|
* One more missing void was hiding heretb2023-12-301-2/+2
|
* Some BoringSSL devs spent too much time with C++tb2023-12-302-4/+4
|
* Add extended regress coverage for ASN.1 methodstb2023-12-301-1/+147
| | | | | | | | Validate that every alias resolves to a non-alias in one step and that non-aliases have pkey_id == pkey_base_id, an info string and a pem_str. They can be looked up by their pkey_id or pem_str. Conversely, all these are false for aliases.
* Fix two more unchecked EVP_PKEY_assign() callstb2023-12-301-17/+25
| | | | | | | | | In SSL{_CTX}_use_RSAPrivateKey() switch from EVP_PKEY_assign_RSA() to EVP_PKEY_set1_RSA() and hold on to the reference of the the pkey for the duration of ssl_set_pkey(). Use single exit and other minor style cleanups. ok joshua jsing
* fix previous: key -> parametertb2023-12-291-2/+2
|
* A .Xr to DSA_generate_parameters_ex() was lost accidentallytb2023-12-291-1/+2
|
* Move DSA_generate_parameters.3 to DSA_generate_parameters_ex.3tb2023-12-292-3/+3
|
* Adjust documentation for upcoming DSA_generate_parameters removaltb2023-12-295-70/+17
| | | | | | | This removes any mention of DSA_generate_parameters in the manuals apart from a comment that it is intentionally undocumented and adapts cross references to DSA_generate_parameters_ex. The file itself will be moved in a second step.
* ameth_lib: zap trailing empty linetb2023-12-291-2/+1
|
* eckey: adjust some variable names and unwrap function definitionstb2023-12-291-11/+8
| | | | ok jsing
* Clean up old_ec_priv_decode()tb2023-12-291-10/+17
| | | | | | As per usual. Stylistic adjustments and missing error check. ok jsing
* Clean up eckey_param_decode()tb2023-12-291-9/+16
| | | | | | | | This aligns eckey's parameter decoding routine with the one of other cipher abstractions: better variable names, single exit and add missing check for EVP_PKEY_assign_EC_KEY(). ok jsing
* Rework eckey_priv_decode()tb2023-12-291-49/+53
| | | | | | | | | Factor out the pubkey computation and bring it into more sensible form. This removes lots of pointless setting of errors (twice) and makes the code a bit easier on the eyes. Other than that perform some stylistic cleanup like single exit and add an error check for EVP_PKEY_assign(). ok jsing
* Move a call to X509_ALGOR_get0() down a linetb2023-12-291-2/+2
|
* Neuter the SSL_set_debug(3) APItb2023-12-294-21/+5
| | | | | | | | | | | The TLSv1.3 stack didn't support this in the first place, and in the legacy stack it only added some dubious BIO_flush(3) calls. The sleep call between SSL_read(3) and SSL_write(3) advertised in the comment next to the flag has been a sleep call in the s_server since time immemorial, nota bene between calls to BIO_gets(3). Anyway. This can all go and what remains will go with the next major bump. ok jsing
* Garbage collect the last users of SSL_set_debug(3)tb2023-12-292-5/+2
| | | | | | | | This undocumented, incomplete public function has never done anything useful. It will be removed from libssl. Removing it from openssl(1) clears the way for this. ok jsing
* s_client: pause hasn't worked in ages. Just ignore ittb2023-12-292-13/+5
| | | | ok jsing
* Move the EVP_PKEY_asn1_* API that will stay to evp/p_lib.ctb2023-12-295-212/+260
| | | | | | | | Most of these functions are only called from this file internally apart from the pem_str lookups from pem/. In the next major bump we can then remove asn/ameth_lib.c. Also move EVP_PKEY_ASN1_METHOD to evp_local.h. While this is used to dispatch to various ASN.1 decoding routines, it doesn't fit into asn1/ at all.
* Zap some whitespacetb2023-12-291-2/+2
|
* Replace outdated comment on EVP_PKEY_asn1_find() with a todo itemtb2023-12-291-5/+5
|
* Move EVP_PKEY_asn1_add* to the end of the filetb2023-12-291-15/+20
| | | | Also add a reminder to remove most of the public API in this file.
* Move the EVP_MD block size accessor downtb2023-12-291-7/+11
| | | | | | This way all the EVP_MD accessors are in the order of the struct fields. Well, arguably the EVP_MD_meth* should come first, but they are scheduled to go meet the dodo.
* Move the EVP_MD_CTX flag accessors up a bittb2023-12-291-19/+19
| | | | This way the accessors are sorted the same way as the struct.
* Hoist EVP_MD_CTX accessors to after EVP_MD_CTX_ctrltb2023-12-291-63/+62
| | | | | | | This way the file has EVP_Digest*, then EVP_MD_CTX new/free/clean, then ctrl then the EVP_MD_CTX accessors, then the EVP_MD accessors and finally the EVP_MD_meth stuff and the order of things starts making a wee bit of sense.
* Move init/reset next to cleanuptb2023-12-291-13/+13
| | | | | | This way new/free aka create/destroy are next to each other. reset/cleanup are the same thing and init will join the club after some other fixing because two APIs that do the exact same thing aren't enough.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-31 23:57:51 +0000