summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* remove a couple hundred sys/param.h includes in userland code, andderaadt2021-12-1350-227/+77
| | | | | | also whack some sys/cdefs.h early includes which is such a brutally bad pattern ok bluhm mbuhl
* Catch integer overflow rather than silently truncating whileschwarze2021-12-131-1/+10
| | | | | | parsing MASK: strings in ASN1_STRING_set_default_mask_asc(3). Issue noticed by tb@, patch by me, two additional #include lines from tb@. OK tb@.
* new manual pages i2d_ASN1_bio_stream(3) and SMIME_crlf_copy(3)schwarze2021-12-136-8/+203
|
* Annotate the structs that will be moved to hmac_local.h and evp_locl.htb2021-12-123-8/+20
| | | | | | | | | | | | in an upcoming bump. This omits EVP_AEAD_CTX which will be dealt with separately. EVP_CIPHER_INFO internals are still publicly visible in OpenSSL, so it won't be moved. Move typedefs for HMAC_CTX and EVP_ENCODE_CTX to ossl_typ.h. These typedefs will be visible by files including only hmac.h or evp.h since hmac.h includes evp.h and evp.h includes ossl_typ.h. ok inoguchi
* Include evp_locl.h where it will be needed once most structs fromtb2021-12-1271-72/+184
| | | | | | evp.h will be moved to evp_locl.h in an upcoming bump. ok inoguchi
* Add a mostly empty hmac_local.h. HMAC_CTX and a few other thingstb2021-12-127-6/+86
| | | | | | | from hmac.h will be moved there in an umpcoming bump. Include this file where it will be needed. ok inoguchi
* Add -I${LIBCRYPTO_SRC}/hmac to CFLAGS. Needed in an upcoming commit.tb2021-12-121-1/+2
| | | | ok inoguchi
* Add header guards to evp_locl.h.tb2021-12-121-1/+6
| | | | ok inoguchi
* Convert req.c to compile with opaque EVP_MD_CTX.tb2021-12-121-25/+43
| | | | ok inoguchi
* Convert passwd.c to opaque EVP_MD_CTX and add a bit of error checking.tb2021-12-121-35/+72
| | | | tweak/ok inoguchi
* Make speed.c compile with opaque EVP_CIPHER, EVP_MD and HMAC_CTX.tb2021-12-121-20/+29
| | | | ok inoguchi
* A few more simplifications using get0_pubkey instead of get_pubkey + free.tb2021-12-121-9/+5
|
* Simplify x509.c slightly by using X509_get0_pubkey() instead oftb2021-12-121-5/+3
| | | | | | X509_get_pubkey() ok inoguchi
* Make x509.c compile with opaque EVP_PKEY.tb2021-12-121-7/+15
| | | | ok inoguchi
* Use correct spelling of NULLtb2021-12-121-2/+2
| | | | ok inoguchi
* Make ts.c compile with opaque EVP_MD_CTX.tb2021-12-121-5/+10
| | | | ok inoguchi
* document the ub_* constantsschwarze2021-12-121-2/+22
|
* typoschwarze2021-12-121-2/+2
|
* New manual page providing a rudimentary description of BIO_new_NDEF(3).schwarze2021-12-124-5/+127
| | | | | | | The API surrounding this is so complicated and streaming is so rarely used in practice that describing this in more detail is not a priority right now. The documentation of the wrapper BIO_new_CMS(3) is also rather vague, and BIO_new_PKCS7() isn't described at all so far.
* Rewrite X509_ALGOR_set_md() without reaching into EVP_MD.tb2021-12-121-5/+3
| | | | ok inoguchi schwarze
* Merge two bugfixes in ASN1_STRING_TABLE_add(3) and ASN1_STRING_TABLE_get(3)schwarze2021-12-113-36/+189
| | | | | | | | | | | | | | | | | | | | | | from the OpenSSL 1.1.1 branch, which is still under a free license, mostly this commit: commit d35c0ff30b31be9fd5dcf3d552a16feb8de464bc Author: Dr. Stephen Henson <steve@openssl.org> Date: Fri Oct 19 15:06:31 2012 +0000 fix ASN1_STRING_TABLE_add so it can override existing string table values This fixes a segfault in ASN1_STRING_TABLE_add(3), which tried to change a static const entry when called with an nid already in the default table, and it switches the precedence of the two tables in ASN1_STRING_TABLE_get(3). In addition, it changes behaviour in the following minor ways: * Ignore negative minsize and maxsize arguments, not just -1. * Ignore a zero mask and zero flags. It's unclear whether these additional changes make the API absolutely better, but we want compatibility with OpenSSL in these functions. Tweaks & OK tb@.
* Merge the deletion of <ctype.h>, which isn't used here,schwarze2021-12-111-17/+21
| | | | | | | and some style improvements from the OpenSSL 1.1.1 branch, which is still under a free license. No functional change. OK and additional tweaks tb@.
* document STABLE_NO_MASK and STABLE_FLAGS_MALLOC,schwarze2021-12-111-13/+32
| | | | | mention which argument values can be used to not change the respective fields, and tweak a few additional wordings
* two more "the the" fixes;jmc2021-12-111-3/+3
|
* Stop passing __FILE__ and __LINE__ to various libcrypto functions. The argumentsanton2021-12-111-13/+13
| | | | | | | are unused in the end anyway and occupies needless space, especially in ftp(1) shipped with the ramdisk. ok tb@
* explain how X509_NAME_ENTRY_set_data(3) uses MBSTRING_FLAGschwarze2021-12-101-5/+20
|
* document the following constants:schwarze2021-12-102-4/+28
| | | | | B_ASN1_DIRECTORYSTRING, B_ASN1_PRINTABLE, B_ASN1_DISPLAYTEXT, B_ASN1_TIME, DIRSTRING_TYPE, PKCS9STRING_TYPE
* document V_ASN1_SEQUENCE and V_ASN1_SETschwarze2021-12-091-4/+9
|
* document V_ASN1_BOOLEANschwarze2021-12-091-2/+4
|
* improve the documentation of V_ASN1_APP_CHOOSEschwarze2021-12-092-6/+15
|
* Mention V_ASN1_PRIMITIVE_TAG and V_ASN1_EOC.schwarze2021-12-091-5/+14
| | | | | Seeing the symbolic names in addition to the magic numbers makes it esier to understand the text.
* add the missing STANDARDS sectionschwarze2021-12-091-2/+8
|
* Document V_ASN1_ANY.schwarze2021-12-091-12/+15
| | | | | | While here, tweak some wordings a bit to make it less likely that readers confuse the type held by an ASN1_TYPE object with the type of the ASN1_TYPE object itself, which is always V_ASN1_ANY.
* document V_ASN1_NEGschwarze2021-12-091-3/+10
|
* document V_ASN1_OBJECTschwarze2021-12-091-2/+6
|
* document V_ASN1_NULLschwarze2021-12-091-2/+6
|
* fix a typo in an .Xr argumentschwarze2021-12-091-3/+3
|
* Convert t1_enc.c to opaque EVP_MD_CTX.tb2021-12-091-25/+26
| | | | ok inoguchi jsing
* Convert ssl_srvr.c to opaque EVP_MD_CTX.tb2021-12-091-42/+44
| | | | ok inoguchi jsing
* Convert ssl_clnt.c to opaque EVP_MD_CTXtb2021-12-091-26/+29
| | | | ok inoguchi jsing
* Convert s3_cbc.c to opaque EVP_MD_CTX.tb2021-12-091-9/+10
| | | | ok inoguchi jsing
* Inline collect_data() in asn1_collect().jsing2021-12-091-21/+12
| | | | | | While here stop assigning a size_t to an int without bounds checks. ok inoguchi@ tb@
* Pull the recursion depth check up to the top of asn1_collect()jsing2021-12-091-5/+6
| | | | ok inoguchi@ tb@
* Remove handling of a NULL BUF_MEM from asn1_collect()jsing2021-12-091-14/+9
| | | | | | | | asn1_collect() (and hence collect_data()) is never called without a BUF_MEM - the only caller that passed NULL was removed in OpenSSL commit e1cc0671ac5. ok inoguchi@ tb@
* Fix missing return in asn1_compare_bytes()jsing2021-12-091-1/+2
|
* Add initial tests for coverage of ASN.1 complex/constructed types.jsing2021-12-092-1/+228
|
* Add initial tests for coverage of ASN.1 basic/primitive types.jsing2021-12-092-1/+135
|
* Fix an issue that might possibly turn into a DOS depending onschwarze2021-12-091-3/+3
| | | | | | | | | | how application software uses the API function BIO_indent(3): If the caller asks for some output, but not more than some negative number of bytes, give them zero bytes of output rather than drowning them in nearly INT_MAX bytes. OK tb@
* Add a section "NAMING CONVENTIONS".schwarze2021-12-091-36/+285
| | | | | | | | | There is no need to explain well-known acronyms that are widely used outside OpenSSL, too (like AES, ASN.1, CMS, ECDSA, PKCS...), but OpenSSL uses plenty of idiosyncratic naming elements that deserve to be explained (like d2i, ex, get0, ndef, sk, ...). Requested by jsing@; feedback and OK tb@.
* lsearch(3): reimplement using lfind(3)cheloha2021-12-081-32/+13
| | | | | | | | | | | | | | | | | | | | | | | | lsearch(3) is really just lfind(3) with an additional branch to append the key if lfind(3) fails. If we get rid of the underlying linear_base() function and move the search portion into lfind(3) and the key-copying portion into lsearch(3) we get smaller and simpler code. Misc. notes: - We do not need to keep the historical comment about errno. lsearch(3) is pure computation and does not set errno. That's really all you need to know. The specification reserves no errors, either. - We are using lfind(3) internally now, so it switches from PROTO_DEPRECATED to PROTO_NORMAL in hidden/search.h and needs DEF_WEAK in stdlib/lsearch.c. With advice from guenther@ on symbol housekeeping in libc. Thread: https://marc.info/?l=openbsd-tech&m=163885187632449&w=2 ok millert@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 15:58:42 +0000