| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
| |
Call a BIO bio rather than bi, a, or b; don't cast when assigning from
or to a (void *). Drop loads of silly redundant parentheses, use better
order of variable declarations.
No change in the generated assembly
|
| |
|
|
|
|
|
|
| |
It's unclear whether the functions these support were ever really
used for anything else than kicking off an overenginerred state
machine.
ok jsing
|
| |
|
|
|
|
|
| |
After a EVP_PKEY_new() failure, a NULL pointer would be passed to the
keygen pmeth, which could result in tears.
ok beck jsing
|
| |
|
|
|
| |
This file was very undecided what style to choose and often changed its
mind in the middle of a function. No change in the generated assembly.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Make them static. Don't make them allocate if passed a NULL ASN1_TIME to
avoid leaks. This currently means that we accept a NULL and succeed. That's
very ugly but better than what we have now.
Simplify ASN1_TIME_set_string_internal() accordingly and allocate an
ASN1_TIME at the API boundary of ASN1_TIME_adj_internal() and of
ASN1_TIME_to_generalized_time().
ok beck (after a lot of squealing and distress)
|
| | |
|
| |
|
|
|
|
| |
accidentally not included in crypto.h commit
requested and ok tb@
|
| | |
|
| |
|
|
|
|
| |
use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard
ok tb@
|
| |
|
|
|
|
| |
use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard around them.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
Mark them LCRYPTO_UNUSED appropriately and remove the LIBRESSL_INTERNAL
guards around them
ok tb@
|
| |
|
|
|
|
| |
and remove the LIBRESSL_INTERNAL guards around them
ok tb@
|
| |
|
|
|
|
| |
These got missed when they were hidden
ok tb@
|
| |
|
|
|
| |
This removes the LIBRESSL_INTERNAL guards and marks
the functions within as LCRYPTO_UNUSED
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
crypto.h already had the symbols not hidden behind LIBRESSL_INTERNAL
hidden - This now picks up the reset of them marking them as
LCRYPTO_UNUSED, and removes the LIBRESSL_INTERNAL guard.
These symbols will now be hidden, but if we use them inside
the library in a namespaced build we will get a deprecation
warning. use outside the library will be as with any other hidden
symbol, so fine.
ok tb@
|
| |
|
|
|
| |
This causes a SIGFPE on solaris
Fixes https://github.com/libressl/portable/issues/1042
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
We added things we probably shouldn't have, and so did BoringSSL and
OpenSSL. Terrible API is terrible.
discussed with jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This guentherizes the public symbols from conf.h
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
This API can be called with s == NULL, in which case the tm_to_*()
functions helpfully allocate a new s and then leak. This is a rather
ugly fix to make portable ASAN regress happy again, the better fix
will be to rewrite the tm_to_*() functions and adjust their callers.
That is more intrusive and will be done in a later pass.
ok bcook jsing
|
| |
|
|
|
|
|
| |
This picks up most of the remaining public symbols in
x509.h
ok tb@
|
| |
|
|
|
|
| |
largely mechanically done by the guentherizer 9000
ok tb@
|
| |
|
|
|
|
| |
For consitency with everything else.
ok tb@
|
| |
|
|
|
|
|
| |
These did not get removed from here when they got removed
from Symbols.list after a major bump.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This cache was added because our time conversion used timegm()
and gmtime() which aren't very cheap. These calls were noticably
expensive when profiling things like rpki-client which do many
X.509 validations.
Now that we convert times using julien seconds from the unix
epoch, BoringSSL style, instead of a julien days from a
Byzantine date, we no longer use timegm() and gmtime().
Since the julien seconds calculaitons are cheap for conversion,
we don't need to bother caching this, it doesn't have a noticable
performance impact.
While we are at this correct a bug where
x509_verify_asn1_time_to_time_t was not NULL safe.
Tested for performance regressions by tb@ and job@
ok tb@ job@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This makes it where people can't put dumb values in certs without
trying harder, and changes the regress to test this.
GENERALIZED times outside of the RFC5280 spec are required for OCSP
but these should be constructed with the GENERALIZED time string
setters.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an API to add an OID attribute to the set of SMIMECapabilities.
While attributes are complicated in general, this only supports simple
capabilities encoded as an OID with an optional integer parameter (e.g.,
the key size of a cipher).
Make this API transactional, i.e., don't leave a new empty set behind on
failure or leak the key size if setting the parameter on the X509_ALGOR
fails.
Also convert to single exit and add a doc comment with a reference.
ok beck
|
| |
|
|
|
|
|
|
|
| |
Vincent Lee spotted that I failed to update numbers that count how many
functions are documented here when removing {CRYPTO,OPENSSL}_realloc.
This isn't helpful information and nobody will remember to go look for
such numbers next time this page is adjusted, so remove the counts.
agreement from jmc
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unlike for previous TLS versions, TLSv1.3 servers can send the supported
groups extension to inform a client of the server's preferences. The
intention is that a client can adapt for subsequent commits. We ignore
this info for now, but sthen ran into java-based servers that do this.
Thus, rejecting the extension outright was incorrect. Instead, only allow
the extension in TLSv1.3 encrypted extensions. This way the F5 workaround
is also disabled, but we continue to interoperate with TLSv1.3 servers that
do follow the last paragraph of RFC 8446, section 4.2.7.
This mostly adjusts outdated/misleading comments.
ok jsing sthen
|
| |
|
|
|
|
|
|
| |
groups extension from the server). It triggers 'CONNECT_CR_SRVR_HELLO:tlsv1
alert decode error' when connecting to a (modern) java server (tomcat 10.1.18
on openjdk 17.0.10).
"please revert" tb@
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
system will allocate a port.
|
| |
|
|
|
|
| |
HMAC_CTX_reset() and HMAC_Init() had missing LCRYPTO_ALIAS().
ok beck jsing
|
| |
|
|
|
|
|
|
|
| |
If namespace builds are enabled, static links don't work due to missing
_lcry_* symbols. Make LCRYPTO_UNUSED() match LCRYPTO_USED() with an extra
deprecated attribute. This way we can remove the !LIBRESSL_INTERNAL #ifdef
wrapping in public headers.
ok beck joshua
|
| |
|
|
|
|
|
| |
This is only there to pretend a quic method was set on the SSL, but
apparently some compilers warn about an uninitialized variable.
from Christian Andersen
|
| |
|
|
|
|
| |
Appeases some compiler.
from Christian Andersen
|
| |
|
|
|
|
| |
This is a wrapper around lh_free() which is already tested.
From Christian Andersen
|
| |
|
|
|
|
|
|
|
|
| |
page size, rather than relying upon mprotect to round up to the actual mmu
page size.
This repairs malloc operation on systems where the malloc page size
(1 << _MAX_PAGE_SHIFT) is larger than the mmu page size.
ok otto@
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok tb
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb
|
| |
|
|
|
| |
This increases the chance of triggering bugs due to input and/or randomised
padding.
|
