summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Align CRYPTO_set_mem*_functions with OpenSSL 1.1tb2025-03-094-20/+9
| | | | | | | | | | | | | | CRYPTO_set_mem_ex_functions() was renamed to CRYPTO_set_mem_functions(), replacing the latter while also correcting the arguments for the free pointer. The backstory is that a commit that was never compiled was fixed the wrong way an hour later (both committed without review, obviously), and here we are, still cleaning up the mess 23 years later. We carry patches in cjose and stunnel for this; dovecot and links+ have autoconf checks and will adapt. Oh, and then there's the mariadb configure time insanity passing wrong function pointers... ok jsing
* const correct UI_OpenSSL()tb2025-03-092-5/+5
| | | | ok jsing
* Fix documented signature of UI_OpenSSL()tb2025-03-091-3/+3
|
* Fix documented signature of BN_MONT_CTX_copy()tb2025-03-091-3/+3
|
* const correct BN_MONT_CTX_copy()tb2025-03-092-4/+4
| | | | ok jsing
* Unexport the weird X509_OBJECT_up_ref_count()tb2025-03-094-8/+6
| | | | | | | | It's only used in x509_lu.c, so move it there. X509_OBJECT is not itself refcounted. This API bumps the refcount of its cert or CRL member. This isn't really useful outside of the library. ok jsing
* Unexport X509_NAME_print()tb2025-03-094-8/+4
| | | | | | | | | | Nothing uses this anymore. M2Crypto has been patched and a fix for opensc has been upstreamed. ok jsing This is the start of a major bump. Don't build the tree until I have synced sets in about 20 commits.
* Support OPENSSL_NO_FILENAMEStb2025-03-0918-91/+221
| | | | | | | | | | Some people are concerned that leaking a user name is a privacy issue. Allow disabling the __FILE__ and __LINE__ argument in the error stack to avoid this. This can be improved a bit in tree. From Viktor Szakats in https://github.com/libressl/portable/issues/761 ok bcook jsing
* X509_NAME_print_ex.3: move s to the proper placetb2025-03-091-2/+2
|
* Remove mention of X509_NAME_print(3) in the docstb2025-03-093-46/+13
|
* ec_asn1_test: Prepare for upcoming bumptb2025-03-082-8/+11
| | | | | Linking statically, pull in ec_local.h and provide a prototype for EC_GROUP_new(), which will be removed from the public API.
* Adjust signature of CRYPTO_set_mem_functions and remove _get_ docstb2025-03-081-23/+5
|
* Rename CRYPTO_get_mem_functions.3 to CRYPTO_set_mem_functions.3tb2025-03-082-4/+4
|
* Remove EC_POINT_method_of() docstb2025-03-081-19/+1
|
* Remove X509_OBJECT_free_contets() docstb2025-03-081-20/+3
|
* Remove X509_OBJECT_up_ref_count() documentationtb2025-03-081-23/+2
|
* Remove EC_PIONT_{get,set}_Jprojective_coordinates_GFp docstb2025-03-081-53/+1
|
* Remove EC_POINTs_{make_affine,mul}() docstb2025-03-081-67/+2
|
* Remove EC_GROUP_{,have_}precompute_mult() docstb2025-03-081-31/+4
|
* Remove EC_GROUP_method_of() docstb2025-03-081-20/+1
|
* Remove EC_GFp_* and EC_METHOD_get_field_type docstb2025-03-087-156/+12
|
* Inline _CONF_get_section_values() in its last caller and remove ittb2025-03-083-19/+9
| | | | | | NCONF_get_section() isn't any clearer by using this indirection. ok jsing
* Provide an accelerated SHA-256 assembly implementation for aarch64.jsing2025-03-074-2/+232
| | | | | | | | | | This provides a SHA-256 assembly implementation that makes use of the ARM Cryptographic Extension (CE), which is found on many arm64 CPUs. This gives a performance gain of up to 7.5x on an Apple M2 (dependent on block size). If an aarch64 machine does not have SHA2 support, then we'll fall back to using the existing C implementation. ok kettenis@ tb@
* _CONF_new_section: error check hash insertiontb2025-03-071-1/+5
| | | | | | | Don't leak v if its insertion into the hash failed and properly free it instead. ok jsing
* _CONF_new_section(): avoid silly ok dancetb2025-03-071-11/+8
| | | | ok jsing
* _CONF_new_section(): replace hand-rolled strdup() with the real thingtb2025-03-071-5/+3
| | | | ok jsing
* _CONF_new_section(): malloc() -> calloc()tb2025-03-071-4/+2
| | | | ok jsing
* asn1_multi: remove a pointless casttb2025-03-061-2/+2
| | | | | There's no need to cast away const from a const char * if you're going to pass it to a const char * argument of a function.
* Rename X509V3_get_section() to X509V3_get0_section()tb2025-03-066-15/+15
| | | | | | | | This makes it clear for those fluent in OpenSSL API gibberish that nothing needs to be freed here. This is because it returns something hanging off a hash entry owned by cnf. ok jsing
* Garbage collect X509V3_section_free()tb2025-03-066-25/+8
| | | | | | | | Historically, X509V3_section_free() could be customized by the conf db method to release memory allocated by X509V3_get_section(). This is no longer supported, so it is always a noop and can be removed. ok jsing
* unifdef OPENSSL_NO_CHAIN_VERIFYtb2025-03-041-6/+3
| | | | ok jsing
* Zap trailing whitespace in dsa.htb2025-03-011-7/+7
|
* Remove offensive whitespace from x509.htb2025-03-011-27/+27
|
* conf.h: remove outdated commenttb2025-03-011-4/+1
| | | | | Despite the claim in this comment, the "new" conf code did replace the "old" conf code (which no longer exists in the public API).
* Rename the crl_inf_cb() to crl_info_cb()tb2025-02-271-3/+3
|
* Hoist X509_REVOKED_cmp() above its only callertb2025-02-271-9/+7
| | | | | This way we don't need a prototype and things that belong together are together. Slight KNF tweak while there
* obj_dat: remove parens from returntb2025-02-261-9/+9
|
* asn1object: improve error message to include returned valuetb2025-02-261-2/+2
| | | | From Kenjiro Nakayama
* obj_dat: don't shift a->length into the sign bittb2025-02-261-2/+2
| | | | | | | For an OID of excessive length >= 2^12, a->length << 20L is undefined, so add a cast to the target type of (unsigned long). From Kenjiro Nakayama
* obj_dat: don't shift ca->type into the sign bittb2025-02-261-2/+2
| | | | | | | | This is undefined for a ca->type of ADDED_LNAME (2) and ADDED_NID (3) when ca->type << 30L results in a shift into the sign bit, so add a cast to the target type of unsigned long. From Kenjiro Nakayama
* openssl ca: use BN_bn2hex() rather than reimplementing ittb2025-02-251-28/+18
| | | | ok jsing
* x_crl.c: remove two NULL checks before *_free()tb2025-02-241-5/+3
|
* Remove unused name member from x509_sttb2025-02-212-11/+2
| | | | | | | As far as I can tell this has never been used since the beginning of git history with SSLeay 0.8.1b, so we can simplify the x509_cb() a little. ok jsing miod
* Remove unused valid member of x509_sttb2025-02-202-4/+2
| | | | | | internal_verify() (now x509_vfy_internal_verify()) used to cache the validity of the signature of a cert in this field. This is no longer the case since x509_vfy.c 1.57 (2017).
* pkey_ec_derive(): simplify keylen calculationtb2025-02-181-5/+3
| | | | ok jsing
* Simplify ECDH_size() by using BN_num_bytes()tb2025-02-171-3/+3
| | | | ok jsing
* Replace Makefile based SHA*_ASM defines with HAVE_SHA_* defines.jsing2025-02-1420-58/+120
| | | | | | | | | | | | | | | | Currently, SHA{1,256,512}_ASM defines are used to remove the C implementation of sha{1,256,512}_block_data_order() when it is provided by assembly. However, this prevents the C implementation from being used as a fallback. Rename the C sha*_block_data_order() to sha*_block_generic() and provide a sha*_block_data_order() that calls sha*_block_generic(). Replace the Makefile based SHA*_ASM defines with two HAVE_SHA_* defines that allow these functions to be compiled in or removed, such that machine specific verisons can be provided. This should effectively be a no-op on any platform that defined SHA{1,256,512}_ASM. ok tb@
* ec_mont_group_set_curve: convert to BN_MONT_CTX_create() and simplifytb2025-02-131-20/+7
| | | | | | | | This removes the penultimate internal call of BN_MONT_CTX_new(). The last one could be removed at the cost of introducing a BN_MONT_CTX_dup(), which probably isn't worth it. ok jsing
* dsa_gen: convert to BN_MONT_CTX_create()tb2025-02-131-5/+2
| | | | | | | This can now be a single call before the BN_MONT_CTX is actually used rather than two calls separated by 170 lines. ok jsing
* Convert bn_exp to BN_MONT_CTX_create()tb2025-02-131-53/+38
| | | | | | | | This simplifies the handling of the BN_MONT_CTX passed in and unifies the exit paths. Also zap some particularly insightful comments by our favorite captain. ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-26 06:55:42 +0000