summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* gost: missed one cleanuptb2021-11-181-2/+2
|
* sha256test: EVP_MD_CTX_cleanup -> EVP_MD_CTX_resettb2021-11-181-4/+3
|
* gost2814789t: EVP_MD_CTX_cleanup -> EVP_MD_CTX_resettb2021-11-181-2/+2
|
* evptest: no need to call EVP_MD_CTX_cleanup() before EVP_MD_CTX_free()tb2021-11-181-4/+3
|
* Use HMAC_CTX_reset() instead of HMAC_CTX_cleanup() + HMAC_CTX_init()tb2021-11-181-5/+3
|
* Add semicolon that will become non-optional once BN_GENCB_set() willtb2021-11-181-2/+2
| | | | move from an awful macro to a proper function.
* typo in commenttb2021-11-181-2/+2
|
* Fix ssltest to work with opaque EVP_PKEY.tb2021-11-181-22/+33
|
* Prevent future internal use of ASN1_CTX and ASN1_const_CTX by wrappingtb2021-11-181-1/+3
| | | | | | them inside #ifndef LIBRESSL_INTERNAL. suggested by jsing
* Remove the last pointless use of ASN1_const_CTX. Both ASN1_CTX andtb2021-11-181-14/+14
| | | | | | | ASN1_const_CTX are now unused and will be garbage collected in the next libcrypto bump. ok jsing
* sha*test: convert these tests to work with opaque EVP_MD_CTX.tb2021-11-183-31/+42
|
* zap trailing whitespacetb2021-11-181-7/+7
|
* hmactest: convert to opaque HMAC_CTX.tb2021-11-181-29/+37
|
* gost2814789t: convert to opaque EVP_{MD,CIPHER}_CTX.tb2021-11-181-19/+23
|
* exptest: convert to opaque BN; minor KNF tweaks.tb2021-11-181-40/+47
|
* evptest: fix compilation with opaque EVP_{CIPHER,MD}_CTX. Uses atb2021-11-181-22/+30
| | | | workaround for excessive malloc inspired by mariadb (just kidding).
* ecdsatest: make this test compile with opaque EVP_MD_CTX.tb2021-11-181-7/+8
|
* dsatest: make this work with opaque BN. Some more fixes will be neededtb2021-11-181-114/+124
| | | | | for opaque DSA. I'll deal with that later. I also lobbed a KNF grenade in here.
* dhtest: fix this to work with opaque BN. This will need more fixes totb2021-11-181-48/+61
| | | | | work with opaque DH, but one step at a time. While here, add a bunch of missing spaces to reduce the eyebleed.
* bntest: Fix all but one test in this file to work with opaque BN.tb2021-11-181-399/+563
| | | | | The remaining test needs some thinking (or disabling once we flip the switch). It is currently marked with an XXX.
* In x509_vfy.h rev. 1.35 and x509_lu.c rev. 1.34, tb@ providedschwarze2021-11-182-13/+51
| | | | | | | | X509_OBJECT_new(3) and X509_OBJECT_free(3); document them. While here, stop talking about storing storing EVP_PKEY objects and plain C strings in X509_OBJECT objects. LibreSSL never fully supported that, and it certainly no longer supports that now.
* In x509_vfy.h rev. 1.37 and x509_vfy.c rev. 1.91, tb@ providedschwarze2021-11-179-46/+209
| | | | | | | | | | | | | | | | | X509_STORE_CTX_set_verify(3) and X509_STORE_CTX_get_verify(3). Document them. In the next bump, tb@ will also provide X509_STORE_CTX_verify_fn(3) and X509_STORE_set_verify(3) and restore X509_STORE_set_verify_func(3) to working order. For efficiency of documentation work, already document those three, too, but keep the text temporariy .if'ed out until they become available. Delete X509_STORE_set_verify_func(3) from X509_STORE_set_verify_cb_func(3) because it was misplaced in that page: it is not related to the verification callback. tb@ agrees with the general direction.
* In x509_vfy.h rev. 1.37 and x509_vfy.c rev. 1.91, tb@ providedschwarze2021-11-161-8/+47
| | | | X509_STORE_CTX_get_verify_cb(3); document it.
* Recently, tb@ provided the following functions:schwarze2021-11-161-4/+71
| | | | | | | | | | X509_STORE_CTX_set_error_depth x509_vfy.h 1.37 x509_vfy.c 1.91 X509_STORE_CTX_set_current_cert x509_vfy.h 1.37 x509_vfy.c 1.91 X509_STORE_CTX_get_num_untrusted x509_vfy.h 1.36 x509_vfy.c 1.90 X509_STORE_CTX_set0_verified_chain x509_vfy.h 1.37 x509_vfy.c 1.91 Merge the documentation from the OpenSSL 1.1.1 branch, which is still under a free license; tweaked by me.
* new manual page ASN1_BIT_STRING_set(3) documenting four BIT STRING accessorsschwarze2021-11-154-3/+184
|
* document ASN1_PRINTABLE_type(3) and ASN1_UNIVERSALSTRING_to_string(3)schwarze2021-11-156-8/+172
|
* document ASN1_item_pack(3) and ASN1_item_unpack(3)schwarze2021-11-155-6/+94
|
* document i2a_ASN1_STRING(3) and a2i_ASN1_STRING(3)schwarze2021-11-153-3/+163
|
* Fix a strange check in the auto DH codepathtb2021-11-141-3/+5
| | | | | | | | | | The code assumes that the server certificate has an RSA key and bases the calculation of the size of the ephemeral DH key on this assumption. So instead of checking whether we have any key by inspecting the dh part of the union, let's check that we actually have an RSA key. While here, make sure that its length is non-negative. ok jsing
* the last argument of BIO_gets(3) is called "size", not "len"schwarze2021-11-141-6/+6
|
* fix a typo; diff from Matthias Schmidt <xosc dot org> on tech@schwarze2021-11-141-3/+3
|
* Put curly brace on the correct line.jsing2021-11-141-2/+3
|
* Test ASN1_STRING_copy(3).schwarze2021-11-132-1/+121
| | | | | | As a side effect, this also tests various aspects of ASN1_STRING_new(3), ASN1_STRING_set(3), ASN1_STRING_length_set(3), ASN1_STRING_get0_data(3), ASN1_STRING_length(3), and ASN1_STRING_type(3).
* Fix a nasty quirk in ASN1_STRING_copy(3).schwarze2021-11-131-2/+2
| | | | | | | | | In case of failure, it reported the failure but corrupted the type of the destination string. Instead, let's make sure that in case of failure, existing objects remain in their original state. OK tb@
* Document the interactions of X509_V_FLAG_USE_CHECK_TIME,schwarze2021-11-131-6/+35
| | | | | | | | X509_V_FLAG_NO_CHECK_TIME, X509_VERIFY_PARAM_set_time(3), X509_VERIFY_PARAM_set_flags(3), and X509_VERIFY_PARAM_clear_flags(3) in detail because the API design is both surprising and surprisingly complicated in this respect, and the resulting nasty traps have already caused bugs in the past.
* Mark the public X509_VP_FLAG_* constants as intentionally undocumented.schwarze2021-11-131-2/+11
| | | | | | With LibreSSL, they can only be used internally in the library itself, and even with OpenSSL, no real-world application code uses them. OK tb@
* Fix a bug in check_crl_time() that could result in incompleteschwarze2021-11-131-8/+8
| | | | | | | | | | | | | | | | | | | | | | | verification, accepting CRLs that ought to be rejected, if an unusual combination of verification flags was specified. If time verification was explicitly requested with X509_V_FLAG_USE_CHECK_TIME, it was skipped on CRLs if X509_V_FLAG_NO_CHECK_TIME was also set, even though the former is documented to override the latter both in the OpenSSL and in the LibreSSL X509_VERIFY_PARAM_set_flags(3) manual page. The same bug in x509_check_cert_time() was already fixed by beck@ in rev. 1.57 on 2017/01/20. This syncs the beginning of the function check_crl_time() with the OpenSSL 1.1.1 branch, which is still under a free license. OK beck@ This teaches that having too many flags and options is bad because they breed bugs, and even more so if they are poorly designed to override each other in surprising ways.
* document ASN1_STRING_copy(3)schwarze2021-11-131-4/+43
|
* Document the public constants X509_V_FLAG_POLICY_MASKschwarze2021-11-121-9/+43
| | | | | | | and X509_V_FLAG_USE_CHECK_TIME. While here, fix a typo and improve the wording for X509_V_FLAG_NOTIFY_POLICY.
* mention what X509_cmp_time(3) does with a cmp_time argument of NULLschwarze2021-11-121-3/+7
|
* As pointed out by tb@, LibreSSL no longer supports user-definedschwarze2021-11-124-56/+21
| | | | | | | | | X509_LOOKUP_METHODs because these objects are now opaque. Simplify the documentation accordingly, shortening it by about 35 input lines in total, but continue providing the information which RETURN VALUES functions might return with other implementations of the library. OK tb@
* In x509_vfy.h rev. 1.41, tb@ provided X509_STORE_CTX_get_by_subject(3),schwarze2021-11-123-18/+53
| | | | | | | | | | | | changed the return type of X509_OBJECT_get_type(3) and argument types of X509_LOOKUP_by_subject(3), X509_LOOKUP_by_issuer_serial(3), X509_LOOKUP_by_fingerprint(3), X509_LOOKUP_by_alias(3), X509_OBJECT_idx_by_subject(3), X509_OBJECT_retrieve_by_subject(3), and X509_STORE_get_by_subject(3) from int to X509_LOOKUP_TYPE, and in rev. 1.42, he provided X509_STORE_CTX_get_obj_by_subject(3). Adjust the documentation. Joint work with and OK tb@.
* mention the public constants XN_FLAG_SEP_MASK and XN_FLAG_FN_MASKschwarze2021-11-111-2/+6
|
* Mention the X509v3_KU_* aliases for the KU_* constantsschwarze2021-11-111-2/+16
| | | | | | because some third party application code uses them. List the full names (even though they are long) such that they can be found with "man -k Dv=...".
* Explicitly list all public functions in roff(7) commentsschwarze2021-11-111-6/+33
| | | | | that are related to this page but intentionally undocumented, to better support grepping the source directory for function names.
* new manual page X509_policy_tree_get0_policies(3),schwarze2021-11-114-6/+110
| | | | also documenting X509_policy_tree_get0_user_policies(3)
* Merge a few additional X509error(ERR_R_MALLOC_FAILURE) callsschwarze2021-11-101-39/+28
| | | | | | | | | | | | | | | | | | and various style improvements from the OpenSSL 1.1.1 branch, which is still under a free license. - No need to #include <openssl/lhash.h>. - BUF_MEM_free(3) and sk_pop_free(3) can handle NULL. - sk_value(3) can handle -1. - Test pointers with "== NULL" rather than with "!". - Use the safer "p = malloc(sizeof(*p))" idiom. - return is not a function. - Delete very wrong commented out code. Including parts of the these commits from the 2015 to 2018 time range: 25aaa98a b4faea50 90945fa3 f32b0abe 26a7d938 7fcdbd83 208056b2 5b37fef0 Requested by and OK tb@.
* If X509_load_cert_crl_file(3) does not find any certificatesschwarze2021-11-103-3/+7
| | | | | | | | | | | | | | | | | | and/or CRLs in the PEM input file (for example, if the file is empty), provide an error message in addition to returning 0. This merges another part of this OpenSSL commit, which is still under a free license: commit c0452248ea1a59a41023a4765ef7d9825e80a62b Author: Rich Salz <rsalz@openssl.org> Date: Thu Apr 20 15:33:42 2017 -0400 I did *not* add the similar message types X509_R_NO_CERTIFICATE_FOUND and X509_R_NO_CRL_FOUND because both code inspection and testing have shown that the code generating them is unreachable. OK tb@
* Sync some code style improvements from the OpenSSL 1.1.1 branch,schwarze2021-11-101-10/+9
| | | | | | | | | | | | | | which is still under a free license. No functional change. - No need to #include <openssl/lhash.h> here. - return is not a function. - Do not use the pointless macro BIO_s_file_internal(). - No need to check for NULL before X509_CRL_free(3). This includes parts of the following OpenSSL commits from the 2015 to 2017 timeframe: 222561fe, 9982cbbb, f32b0abe, 26a7d938 OK tb@
* Merge two bug fixes from the OpenSSL 1.1.1 branch, which is stillschwarze2021-11-101-8/+4
| | | | | | | | | | | | | | | | | | | | | | | | | under a free license: 1. If the three X509_load_*(3) functions are called with a NULL file argument, do not return 1 to the caller because the return value 1 means "i loaded one certificate or CRL into the store". 2. When calling PEM load functions, do not ask the user for a password in an interactive manner. This includes parts of the following commits: commit c0452248ea1a59a41023a4765ef7d9825e80a62b Author: Rich Salz <rsalz@openssl.org> Date: Thu Apr 20 15:33:42 2017 -0400 Message: [...] Remove NULL checks and allow a segv to occur. [...] commit db854bb14a7010712cfc02861731399b1b587474 Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Mon Aug 7 18:02:53 2017 +0200 Message: Avoid surpising password dialog in X509 file lookup. OK tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 18:05:04 +0000