summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* new manual page ASN1_bn_print(3)schwarze2021-12-084-5/+126
|
* document BIO_indent(3);schwarze2021-12-081-12/+53
| | | | while here, improve some of the existing text in minor ways
* mark c2i_ASN1_OBJECT as intentionally undocumented;schwarze2021-12-081-2/+4
| | | | discussed with jsing@
* mark i2c_ASN1_BIT_STRING, c2i_ASN1_BIT_STRING, and c2i_ASN1_INTEGERschwarze2021-12-081-2/+5
| | | | as intentionally undocumented; discussed with jsing@
* Simple conversion to opaque EVP_CIPHER.tb2021-12-071-5/+9
|
* be more specific which NETSCAPE stuff to ignore, and whyschwarze2021-12-071-10/+7
|
* Some improvements allowing to handle asn1.h and x509v3.h:schwarze2021-12-071-10/+47
| | | | | | | | | | | | | * handle multiple qualifiers on the function return type * handle function pointer type declarations * handle unions inside structs * handle forward struct declarations * handle "typedef const" * handle ASN1_F_, ASN1_R_, and X509V3_R_ error constants * handle "#if defined" in the same way as "#ifdef" * skip whitespace between "#" and "define" * skip whitespace before C comments * ignore TYPEDEF_D2I2D_OF
* lsearch(3): append key to array with memmove(3) instead of memcpy(3)cheloha2021-12-071-2/+7
| | | | | | | | | | | | | | | If the key overlaps the end of the array, memcpy(3) mutates the key and copies a corrupted value into the end of the array. If we use memmove(3) instead we at least end up with a clean copy of the key at the end of the array. This is closer to the intended behavior. With input from millert@ and deraadt@. Thread: https://marc.info/?l=openbsd-tech&m=163880307403606&w=2 ok millert@
* In the next major bump, some BN macros will become functions.schwarze2021-12-065-27/+11
| | | | | | In order to not forget it, already remove the statements that these APIs are currently implemented as macros: Not saying that doesn't make the documentation wrong.
* Clean up a bunch of dead code in s_server.c and s_socket.ctb2021-12-063-36/+21
| | | | | | | | | | | | jsg's analysis tool flagged a potential double free in do_server(). While this looks like a false positive, we can clean this code up a little: the host name passed to the callbacks isn't used by either sv_body() and www_body(), so it can be made local to do_accept() (an extra variable would not even be needed). Simplify the callbacks' signatures accordingly. Remove some commented out linger code that would never be used again anyway. ok inoguchi jsg
* Simplify DH_check_params a bit.tb2021-12-051-12/+4
| | | | | | | | It makes no sense to allocate an entire BN_CTX if we only use it to get a single BIGNUM, from which we subtract 1 to compare it to g. We can just use a plain BIGNUM and delete a bunch of lines. ok inoguchi jsing
* Add initial regress for CT.jsing2021-12-054-1/+415
| | | | This provides test coverage for SCT encoding/decoding.
* Add RCS markerstb2021-12-0513-0/+13
|
* gross trailing whitespacetb2021-12-041-16/+16
|
* List subdirectories as a simple list. Avoids a source of many mergetb2021-12-041-6/+8
| | | | | | conflicts in my work on making much of libcrypto opaque. discussed with jsing
* Annotate the structs to be moved to bn_lcl.h in the next bumptb2021-12-041-1/+5
| | | | ok inoguchi jsing
* Use BN_is_negative(p) instead of p->neg in one place.tb2021-12-041-2/+2
|
* Add #include "bn_lcl.h" to the files that will soon need it.tb2021-12-0415-15/+36
| | | | ok inoguchi jsing
* Implement the BN_to_montgomery() macro as a functiontb2021-12-042-2/+13
| | | | ok inoguchi jsing
* Implement the BN_is_negative macro as a functiontb2021-12-042-2/+13
| | | | ok inoguchi jsing
* Provide function implementations for various BN_* macrostb2021-12-042-4/+54
| | | | | | | | BN_abs_is_word, BN_is_{zero,one,word,odd}, BN_one, BN_zero_ex are now implemented as functions for internal use. They will be exposed publicly to replace the macros reaching into BIGNUM in the next bump. ok inoguchi jsing
* Provide replacement functions for the BN_{get,set,with}_flags() macros.tb2021-12-042-2/+34
| | | | ok inoguchi jsing
* Provide replacement functions for the BN_GENCB_set{,_old}() macrostb2021-12-042-3/+33
| | | | | | | | The function implementations are necessary to make BIGNUM opaque. They will be used in libcrypto internally until they will replace the macro implementations with the next bump. ok inoguchi jsing
* Consolidate {d2i,i2d}_{pr,pu}.cjsing2021-12-045-184/+43
| | | | | | | | | | | | Currently there are two files for private key ASN.1 (d2i_pr.c, i2d_pr.c) and two files for public key ASN.1 (d2i_pu.c, i2d_pu.c). All of the other ASN.1 code has d2i and i2d in the same per-object file. Consolidate d2i_pr.c/i2d_pr.c into a_pkey.c and consolidate d2i_pu.c/i2d_pu.c into a_pubkey.c before making any further changes to this code. ok tb@
* Clean up and refactor server side DHE key exchange.jsing2021-12-044-120/+116
| | | | | | | | | | | | Provide ssl_kex_generate_dhe_params_auto() which handles DHE key generation based on parameters determined by the specified key bits. Convert the existing DHE auto parameter selection code into a function that just tells us how many key bits to use. Untangle and rework the server side DHE key exchange to use the ssl_kex_* functions. ok inoguchi@ tb@
* Move the minimum DHE key size check into ssl_kex_peer_params_dhe()jsing2021-12-043-14/+19
| | | | ok inoguchi@ tb@
* Check DH public key in ssl_kex_peer_public_dhe().jsing2021-12-043-8/+22
| | | | | | | Call DH_check_pub_key() after decoding the peer public key - this will be needed for the server DHE key exchange, but also benefits the client. ok inoguchi@ tb@
* Free cert, key and ocsp_staple on exit of do_keypair_test().tb2021-12-041-1/+4
| | | | Reported by Ilya Shipitsine, discussed with jsing
* Convert main into single exit to appease asan.tb2021-12-041-22/+33
|
* Explicitly free EVP_MD_CTX to appease asan. Reported by Ilya Shipitsin.tb2021-12-041-10/+16
|
* Add regress for ECPKParameters ASN.1 encoding/decoding.jsing2021-12-042-2/+210
|
* Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a function.jsing2021-12-031-32/+26
| | | | | | | | | | Call the replacement asn1_tlc_invalidate() since it does not actually clear the ASN1_TLC. While here, name the ASN1_TLC variables consistently as ctx, remove a pointless comment and simplify ASN1_item_d2i() slightly. ok inoguchi@ tb@
* Group and sort includes.jsing2021-12-031-3/+3
|
* Call asn1_item_ex_d2i() directly from ASN1_item_d2i()jsing2021-12-031-2/+5
| | | | | | | ASN1_item_ex_d2i() is just a wrapper around the internal asn1_item_ex_d2i() function, so call asn1_item_ex_d2i() directly. ok inoguchi@ tb@
* Convert ASN1_PCTX_new() to calloc().jsing2021-12-031-10/+6
| | | | | | | Rather than using malloc() and then initialising all struct members to zero values, use calloc(). ok schwarze@ tb@
* Use calloc() for X509_CRL_METHOD_new() instead of malloc().jsing2021-12-031-3/+4
| | | | | | | This ensures that if any members are added to this struct, they will be initialised. ok schwarze@ tb@
* Rewrite ASN1_STRING_cmp().jsing2021-12-031-11/+8
| | | | | | This removes nested ifs and uses more sensible variable names. ok schwarze@ tb@
* Convert ASN1_STRING_type_new() to calloc().jsing2021-12-031-10/+7
| | | | | | | Rather than using malloc() and then initialising all struct members, use calloc() and only initialise the single non-zero value member. ok schwarze@ tb@
* Convert ASN1_OBJECT_new() to calloc().jsing2021-12-031-11/+6
| | | | | | | Rather than using malloc() and then initialising all struct members, use calloc() and only initialise the single non-zero value member. ok schwarze@ tb@
* Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated ASN1jsing2021-12-032-222/+430
| | | | | | | These functions previously used the old ASN1_{d2i,i2d}_{bio,fp}() interfaces. ok inoguchi@ tb@
* Use calloc() in EVP_PKEY_meth_new() instead of malloc() and settingtb2021-12-031-29/+2
| | | | | | almost all members to 0. Just set the two things that need setting. ok jsing
* Fix EVP_PKEY_{asn1,meth}_copy once and for alltb2021-12-032-63/+23
| | | | | | | | | It is very easy to forget to copy over newly added methods. Everyone working in this corner has run into this. Instead, preserve what needs preserving and use a struct copy, so all methods get copied from src to dest. tweak/ok jsing
* bsearch(3): support arrays with more than INT_MAX elementscheloha2021-12-021-2/+3
| | | | | | | | | | | | | | | The "lim" variable needs to be a size_t to match nmemb, otherwise we get undefined behavior when nmemb exceeds INT_MAX. Prompted by a blog post by Joshua Bloch: https://ai.googleblog.com/2006/06/extra-extra-read-all-about-it-nearly.html Fixed by Chris Torek a long time ago: https://svnweb.freebsd.org/csrg/lib/libc/stdlib/bsearch.c?revision=51742&view=markup ok millert@
* Tell testers which packages to install right away (and why)kn2021-12-023-3/+7
| | | | | | | Other regress tests do it differently; just fix/thouch those that did not mention any package name at all. This helps grepping logs for SKIPPED to find instructions for the next run.
* Remove dead code.jsing2021-12-011-21/+1
|
* Add missing const qualifiers in a number of BN_* manuals.tb2021-11-308-52/+52
| | | | ok schwarze
* last whitespace diff for now.tb2021-11-301-57/+62
|
* KNF for BF_KEYtb2021-11-301-4/+3
|
* Fix some annoying whitespace inconsistencies.tb2021-11-301-20/+20
|
* Provide EVP_CTRL_AEAD_* defines.tb2021-11-301-7/+10
| | | | | | | | | This commit adds generic EVP_CTRL_AEAD_{SET,GET}_TAG and _SET_IVLEN defines and aliases the GCM and CCM versions to those. This is the publicly visible part of OpenSSL's e640fa02005. ok inoguchi jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-26 03:47:22 +0000