| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
There is no need to explain well-known acronyms that are widely
used outside OpenSSL, too (like AES, ASN.1, CMS, ECDSA, PKCS...),
but OpenSSL uses plenty of idiosyncratic naming elements that
deserve to be explained (like d2i, ex, get0, ndef, sk, ...).
Requested by jsing@; feedback and OK tb@.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lsearch(3) is really just lfind(3) with an additional branch to append
the key if lfind(3) fails. If we get rid of the underlying
linear_base() function and move the search portion into lfind(3) and
the key-copying portion into lsearch(3) we get smaller and simpler
code.
Misc. notes:
- We do not need to keep the historical comment about errno. lsearch(3)
is pure computation and does not set errno. That's really all you
need to know. The specification reserves no errors, either.
- We are using lfind(3) internally now, so it switches from
PROTO_DEPRECATED to PROTO_NORMAL in hidden/search.h and needs
DEF_WEAK in stdlib/lsearch.c.
With advice from guenther@ on symbol housekeeping in libc.
Thread: https://marc.info/?l=openbsd-tech&m=163885187632449&w=2
ok millert@
|
| | |
|
| |
|
|
| |
while here, improve some of the existing text in minor ways
|
| |
|
|
| |
discussed with jsing@
|
| |
|
|
| |
as intentionally undocumented; discussed with jsing@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* handle multiple qualifiers on the function return type
* handle function pointer type declarations
* handle unions inside structs
* handle forward struct declarations
* handle "typedef const"
* handle ASN1_F_, ASN1_R_, and X509V3_R_ error constants
* handle "#if defined" in the same way as "#ifdef"
* skip whitespace between "#" and "define"
* skip whitespace before C comments
* ignore TYPEDEF_D2I2D_OF
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the key overlaps the end of the array, memcpy(3) mutates the key
and copies a corrupted value into the end of the array.
If we use memmove(3) instead we at least end up with a clean copy of
the key at the end of the array. This is closer to the intended
behavior.
With input from millert@ and deraadt@.
Thread: https://marc.info/?l=openbsd-tech&m=163880307403606&w=2
ok millert@
|
| |
|
|
|
|
| |
In order to not forget it, already remove the statements
that these APIs are currently implemented as macros:
Not saying that doesn't make the documentation wrong.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
jsg's analysis tool flagged a potential double free in do_server().
While this looks like a false positive, we can clean this code up
a little: the host name passed to the callbacks isn't used by either
sv_body() and www_body(), so it can be made local to do_accept()
(an extra variable would not even be needed). Simplify the callbacks'
signatures accordingly. Remove some commented out linger code that
would never be used again anyway.
ok inoguchi jsg
|
| |
|
|
|
|
|
|
| |
It makes no sense to allocate an entire BN_CTX if we only use it to
get a single BIGNUM, from which we subtract 1 to compare it to g.
We can just use a plain BIGNUM and delete a bunch of lines.
ok inoguchi jsing
|
| |
|
|
| |
This provides test coverage for SCT encoding/decoding.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
conflicts in my work on making much of libcrypto opaque.
discussed with jsing
|
| |
|
|
| |
ok inoguchi jsing
|
| | |
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
|
|
|
|
| |
BN_abs_is_word, BN_is_{zero,one,word,odd}, BN_one, BN_zero_ex are
now implemented as functions for internal use. They will be exposed
publicly to replace the macros reaching into BIGNUM in the next bump.
ok inoguchi jsing
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
|
|
|
|
| |
The function implementations are necessary to make BIGNUM opaque.
They will be used in libcrypto internally until they will replace
the macro implementations with the next bump.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently there are two files for private key ASN.1 (d2i_pr.c, i2d_pr.c)
and two files for public key ASN.1 (d2i_pu.c, i2d_pu.c). All of the other
ASN.1 code has d2i and i2d in the same per-object file.
Consolidate d2i_pr.c/i2d_pr.c into a_pkey.c and consolidate
d2i_pu.c/i2d_pu.c into a_pubkey.c before making any further changes to
this code.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Provide ssl_kex_generate_dhe_params_auto() which handles DHE key generation
based on parameters determined by the specified key bits. Convert the
existing DHE auto parameter selection code into a function that just tells
us how many key bits to use.
Untangle and rework the server side DHE key exchange to use the ssl_kex_*
functions.
ok inoguchi@ tb@
|
| |
|
|
| |
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
Call DH_check_pub_key() after decoding the peer public key - this will be
needed for the server DHE key exchange, but also benefits the client.
ok inoguchi@ tb@
|
| |
|
|
| |
Reported by Ilya Shipitsine, discussed with jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Call the replacement asn1_tlc_invalidate() since it does not actually
clear the ASN1_TLC.
While here, name the ASN1_TLC variables consistently as ctx, remove a
pointless comment and simplify ASN1_item_d2i() slightly.
ok inoguchi@ tb@
|
| | |
|
| |
|
|
|
|
|
| |
ASN1_item_ex_d2i() is just a wrapper around the internal asn1_item_ex_d2i()
function, so call asn1_item_ex_d2i() directly.
ok inoguchi@ tb@
|
| |
|
|
|
|
|
| |
Rather than using malloc() and then initialising all struct members to zero
values, use calloc().
ok schwarze@ tb@
|
| |
|
|
|
|
|
| |
This ensures that if any members are added to this struct, they will be
initialised.
ok schwarze@ tb@
|
| |
|
|
|
|
| |
This removes nested ifs and uses more sensible variable names.
ok schwarze@ tb@
|
| |
|
|
|
|
|
| |
Rather than using malloc() and then initialising all struct members, use
calloc() and only initialise the single non-zero value member.
ok schwarze@ tb@
|
| |
|
|
|
|
|
| |
Rather than using malloc() and then initialising all struct members, use
calloc() and only initialise the single non-zero value member.
ok schwarze@ tb@
|
| |
|
|
|
|
|
| |
These functions previously used the old ASN1_{d2i,i2d}_{bio,fp}()
interfaces.
ok inoguchi@ tb@
|
| |
|
|
|
|
| |
almost all members to 0. Just set the two things that need setting.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
It is very easy to forget to copy over newly added methods. Everyone
working in this corner has run into this. Instead, preserve what needs
preserving and use a struct copy, so all methods get copied from src
to dest.
tweak/ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "lim" variable needs to be a size_t to match nmemb, otherwise we
get undefined behavior when nmemb exceeds INT_MAX.
Prompted by a blog post by Joshua Bloch:
https://ai.googleblog.com/2006/06/extra-extra-read-all-about-it-nearly.html
Fixed by Chris Torek a long time ago:
https://svnweb.freebsd.org/csrg/lib/libc/stdlib/bsearch.c?revision=51742&view=markup
ok millert@
|
| |
|
|
|
|
|
| |
Other regress tests do it differently; just fix/thouch those that did not
mention any package name at all.
This helps grepping logs for SKIPPED to find instructions for the next run.
|
| | |
|
| |
|
|
| |
ok schwarze
|
| | |
|
| | |
|
