summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* document ASN1_OBJECT_create(3)schwarze2021-11-221-10/+61
|
* Tweak for opaque EVP_MD: use EVP_MD_type(dgst) instead of dgst->type.tb2021-11-211-2/+2
|
* Prepare ssltest for opaque DHtb2021-11-211-18/+39
|
* In asn1.h rev. 1.55 and asn1/a_time.c rev. 1.28, beck@schwarze2021-11-211-3/+72
| | | | | provided ASN1_TIME_diff(3). Merge the documentation from the OpenSSL 1.1.1 branch, which is still under a free license.
* oops, i forgot the STANDARDS sectionschwarze2021-11-211-1/+7
|
* new manual page d2i_ASN1_BOOLEAN(3) also documenting i2d_ASN1_BOOLEAN(3)schwarze2021-11-215-7/+137
|
* wycheproof: modify RSA tests to work with opaque RSA structtb2021-11-211-11/+57
|
* wycheproof.go: modify some DSA and ECDSA code to work with opaque structstb2021-11-211-5/+23
|
* sorttb2021-11-201-4/+4
|
* Provide the bytestring APIs for libcrypto internal use.jsing2021-11-205-3/+1771
| | | | | | | Bring a copy of the bytestring APIs (CBB/CBS) from libssl, for use in libcrypto - these are not exposed publicly. Discussed with beck@ and tb@
* Convert openssl(1) to using BN_GENCB on the heaptb2021-11-204-51/+74
| | | | | | | | | This is three times the same thing while genrsa needs some extra steps to deal with opaque BIGNUMs. We can also garbage collect some Win 3.1 contortions and use the conversion routines directly instead of doing them manually. ok jsing
* Switch to BIO_up_ref() instead of adjusting references manually.tb2021-11-202-16/+6
|
* Use BIO_up_ref() instead of adjusting refcounts manuallytb2021-11-201-9/+3
|
* typo in commenttb2021-11-201-3/+3
|
* Document ASN1_INTEGER_cmp(3) and ASN1_INTEGER_dup(3).schwarze2021-11-201-5/+93
| | | | | | While here, also improve the description of ASN1_INTEGER_set(3) and add a BUGS section explaining that several of these functions do not provide type safety.
* Improve the description of ASN1_OCTET_STRING_cmp(3),schwarze2021-11-201-12/+37
| | | | | | ASN1_OCTET_STRING_dup(3), and ASN1_OCTET_STRING_set(3). Explicitly say that they do not provide any type safety and explain what that means.
* Make these files compile - not hooked up to build yet.beck2021-11-2013-220/+279
| | | | ok jsing@ tb@
* libssl: don't reach for pkey->save_type.tb2021-11-192-5/+5
| | | | | | | | | | | | For some strange historical reason ECDSA_sign() and ECDSA_verify}() have a type argument that they ignore. For another strange historical reason, the type passed to them from libssl is pkey->save_type, which is used to avoid expensive engine lookups when setting the pkey type... Whatever the aforementioned reasons were, we can't access pkey->save_type with the OpenSSL 1.1 API, and this is thus in the way of making EVP_PKEY opaque. Simply pass in 0 instead. ok jsing
* Mark the X509_VERIFY_PARAM_ID variable type as intentionallyschwarze2021-11-191-3/+16
| | | | | | | undocumented. It is an opaque struct used only internally, as a sub-object of the public X509_VERIFY_PARAM type. All related API functions take X509_VERIFY_PARAM arguments, so X509_VERIFY_PARAM_ID is of no interest to the user.
* Make function prototype parsing a bit stricter,schwarze2021-11-191-1/+1
| | | | | | | | | | reducing the risk of accidental misparsing: Require whitespace after the function return type (before the asterisk indicating that the function returns a pointer, if any) and do not accept whitespace between the function name and the opening parenthesis of the parameter list. These changes are not a problem because we want that style for KNF reasons anyway.
* minor KNF improvement, changing only whitespace, no code change:schwarze2021-11-191-4/+4
| | | | | | say: return_type *function_name(args); not: return_type* function_name (args); OK tb@
* new manual page ASN1_BIT_STRING_num_asc(3)schwarze2021-11-194-5/+154
| | | | documenting the three functions using the BIT_STRING_BITNAME structure
* add two missing .Dv macros;schwarze2021-11-191-4/+4
| | | | markup bug found with regress/lib/libcrypto/man/check_complete.pl
* Make the public API function a2i_ASN1_STRING(3) actually work.schwarze2021-11-191-14/+6
| | | | | | | | | | | | | | | | | | | | | | | | | It contained two bugs: 1. If an input line ended in a backslash requesting line continuation, there was duplicate code for removing that backslash, erroneously removing another byte from the input and often causing the function to return failure instead of correctly parsing valid input. 2. According to a comment in the source code, the former big "for" loop was intended to "clear all the crap off the end of the line", but actually, if there were multiple characters on the line that were not hexadecimal digits, only the last of those and everything following it was deleted, while all the earlier ones remained. Besides, code further down clearly intends to error out when there are invalid characters, which makes no sense if earlier code already deletes such characters. Hence the comment did not only contradict the code above it - but contradicted the code below it, too. Resolve these contradiction in favour of stricter parsing: No longer skip invalid characters but always error out when any are found. OK & "Unbelievable" tb@
* Very quick and dirty script to help me check that the symbolsschwarze2021-11-191-0/+266
| | | | | | | | | | | | | | in one of the public openssl/ header files are all documented. Before attempting to read this code, make sure that you are fully vaccinated against leaning toothpick syndrome. Example usage: ./check_complete.pl x509_vfy ./check_complete.pl -v x509 | less Intentionally not linked to the build. jsing@ agrees with the general direction.
* As long as X509_OBJECT_free_contents(3) is a public API function,schwarze2021-11-191-1/+3
| | | | | | | | | | | | | | | make sure it fully re-initializes the object rather than leaving behind a stale pointer and a stale type in the object. The old behaviour was dangerous because X509_OBJECT_get_type(3) would then return the stale type to the user and one of X509_OBJECT_get0_X509(3) or X509_OBJECT_get0_X509_CRL(3) would then return the stale pointer to the user, provoking a use-after-free bug in the application program. Having these functions return X509_LU_NONE and NULL is better because those are the documented return values for these functions when the object is empty. OK tb@
* sha512test: replace EVP_MD_CTX_{cleanup,init} pair with EVP_MD_CTX_resettb2021-11-181-3/+2
|
* gost: missed one cleanuptb2021-11-181-2/+2
|
* sha256test: EVP_MD_CTX_cleanup -> EVP_MD_CTX_resettb2021-11-181-4/+3
|
* gost2814789t: EVP_MD_CTX_cleanup -> EVP_MD_CTX_resettb2021-11-181-2/+2
|
* evptest: no need to call EVP_MD_CTX_cleanup() before EVP_MD_CTX_free()tb2021-11-181-4/+3
|
* Use HMAC_CTX_reset() instead of HMAC_CTX_cleanup() + HMAC_CTX_init()tb2021-11-181-5/+3
|
* Add semicolon that will become non-optional once BN_GENCB_set() willtb2021-11-181-2/+2
| | | | move from an awful macro to a proper function.
* typo in commenttb2021-11-181-2/+2
|
* Fix ssltest to work with opaque EVP_PKEY.tb2021-11-181-22/+33
|
* Prevent future internal use of ASN1_CTX and ASN1_const_CTX by wrappingtb2021-11-181-1/+3
| | | | | | them inside #ifndef LIBRESSL_INTERNAL. suggested by jsing
* Remove the last pointless use of ASN1_const_CTX. Both ASN1_CTX andtb2021-11-181-14/+14
| | | | | | | ASN1_const_CTX are now unused and will be garbage collected in the next libcrypto bump. ok jsing
* sha*test: convert these tests to work with opaque EVP_MD_CTX.tb2021-11-183-31/+42
|
* zap trailing whitespacetb2021-11-181-7/+7
|
* hmactest: convert to opaque HMAC_CTX.tb2021-11-181-29/+37
|
* gost2814789t: convert to opaque EVP_{MD,CIPHER}_CTX.tb2021-11-181-19/+23
|
* exptest: convert to opaque BN; minor KNF tweaks.tb2021-11-181-40/+47
|
* evptest: fix compilation with opaque EVP_{CIPHER,MD}_CTX. Uses atb2021-11-181-22/+30
| | | | workaround for excessive malloc inspired by mariadb (just kidding).
* ecdsatest: make this test compile with opaque EVP_MD_CTX.tb2021-11-181-7/+8
|
* dsatest: make this work with opaque BN. Some more fixes will be neededtb2021-11-181-114/+124
| | | | | for opaque DSA. I'll deal with that later. I also lobbed a KNF grenade in here.
* dhtest: fix this to work with opaque BN. This will need more fixes totb2021-11-181-48/+61
| | | | | work with opaque DH, but one step at a time. While here, add a bunch of missing spaces to reduce the eyebleed.
* bntest: Fix all but one test in this file to work with opaque BN.tb2021-11-181-399/+563
| | | | | The remaining test needs some thinking (or disabling once we flip the switch). It is currently marked with an XXX.
* In x509_vfy.h rev. 1.35 and x509_lu.c rev. 1.34, tb@ providedschwarze2021-11-182-13/+51
| | | | | | | | X509_OBJECT_new(3) and X509_OBJECT_free(3); document them. While here, stop talking about storing storing EVP_PKEY objects and plain C strings in X509_OBJECT objects. LibreSSL never fully supported that, and it certainly no longer supports that now.
* In x509_vfy.h rev. 1.37 and x509_vfy.c rev. 1.91, tb@ providedschwarze2021-11-179-46/+209
| | | | | | | | | | | | | | | | | X509_STORE_CTX_set_verify(3) and X509_STORE_CTX_get_verify(3). Document them. In the next bump, tb@ will also provide X509_STORE_CTX_verify_fn(3) and X509_STORE_set_verify(3) and restore X509_STORE_set_verify_func(3) to working order. For efficiency of documentation work, already document those three, too, but keep the text temporariy .if'ed out until they become available. Delete X509_STORE_set_verify_func(3) from X509_STORE_set_verify_cb_func(3) because it was misplaced in that page: it is not related to the verification callback. tb@ agrees with the general direction.
* In x509_vfy.h rev. 1.37 and x509_vfy.c rev. 1.91, tb@ providedschwarze2021-11-161-8/+47
| | | | X509_STORE_CTX_get_verify_cb(3); document it.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-12 08:38:36 +0000