summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Clean up and fix X509V3_EXT_add1_i2d()tb2024-05-281-57/+89
| | | | | | | | | | | | | | | | | | | | When looking at this code I noticed a few leaks. Fixing those leaks was straightforward, but following the code was really hard. This attempts to make the logic a bit clearer. In short, there are 6 mutually exclusive modes for this function (passed in the variable aptly called flags). The default mode is to append the extension of type nid and to error if such an extension already exists. Then there are other modes with varying degree of madness. The existing code didn't make X509V3_ADD_REPLACE explicit, which is confusing. Operations 6-15 would all be treated like X509V3_ADD_REPLACE due to the way the function was written. Handle the supported operations via a switch and error for operations 6-15. This and the elimination of leaks are the only changes of behavior, as validated by relatively extensive test coverage. ok jsing
* Add regress coverage for X509V3_add1_i2d()tb2024-05-282-2/+605
|
* openssl x509: rename pub_key to dsa_pub_keytb2024-05-271-4/+4
| | | | suggested by jsing
* openssl: enable -Wshadow for clangtb2024-05-271-2/+2
| | | | ok job jsing
* openssl: avoid shadowed pkeys in x509.ctb2024-05-271-12/+10
| | | | ok job jsing
* remove unused typedefs with structs that were removedjsg2024-05-272-14/+2
| | | | | | | ENGINE, SSL and SSL_CTX remain even though the structs in the typedefs don't exist as they are used as incomplete types. feedback, ports bulk build and ok tb@
* Remove documentation of optional md in one-step hashestb2024-05-264-28/+47
| | | | | This functionality will be removed, so stop documenting it. Instead mention that another implementation still supports this.
* Eliminate last timegm() correctly this timetb2024-05-251-5/+25
| | | | | Also add a test case with a generalized time representing the moment one second past the 32-bit epoch wrap.
* sync inclusion of <stdlib.h> from libcryptotb2024-05-253-3/+6
|
* Include <stdint.h> in the bytestring .c filestb2024-05-253-3/+6
| | | | | | They currently depend on bytestring.h pulling that in. discussed with jsing
* Revert previoustb2024-05-251-10/+4
| | | | It wasn't quite right, but I also think the test is bogus.
* asn1time: another use of gmtime was hiding heretb2024-05-251-4/+10
|
* des_local.h: Remove some unused macrostb2024-05-241-20/+1
|
* Remove documentation of DES_enc_{read,write} and DES_rw_modetb2024-05-241-89/+4
| | | | ok jsing
* Stub out DES_enc_{read,write}(3)tb2024-05-243-321/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The most terrible code in OpenSSL has its roots in libdes, which came before SSLeay. Hello, LHASH. Hello speed app. Hello DES (obviously). There are some diary-style changelog comments dating all the way back to 1990. /* This has some uglies in it but it works - even over sockets. */ Well, kind of: * - This code cannot handle non-blocking sockets. Also: /* >output is a multiple of 8 byes, if len < rnum * >we must be careful. The user must be aware that this * >routine will write more bytes than he asked for. * >The length of the buffer must be correct. * FIXED - Should be ok now 18-9-90 - eay */ Or /* This is really a bad error - very bad * It will stuff-up both ends. */ Or #ifdef _LIBC extern unsigned long time(); extern int write(); #endif I can't even... Delete, delete, delete. ok jsing
* Make signature of SSL_COMP_add_compression_method(3) match realitytb2024-05-231-3/+3
|
* x509_v3.c: indent labelstb2024-05-231-4/+4
|
* x509_v3.c: remove an unnecessary elsetb2024-05-231-3/+3
|
* x509_v3.c: consistently call STACK_OF(X509_EXTENSIONS) arguments sktb2024-05-231-12/+12
| | | | (where it doesn't conflict with a local variable)
* x509_v3.c: zap another pointless local variabletb2024-05-231-7/+2
|
* x509_v3.c: add a few empty linestb2024-05-231-1/+9
|
* X509v3_get_ext_by_NID: make obj const, test & assigntb2024-05-231-4/+4
|
* x509_v3.c: remove a pointless local variabletb2024-05-231-5/+3
|
* x509_v3.c: mechanically replace ex with ext and new_ex with new_exttb2024-05-231-42/+42
|
* Exercise EVP_chacha20_poly1305() with in-place decryptiontb2024-05-221-2/+143
| | | | | This needs quite a bit of cleanup but let's have some tests rather than none.
* Fix in-place decryption for EVP_chacha20_poly1305()tb2024-05-221-3/+3
| | | | | | | | | | | | | Take the MAC before clobbering the input value on decryption. Fixes hangs during the QUIC handshake with HAProxy using TLS_CHACHA20_POLY1305_SHA256. Found, issue pinpointed, and initial fix tested by Lucas Gabriel Vuotto: Let me take this opportunity to thank the HAProxy team for going out of their way to keep supporting LibreSSL. It's much appreciated. See https://github.com/haproxy/haproxy/issues/2569 tweak/ok jsing
* crib better wording from schwarze's EVP_PKEY_get_attr_by_NID(3)tb2024-05-221-5/+4
|
* Fix incorrect X509v3_get_ext_by_NID(3) return valuestb2024-05-221-9/+17
| | | | This error comes from upstream, where it is still wrong.
* remove prototypes with no matching function and externs with no varjsg2024-05-211-2/+1
| | | | partly checked by millert@
* cmac: zero_iv should be consttb2024-05-201-2/+2
|
* unwrap a linetb2024-05-191-3/+2
|
* Add space after commastb2024-05-192-6/+6
|
* KNF for dh_err and dsa_errtb2024-05-192-63/+59
|
* remove prototypes with no matching functionjsg2024-05-198-39/+9
| | | | feedback and ok tb@
* remove extern with no matching var; ok tb@jsg2024-05-181-2/+1
|
* remove prototypes with no matching function; ok tb@jsg2024-05-183-6/+3
|
* asn1_str2tag(): no need for tntmp to be statictb2024-05-171-2/+3
|
* The long primitive function table can be consttb2024-05-171-2/+2
|
* The bignum primitive function table (bignum_pf) can be consttb2024-05-171-2/+2
|
* x509_v3.c: remove superfluous parenthesestb2024-05-161-39/+39
| | | | No change in the generated assembly
* SSL_CTX_set_keylog_callback: copy-paste error _set_ -> _get_tb2024-05-161-3/+3
|
* Improve X509V3_get0_uids() documentationtb2024-05-151-11/+19
| | | | | Use less horrcble variable names and make it explicit that both output arguments are allowed to be NULL.
* X509_check_akid: zap stray spacetb2024-05-151-2/+2
|
* x509_ext.c: remove unnecessary includestb2024-05-141-5/+1
|
* x509_ext.c: remove lots of extraneous parenthesestb2024-05-141-23/+23
| | | | No change in the generated assembly
* Fix last sentence of CAVEATS which I got the wrong way aroundtb2024-05-141-4/+3
|
* Be more specific about X509V3_ADD_APPEND and X509V3_ADD_DELETEtb2024-05-121-3/+6
|
* Tweak wordingtb2024-05-121-1/+4
|
* Remove a 'built-in' that was left in by accidenttb2024-05-121-2/+2
|
* Install X509V3_EXT_get_nid.3tb2024-05-121-1/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-26 00:12:06 +0000