| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
And another one... Completely overengineered for the sake of academic
credentials and only Ruby ever picked this garbage up. Fortunately, it's
no longer used with LibreSSL since we defanged this in 2018. The latest
version of ruby/openssl has completely removed this as part of their post
1.0.x cleanup.
ok jsing
|
|
|
|
|
|
|
| |
There goes another implementation detail that should never have been leaked
out of the library.
ok jsing
|
|
|
|
|
|
|
| |
These have been noops for a while and as usual some Perl module was the
only thing "using" it.
ok jsing
|
|
|
|
|
|
| |
Without EC_GROUP_new(), this API is useless. There's EC_GROUP_dup().
ok jsing
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an implementation detail and there is no reason to leak it from
the library.
This removes EC_GFp_{mont,simple}_method(), EC_GROUP_{method_of,new}(),
EC_METHOD_get_field_type(), EC_POINT_method_of() from the public API.
EC_GROUP_copy() is now quite useless, so it will go as well.
ok jsing
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CRYPTO_set_mem_ex_functions() was renamed to CRYPTO_set_mem_functions(),
replacing the latter while also correcting the arguments for the free
pointer. The backstory is that a commit that was never compiled was fixed
the wrong way an hour later (both committed without review, obviously),
and here we are, still cleaning up the mess 23 years later.
We carry patches in cjose and stunnel for this; dovecot and links+ have
autoconf checks and will adapt. Oh, and then there's the mariadb
configure time insanity passing wrong function pointers...
ok jsing
|
|
|
|
| |
ok jsing
|
| |
|
| |
|
|
|
|
| |
ok jsing
|
|
|
|
|
|
|
|
| |
It's only used in x509_lu.c, so move it there. X509_OBJECT is not
itself refcounted. This API bumps the refcount of its cert or CRL
member. This isn't really useful outside of the library.
ok jsing
|
|
|
|
|
|
|
|
|
|
| |
Nothing uses this anymore. M2Crypto has been patched and a fix for
opensc has been upstreamed.
ok jsing
This is the start of a major bump. Don't build the tree until I have
synced sets in about 20 commits.
|
|
|
|
|
|
|
|
|
|
| |
Some people are concerned that leaking a user name is a privacy issue.
Allow disabling the __FILE__ and __LINE__ argument in the error stack
to avoid this. This can be improved a bit in tree.
From Viktor Szakats in https://github.com/libressl/portable/issues/761
ok bcook jsing
|
| |
|
| |
|
|
|
|
|
| |
Linking statically, pull in ec_local.h and provide a prototype for
EC_GROUP_new(), which will be removed from the public API.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
NCONF_get_section() isn't any clearer by using this indirection.
ok jsing
|
|
|
|
|
|
|
|
|
|
| |
This provides a SHA-256 assembly implementation that makes use of the ARM
Cryptographic Extension (CE), which is found on many arm64 CPUs. This gives
a performance gain of up to 7.5x on an Apple M2 (dependent on block size).
If an aarch64 machine does not have SHA2 support, then we'll fall back to
using the existing C implementation.
ok kettenis@ tb@
|
|
|
|
|
|
|
| |
Don't leak v if its insertion into the hash failed and properly free it
instead.
ok jsing
|
|
|
|
| |
ok jsing
|
|
|
|
| |
ok jsing
|
|
|
|
| |
ok jsing
|
|
|
|
|
| |
There's no need to cast away const from a const char * if you're going to
pass it to a const char * argument of a function.
|
|
|
|
|
|
|
|
| |
This makes it clear for those fluent in OpenSSL API gibberish that nothing
needs to be freed here. This is because it returns something hanging off a
hash entry owned by cnf.
ok jsing
|
|
|
|
|
|
|
|
| |
Historically, X509V3_section_free() could be customized by the conf db
method to release memory allocated by X509V3_get_section(). This is no
longer supported, so it is always a noop and can be removed.
ok jsing
|
|
|
|
| |
ok jsing
|
| |
|
| |
|
|
|
|
|
| |
Despite the claim in this comment, the "new" conf code did replace
the "old" conf code (which no longer exists in the public API).
|
| |
|
|
|
|
|
| |
This way we don't need a prototype and things that belong together
are together. Slight KNF tweak while there
|
| |
|
|
|
|
| |
From Kenjiro Nakayama
|
|
|
|
|
|
|
| |
For an OID of excessive length >= 2^12, a->length << 20L is undefined,
so add a cast to the target type of (unsigned long).
From Kenjiro Nakayama
|
|
|
|
|
|
|
|
| |
This is undefined for a ca->type of ADDED_LNAME (2) and ADDED_NID (3)
when ca->type << 30L results in a shift into the sign bit, so add a
cast to the target type of unsigned long.
From Kenjiro Nakayama
|
|
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
| |
As far as I can tell this has never been used since the beginning of git
history with SSLeay 0.8.1b, so we can simplify the x509_cb() a little.
ok jsing miod
|
|
|
|
|
|
| |
internal_verify() (now x509_vfy_internal_verify()) used to cache the
validity of the signature of a cert in this field. This is no longer
the case since x509_vfy.c 1.57 (2017).
|
|
|
|
| |
ok jsing
|