| Commit message (Collapse) | Author | Files | Lines |
|---|
|
This avoids a bunch of pointer munging and a handrolled memmove.
ok tb@
|
|
ok jsing@ tb@
|
|
ASN1_TIME_normalize(3), ASN1_TIME_to_tm(3), ASN1_TIME_cmp_time_t(3),
and ASN1_TIME_compare(3).
Merge documentation from the OpenSSL 1.1.1 branch, which is still
under a free license, with tweaks by me in several respects to match
our implementation, and also using some feedback from beck@.
OK beck@.
|
|
This matches the current OpenSSL behaviour introduced
in their commit:
commit 0daccd4dc1f1ac62181738a91714f35472e50f3c
Date: Thu Jan 28 03:01:45 2016 -0500
ok jsing@ tb@
|
|
|
|
ok beck@ tb@
|
|
that tb@ removed from asn1.h on January 14:
rev. 1.58: ASN1_CTX ASN1_const_CTX
rev. 1.60: ASN1_OBJECT_FLAG_CRITICAL ASN1_OBJECT_FLAG_DYNAMIC
rev. 1.60: ASN1_OBJECT_FLAG_DYNAMIC_DATA ASN1_OBJECT_FLAG_DYNAMIC_STRINGS
rev. 1.61: NETSCAPE_X509 NETSCAPE_X509_free NETSCAPE_X509_new
rev. 1.61: d2i_NETSCAPE_X509 i2d_NETSCAPE_X509
|
|
OpenSSL used ED25519, even though the RFCs use Ed25519 - as such, we get to
provide both.
ok tb@
|
|
ok jsing@ tb@
|
|
These are needed for EVP implementations of Ed25519 and X25519.
ok beck@ tb@
|
|
ok jsing@ tb@
|
|
This will be needed to deal with Curve25519 based keys.
ok beck@ tb@
|
|
This is needed to print byte array based keys, such as Ed25519 and X25519.
ok beck@ tb@
|
|
ok jsing@ tb@
|
|
files.
|
|
ok jsing@
|
|
It's entirely trivial.
ok beck
|
|
ok jsing@ tb@
|
|
|
|
|
|
This way we deduplicate two inclusions of the same big table and eliminate
lots of stupid casts.
input and ok many
|
|
|
|
CBS_strdup() now internally checks if the data contains NUL, failing if it
does.
Prompted by beck@
|
|
This is effectively the same as done for EVP_PKEY_ASN1_METHOD, although
this table only has nine entries.
ok tb@
|
|
Rather than messing around with an OBJ_bsearch() for a table that contains
16 entries (and a stack find for any application added methods), simply do
a reverse linear scan. This maintains the application method first
behaviour, while removing a chunk of code.
While here rename some variables and do some style clean up.
ok tb@
|
|
Struct tm is limited by it's year being an int.
|
|
|
|
|
|
ok tb@
|
|
BoringSSL implemented a compound private key, which includes a copy of the
public key as a performance optimisation for signing. However, this does
not readily match with how EVP works, makes the ED25519 API inconsistent
with the X25519 API, diverges from th RFC and does not align with the
OpenSSL API. Instead, the caller can readily compute the public key and
pass this in to the signing process.
ok tb@
|
|
|
|
|
|
|
|
|
|
Instead of using the BN_is_prime_fasttime_ex() API, use a direct call to
bn_is_prime_bpsw(). This increases readability and simplifies error
handling. Also put a division by two to the natural place now that we no
longer need to do Miller-Rabin rounds.
ok beck jsing
|
|
ok jsing@ tb@
|
|
Garbage collect a few pointless variables and remove a loop that wasn't
really a loop. Simplify BN_CTX handling and drop some stupid comments.
ok jsing miod
|
|
ok jsing
|
|
found with CodeChecker
feedback from millert@
ok tb@
|
|
is leaked in OBJ_NAME_add.
ok tb
Found by CodeChecker.
|
|
|
|
Found with CodeChecker
ok jsing@
|
|
This brings in ED25519_keypair_from_seed() from BoringSSL commit
c034e2d3ce16, which ED25519_keypair then wraps. This reduces differences
between us and BoringSSL.
|
|
|
|
From BoringSSL 997c706d43504.
|
|
If the length of the bitstring is INT_MAX, adding 1 to it is undefined
behavior, so error out before doing so.
Based on BoringSSL eeb3333f by davidben
ok beck joshua
|
|
|
|
Found with CodeChecker
feedback and ok tb@
|
|
OpenSSL dealt with time conversion using a classical julian
day scheme. BoringSSL got rid of it and uses only a julian
style calculation for seconds since the POSIX time epoch.
This changes libressl to use the seconds calculation exculusively
instead of a mix of the julian day based conversions and the
system time conversions to and from time_t to tm.
ok tb@ jsing@
|
|
ok jsing@
|
