| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
This is a wrapper of i2d_ASN1_bio_stream() that doesn't require us to
pass in PKCS7_it.
|
|
|
|
|
|
|
|
|
|
|
|
serialized format.
ok jsing
|
|
ok jsing
|
|
Also clean up the definition of EC_CURVE_DATA a bit.
ok jsing
|
|
We have a BN_CTX available, so we may as well use it. This simplifies
the cleanup path at the cost of a bit more code in the setup. Also use
an extra BIGNUM for the cofactor. Reusing x for this is just silly. If
you were really going to avoid extra allocations, this entire function
could easily have been written with three BIGNUMs.
ok jsing
|
|
|
|
No member of the curve_list[] table has a method set. Thus, curve.meth
is always NULL and we never take the EC_GROUP_new(meth) code path.
ok jsing
|
|
|
|
ok jsing
|
|
There's no point in introducing a typedef only for two sizeof() calls.
We might as well use an anonymous struct for this list. Make it const
while there, drop some braces and compare strcmp() return value to 0.
ok jsing
|
|
This was the last public API explicitly named ndef/NDEF for indefinite
length encoding, so remove that explanation as well.
|
|
|
|
|
|
|
|
|
|
|
|
Update EXFLAG_PROXY and X509_V_FLAG_ALLOW_PROXY_CERTS documentation since
we need to keep them for the time being.
|
|
|
|
|
|
which are no longer macros (and the latter is no longer deprecated and
no longer attempts to allocate memory).
|
|
|
|
Thanks to orbea for the report
|
|
Without the cache, we verify CRL signatures on bytes that have been
pulled through d2i_ -> i2d_, this can cause reordering, which in turn
invalidates the signature. for example if in the original CRL revocation
entries were sorted by date instead of ascending serial number order.
There are probably multiple things we can do here, but they will need
careful consideration and planning.
OK jsing@
|
|
This helper has been inside #if 0 for nearly 25 years. Let it go. If we
should ever need it, I'm quite confident that we will be able to come up
with its one line body on our own.
|
|
Mop up documentation mentioning it or any of its numerous accessors that
almost nothing ever used.
|
|
|
|
more precise. Among other improvements, describe the three BIO_RR_*
constants serving as reason codes.
|
|
explicitly listing the valid arguments, i.e. the BIO_CB_* constants.
|
|
as the "state" argument. Document them here because connect BIOs are
the only built-in BIO type using these constants.
|
|
They are intended to be used by BIO_gethostbyname(), which is deprecated
in OpenSSL and already marked as intentionally undocumented in LibreSSL.
Besides, these constants are completely unused by anything.
|
|
|
|
|
|
|
|
|
|
that provide type-specific functionality here.
While here, fix some wrong return types in the SYNOPSIS.
|
|
that provide type-specific functionality here,
and add the missing return type to one function prototype.
|
|
in the manual pages of the respective BIO types.
|
|
in the manual pages of the respective BIO type.
While here, fix some wrong return types in the SYNOPSIS.
|
|
This tells gcc that OPENSSL_assert() will not return and thus avoids a
silly warning that triggers scary gentoo QA warnings.
From claudio
|
|
Found with the help of Otto's malloc memory leak detector!
|
|
|
|
debugged with job
|
|
(which they aren't), so appease them.
|
|
A long time ago a workflow was envisioned for X509, X509_CRL, and X509_REQ
structures in which only fields modified after deserialization would need to
be re-encoded upon serialization.
Unfortunately, over the years, authors would sometimes forget to add code in
setter functions to trigger invalidation of previously cached DER encodings.
The presence of stale versions of structures can lead to very hard-to-debug
issues and cause immense sorrow.
Fully removing the concept of caching DER encodings ensures stale versions
of structures can never rear their ugly heads again.
OK tb@ jsing@
|
