summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ct (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Move cryptlib.h to crypto_local.htb2024-11-051-3/+2
| | | | discussed with jsing
* Only include cryptlib.h where it's neededtb2024-11-011-2/+5
| | | | Clean up the other includes while there.
* Unexport some conf layers unused outside of libcryptotb2024-08-311-1/+3
| | | | | | | | | | | | | imodules are called imodules because they contain Information about modules that have been Initialized. Which one of these two I it is is anyone's best guess. Why anything outside of libcrypto would ever possibly care will also remain a mystery. Remove the old way of adding a conf module, user data, stop allowing to set a method (it's opaque now, remember?) and drop a couple bits more from the public api interface. ok beck jsing
* ct.h: move two asterisks to the proper placetb2024-08-081-3/+3
|
* Unify X.509v3 extension methodstb2024-07-131-56/+71
| | | | | | | | | | | | Use C99 initializers for all structs (some were forgotten). Make all the structs static, call them x509v3_ext_* matching NID_*. Add accessors called x509v3_ext_method_* and use these to implement X509V3_EXT_get_nid(). This adds consistency and avoids a few contortions like grouping a few extensions in arrays to save a couple externs. ok beck jsing
* libcrypto: constify most error string tablestb2024-06-241-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing
* Fix #includes in ct_sct.ctb2023-07-221-5/+7
| | | | | | | This does not need tls1.h (upstream used TLSEXT constants we don't have) nor does it need evp.h. But it does need asn1.h, objects.h for STACK_OF and NID_*, among other things and it also uses uint64_t and allocates, so it needs stdint.h and stdlib.h.
* Hide symbols in dso and ctbeck2023-07-086-6/+62
| | | | ok jsing@
* Remove mkerr.pl remnants from LibreSSLkn2022-07-121-6/+1
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* Replace obj_mac.h with object.htb2022-06-301-2/+2
| | | | Pointed out by and ok jsing
* Remove openssl/cterr.h and inline it in openssl/ct.htb2022-05-083-131/+57
| | | | ok jsing
* X509_GET_PUBKEY(3) return value check in libcryptoinoguchi2022-01-221-2/+3
| | | | ok beck@ tb@
* Convert SCT verification to CBB.jsing2022-01-061-56/+57
| | | | ok inoguchi@ tb@
* Use C99 initializers for v3_addr, v3_asid and v3_ct_scts[]tb2021-12-251-21/+49
| | | | | | as is done for most other X.509 v3 extension methods. discussed with jsing
* Always allocate a new stack in o2i_SCT_LIST().jsing2021-12-201-19/+14
| | | | | | | | If we're given a pointer to an existing stack, free it and allocate a new one rather than poping and freeing all of the existing entries so we can reuse it. While here rename some arguments and variables. ok inoguchi@ tb@
* Convert SCT_new_from_base64() to use CBS for o2i_SCT_signature().jsing2021-12-203-33/+16
| | | | | | | Remove the existing o2i_SCT_signature() function and rename o2i_SCT_signature_internal() to replace it. ok inoguchi@ tb@
* KNF two commentstb2021-12-181-16/+16
|
* Revert license stubs to full licenses in the remaining files.tb2021-12-183-21/+164
|
* Reinstate the license stubs to their original licenses in most of thetb2021-12-1810-57/+537
| | | | | | files in libcrypto/ct. This reverts OpenSSL commit d2e9e320 discussed with jsing
* Convert o2i_SCT* functions to CBS.jsing2021-12-182-151/+149
| | | | | | This provides cleaner and safer code. ok inoguchi@ tb@
* Rename argument to SCT_LIST_free()jsing2021-12-181-3/+3
|
* fix indenttb2021-12-171-2/+2
|
* Add RCS markerstb2021-12-0513-0/+13
|
* Fix timestamp printing in Signed Certificate Timestampstb2021-11-241-2/+1
| | | | | | | | | Our ASN1_GENERALIZEDTIME_set() doesn't accept time strings with fractional seconds, so don't feed it milliseconds, but only seconds. Ensures that openssl x509 -text prints timestamps instead of skipping them. ok beck jsing
* Make these files compile - not hooked up to build yet.beck2021-11-2013-220/+279
| | | | ok jsing@ tb@
* Mechanical KNF in preparation for changingbeck2021-10-2812-1583/+1653
|
* Add headers normally contained in include/openssl, verbatim from 1.1.1beck2021-10-282-0/+554
|
* Import Certificate Transparency verbatim from OpenSSL 1.1.1beck2021-10-2813-0/+2321
This is not yet hooked up and will not compile. Follow on commits will KNF and then make it build. ok jsing@ tb@