| Commit message (Collapse) | Author | Files | Lines |
|---|
|
ok jsing@
|
|
matter for constant time, and make the public interface only used
external to the library.
This moves us to a model where the important things are constant time
versions unless you ask for them not to be, rather than the opposite.
I'll continue with this method by method.
Add regress tests for same.
ok jsing@
|
|
|
|
allocation to the size of the new allocation (instead of the requested size).
2. Previously realloc takes the easy way and always reallocates if C is
active. This commit fixes by carefully updating the recorded requested
size in all cases, and writing the canary bytes in the proper location
after reallocating.
3. Introduce defines to test if MALLOC_MOVE should be done and to
compute the new value.
|
|
currently unused, but will be in the near future.
ok beck@
|
|
LIBRESSL_INTERNAL.
|
|
No change to generated assembly excluding line numbers.
|
|
with some style cleanup after. no binary change
ok jsing@
|
|
No change to generated assembly excluding line numbers.
|
|
No change in preprocessor output (ignoring whitespace and line numbers).
|
|
No change in generated assembly.
|
|
ok jsing@
|
|
with the caveat that we force V_OK when a user provided callback has
us returning success.
ok inoguchi@ jsing@
|
|
|
|
|
|
towards cleaning up the V_OK stuff.
ok kinichiro@
|
|
ok deraadt@ krw@
|
|
therefore appears to break in bluhm's test setup
|
|
Spotted by inoguchi@
|
|
|
|
|
|
simplifying the code. Also check the provided read and write callbacks
before assigning to the context.
|
|
replace it with a less specific one.
|
|
|
|
stored directly in bio->ptr, rather than allocating and deallocating an
intermediate struct.
Diff from Marko Kreen <markokr at gmail dot com> - thanks!
|
|
|
|
continuing on.
Also noticed by Marko Kreen.
|
|
using callbacks, file descriptors and sockets.
|
|
|
|
Issue found by and fix from Shuo Chen <chenshuo at chenshuo dot com>.
|
|
|
|
|
|
|
|
(slightly) more readable.
|
|
|
|
returning ok == 1, with ctx->error not being X509_V_OK. Hopefully we can
restore this behaviour once these are ironed out.
Discussed with beck@
|
|
|
|
fixing a dead link reported by jmc@.
Only about half of X509_VERIFY_PARAM is documented so far,
and the extensible lookup table feels like one of the more
arcane features and probably not the next thing to document.
|
|
jmc@ reported that X509_LOOKUP_hash_dir(3) references it.
Even though OpenSSL does not document it, given that it is used for
file names that users have to create, it is sufficiently exposed
to users to be worth documenting.
|
|
Not documented by OpenSSL, but listed in <openssl/x509_vfy.h>
and referenced from X509_LOOKUP_hash_dir(3), and clearly more
important than the latter. Fixes three dead links reported by jmc@.
Most of the information from SSL_CTX_load_verify_locations(3) should
probably be moved here, but not all, since the SSL page also talks
about SSL servers and clients and the like. As i'm not completely
sure regarding the boundaries, i'm leaving that as it is for now.
|
|
and X509_STORE_add_lookup(3) reported by jmc@.
Even though these functions are public, they seem more useful internally
than for application programs, so now is not the time to document them.
|
|
function that had the the sole purpose of discouraging its use.
Not talking about it at all discourages using it even more.
Dangling cross reference reported by jmc@.
|
|
and sprinkle cross references instead; more work is obviously needed here
|
|
The safestack stuff is the most ill-designed user interface i have
seen so far in OpenSSL. It looks positively undocumentable.
At least i'm not trying to document it right now.
|
|
that wasn't accompanied by any related information. Reported by jmc@.
There are a dozen functions handling X509_PURPOSE objects, all
undocumented, a host of defines, and it seems that a callback is
required. So this seems complicated, i doubt that is much used
in practice, and i'm not diving into it at this point in time.
|
|
and refer readers to the header file instead.
I'm not convinced customized prompting is such a bright idea, it
feels somewhat like overengineering, so i'm not documenting it right
now. People who really feel compelled to roll their own prompting
can go read the source code.
|
|
and just use .Fn for now.
Not counting constructors, destructors, decoders, encoders, and
debuggers, six out of 24 public functions operating on PKCS7 objects
are currently documented. I'm not documenting the remaining 18 ones
at this point in time.
|
|
and just use .Fn for now.
There are about two dozen interfaces dealing with PKCS7_SIGNER_INFO
objects and none but the constructor, destructor, decoder, and encoder
are documented so far. It makes no sense to document one random one,
and i'm not going to document all of PKCS7_SIGNER_INFO right now.
|
|
I'm not convinced documenting EVP_MD_CTX_set_flags(3) would be wise.
Instead, refer people to the header file to make it more obvious
that they are tinkering with internals when using such flags.
|
|
resolving a dangling cross reference reported by jmc@.
Sort NAME and SYNOPSIS to agree with .Dt and DESCRIPTION.
Unify parameter names.
Delete a sentence about an implementation detail that is no longer true.
Mention the length limitation of the *_string() variants.
|
