summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/objects (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add BGPSec Router (RFC 8209) Key Purpose OIDjob2021-09-112-0/+2
| | | | OK tb@
* Remove assignment of value that is never read.beck2021-09-011-2/+1
| | | | ok tb@
* Adjust libcrypto obj_xref.txt to obj_xref.hinoguchi2021-05-191-2/+2
| | | | | | | | | | | | To generate current obj_xref.h, third item of lines id_tc26_signwithdigest_gost3410_2012_256/512 should be id_GostR3410_2001. obj_xref.txt r1.2 and obj_xref.h r1.3 were committed at the same time, and these third item were coded different value each other. This adjusts obj_xref.txt to current obj_xref.h. ok tb@
* Improve libcrypto obj_xref.h generatorinoguchi2021-05-141-0/+4
| | | | | | | Modify objxref.pl to output $OpenBSD$ header and __BEGIN_HIDDEN_DECLS / __END_HIDDEN_DECLS . ok and comment from tb@
* Add obj_xref for ECDH schemes in RFC 5753inoguchi2021-05-122-1/+34
| | | | | | | | | | Found missing sigoid_srt record in crypto/objects/obj_xref.h, and this causes error while executing openssl cms -encrypt with EC key/cert. Added required definitions to obj_xref.txt and obj_xref.h. Issue reported by Theodore Wynnychenko (tmw <at> uchicago.edu) on misc. ok tb@
* Add draft-ietf-sidrops-rpki-rsc OIDjob2021-05-092-0/+2
| | | | | | | | Listed under 'SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)' https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 OK tb@
* Add OID for draft-ietf-opsawg-finding-geofeedsjob2021-02-032-0/+2
| | | | | | | | | https://tools.ietf.org/html/draft-ietf-opsawg-finding-geofeeds describes a mechanism to authenticate RFC 8805 Geofeed data files through the RPKI. OpenSSL counterpart https://github.com/openssl/openssl/pull/14050 OK tb@ jsing@
* Add a bunch of RPKI OIDsjob2021-02-022-1/+26
| | | | | | | | | | | | | RFC6482 - A Profile for Route Origin Authorizations (ROAs) RFC6484 - Certificate Policy (CP) for the RPKI RFC6493 - The RPKI Ghostbusters Record RFC8182 - The RPKI Repository Delta Protocol (RRDP) RFC8360 - RPKI Validation Reconsidered draft-ietf-sidrops-rpki-rta - A profile for RTAs Also in OpenSSL: https://github.com/openssl/openssl/commit/d3372c2f35495d0c61ab09daf7fba3ecbbb595aa OK sthen@ tb@ jsing@
* Add OIDs for HMAC using Streebog (GOST R 34.11-2012) hash function.jsing2020-06-052-0/+4
| | | | | | | | Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux ok inoguchi@ tb@
* Add support for additional GOST curves.jsing2020-06-052-4/+16
| | | | | | | | | | | | | These GOST curves are defined in RFC 7836 and draft-deremin-rfc4491-bis. Add aliases for 256-bit GOST curves (see draft-smyshlyaev-tls12-gost-suites) and rename the 512-bit curve ids to follow names defined in tc26 OID registry. Diff from Dmitry Baryshkov <dbaryshkov@gmail.com> Sponsored by ROSA Linux. ok inoguchi@
* Provide NID for pSpecified.jsing2019-11-012-0/+2
| | | | ok tb@
* Add objects for ECDH schemes in RFC 5753.jsing2019-09-052-0/+32
| | | | | | Based on OpenSSL 1.1.1b. ok inoguchi@ tb@
* snprintf/vsnprintf return < 0 on error, rather than -1.deraadt2019-07-031-3/+3
|
* Allocate fixed NIDs for SM3/SM4.jsing2019-04-191-0/+12
|
* Add the SM4 block cipher from the Chinese standard GB/T 32907-2016.tb2019-03-171-0/+16
| | | | | | | | This is an ISC licensed version based on the sources by Ribose Inc that were ported to OpenSSL in 2017. Patch from Daniel Wyatt with minor tweaks. ok inoguchi, jsing
* Fix OID for sm3WithRSAEncryption which was apparently mixed uptb2019-03-021-1/+1
| | | | | | with the OID for SM2 signing with SM3. From Daniel Wyatt
* Add Ribose Inc's implementation of the SM3 hashing function withtb2018-11-111-0/+5
| | | | | | | | | tweaks from jsing and myself. The SM2/SM3/SM4 algorithms are mandatory for legal use of cryptography within China and [are] widely applied in the country, covering identification/financial cards, contactless, TPM 2.0 and PKI. ok beck inoguchi jsing
* ASN1_OBJECTs should be freed with ASN1_OBJECT_free(3), not with free(3).tb2018-09-081-2/+2
| | | | ok inoguchi, jsing
* indent labelstb2018-09-082-8/+8
|
* missing word & a couple of typostb2018-09-081-3/+3
|
* Provide object identifier for chacha20-poly1305.jsing2018-03-172-0/+3
|
* Provide object identifiers for TLS cipher suite key exchange andjsing2018-03-172-0/+20
| | | | authentication.
* Add definitions for three OIDs used in EV certificates.jsing2017-05-252-0/+9
| | | | From Kyle J. McKay <mackyle at gmail dot com>
* Fix typo in issuingDistributionPoint description.jsing2017-02-281-1/+1
|
* Send the function codes from the error functions to the bit bucket,beck2017-01-294-23/+17
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Place {DECLARE,IMPLEMENT}_OBJ_BSEARCH{_GLOBAL,}_CMP_FN macros undefjsing2017-01-211-1/+5
| | | | LIBRESSL_INTERNAL.
* Expand DECLARE_OBJ_BSEARCH_CMP_FN and IMPLEMENT_OBJ_BSEARCH_CMP_FN macros.jsing2017-01-212-12/+92
| | | | No change to generated assembly excluding line numbers.
* OBJ_obj2txt() should return the total amount of space requiredinoguchi2016-12-221-5/+1
| | | | | reported by @rhenium on GitHub ok jsing@
* Explicitly export a list of symbols from libcrypto.jsing2016-12-211-1/+4
| | | | | | | | | | | | | | | | Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@
* Add objects for X25519, X448, Ed25519 and Ed448.jsing2016-11-052-0/+15
| | | | ok miod@
* remove unused OPENSSL_NO_OBJECT casebcook2016-07-171-14/+1
| | | | ok tedu@
* better fix for overrun reported by Qualys Security.tedu2015-10-141-4/+1
| | | | | | buf is at all times kept nul terminated, so there is no need to enforce this again upon exit. (no need to move buf around after we exahust space.) ok beck miod
* Bail out early if we have no buf_lenbeck2015-10-141-1/+5
| | | | ok miod@
* fix a memory leak reported by Qualys Security.tedu2015-10-141-3/+4
| | | | | | move the bndec variable in tighter since it's not used elsewhere in the loop, then always free it after use. ok bcook miod
* Ensure we don't write a 0 byte past end of the buffer in the error case.beck2015-10-141-3/+3
| | | | ok bcook@ deraadt@
* Coverity ID 78910 - Yet another stupid API designed to not show failures. do thebeck2015-07-181-6/+8
| | | | | | | | | | lease worst alternative and do nothing rather than dereference NULL, but having a function with fundamentally broken API to simply make a list of strings, sort them, and call a function with each string as an argument is really quite silly.... and of course it was exposed API that the ecosystem uses that we can't delete.. yet. ok miod@ doug@
* Remove more IMPLEMENT_STACK_OF noops that have been hiding for the lastjsing2015-02-101-2/+1
| | | | 15 years.
* GOST crypto algorithms (well, most of them), ported from the removed GOSTmiod2014-11-094-1/+34
| | | | | | | | | | | | engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov; libcrypto bits only for now. This is a verbatim import of Dmitry's work, and does not compile in this state; the forthcoming commits will address these issues. None of the GOST code is enabled in libcrypto yet, for it still gets compiled with OPENSSL_NO_GOST defined. However, the public header gost.h will be installed.
* Check the result of sk_*_push() operations for failure.miod2014-10-281-2/+6
| | | | ok doug@ jsing@
* Use strdup() instead of malloc() + memcpy().miod2014-10-071-8/+3
| | | | ok doug@ jsing@
* Fix CVE-2014-3508, pretty printing and OID validation:guenther2014-08-081-2/+7
| | | | | | | | | | | - make sure the output buffer is always NUL terminated if buf_len was initially greater than zero. - reject OIDs that are too long, too short, or not in proper base-127 Based on https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87 ok bcook@
* Fix OID encoding for single components. OpenSSL PR #2556 via OpenSSL trunk.miod2014-07-111-1/+1
| | | | (be sure to make cleandir and make includes before building)
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-112-7/+7
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-102-2/+7
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-102-3/+7
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* tags as requested by miod and teduderaadt2014-06-127-5/+7
|
* Remove various test stubs. The good ones have been moved by jsingderaadt2014-06-071-28/+0
| | | | | | and others to the regress framework. These remaining ones just muddle us up when re-reading code repeatedly. ok jsing
* malloc() result does not need a cast.deraadt2014-06-072-7/+7
| | | | ok miod
* Clean up some of the nightmare of string and pointer arithmatic inbeck2014-06-011-52/+36
| | | | | | | | | | | | | this nasty function. This gets rid of the nasty tmp variables used to hold temporary strings and the DECIMAL_SIZE hack. it gets rid of the rather pointless null checks for buf (since the original code dereferences it before checking). It also gets rid of the insane possibility this could return -1 when stuff is using the return values to compute lengths All the failure cases now return 0 and an empty string like the first error case in the original code. ok miod@ tedu@
* more: no need for null check before freederaadt2014-05-302-14/+7
| | | | ok tedu guenther
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-31 05:42:32 +0000