| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
keys when signing. This is due to BN_mod_inverse() being used without the
constant time flag being set.
This issue was reported by Cesar Pereida Garcia and Billy Brumley
(Tampere University of Technology). The fix was developed by Cesar Pereida
Garcia.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
While OpenSSL does not document them, they are public in <openssl/asn1.h>,
and OpenSSL does document the related decoders and encoders.
It makes no sense to me to document object methods without documenting
the public constructors as well.
While here:
Bugfix: The type assigned by ASN1_STRING_new() was wrong.
Remove implementation details.
Add small amounts of useful auxiliary information.
|
| |
|
|
|
|
| |
supports it as long as it's marked as unified syntax.
ok bcook@ kettenis@
|
| |
|
|
|
|
|
|
| |
All four functions are listed in <openssl/asn1.h>
and in OpenSSL doc/man3/d2i_X509.pod.
Note that in the OpenSSL documentation,
three of the four prototypes are incorrect.
|
| |
|
|
|
|
|
| |
about it and it's ok to remove it. This only came up as our clang
is targeted at armv7 which enables the NEON instructions.
ok kettenis@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Better one-line description.
Specify the correct header file.
Same parameter names as in ASN1_item_d2i(3).
Lots of new information.
The ASN1_OBJECT interfaces appear specifically designed to maximize
the number and subtlety of traps, maybe in order to trap the wary
along with the unwary. All the quirks, caveats, and bugs of
ASN1_item_d2i(3) apply, and there are three additional ones on top
in this page.
It looks like that design approach was so successful that the designers
managed to trap even themselves: see the new BUGS section.
|
| |
|
|
|
|
|
|
|
|
| |
and OBJ_create(3) really do rather than making broad and incomplete
statements that are only true in some cases.
Improve the one-line descriptions.
Some minor wording improvements while here.
There is obviously more work to do in the vicinity...
|
| |
|
|
|
| |
both listed in <openssl/asn1.h> and in OpenSSL doc/man3/d2i_X509.pod.
Minor wording improvements while here.
|
| |
|
|
|
|
|
|
|
|
|
| |
does not document them. By being in <openssl/asn1.h>, they are
public, and it makes no sense to document accessors but not document
constructors and destructors.
Improve the one-line description.
Mention various missing details.
Many wording improvements.
Add some cross references.
|
| |
|
|
|
|
| |
return code of a function in a man page. Let's remove the ambiguity and
half truths in here.
ok jsing@
|
| |
|
|
|
|
|
| |
and X509_verify_cert - We at least make it so an an init'ed ctx is not
"valid" until X509_verify_cert has actually been called, And we make it
impossible to return success without having the error set to ERR_V_OK.
ok jsing@
|
| |
|
|
|
|
| |
when we went to alternate cert chains. this correctly does not clobber
the ctx->error when using an alt chain.
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- print/sort using the full certificate subject rather than a pretty-printed
subset (as done in the current version of format-pem.pl); previously this was
resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA
accidentally getting dropped in r1.10; problem found by Steven McDonald
- remove CA certificates that are no longer present in the CA store of the
release branch of Mozilla - possible now that libressl has support for
alternate chains (libcrypto/x509/x509_vfy.c r1.52)
- add new CA certificates from Mozilla's store from those organisations
which we already list
|
| |
|
|
| |
LIBRESSL_INTERNAL.
|
| | |
|
| |
|
|
| |
assembly.
|
| |
|
|
|
|
|
|
| |
assembly. Of particular interest is ASN1_ITEM_ptr which does nothing
and resulted in code like:
if (method->it)
ASN1_ITEM_free(..., ASN1_ITEM_ptr(method->it));
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Both functions are listed in <openssl/asn1.h>
and in OpenSSL doc/man3/d2i_X509.pod.
After reading the code, i'm not amused. You wouldn't think that
it might take eight stack levels to decode a constant sixteen bit
value that does not even allow a single content octet, or would
you? Nota bene, this is an average of four stack levels for each
non-zero bit decoded... :-(
|
| |
|
|
|
| |
encoding functions from scratch. All 46 functions are listed
in OpenSSL doc/man3/d2i_X509.pod.
|
| | |
|
| | |
|
| |
|
|
| |
both listed in <openssl/x509.h> and in OpenSSL doc/man3/d2i_X509.pod.
|
| |
|
|
|
| |
d2i_X509_REVOKED(3), and i2d_X509_CRL_INFO(3), all listed in
<openssl/x509.h> and in OpenSSL doc/man3/d2i_X509.pod.
|
| |
|
|
|
| |
Use simpler standard wordings.
Add X.509 references.
|
| | |
|
| |
|
|
|
|
| |
Improve the one-line description.
Use the standard wordings in some places.
Complete the RETURN VALUES section.
|
| |
|
|
|
| |
from scratch. All six functions are listed in <openssl/x509.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
| |
|
|
|
|
| |
in this page - but do include documentation for immediate
subobjects that are used nowhere else. All six functions
listed in <openssl/x509.h> and in OpenSSL doc/man3/d2i_X509.pod.
|
| |
|
|
|
|
|
|
|
|
| |
Improve .Nd.
Sort functions.
Use the same parameter names as in ASN1_item_d2i(3).
Point to ASN1_item_d2i(3) for all he details.
Delete all the information that's now in ASN1_item_d2i(3).
Add missing entries to the RETURN VALUES section.
Add STANDARDS section.
|
| |
|
|
|
|
|
|
|
|
|
| |
Also document d2i_PKCS8_bio(3), i2d_PKCS8_bio(3), d2i_PKCS8_fp(3),
and i2d_PKCS8_fp(3) while here, listed in <openssl/x509.h>
and in OpenSSL doc/man3/d2i_X509.pod.
No, these functions have nothing to do with the many other d2i_PKCS8*(3)
functions all around, and nothing with PKCS#8 at all in the first place.
Read the BUGS section. I couldn't make this stuff up.
|
| |
|
|
|
|
| |
with i2d_PKCS8PrivateKeyInfo_bio(3).
While here, polish the cross references.
|
| |
|
|
|
|
|
|
| |
listed in <openssl/x509.h> and in OpenSSL doc/man3/d2i_X509.pod.
These functions are very similar to i2d_PrivateKey(3) but very
different from i2d_PKCS8PrivateKey_bio(3), that's why they go into
this manual page and not into the other one. When the naming was
decided, somebody clearly considered too briefly or too long.
|
| |
|
|
|
| |
These six function are listed in <openssl/x509.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
| |
|
|
|
| |
from scratch. All these functions are listed in <openssl/ocsp.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
| |
|
|
|
| |
from scratch. All functions listed in <openssl/ts.h>
and in OpenSSL doc/man3/s2i_X509.pod.
|
| | |
|
| | |
|
| |
|
|
| |
preprocessor output, excluding line numbers and newlines.
|
| |
|
|
| |
preprocesssor output.
|
| |
|
|
|
| |
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.
|
| | |
|
| | |
|
| | |
|
