summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Update the opensslfeatures.h to include all of the OPENSSL_NO_* flags thatjsing2018-11-041-8/+84
| | | | | | | | | | currently exist in OpenSSL - comment out that ones that we do not already define. Some OPENSSL_NO_* flags that we define have been removed from OpenSSL (and code that depended on these to know when features are not available now think that the features have been enabled...). We keep these defined but in their own separate group. ok bluhm@ tb@
* Reformat and sort the OPENSSL_NO_* defines.jsing2018-11-041-25/+25
|
* move X509_get0_serialNumber where it belongstb2018-11-021-1/+1
|
* whitespacetb2018-11-021-2/+2
|
* Bump libcrypto/libssl/libtls majors due to symbol removals (libcrypto)jsing2018-10-241-2/+2
| | | | and changes to struct visibility/sizes (libssl).
* Remove a GOST data symbol that should not be exported.jsing2018-10-241-1/+0
|
* Remove a bunch of ancient and highly crufty ASN.1 related code fromjsing2018-10-249-1633/+22
| | | | | | libcrypto (the "new" stuff replaced this back around 2000 or so...). ok tb@
* Remove stack related macros that should have been nuked whenjsing2018-10-241-333/+1
| | | | {CMS,KRB5,SRP} were removed.
* Avoid calling memcpy with a length <= 0. Reported due to a GCC 7.3.0tb2018-10-201-5/+6
| | | | | | | compiler warning by Pavel Kraynyukhov. A similar fix was made in OpenSSL commit 369e93398b68b8a328e6c1d766222b. ok inoguchi
* RFC 3394 section 2 states that we need at least two 64 bit blockstb2018-10-201-6/+6
| | | | | | | | | | | | | | for wrapping and, accordingly, three 64 bit blocks for unwrapping. That is: we need at least 16 bytes for wrapping and 24 bytes for unwrapping. This also matches the lower bounds that OpenSSL have in their CRYPTO_128_{un,}wrap() functions. In fact, if we pass an input with 'inlen < 8' to AES_unwrap_key(), this results in a segfault since then inlen -= 8 underflows. Found while playing with the Wycheproof keywrap test vectors. ok bcook
* bump for LibreSSL 2.8.2bcook2018-09-301-3/+3
|
* bump for LibreSSL 2.8.1libressl-v2.8.1bcook2018-09-231-3/+3
|
* Simplify initialization of asn1_cb; use correct spelling of NULL.tb2018-09-171-4/+2
|
* sync with mozilla-release (one removal, TURKTRUST, more details atsthen2018-09-121-48/+1
| | | | | | https://bugzilla.mozilla.org/show_bug.cgi?id=1439127) ok danj guenther millert
* tweak previous;jmc2018-09-122-4/+4
|
* Add some accessor functions:djm2018-09-128-17/+138
| | | | | | RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv() feedback and ok jsing@ tb@
* ASN1_OBJECTs should be freed with ASN1_OBJECT_free(3), not with free(3).tb2018-09-081-2/+2
| | | | ok inoguchi, jsing
* indent labelstb2018-09-082-8/+8
|
* missing word & a couple of typostb2018-09-081-3/+3
|
* use timing-safe compares for checking results in signature verificationdjm2018-09-054-9/+10
| | | | | | (there are no known attacks, this is just inexpensive prudence) feedback and ok tb@ jsing@
* Elliptic curve arithmetic only makes sense between points that belong totb2018-09-021-1/+5
| | | | | | | | | | | | the same curve. Some Wycheproof tests violate this assumption, making ECDH_compute_key() compute and return garbage. Check that pub_key lies on the curve of the private key so that the calculations make sense. Most paths that get here have this checked (in particular those from OpenSSH and libssl), but one might get here after using d2i_* or manual computation. discussed with & ok jsing; "good catch!" markus
* Tweak comment.tb2018-09-011-5/+2
|
* Remove extra "and" in "These functions and have been available"tb2018-08-281-3/+3
|
* fix the same "an non" issue found by tb in EVP_EncryptInit.3;jmc2018-08-261-3/+3
|
* Some of the functions in this manual need <openssl/dsa.h>, otherstb2018-08-261-3/+45
| | | | | | | | | need <openssl/x509.h>. The functions {d2i,i2d}_DSA_params_{bio,fp}(3) were missing from the manual, so document them. The return values of the i2d_* functions are left undocumented, as these still need to be audited. ok schwarze (lots of input and help as usual)
* typo: an nonce -> a noncetb2018-08-261-3/+3
|
* crank majors after symbol addition/modification/removaltb2018-08-241-2/+2
|
* Add const to EVP_PKCS82PKEY().tb2018-08-242-4/+4
| | | | | tested in a bulk by sthen ok jsing
* Add consts to EVP_PKEY_asn1_set_private()tb2018-08-248-16/+16
| | | | | | | | | Requires adding a const to the priv_decode() member of EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode() functions. All this is already documented this way. tested in a bulk build by sthen ok jsing
* After removing support for broken PKCS#8 formats (it was high time),tb2018-08-247-22/+19
| | | | | | | | we can add const to PKCS8_pkey_get0(). In order for this to work, we need to sprinkle a few consts here and there. tested in a bulk by sthen ok jsing
* Remove EVP_PKEY2PKCS8_broken() and PKCS8_set_broken()tb2018-08-245-98/+46
| | | | | | | | | | | Provide PKCS8_pkey_add1_attr_by_NID() and PKCS8_pkey_get0_attrs(). Remove the whole broken code and simplify pkcs8_priv_key_info_st accordingly. Based on OpenSSL commit 54dbf42398e23349b59f258a3dd60387bbc5ba13 plus some const that was added later. tested in a bulk build by sthen ok jsing
* Document const change for OCSP_cert_to_id()tb2018-08-241-4/+4
| | | | ok jsing
* Add const to two arguments of OCSP_cert_to_id()tb2018-08-242-6/+7
| | | | | tested in a bulk by sthen ok jsing
* Provide X509_get0_serialNumber()tb2018-08-243-2/+10
| | | | | tested in a bulk by sthen ok jsing
* Turn a number of #defines into proper functions with prototypes matchingtb2018-08-245-18/+80
| | | | | | those that OpenSSL has had for ages. ok jsing
* Change PEM_Sign{Init,Update}() to return an int.tb2018-08-242-8/+8
| | | | | tested in a bulk by sthen ok jsing
* Check return value of EVP_EncodeUpdate() in PEM_write_bio().tb2018-08-241-2/+3
| | | | ok jsing
* Check return value of EVP_EncodeUpdate() in b64_write().tb2018-08-241-3/+4
| | | | ok jsing
* Convert EVP_EncodeUpdate() to return an int to allow for errortb2018-08-242-8/+10
| | | | | | | | | checking. Matches our documented behavior. Based on OpenSSL commit c5ebfcab713a82a1d46a51c8c2668c419425b387 tested in a bulk by sthen ok jsing
* Provide EVP_CIPHER_CTX_encrypting().tb2018-08-243-2/+10
| | | | | tested in a bulk by sthen ok jsing
* Document prototype change and return values for BIO_set_cipher()tb2018-08-241-3/+5
| | | | ok jsing
* Return an int in BIO_set_cipher() to be able to report errors.tb2018-08-242-13/+22
| | | | | tested in a bulk by sthen ok jsing
* In DSO_up_ref(), check return value of CRYPTO_add() and reporttb2018-08-241-3/+5
| | | | | | failure accordingly. ok jsing
* In ENGINE_up_ref(), check return value of CRYPTO_add() and reporttb2018-08-241-3/+5
| | | | | | failure accordingly. ok jsing
* Document new prototype and return values of X509_OBJECT_up_ref_count()tb2018-08-241-3/+6
| | | | ok jsing
* Make X509_OBJECT_up_ref_count return an int.tb2018-08-242-9/+7
| | | | | | | Based on OpenSSL commit c5ebfcab713a82a1d46a51c8c2668c419425b387 tested in a bulk by sthen ok jsing
* Update documentation of CRYPTO_mem_leaks*.tb2018-08-241-6/+12
| | | | ok jsing
* Let CRYPTO_mem_leaks{,_fp,_cb}() return -1.tb2018-08-242-12/+12
| | | | | | | | | These functions are no-ops. Their signature was changed by OpenSSL to allow error checking. This way we return an error and do not indicate the (non-)existence of memory leaks. tested in a bulk by sthen ok jsing
* Don't leak sktmp in X509_verify_cert().tb2018-08-191-5/+5
| | | | | | CID #118791 ok jsing mestre
* whitespace fixtb2018-08-191-2/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-29 07:06:50 +0000