summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* some cleanup:schwarze2019-08-121-44/+75
| | | | | | | * add missing STANDARDS section * avoid repetitions and jumping back and forth among functions * describe the difference between 0 and 1 more precisely and more concisely * mark up the ASN.1 type and field names
* Provide a local version of X509_get0_subject_key_id()jsing2019-08-121-3/+11
| | | | | It seems that the CMS code is currently the only code in existence that uses this function.
* Inline the equivalent of ASN1_TYPE_unpack_sequence().jsing2019-08-121-3/+6
|
* correct a misspelled page name in an .Xr;schwarze2019-08-121-3/+3
| | | | it looks like this was the last bad .Xr in *CMS*(3)
* correct misspelled page name in an .Xrschwarze2019-08-121-3/+3
|
* Fix .Xrs to non-existant pages by correcting the misspelled functionschwarze2019-08-121-43/+83
| | | | | | names and documenting these two functions, CMS_decrypt_set1_pkey(3) and CMS_decrypt_set1_key(3) right here in this same page. While here, simplify and improve some wording.
* These public functions are listed in the OpenSSL manuals but notschwarze2019-08-122-0/+257
| | | | actually documented, so write the documentation from scratch.
* merge a few minor improvements from the OpenSSL 1.1.1 branch,schwarze2019-08-121-15/+35
| | | | | | | | | | which is still under a free license: * mention pem_password_cb in NAME and SYNOPSIS * recommend -1 as pem_password_cb error return for OpenSSL compat * minor improvements to the pass_cb() example code * mention that the pass phrase is just a byte sequence * and minor wording and markup improvements
* Use ERR_asprintf_error_data() instead of ERR_add_error_data().jsing2019-08-111-3/+3
|
* Remove unsupported GOST 2012 NIDs.jsing2019-08-111-3/+1
|
* Disable DES3 since we do not currently provide DES3 keywrap.jsing2019-08-111-1/+7
|
* Remove label that is now unused (due to arc4random_buf() returning void).jsing2019-08-111-3/+2
|
* Fix loading of CMS error strings.jsing2019-08-111-5/+5
|
* Bring back stack macros for CMS structs.jsing2019-08-111-1/+111
|
* Provide ASN1_PKEY_CTRL_CMS_RI_TYPE.jsing2019-08-111-1/+2
|
* bring HISTORY sections up to OpenBSD standardsschwarze2019-08-1121-78/+129
|
* Include string.h for explicit_bzero().jsing2019-08-112-2/+6
|
* Expand M_ASN1_new_of and M_ASN1_free_of macros.jsing2019-08-119-39/+39
|
* Use arc4random_buf() instead of RAND_bytes().jsing2019-08-113-12/+8
| | | | This also removes return checks since arc4random_buf() does not fail.
* Include string.h for memcmp()/memcpy().jsing2019-08-115-5/+15
|
* Use freezero() rather than OPENSSL_clear_free().jsing2019-08-115-15/+15
|
* Use explicit_bzero() instead of OPENSSL_cleanse().jsing2019-08-112-5/+5
|
* Use malloc(3) and free(3), rather than OPENSSL_{malloc,free}().jsing2019-08-116-33/+33
|
* Convert CMSerr() to CMSerror().jsing2019-08-1111-240/+191
|
* Switch ASN.1 INT32 back to LONG.jsing2019-08-112-28/+28
|
* Expand a new macro that tried to get away...jsing2019-08-111-2/+8
|
* Expand ASN.1 macros.jsing2019-08-118-273/+1544
|
* We use DECLARE_STACK_OF rather than DEFINE_STACK_OF.jsing2019-08-112-7/+7
|
* Unlike OpenSSL we do not have our own special ssize_t.jsing2019-08-113-9/+9
|
* Re-convert and re-import the CMS manual pages from OpenSSL 1.1.1schwarze2019-08-1021-0/+3388
| | | | | | | (which are still under a free license) with pod2mdoc(1) now that jsing@ has begun work to provide these APIs. Some formatting was improved and some typos were fixed, but apart from that, little was changed, so there is still much to polish.
* Fix style(9) and whitespace.jsing2019-08-101-210/+205
|
* More style(9) and whitespace.jsing2019-08-101-335/+294
|
* More style(9), whitespace and readability fixes.jsing2019-08-1014-675/+903
| | | | Files are identical once whitespace and newlines are removed.
* First pass at style(9).jsing2019-08-1014-4174/+4174
| | | | Whitespace only and no change according to diff -w.
* Fix includes for non-installed headers.jsing2019-08-109-25/+25
|
* Include cms.h instead of cmserr.h.jsing2019-08-101-2/+2
|
* Add $OpenBSD$ tag.jsing2019-08-101-0/+1
|
* Restore the per-file license for cms.h.jsing2019-08-101-5/+49
| | | | | This reverts the removal from OpenSSL 21dcbebc6e35419f1842f39a125374ea1ba45693.
* Provide cms.h.jsing2019-08-101-0/+515
| | | | | This is OpenSSL 1.1.1 cms.h and cmserr.h combined, essentially reverting OpenSSL 52df25cf2e656146cb3b206d8220124f0417d03f.
* Add $OpenBSD$ tags.jsing2019-08-1015-0/+15
|
* Restore the original per-file licenses for CMS.jsing2019-08-1014-70/+686
| | | | These were removed in OpenSSL b1322259d93cf6b6286f9febcd468b6a9f577d91.
* Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto.jsing2019-08-1015-0/+6172
| | | | | | | | | | | | | | | | Cryptographic Message Syntax (CMS) is a standard for cryptographically protecting messages, as defined in RFC 5652. It is derived from PKCS #7 version 1.5 and utilises various ASN.1 structures, making it complex and fairly heavyweight. Various protocols - including RPKI (RFC 6480) - have been built on top of it, which means it is necessary to support CMS, in order to support RPKI. This imports around 6,000 lines of code from OpenSSL 1.1.1, which is still under the original OpenSSL license. Further work will occur in tree. Requested by and discussed with many. ok deraadt@ tb@
* explain the acronym "CRT"; suggested by tb@schwarze2019-07-132-6/+8
|
* Using pthread_atfork instead of __register_atfork with uClibc on noMMUinoguchi2019-07-111-2/+2
| | | | | | | | uClibc on noMMU doesn't provide __register_atfork(). Reported by redbirdtek on Github issue. https://github.com/libressl-portable/portable/issues/538 ok bcook@
* Clean up pvkfmt.cinoguchi2019-07-081-63/+66
| | | | | | | | | | | - Replace EVP_CIPHER_CTX_init with EVP_CIPHER_CTX_new and handle return value - Replace EVP_CIPHER_CTX_cleanup with EVP_CIPHER_CTX_free - Change two 'return -1;' to 'goto err;' for avoiding leak - Remove the case if enclevel == 0 - Change enclevel checking to make more consistent - Change all goto label to 'err' and insert space before goto label ok and advise from tb@
* Fix pvk format processing in libcryptoinoguchi2019-07-071-11/+11
| | | | | | | | - Return the valid pointer in i2b_PVK() - Use EVP_Decrypt* instead of EVP_Encrypt* - Fix error handling after BIO_write() in i2b_PVK_bio() ok tb@
* snprintf/vsnprintf return < 0 on error, rather than -1.deraadt2019-07-032-5/+5
|
* Add cpuid support for arm64 so that we can recognize whichpatrick2019-07-023-3/+57
| | | | | | hardware crypto features are available. "no objections" kettenis@
* failed to detect asprintf() error by observing return of -1, instead thederaadt2019-06-281-6/+3
| | | | | code was inspecting the pointer (which is, sadly, undefined on error, because the current specification of asprintf is crazy sloppy)
* Make BN_num_bits_word() constant time.tb2019-06-171-48/+18
| | | | | | | | | | | | | | | | | Previously, this function would leak the most significant word of its argument due to branching and memory access pattern. This patch is enough to fix the use of BN_num_bits() on RSA prime factors in the library. The diff is a simplified and more readable (but perhaps less efficient) version of https://github.com/openssl/openssl/commit/972c87df by Andy Polyakov and David Benjamin (pre license change). Consult that commit message for details. Subsequent fixes to follow in the near future. Issue pointed out by David Schrammel and Samuel Weiser as part of a larger report. tests & ok inoguchi, ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-21 09:41:56 +0000