summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Use more consistent order for Init/Update/Finaltb2023-12-231-17/+17
| | | | | | | Consistently implement the _ex() version after the non-extended versions, First Cipher Init/Update/Final, then Encrypt, then Decrypt. This only switches the order of CipherFinal{,_ex} and move the DecryptInit* down, so they are no longer somewhere in the middle of the Encrypt* functions.
* Prefix get_trusted_issuer() with x509_vfy_tb2023-12-231-4/+3
|
* Remove two no longer necessary reminderstb2023-12-221-3/+1
| | | | | I guess I'm getting old. Next time I'll have to add a reminder not to forget to remove the reminder.
* Remove extra whitespace on two linestb2023-12-221-3/+3
|
* Add length checks for partial_lentb2023-12-221-6/+7
| | | | | | | These remove a few more potential out-of-bounds accesses and ensure in particular that the padding is between 1 and block_size (inclusive). ok joshua jsing
* Rename check_hosts()tb2023-12-221-3/+3
|
* Replace check_trust() with its x509_vfy_ prefixed wrappertb2023-12-221-11/+4
|
* Replace check_chain_extensions() with its x509_vfy_ wrappertb2023-12-221-8/+2
|
* Replace check_id() with its x509_vfy_check_id() wrappertb2023-12-221-9/+4
|
* Remove a bunch of function pointers from X509_STORE_CTXtb2023-12-222-42/+18
| | | | | | | | | These are only ever set to one particular function which is either local to this file or part of the public API and we never added the public API to set them to something else. Prefix the local functions touched in this commit with x509_vfy_. More cleanup to follow. ok joshua jsing
* Simplify some logic in EVP_EncryptInit_ex()tb2023-12-221-24/+28
| | | | | | | | | | Pull up the EVP_R_NO_CIPHER_SET check that was hidden somewhere down in the middle of the function. Handle the reuse case outside of the big non-NULL cipher case for now. This looks a bit odd but relies on the invariant that cipher_data is only set if the cipher is set. It will be reworked in a subsequent commit. ok jsing
* Clean up includes in cms_smime.ctb2023-12-221-7/+14
|
* evp_enc: make some flag checks explicittb2023-12-221-4/+4
| | | | ok joshua jsing
* Remove cleanup() and get_crl() from X509_STORE_CTXtb2023-12-222-15/+3
| | | | ok jsing
* Remove unused function pointers from X509_STOREtb2023-12-222-55/+11
| | | | | | | | | The struct underlying the X509_STORE type is opaque ars and nothing uses the accessors that OpenSSL added blindly for these. Therefore we didn't add them in the first place. So this rips out several dozens of lines of dead code. ok beck joshua jsing
* Remove EVP_PKEY_asn1_add{0,_alias}() documentationtb2023-12-214-78/+14
| | | | | | This API was recently neutered and will be removed in the next major bump. Mark it as intentionally undocumented in EVP_PKEY_asn1_new.3 and remove it from all other manuals.
* Mark some API-to-be-removed as intentionally undocumentedtb2023-12-211-2/+6
|
* Remove some superfluous parenthesestb2023-12-211-3/+3
|
* Clean up includes in cms_pwri.ctb2023-12-201-8/+10
|
* Use BIO_indent() for indentation in tasn_prn.ctb2023-12-201-10/+4
| | | | | | | | | | | | | | | Using a loop to print pieces of a static buffer containing 20 spaces to indent things is just silly. Even sillier is making this buffer const without looking what it's actually used for... There is BIO_indent() or BIO_printf() that can handle "%*s". Add a length check to preserve behavior since BIO_indent() succeeds for negattive indent. However, peak silliness must be how BIO_dump_indent_cb() indents things. That's for another day. ok jsing
* Rename impl into enginetb2023-12-201-4/+4
|
* Rename inl to in_len throughout the filetb2023-12-201-32/+32
|
* Rename outl into out_len throughout the filetb2023-12-201-32/+32
|
* Tweak a comment a bittb2023-12-201-3/+3
|
* Remove block_mask from EVP_CIPHER_CTXtb2023-12-202-7/+15
| | | | | | | The block mask is only used in EVP_{De,En}cryptUpdate(). There's no need to hang it off the EVP_CIPHER_CTX since it is easy to compute and validate. ok joshua jsing
* Add some sanity checks for EVP_CIPHER_meth_new()tb2023-12-201-1/+8
| | | | | | | Ensure that the nid and key length are non-negative and that the block size is one of the three sizes 1, 8, or 16 supported by the EVP subsystem. ok joshua jsing
* Merge p_open and p_seal into p_legacytb2023-12-204-247/+104
| | | | discussed with jsing
* Fold p_dec.c and p_enc.c into a new p_legacy.ctb2023-12-203-81/+16
| | | | discussed with jsing
* Less confusing variable names in EVP_PKEY_{de,en}crypt_old()tb2023-12-202-10/+10
| | | | ok jsing
* Improve local variable namestb2023-12-201-29/+29
| | | | | | | Rename the slightly awkward buf_offset into partial_len and rename buf_avail into partial_needed to match. suggested by jsing
* Rename buf_len into partial_len in EVP_CIPHER_CTXtb2023-12-202-11/+11
| | | | suggested by jsing
* Clean up EVP_DecryptFinal_ex()tb2023-12-201-32/+35
| | | | | | | | | | Rework the code to use the usual variable names, return early if we have block size 1 and unindent the remainder of the code for block sizes 8 and 16. Rework the padding check to be less acrobatic and copy the remainder of the plain text into out using memcpy() rather than a for loop. input/ok jsing
* Clean up EVP_EncryptFinal_ex()tb2023-12-201-16/+13
| | | | | | | This switches to the variable names used in other functions, adds a reminder to add a missing length check and uses memset for the padding. ok jsing
* Simplify EVP_DecryptUpdate() a bittb2023-12-201-26/+28
| | | | | | | | | | | | | | | This time the block size is called b and there's some awful length fiddling with fix_len, which until recently also served as store for the return value for do_cipher()... If we land on a block boundary, we keep the last block decrypted and don't count it as part of the output. So in the next call we need to feed it back in. Feeding it back in counts as output written this time around, so instead of remembering that we need to adjust outl, keep a tally of the bytes written. This way we can also do some overflow and underflow checking. ok jsing
* Remove commented out version of EVP_SealUpdate()tb2023-12-201-13/+1
|
* Remove preprocessor mess in EVP_PKEY_{de,en}crypt_old()tb2023-12-202-39/+8
| | | | | | | | This was done the worst possible way. It would be much simpler to invert the logic and use a single #ifdef. jsing prefers keeping the current logic and suggested we ditch the preprocessor mess altogether. ok jsing, claudio agreed with the initial diff
* Remove a changelog from 1991tb2023-12-201-8/+1
|
* DES_random_key() sets the keytb2023-12-203-71/+15
| | | | | There's no need to have 60 lines of license for 4 lines of actual code. Move DES_random_key() to set_key.c.
* Remove commented-out codetb2023-12-201-8/+1
|
* cmac: use block_size rather than bltb2023-12-181-35/+36
| | | | This is purely mechanical apart from a single line wrap.
* Clean up EVP_PBE_CipherInit() a littletb2023-12-181-25/+18
| | | | | | | | This is mostly stylistic cleanup, making the control flow a bit more obvious. There's one user-visible change: we no longer go out of our way to provide info about the unknown algorithm. The nid is enough. ok joshua jsing
* ASN1_STRING_TABLE_get.3: grammar: have -> hastb2023-12-161-2/+2
|
* EVP_EncryptUpdate(): make block_size and block_mask consttb2023-12-161-3/+3
| | | | suggested by millert
* First cleanup pass over EVP_EncryptUpdate()tb2023-12-161-36/+37
| | | | | | | | | Use more sensible variable names in order to make the logic a bit easier to follow. The variables may be renamed in a later pass. Unindent a block that was squeezed too much to the right and make a few minor stylistic tweaks. ok jsing
* Move EVP_PBE_find() next to the tablestb2023-12-161-46/+46
| | | | | | | There is no point in having EVP_PBE_CipherInit() between the table and the lookup functions (which it notably uses). No code change.
* Remove OBJ_bsearch_() usage from PBEtb2023-12-161-79/+175
| | | | | | | | | Split the table of built-in password based encryption algorithms into two and use a linear scan over the table corresponding to the type specified in EVP_PBE_find()'s type argument. Use better variable names, make the API a bit safer and generally reduce the eye bleed in here. ok jsing
* Using two different spellings of NULL in the same line is an achievementtb2023-12-161-2/+2
|
* Annotate incorrect value for ub_email_addresstb2023-12-162-3/+8
| | | | | | | | | | | | | | | | | The ub_email_address upper bound, 128, returned for NID_pkcs9_emailAddress, doesn't match the PKCS#9 specification where it is 255. This was adjusted in RFC 5280: The ASN.1 modules in Appendix A are unchanged from RFC 3280, except that ub-emailaddress-length was changed from 128 to 255 in order to align with PKCS #9 [RFC2985]. Nobody seems to have noticed so far, so leave it at an XXX and a BUGS entry for now. It also clearly has the wrong name. Another mystery is why the RFCs suffix some upper bounds with length, but not others. Also, OpenSSL chose to be inconsistent with that, because inconsistency is one of the few things this library is really good at.
* Neuter the ASN1_STRING_TABLE modification APItb2023-12-161-133/+16
| | | | | | | | This is complete nonsense that nothing's ever used except for a test by schwarze. It will be removed in the next major bump. What remains could be moved to a simple lookup table in security/xca... ok jsing
* Remove call to ASN1_STRING_TABLE_cleanup()tb2023-12-161-2/+1
| | | | | | | | In a few minutes, the string table will no longer have anything to clean up and ASN1_STRING_TABLE_cleanup() will push an error on the stack. So remove this pointless call in the still too complicated OPENSSL_cleanup(). ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-05 08:06:08 +0000