| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
This makes all structs in bn.h opaque that are also opaque in OpenSSL.
ok inoguchi jsing
|
| |
|
|
|
|
|
| |
Pointed out by schwarze. How something with this name ever made
its way into a public header will remain a mystery.
ok inoguchi jsing
|
| |
|
|
|
|
| |
Suggested by schwarze
ok inoguchi jsing
|
| |
|
|
|
|
|
| |
These are leftovers of the old ASN.1 stuff. Nothing uses this.
OpenSSL removed them in a469a677.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
| |
Inline X509_OBJECT_free_contents() in X509_OBJECT_free() and
remove this dangerous API. It was left over when x509_vfy.h
was made opaque.
ok inoguchi jsing
|
| |
|
|
|
|
| |
This unused, bug-ridden API was removed in OpenSSL commit 0674427f.
ok inoguchi jsing
|
| |
|
|
|
| |
This marks the start of major surgery in libcrypto. Do not attempt to
build the tree for a while (~50 commits).
|
| |
|
|
|
|
| |
to internal only soon. Stop documenting them.
ok inoguchi jsing
|
| | |
|
| |
|
|
| |
looks good to jsing
|
| |
|
|
|
|
|
|
| |
As suggested by schwarze, this removes
X509_EX_V_{INIT,NETSCAPE_HACK} and X509_EXT_PACK_{STRING,UNKNOWN}
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
| |
This allows implementations to add their own EVP_MD_METHODs.
Only the setters are provided.
This is used by erlang for the otp_test_engine.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This implements checking of a public key and of key generation
parameters for DH and EC keys. With the same logic and setters
and const quirks as for EVP_PKEY_check().
There are a couple of quirks: For DH no default EVP_PKEY_check()
is implemented, instead EVP_PKEY_param_check() calls DH_check_ex()
even though DH_param_check_ex() was added for this purpose.
EVP_PKEY_public_check() for EC curves also checks the private key
if present.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DH_check{,_pub_key}_ex() wrap their non-ex versions to translate
the flags argument of the original functions into OpenSSL errors.
For this almost a dozen new error codes need to be added.
DH_params_check{,_ex}() is a new version of DH_check that only
performs a cheap subset of the checks.
They are needed to implement EVP_PKEY_{public,param}_check()
(observe the consistent naming) although the actual implementation
of EVP_PKEY_param_check() chose to use DH_check_ex().
As far as I can tell, the only raison d'ĂȘtre of the _ex functions
and error codes is to spew them to stderr in a couple of openssl(1)
commands. This couldn't have been solved differently...
These functions will not be exposed publicly.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows checking the validity of an EVP_PKEY. Only RSA and EC keys
are supported. If a check function is set the EVP_PKEY_METHOD, it will
be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is
used. The default ASN.1 methods wrap RSA_check_key() and
EC_KEY_check_key(), respectively.
The corresponding setters are EVP_PKEY_{asn1,meth}_set_check().
It is unclear why the PKEY method has no const while the ASN.1 method
has const.
Requested by tobhe and used by PHP 8.1.
Based on OpenSSL commit 2aee35d3
ok inoguchi jsing
|
| |
|
|
|
|
|
|
| |
NULL out two pointer values after memcpy() to avoid a double free.
In the event that both in->pctx and in->md_data are non-NULL and
the calloc() of out->md_data fails, a double free could occur.
ok inoguchi jsing
|
| | |
|
| |
|
|
|
|
| |
Part of OpenSSL commit 464d59a5
ok inoguchi jsing
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
|
|
| |
be needed.
discussed with jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This API with very strange ownership handling is used by Ruby 3.1,
unfortunately.
For unclear reasons, it was decided that the caller retains ownership of
the pctx passed in. EVP_PKEY_CTX aren't refcounted, so a flag was added to
make sure that md_ctx->pctx is not freed in EVP_MD_CTX_{cleanup,reset}().
Since EVP_MD_CTX_copy_ex() duplicates the md_ctx->pctx, the flag also needs
to be unset on the duplicated EVP_MD_CTX.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
| |
OBJ_length() turns the int obj->length into a size_t, so add
an overflow check. While obj->length should never be negative,
who knows...
ok jsing
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
|
|
| |
where it will be needed in the upcoming bump.
discussed with jsing
|
| |
|
|
|
|
| |
that will need it in the upcoming bump.
discussed with jsing
|
| | |
|
| |
|
|
|
|
| |
including the local header where it will be needed.
discussed with jsing
|
| |
|
|
|
|
| |
it will be needed in the upcoming bump.
discussed with jsing
|
| | |
|
| |
|
|
|
|
| |
that will need it in the upcoming bump.
discussed with jsing
|
| |
|
|
| |
ok inoguchi@ tb@
|
| | |
|
| |
|
|
|
| |
Adjust a comment to reality, zap a stray empty line and fix whitespace
before comment after #endif
|
| |
|
|
|
|
| |
Used by Qt5 and Qt6 and slightly reduces the patching in there.
ok inoguchi jsing
|
| |
|
|
|
|
| |
Needed by freerdp.
ok inoguchi jsing
|
| |
|
|
|
|
|
| |
This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will
be exposed in the upcoming bump.
ok inoguchi jsing
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
|
|
| |
Will be needed by openssl(1) dhparam.
ok inoguchi jsing
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
These are accessors that allow getting one specific DH member. They are
less error prone than the current getters DH_get0_{pqg,key}(). They
are used by many ports and will also be used in base for this reason.
Who can remember whether the pub_key or the priv_key goes first in
DH_get0_key()?
ok inoguchi jsing
|
| |
|
|
|
|
| |
This will be needed in libssl and freerdp after the next bump.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
| |
as well as the X509_STORE_CTX_verify_cb and X509_STORE_CTX_verify_fn types
This will fix the X509_STORE_set_verify_func macro which is currently
broken, as pointed out by schwarze.
ok inoguchi jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
suggested by jsing
|
