summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Document the read-only (sic!) accessor function X509_NAME_ENTRY_set(3).schwarze2021-07-021-9/+77
| | | | | While here, stress that X509_NAME objects cannot share X509_NAME_ENTRY objects, and polish a few misleading wordings.
* Add a roff comment saying that X509_certificate_type(3) is intentionallyschwarze2021-07-021-2/+5
| | | | | | undocumented. It is archaic and practically unused and unusable. tb@ and jsing@ agree with marking it as undocumented. Put the comment here because EVP_PKEY_base_id(3) is a viable alternative.
* call the API function X509_NAME_cmp(3) instead of the obsolete,schwarze2021-07-021-2/+2
| | | | | | undocumented macro alias X509_name_cmp(3); no change to the assembler code generated by the compiler; OK tb@
* Add a roff comment saying that X509_name_cmp(3) is intentionallyschwarze2021-07-021-2/+4
| | | | | undocumented because it is almost unused in real-world code. OK tb@
* document and deprecate the macros X509_extract_key(3)schwarze2021-06-301-6/+35
| | | | and X509_REQ_extract_key(3), using feedback from tb@ and jsing@
* space between macro args and punctuation;jmc2021-06-121-3/+3
|
* space between RFC and number;jmc2021-06-111-3/+3
|
* sync cert.pem with Mozilla's CA list generated from certdata.txtsthen2021-06-111-476/+163
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (certificates with the "server auth" trust purpose permitted). ok tb@ -AC Camerfirma S.A. - /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008 - /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008 - FNMT-RCM /C=ES/O=FNMT-RCM/OU=AC RAIZ FNMT-RCM + /C=ES/O=FNMT-RCM/OU=Ceres/2.5.4.97=VATES-Q2826004J/CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS -GeoTrust Inc. - /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA - /C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G2 - GlobalSign nv-sa + /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root E46 + /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root R46 /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA Staat der Nederlanden /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden EV Root CA - /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G3 Unizeto Technologies S.A. /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA + /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2 - -VeriSign, Inc. - /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority (Note, "Staat der Nederlanden Root CA - G3" was changed to email trust only, so is removed from this due to it only listing "server auth" purposes).
* Fix pkg-config .pc files with LibreSSLinoguchi2021-06-081-2/+2
| | | | | | | | In libssl.pc, Libs: should not have '-lcrypto', and Requires.private: should have it as 'libcrypto'. openssl.pc does not need Libs: and Cflags:, but should have Requires:. OK millert@
* EVP_Digest*: fix documented return values.tb2021-05-202-10/+6
| | | | | | | | | | EVP_DigestSign{,Init,Update,Final}() and EVP_DigestVerify{Init,Update}() always returned 1 for success and 0 for failure. EVP_DigestVerify() and EVP_DigestVerifyFinal() can return -1 or -2, though. Based on OpenSSL 1.1.1 56c59ddd99da05c2f30832cccaffb873a8481555 ok inoguchi
* Adjust libcrypto obj_xref.txt to obj_xref.hinoguchi2021-05-191-2/+2
| | | | | | | | | | | | To generate current obj_xref.h, third item of lines id_tc26_signwithdigest_gost3410_2012_256/512 should be id_GostR3410_2001. obj_xref.txt r1.2 and obj_xref.h r1.3 were committed at the same time, and these third item were coded different value each other. This adjusts obj_xref.txt to current obj_xref.h. ok tb@
* whitespace/KNFtb2021-05-141-4/+4
|
* Improve libcrypto obj_xref.h generatorinoguchi2021-05-141-0/+4
| | | | | | | Modify objxref.pl to output $OpenBSD$ header and __BEGIN_HIDDEN_DECLS / __END_HIDDEN_DECLS . ok and comment from tb@
* Add missing .Pp in HISTORY section.tb2021-05-132-4/+6
|
* Add missing .Pptb2021-05-131-2/+3
|
* Add obj_xref for ECDH schemes in RFC 5753inoguchi2021-05-122-1/+34
| | | | | | | | | | Found missing sigoid_srt record in crypto/objects/obj_xref.h, and this causes error while executing openssl cms -encrypt with EC key/cert. Added required definitions to obj_xref.txt and obj_xref.h. Issue reported by Theodore Wynnychenko (tmw <at> uchicago.edu) on misc. ok tb@
* Merge some details from OpenSSL 1.1.1.tb2021-05-112-6/+24
|
* missing word in previoustb2021-05-111-1/+2
|
* Merge documentation for EVP_DigestVerify() from OpenSSL 1.1.1.tb2021-05-111-4/+37
|
* Merge documentation for EVP_DigestSign from OpenSSL 1.1.1.tb2021-05-111-4/+39
|
* zap stray commatb2021-05-111-3/+3
|
* Merge documentation for EC_GROUP_{set,get}_curve(3) from OpenSSL 1.1.1.tb2021-05-101-20/+57
|
* Merge documentation for EC_POINT_{get,set}_coordinates andtb2021-05-101-20/+70
| | | | for EC_POINT_set_compressed_coordinates from OpenSSL 1.1.1.
* bump libcrypto minor after symbol additiontb2021-05-101-1/+1
|
* Expose EVP_Digest{Sign,Verify}(3)tb2021-05-102-5/+3
| | | | ok jsing
* Expose EC_POINT_{get,set}_affine_coordinates(3) andtb2021-05-102-7/+11
| | | | | | EC_POINT_set_compressed_coordinates(3) ok jsing
* Expose EC_GROUP_{get,set}_curve(3)tb2021-05-102-3/+4
| | | | ok jsing
* Add draft-ietf-sidrops-rpki-rsc OIDjob2021-05-092-0/+2
| | | | | | | | Listed under 'SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)' https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 OK tb@
* Prepare to provide EVP_Digest{Sign,Verify}tb2021-05-092-3/+35
| | | | | | | | | | | These are one-shot versions combining EVP_Digest{Sign,Verify}{Update,Final}. and are part of the OpenSSL 1.1.1 API. While they simplify callers in some situations slightly, their real use is for EdDSA that by design can't be split into Update/Final steps. Based on OpenSSL commit 7539418981c140648a620d72edd7398564878b5c ok inoguchi
* Fix corner case for compressed points on binary curvestb2021-05-031-1/+5
| | | | | | | | | Per X9.62 4.4.1.b., the compressed representation of a point with zero x coordinate on a binary curve must have y_bit unset. Error out in that case of ec_GF2m_set_compressed_coordinates() instead of ignoring y_bit. ok jsing
* riscv64 openssl configdrahn2021-05-021-0/+154
| | | | | copied from other 64 bit arch ok jsg@
* Make TS_compute_imprint a bit more robust.tb2021-05-021-20/+28
| | | | | | | | | Instead of using the output parameters directly, null them out at the beginning and work with local variables which are only assigned to the output parameters on success. This way we avoid leaking stale pointers back to the caller. requested/ok jsing
* Retire OpenBSD/sgi.visa2021-05-011-5/+1
| | | | OK deraadt@
* bump to LibreSSL 3.4.0 in -currentbcook2021-05-011-3/+3
|
* Plug leak in c2i_ASN1_OBJECTtb2021-05-011-3/+8
| | | | | | | | | | When using the object reuse facility of c2i_ASN1_OBJECT, the dynamically allocated strings a may contain are set to NULL, so we must free them beforehand. Also clear the flag, because that's what OpenSSL chose to do. From Richard Levitte OpenSSL 1.1.1 65b88a75921533ada8b465bc8d5c0817ad927947 ok inoguchi
* Prevent double free in int_TS_RESP_verify_tokentb2021-05-011-1/+2
| | | | | | | | | | If TS_compute_imprint fails after md_alg was allocated, there will be a double free in its caller. Obvious fix is to null out the output parameter md_alg just like it's already done for imprint and imprint_len. From Pauli Dale, OpenSSL 1.1.1, a3dea76f742896b7d75a0c0529c0af1e628bd853 ok inoguchi jsing
* Revert "Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in newtb2021-04-281-4/+1
| | | | | | | | verifier." (r1.27). While this may have "fixed" one corner case, it broke expectations of Perl Net::SSLeay and Ruby OpenSSL regression tests. ok bcook
* Relax SAN DNSname validation and constraints to permit non leading *beck2021-04-271-19/+21
| | | | | | | | | | | wildcards. While we may choose not to support them the standards appear to permit them optionally so we can't declare a certificate containing them invalid. Noticed by jeremy@, and Steffan Ulrich and others. Modify the regression tests to test these cases and not check the SAN DNSnames as "hostnames" anymore (which don't support wildcards). ok jsing@, tb@
* Do not leave errors on the error stack on PKCS12_parse() success.tb2021-04-241-1/+3
| | | | | | | | Fix is the same as OpenSSL commit ffbf304d4832bd51bb0618f8ca5b7c26647ee664 Found by Alex Gaynor with a new pyca cryptography regress test. ok inoguchi
* Enable the new verifier again so hopefully the remaining kinks get ironedtb2021-04-241-2/+2
| | | | | | out in this release cycles. discussed with deraadt and jsing
* Fix indent of EC_METHODs as requested by jsing.tb2021-04-206-192/+192
| | | | While there zap trailing whitespace from a KNF approximation gone wrong.
* Compare pointer against NULL and fix a KNF issue.tb2021-04-201-3/+3
| | | | ok jsing
* Prepare to provide EC_POINT_set_compressed_coordinatestb2021-04-205-57/+41
| | | | ok jsing
* Compare function pointers against NULL, not 0.tb2021-04-201-3/+3
| | | | ok jsing
* Provide EC_POINT_{g,s}et_Jprojective_coordinates for internal usetb2021-04-2010-77/+97
| | | | ok jsing
* Simplify code after adding EC_POINT_{s,g}et_affine_coordinates()tb2021-04-203-73/+18
| | | | ok jsing
* Compare function pointers against NULL, not 0.tb2021-04-201-3/+3
| | | | ok jsing
* Prepare to provide EC_POINT_{g,s}et_affine_coordinatestb2021-04-2018-92/+90
| | | | | | Similar to part of OpenSSL commit 8e3cced75fb5fee5da59ebef9605d403a999391b ok jsing
* Simplify after EC_POINT_get_curve() additiontb2021-04-202-30/+8
| | | | ok jsing
* Compare function pointers against NULL, not 0.tb2021-04-201-3/+3
| | | | ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-29 01:49:43 +0000