summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Add a verbatim copy of tls1_prf.c from OpenSSL 1.1.1tb2024-07-091-0/+278
| | | | | | | | | | | | From the last public commit b372b1f76450acdfed1e2301a39810146e28b02c of the OpenSSL_1_1_1-stable branch SHA256 (kdf/tls1_prf.c) = a519d3ff721d4ec59befac8586e24624fa87d9d8f6479327f7af58d652b6e4e5 Will be beat (a little bit) into shape in tree before linking it to the build. ok jsing
* Add various defines for TLS1-PRFtb2024-07-092-2/+36
| | | | ok jsing
* Add EVP_PKEY_TLS1_PRF as alias for NID_tls1_prftb2024-07-091-1/+2
| | | | ok jsing
* Choose fixed NID for TLS1-PRFtb2024-07-091-0/+1
|
* Add NID for TLS1-PRFtb2024-07-091-0/+2
| | | | ok jsing
* Actually enable namespaced builds in both libcrypto and libsslbeck2024-07-091-8/+1
| | | | (instead of commiting only one part)
* Add bounded attributes to hmac.htb2024-07-091-5/+13
| | | | ok beck
* Enable namespaced builds by default for libssl and libcrypto.beck2024-07-091-3/+3
| | | | | | | | | | | Some further refinements will happen to the build process to automatically generate the Symbols.namespace file, and to remove our last public unhidden symbol (which was a mistake, but waits for a major bump to get removed) But for now everything should be using this. ok tb@
* Hide remaining unused ERR functions in err.hbeck2024-07-094-5/+9
| | | | ok tb@
* Hide CRYPTO_get_dynlock_create_callbackbeck2024-07-093-2/+5
| | | | ok tb@
* Hide DES global variablesbeck2024-07-094-3/+11
| | | | ok tb@
* Add missing symbols to Symbols.namespacebeck2024-07-091-0/+10
| | | | ok tb@
* Remove duplicates from Symbols.namespacebeck2024-07-091-6/+0
| | | | ok tb@
* Hide symbols for two missed public functions in bio.hbeck2024-07-094-3/+9
| | | | ok tb@
* Hide global _it symbols in pkcs12.hbeck2024-07-093-2/+10
| | | | ok tb@
* Hide global _it symbola in cms.hbeck2024-07-093-2/+10
| | | | ok tb@
* Hide global _it symbols in dsa.hbeck2024-07-083-2/+13
| | | | ok tb@
* Hide global _it symbols in rsa.hbeck2024-07-083-2/+20
| | | | ok tb@
* Guard variable declarations to unbreak non-namespaced builds.beck2024-07-086-8/+18
| | | | ok tb@
* Hide global _it symbols in asn1t.hbeck2024-07-086-8/+20
| | | | ok tb@
* Hide global _it symbols in pkcs7.hbeck2024-07-083-2/+39
| | | | ok tb@
* remove a further spkac reference; ok tbjmc2024-07-081-5/+3
|
* Hide global _it variables in ocsp.hbeck2024-07-083-2/+49
| | | | ok tb@
* Hide global _it variables in asn1.hbeck2024-07-089-8/+77
| | | | ok tb@
* Hide global _it variables in x509.hbeck2024-07-0815-14/+77
| | | | ok tb@
* Hide global _it variables in x509v3.hbeck2024-07-0815-14/+113
| | | | ok tb@
* Pretend to clarify the way ipv6_asc() worksjca2024-07-081-4/+5
| | | | | | | | | Give example IPv6 addresses to clarify what is meant with 1, 2 or 3 zero length elements. tb made me look. perverted, twisted, crippled
* Remove lhash statistics.jsing2024-06-302-30/+2
| | | | | | These are not exactly useful and we previously stopped exposing them. ok tb@
* libcrypto: constify most error string tablestb2024-06-2426-139/+321
| | | | | | | | | | | | | | | | | | | | | | | | | | These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing
* x509_conf: rename the merr label into errtb2024-06-241-8/+8
|
* Remove the less-than-useful change log.jsing2024-06-221-39/+1
| | | | ok tb@
* Rewrite BN_bn2mpi() using CBB.jsing2024-06-221-24/+35
| | | | | | | | | | | | | | The content is effectively a u32 length prefixed field, so use CBB_add_u32_length_prefixed(). Use BN_bn2binpad() rather than manually padding if we need to extend and use sensible variable names so that the code becomes more readable. Note that since CBB can fail we now need to be able to indicate failure. This means that BN_bn2mpi() can now return -1 when it would not have previously (correct callers will check that BN_bn2mpi() returns a positive length). ok tb@
* Sync bytestring from libssl.jsing2024-06-222-2/+15
|
* x_all.c: remove a bunch of unnecessary parenthesestb2024-06-191-23/+19
|
* v3_generic_extension() use ASN1_STRING_set0()tb2024-06-181-4/+4
| | | | This aligns it with do_ext_i2d()
* v3_generic_extension() rename the X509_EXTENSIONtb2024-06-181-4/+5
| | | | now that ext is free, we can use it like everywhere else
* Rename 'ext' to 'name' in v3_generic_extension()tb2024-06-181-4/+4
| | | | In this code 'ext' is usually used for an X509_EXTENSION object.
* Make local BIT_STRING_BITNAME variables consttb2024-06-182-5/+5
| | | | | | | | There's no reason for them not to be const. This is a piece of a larger diff that I carry in several of my trees to move more things to rodata or relro. The full diff requires a change to a public header and it's very annoying to have to 'make includes' and recompile the entire lib all the time when hopping from tree to tree.
* x509_conf: rename ext_struc into ext_structtb2024-06-181-16/+16
| | | | requested by jsing on review
* x509_conf: rename all ext_nid to nidtb2024-06-181-19/+19
| | | | There are no nid variables in this file, so no need to disambiguate.
* do_ext_i2d(): move empty line to the proper placetb2024-06-181-2/+2
|
* do_ext_i2d(): malloc -> calloctb2024-06-181-2/+2
| | | | requested by jsing on review
* do_ext_i2d(): populate ext_oct with ASN1_STRING_set0()tb2024-06-181-3/+2
| | | | ok jsing
* do_ext_i2d(): avoid leaks and add some missing error checkingtb2024-06-181-4/+10
| | | | | | | | | | If ASN1_OCTET_STRING_new() failed, ext_der would be leaked, fix this. If i2d(foo, NULL) succeeded, the same is not guaranteed for the second with appropriately sized buffer since i2d() may make further allocations internally. So use the proper error check. Also transfer the ownership of ext_der to the octet string to avoid a now possible double free. ok jsing
* Indent labels in x509_conf.ctb2024-06-181-3/+3
|
* do_ext_i2d(): make various NULL checks explicittb2024-06-181-5/+5
| | | | ok jsing
* do_ext_i2d(): unwrap a linetb2024-06-181-3/+2
|
* Replace x with x509_exts in X509V3_add1_i2d() and X509V3_get_d2i()tb2024-06-171-14/+16
| | | | requested by jsing on review
* Rewrite X509V3_get_d2i()tb2024-06-171-56/+47
| | | | | | | | | | | | | | | | | This API is wrapped by nine *_get{,1}_ext_d2i() functions and they all have the same defect: if an idx variable is passed in, multiple extensions are handled incorrectly. Clean up the mess that was the current implementation by replacing the reimplementation of X509v3_get_ext_by_NID() with extra twists by actual calls to the real thing. This way the madness is implemented explicitly and can be explained in comments. The code still gets shorter. In brief: always call this API with a known nid, pass crit, and a NULL idx. If NULL is returned, crit != -1 is an error (malformed cert or allocation failure). ok jsing
* piuid, psuid -> issuerUID, subjectUIDtb2024-06-121-3/+3
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-31 09:03:22 +0000