summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a function.jsing2021-12-031-32/+26
| | | | | | | | | | Call the replacement asn1_tlc_invalidate() since it does not actually clear the ASN1_TLC. While here, name the ASN1_TLC variables consistently as ctx, remove a pointless comment and simplify ASN1_item_d2i() slightly. ok inoguchi@ tb@
* Group and sort includes.jsing2021-12-031-3/+3
|
* Call asn1_item_ex_d2i() directly from ASN1_item_d2i()jsing2021-12-031-2/+5
| | | | | | | ASN1_item_ex_d2i() is just a wrapper around the internal asn1_item_ex_d2i() function, so call asn1_item_ex_d2i() directly. ok inoguchi@ tb@
* Convert ASN1_PCTX_new() to calloc().jsing2021-12-031-10/+6
| | | | | | | Rather than using malloc() and then initialising all struct members to zero values, use calloc(). ok schwarze@ tb@
* Use calloc() for X509_CRL_METHOD_new() instead of malloc().jsing2021-12-031-3/+4
| | | | | | | This ensures that if any members are added to this struct, they will be initialised. ok schwarze@ tb@
* Rewrite ASN1_STRING_cmp().jsing2021-12-031-11/+8
| | | | | | This removes nested ifs and uses more sensible variable names. ok schwarze@ tb@
* Convert ASN1_STRING_type_new() to calloc().jsing2021-12-031-10/+7
| | | | | | | Rather than using malloc() and then initialising all struct members, use calloc() and only initialise the single non-zero value member. ok schwarze@ tb@
* Convert ASN1_OBJECT_new() to calloc().jsing2021-12-031-11/+6
| | | | | | | Rather than using malloc() and then initialising all struct members, use calloc() and only initialise the single non-zero value member. ok schwarze@ tb@
* Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated ASN1jsing2021-12-032-222/+430
| | | | | | | These functions previously used the old ASN1_{d2i,i2d}_{bio,fp}() interfaces. ok inoguchi@ tb@
* Use calloc() in EVP_PKEY_meth_new() instead of malloc() and settingtb2021-12-031-29/+2
| | | | | | almost all members to 0. Just set the two things that need setting. ok jsing
* Fix EVP_PKEY_{asn1,meth}_copy once and for alltb2021-12-032-63/+23
| | | | | | | | | It is very easy to forget to copy over newly added methods. Everyone working in this corner has run into this. Instead, preserve what needs preserving and use a struct copy, so all methods get copied from src to dest. tweak/ok jsing
* Remove dead code.jsing2021-12-011-21/+1
|
* Add missing const qualifiers in a number of BN_* manuals.tb2021-11-308-52/+52
| | | | ok schwarze
* last whitespace diff for now.tb2021-11-301-57/+62
|
* KNF for BF_KEYtb2021-11-301-4/+3
|
* Fix some annoying whitespace inconsistencies.tb2021-11-301-20/+20
|
* Provide EVP_CTRL_AEAD_* defines.tb2021-11-301-7/+10
| | | | | | | | | This commit adds generic EVP_CTRL_AEAD_{SET,GET}_TAG and _SET_IVLEN defines and aliases the GCM and CCM versions to those. This is the publicly visible part of OpenSSL's e640fa02005. ok inoguchi jsing
* Crank the number of rounds of Miller-Rabin from 50 to 64tb2021-11-291-4/+7
| | | | | | | | for DSA key generation. From Kurt Roeckx, OpenSSL 74ee3796 ok bcook inoguchi jsing
* Clean up DH_check_pub_key() and ensure that y^q (mod p) == 1.tb2021-11-291-18/+53
| | | | | | | | | | This aligns our behavior with OpenSSL 1.1.1 which includes a mitigation for small subgroup attacks. This did not affect LibreSSL since we do not support X9.42 style parameter files or RFC 5114. The meat of this commit is from Matt Caswell, OpenSSL b128abc3 ok inoguchi jsing
* Increase number of iterations in Miller-Rabin checks for DH.tb2021-11-291-4/+9
| | | | | | | | | | BN_prime_checks is only to be used for random input. Here, the input isn't random, so increase the number of checks. According to https://eprint.iacr.org/2019/032, 64 rounds is suitable. From Jake Massimo, OpenSSL 1.1.1, af6ce3b4 ok inoguchi jsing
* Synchronize DH_check() mostly with OpenSSL 1.1.1 with sometb2021-11-291-32/+47
| | | | | | | | | | | | simplifications and readability tweaks. This ensures in particular that dh->q is suitable if present. Based on work by Stephen Henson and Bernd Edlinger in OpenSSL. Issues with the current implementation found via regression tests in py-cryptography. ok inoguchi jsing
* Provide a version of DH_check_params() for internal use.tb2021-11-291-1/+43
| | | | | | Based on the version in OpenSSL 1.1.1l with minor tweaks. ok inoguchi jsing
* Provide a number of flags for DH_check and DH_check_pubkeytb2021-11-291-1/+5
| | | | | | that will be used in subsequent commits. ok inoguchi jsing
* Hide BIO_s_file_internal() from internal view.tb2021-11-291-2/+4
| | | | ok jsing
* document ASN1_tag2bit(3)schwarze2021-11-281-5/+66
|
* Document ASN1_object_size(3).schwarze2021-11-281-17/+53
| | | | | | | | | While here, * call the function arguments "content_length" rather than just "length" to make it less likely that the reader confuses them with the total length returned by ASN1_object_size(3); * state that only the short form is supported for content_length <= 127; * add the missing STANDARDS section.
* mark ASN1_check_infinite_end() and ASN1_const_check_infinite_end()schwarze2021-11-281-2/+5
| | | | as intentionally undocumented
* new manual page BIO_f_asn1(3)schwarze2021-11-273-3/+233
|
* Fix incomplete initialization bug: BIO_new(BIO_f_asn1()) neglectedschwarze2021-11-271-23/+10
| | | | | | | | | | | | | | | | initializing five of the fields in BIO_ASN1_BUF_CTX (prefix, prefix_free, suffix, suffix_free, ex_arg), inviting a segfault in a subsequent call from the application program to BIO_write(3) because subroutines of that function assume that the function pointers are either NULL or valid. Fix this by using the less error-prone calloc(3) idiom. While here, inline asn1_bio_init() at the only call site in asn1_bio_new() to simplify the code and make it easier to read. Bug found and initial patch by me, this version (with inlining) by and OK tb@.
* spellingjsg2021-11-267-22/+22
| | | | ok schwarze@
* after the bugfix in x509_vfy.c rev. 1.100,schwarze2021-11-261-16/+12
| | | | replace the BUGS section with a shorter CAVEATS section
* Bugfix in X509_get_pubkey_parameters(3):schwarze2021-11-261-3/+5
| | | | | | | | | | If EVP_PKEY_copy_parameters(3) fails - among other reasons, this may happen when out of memory - the pkey argument and/or the chain argument will not contain all the desired parameters after returning. Consequently, report the failure to the caller rather than silently ignoring it. OK tb@
* Simplify the code in X509_get_pubkey_parameters(3)schwarze2021-11-261-8/+4
| | | | | | | | | | | | | | | by using X509_get0_pubkey(3) instead of X509_get_pubkey(3); no functional change. OK tb@ This is similar to the relevant part of the follwoing commit from the OpenSSL 1.1.1 branch, which is still under a free licence, but without the bug that commit introduced into this function in OpenSSL: commit c01ff880d47392b82cce2f93ac4a9bb8c68f8cc7 Author: Dr. Stephen Henson <steve@openssl.org> Date: Mon Dec 14 13:13:32 2015 +0000
* Document BIO_method_name(3).schwarze2021-11-251-48/+97
| | | | | | | | | | | While here, also improve the rest of the page: * add missing BIO_TYPE_* constants * describe BIO_TYPE_START * better function argument names * more precision in the descriptions and regarding the RETURN VALUES * lots of wording improvements * improve the coding style below EXAMPLES * delete a BUGS section describing cretaceous behaviour
* Fix OCSP_basic_verify() cert chain construction in case thetb2021-11-241-2/+5
| | | | | | | | OCSP_BASICRESP bs contains no certificates. From David von Oheimb (OpenSSL 121738d1) ok beck
* Simplify slightly by using X509_get0_pubkey() thus eliminating thetb2021-11-241-3/+2
| | | | | | need for EVP_PKEY_free(). ok beck
* Fix a whitespace error that has annoyed me for way too longtb2021-11-241-2/+2
|
* Fix timestamp printing in Signed Certificate Timestampstb2021-11-241-2/+1
| | | | | | | | | Our ASN1_GENERALIZEDTIME_set() doesn't accept time strings with fractional seconds, so don't feed it milliseconds, but only seconds. Ensures that openssl x509 -text prints timestamps instead of skipping them. ok beck jsing
* Add certificate transparency methods to the standard extensions.tb2021-11-241-1/+7
| | | | | | | | This way, CT extensions in certs will be parsed by the new CT code when they are encountered. This gets rid of a lot of gibberish when looking at a cert with 'openssl x509 -text -noout -in server.pem' ok beck jsing
* add the missing const qualifiers below EXAMPLES;schwarze2021-11-241-8/+11
| | | | | | from <Malgorzata dot Olszowka at stunnel dot org> via OpenSSL commit 256989ce in the OpenSSL 1.1.1 branch, which is still under a free license
* document ASN1_item_ndef_i2d(3)schwarze2021-11-241-4/+22
|
* In some situations, the verifier would discard the error on an unvalidatedbeck2021-11-243-50/+91
| | | | | | certificte chain. This would happen when the verification callback was in use, instructing the verifier to continue unconditionally. This could lead to incorrect decisions being made in software.
* Make the certificate transparency code build with the rest of the librarybeck2021-11-248-7/+86
| | | | | | Do not expose it yet, this will wait for an upcoming bump ok tb@
* document ASN1_TYPE_set_int_octetstring(3) and ASN1_TYPE_get_int_octetstring(3)schwarze2021-11-231-9/+77
|
* Use LIBRESSL_NEXT_API to document the commented-out functions that aretb2021-11-231-13/+13
| | | | | | not yet available. ok schwarze
* document ASN1_TYPE_set_octetstring(3) and ASN1_TYPE_get_octetstring(3)schwarze2021-11-231-5/+67
|
* document a2i_ASN1_INTEGER(3),schwarze2021-11-232-69/+135
| | | | i2a_ASN1_ENUMERATED(3), and a2i_ASN1_ENUMERATED(3)
* re-align these copies of the a2i_*(3) code with f_string.c rev. 1.19schwarze2021-11-232-28/+12
| | | | | | to fix the same double-counting of the backslash and to make the parsing stricter in the same way; OK tb@
* In DH_set0_pqg() also set dh->length if q is set to match what OpenSSL do.tb2021-11-231-1/+2
| | | | ok inoguchi jsing
* Fix typojob2021-11-221-2/+2
| | | | thanks Matthias Schmidt
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 20:36:53 +0000