summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Simplify OBJ_nid2sn()tb2023-12-141-23/+26
| | | | | | | This is exactly the same as the previous OBJ_nid2ln() change modulo s/ln/sn/g. ok jsing
* Simplify OBJ_nid2ln()tb2023-12-141-23/+26
| | | | | | | | | | | | If nid is in the range of built-in NIDs, return the corresponding long name, unless some genius left a hole. Otherwise perform a yolo check if there are any user-added objects with matching nid in the global hash. This changes behavior in that we now push an OBJ_R_UNKNOWN_NID error onto the stack even if there are no user-added objects. ok jsing
* Fix sk_deep_copy() implementationtb2023-12-141-32/+22
| | | | | | | | | | | | | | | | | sk_deep_copy() is bad code. It is less bad than the upstream code, but still bad: it passes strdup() through a void pointer and assigns it to a function pointer of different type before calling the latter. That's not kosher in more than one way. There is no need for such gymnastics. If we need a deep copy for a type, we should implement it as appropriate for that type. Also, we should not expect and even less so allow holes in a STACK_OF(). The only way the vpm->hosts can be populated is by way of this deep_copy function or x509_param_set_hosts_internal(), which pushes only after a non-NULL check. Invariants: they're useful. ok jsing
* Simplify OBJ_ln2nid()tb2023-12-131-42/+32
| | | | | | | | | This is s/sn/ln/g of the previous commit and eliminates another OBJ_bsearch_() user, the last one in this file. The bsearch() uses in this file are possibly the only ones that actually make sense since we're searching tables of roughly 1000 entries. ok jsing
* Simplify OBJ_sn2nid()tb2023-12-131-41/+30
| | | | | | | | | | Another OBJ_bsearch_() elimination. OBJ_sn2nid() is very similar to OBJ_obj2nid(). First it tries to retrieve an object identifier with matching "short name" from the global hash of added objects and then searches the table of built-in objects. ok jsing
* Simplify OBJ_obj2nid()tb2023-12-131-39/+28
| | | | | | | | | | | | | | | | | | Continue with OBJ_bsearch_() elimination. OBJ_obj2nid() first checks if the object identifier passed in has a nid and if so, it returns that. Otherwise, it looks into the global hash of added objects (of course without locking) for a match and then returns the nid thereof. As a last attempt, it searches the table of built-in object identifiers. The last two steps can be cleaned up and simplified quite a bit by using C99 initializers, bsearch() and an appropriate comparison function. Then it becomes obvious that bsearch() already returns a pointer to the nid we're looking for, so there is no point in converting that into its corresponding obj and returning the nid thereof. ok jsing
* last .Nm should not have a commajsg2023-12-051-3/+3
|
* Remove misuse warnings for EVP_*Final()tb2023-12-031-12/+1
| | | | | | | | | | | | | | They make no sense. These are thin wrappers of EVP_*Final_ex() and behave exactly the same way. The minor behavior difference of Init and Init_ex is likely a historical artefact of this abomination of an API. Deprecation of the Init functions was recently removed from the manpage. The only reason to prefer the _ex versions over the normal versions is ENGINE. This is no longer an argument. The warnings were added in an attempt at adding automatic cleanup. This broke stuff and was therefore backed out. The warnings remained. discussed with schwarze
* Fix some NULL misspellingstb2023-12-021-10/+10
|
* Revert a hunk of r1.23 that makes no sensetb2023-12-021-8/+2
| | | | | | The commit was about checking EVP_CIPHER_CTX_iv_length(), but the function called here is EVP_CIPHER_CTX_key_length(). The result of the computation is still correct, the check and local variable simply make no sense.
* Some cleanup:schwarze2023-12-011-71/+33
| | | | | | | | | | Remove some lies and some irrelevant historical information about the non_ex variants and waste fewer words deprecating them. Telling people to type longer function names and to pass an ignored NULL argument doesn't really help anything. Also talk less about those ignored ENGINE arguments. OK tb@
* EVP_EncryptInit(3) is among the most important "how to drive" manuals,schwarze2023-12-014-65/+165
| | | | | | | | but it is still excessively long and complicated. To reduce the amount of distractions a bit, split out three deprecated functions into a new manual page EVP_CIPHER_CTX_init(3). No text change. In part suggested by tb@, who agrees with the direction.
* Unify various EVP_*{Update,Final}*() wrapperstb2023-12-011-18/+10
| | | | | | The correct way of wrapping foo() is 'int ret; ret = foo(); return ret;' because 'return foo();' would be too simple... Also unify branching from EVP_Cipher* into EVP_Encrypt* EVP_Decrypt*.
* Clean up and de-spaghettize by_file_callbackbeck2023-11-301-21/+15
| | | | | | | I had to read this for other purposes and it exceeded my muppetry tolerance. ok tb@
* Ignore ENGINE at the API boundarytb2023-11-2919-84/+61
| | | | | | | | This removes the remaining ENGINE members from various internal structs and functions. Any ENGINE passed into a public API is now completely ignored functions returning an ENGINE always return NULL. ok jsing
* Clean up CMAC implementation a littletb2023-11-291-34/+66
| | | | | | | | | | | | | | | | Add explanatory comments that refer to the spec so that all the weird dances make a little more sense. It turns out that this implmeentation only supports block ciphers with block sizes of 64 and 128 bits, so enforce this with a check. Simplify make_kn() to make a little more sense and make it constant time. Some stylistic fixes like checking pointers explicitly against NULL and shuffle things into an order that makes a bit more sense. Includes a fix for a warning reported by Viktor Szakats in https://github.com/libressl/portable/issues/926 ok jsing
* correct spelling of FALLTHROUGHjsg2023-11-281-2/+2
|
* Regen cert.pemtb2023-11-271-224/+400
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ok sthen New Roots for existing CA: /CN=Atos TrustedRoot Root CA ECC TLS 2021/O=Atos/C=DE /CN=Atos TrustedRoot Root CA RSA TLS 2021/O=Atos/C=DE New CA: BEIJING CERTIFICATE AUTHORITY /C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA1 /C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA2 Two E-Tugra roots were removed due to a breach: /C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA ECC v3 /C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA RSA v3 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A Removed expired root: /C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1 Removed expired CA: SECOM Trust.net /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1 New CA: Sectigo Limited /C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root E46 /C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root R46 New roots for existing CA: /C=US/O=SSL Corporation/CN=SSL.com TLS ECC Root CA 2022 /C=US/O=SSL Corporation/CN=SSL.com TLS RSA Root CA 2022
* Remove some trailing whitespacetb2023-11-271-211/+211
| | | | | | | | | | x509_prn.c r1.6 changed the output of 'openssl -in foo.pem -noout -text' by removing trailing whitespace from non-critical certificate extensions. Committing the difference now to reduces noise in an upcoming diff. There's some trailing whitespace remaining. That's because we try to print a BMPString in an User Notice's Explicit Text with "%*s". That doesn't work so well with an encoding full of NULs...
* Remove silly parenthesestb2023-11-271-3/+3
|
* Move the callers X509_STORE_CTX_purpose_inherit() down a bittb2023-11-271-15/+15
|
* ec_print.c: Unwrap a linetb2023-11-211-3/+2
|
* Inline a better version of print_bin() in only callertb2023-11-211-42/+27
| | | | | | | | | | Instead of printing to a temporary buffer with weird gymnastics, we can simply write things out to the BIO using proper indent. This still isn't perfect since we have a CBS version of this in ecx_buf_print(), which is basically what used to be ASN1_buf_print(). Annotate this with an XXX for future cleanup. ok beck
* Fix a <= 5-byte buffer overwrite in print_bin()tb2023-11-211-2/+3
| | | | | | | | | | | | If the offset is > 124, this function would overwrite between 1 and 5 bytes of stack space after str[128]. So for a quick fix extend the buffer by 5 bytes. Obviously this is the permanent fix chosen elswehere. The proper fix will be to rewrite this function from scratch. Reported in detail by Masaru Masuda, many thanks! Fixes https://github.com/libressl/openbsd/issues/145 begrudging ok from beck
* Mark up an occurrence of ENGINEtb2023-11-191-2/+3
|
* ENGINE can no longer have ex_data attached to ittb2023-11-191-3/+3
|
* Remove musings how ENGINE may or may not screw everything up.tb2023-11-191-23/+2
|
* Remove ENGINE mention in RSA_new()tb2023-11-191-14/+6
|
* OPENSSL_config() no longer calls ENGINE_load_builtin_engines()tb2023-11-191-5/+4
|
* ENGINE_add_conf_module() no longer existstb2023-11-191-8/+2
|
* Remove ENGINE Xr that I left behindtb2023-11-191-2/+1
|
* zap stray commatb2023-11-191-2/+2
|
* Rename an ENGINE from e to engine for consistencytb2023-11-191-2/+2
|
* Unifdef OPENSSL_NO_ENGINE in libcryptotb2023-11-1921-431/+21
| | | | | | | This is mechanical apart from a few manual edits to avoid doubled empty lines. ok jsing
* Unifdef OPENSSL_NO_ENGINE in pmeth_lib.ctb2023-11-191-41/+3
| | | | | | | This includes a manual intervention for the call to EVP_PKEY_meth_find() which ended up in the middle of nowhere. ok jsing
* Unifdef OPENSSL_NO_ENGINE in engine.htb2023-11-191-566/+8
| | | | | | | Also rip out all the gross, useless comments. There's still too much garbage in here... ok jsing
* Also mention ENGINE_{cleanup,{ctrl_cmd{,_string}()tb2023-11-191-3/+29
|
* Missing periodtb2023-11-191-2/+2
|
* fix grammartb2023-11-191-2/+2
|
* Remove remaining ENGINE manualstb2023-11-1911-1988/+1
| | | | They document functionality that no longer exists.
* Strip mention of ENGINE out of *_set_method.3tb2023-11-193-98/+26
|
* Strip out mentions of ENGINE_load_builtin_engines()tb2023-11-191-7/+4
| | | | | There's probably more that needs to be updated here, but that can be done another day.
* ex data for ENGINEs is no longer a thingtb2023-11-191-9/+2
|
* Remove section explaining how great and flexible ENGINE is andtb2023-11-191-28/+2
| | | | remove two Xr to ENGINE manuals.
* Remove obsolete engine configuration sectiontb2023-11-191-106/+2
|
* Document the remaining ENGINE stubs in a single manualtb2023-11-191-146/+103
|
* EVP_PKEY_encrypt() simplify exampletb2023-11-191-6/+4
| | | | In particular, do not use an uninitialized engine, simply pass NULL.
* Forgot to fix one unsigned int vs int confusiontb2023-11-181-3/+3
| | | | CID 468015
* Check for negative IV lengthtb2023-11-185-27/+45
| | | | | | | | | | | | A recent change in EVP_CIPHER_CTX_iv_length() made it possible in principle that this function returns -1. This can only happen for an incorrectly set up EVP_CIPHER. Still it is better form to check for negative lengths before stuffing it into a memcpy(). It would probably be desirable to cap the iv_length to something large enough. This can be done another time. ok beck
* Mention which functions are implemented as macros in the few casesschwarze2023-11-1613-34/+76
| | | | where that information was missing.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 17:36:37 +0000