summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* For open/openat, if the flags parameter does not contain O_CREAT, thederaadt2021-10-245-10/+10
| | | | | | | | | | | | | 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
* Prepare to provide a number of X509_STORE_CTX_* setters.tb2021-10-242-2/+52
| | | | ok beck jsing
* Prepare to provide EVP_MD_CTX_get_md_data()tb2021-10-242-2/+11
| | | | ok beck jsing
* Prepare to provide a bunch of OCSP_resp_* getters.tb2021-10-243-3/+74
| | | | ok beck jsing
* Prepare to provide X509_STORE_CTX_get_num_untrusted()tb2021-10-242-2/+11
| | | | ok beck jsing
* Prepare to provide BIO_get_init()tb2021-10-242-5/+14
| | | | ok beck jsing
* Since tb@ added DECLARE_STACK_OF(GENERAL_NAMES) to x509v3.h in rev. 1.9schwarze2021-10-241-9/+26
| | | | | | | | | | | and since CMS_ReceiptRequest_get0_values(3) uses it, add it to the list of STACK_OF(3) types. While here, also add the missing CMS_RecipientInfo, CMS_SignerInfo, OPENSSL_STRING, SRTP_PROTECTION_PROFILE, SSL_CIPHER, SSL_COMP and X509_NAME to the list of stack types used by the API, drop STACK_OF(X509_PURPOSE) which is only used internally, and list those STACK_OF(*) types separately that are obfuscated with typedef.
* Prepare to provide X509_OBJECT_{new,free}()tb2021-10-242-3/+25
| | | | ok beck inoguchi jsing
* spelling;jmc2021-10-241-3/+3
|
* Declare STACK_OF(GENERAL_NAMES)tb2021-10-231-3/+4
| | | | ok jsing
* KNF a particularly ugly commenttb2021-10-231-17/+16
|
* Zap trailing whitespacetb2021-10-231-13/+13
|
* Import documentation for X509_get_extension_flags, X509_get_key_usage,tb2021-10-231-0/+211
| | | | | | | X509_get_extended_key_usage from OpenSSL. Will be linked to the build after the bump. input/lgtm schwarze
* Import documentation for X509_SIG_get{0,m} from OpenSSL. Will be linkedtb2021-10-231-0/+90
| | | | | | to the build after the bump. tweak & lgtm schwarze
* tweak previous: add missing OpenBSD CVS tagschwarze2021-10-231-4/+5
| | | | and fix some weird typos in comments (duplicate '@' signs)
* Prepare to make many of the structs in x509.h opaque.tb2021-10-231-76/+86
| | | | ok beck jsing
* Prepare to provide X509_re_X509*_tbs()tb2021-10-234-4/+35
| | | | ok beck jsing
* Prepare to provide X509_get_extension_flags()tb2021-10-232-2/+13
| | | | ok beck jsing
* Prepare to provide X509_SIG_get{0,m}.tb2021-10-232-2/+28
| | | | ok beck jsing
* Add back the fips mode test functions, new stuff requires this.beck2021-10-233-3/+83
| | | | | Symbols.list changes to follow with tb's upcoming bump ok jsing@
* Prepare to provide X509_get_{extended_,}key_usage()tb2021-10-222-2/+32
| | | | ok beck jsing
* Switch from u_int and u_char to u32 and u8 to avoid portability issues.tb2021-10-221-17/+14
| | | | | | Prompted by a diff by Jonas Termansen. ok jsing
* Prepare to provide X509_REQ_pubkey_get0()tb2021-10-222-2/+13
| | | | ok jsing
* new manual page EVP_PKEY_add1_attr(3) documenting nine functionsschwarze2021-10-227-8/+202
| | | | for associating X.501 Attributes with private keys
* new manual page X509at_add1_attr(3)schwarze2021-10-224-6/+140
| | | | describing five functions to change arrays of X.501 Attribute objects
* fix a gratuitiously different argument nameschwarze2021-10-221-3/+3
|
* new manual page X509at_get_attr(3)schwarze2021-10-223-4/+163
| | | | documenting five X.501 Attribute read accessors
* Simplify the description of RETURN VALUES.schwarze2021-10-211-10/+4
| | | | | | After tb@'s commit x509/x509_lu.c rev. 1.33, it is no longer necessary to talk about X509_LU_* constants as return values from these functions. Feedback and OK from tb@.
* Simplify a return value check for X509_STORE_get_by_subject() nowtb2021-10-211-18/+7
| | | | | | | that we know that it only returns 0 or 1. Eliminate the last uses of X509_LU_{FAIL,RETRY}. ok jsing
* Set enc.modified if the X509_REQ is going to be modified.tb2021-10-211-1/+4
| | | | ok jsing
* new manual page X509_ATTRIBUTE_set1_object(3)schwarze2021-10-214-6/+276
| | | | documenting five X.501 Attribute write accessors
* Sync parts of X509_STORE_get_by_subject() with OpenSSLtb2021-10-211-13/+7
| | | | | | | | | | | Initialize stmp.type and stmp.data.ptr so that a user-defined lookup method need not take responsibility of initializing those. Get rid of current_method, which was never really used. Stop potentially returning a negative value since most callers assume Boolean return values already. In addition, garbage collect the pointless j variable. ok jsing
* Prepare to make X509 opaque.tb2021-10-211-4/+7
| | | | ok jsing
* Add XKU_ANYEKU #define and use it to cache the anyExtendedKeyUsagetb2021-10-212-3/+8
| | | | | | | extension. This is part of OpenSSL commit df4c395c which didn't make it into our tree for some reason. ok jsing
* Prepare to provide X509_get_X509_PUBKEY() as a function.tb2021-10-212-5/+15
| | | | ok jsing
* Bump to LibreSSL 3.5.0tb2021-10-211-3/+3
|
* document ASN1_STRING_set_by_NID(3)schwarze2021-10-202-5/+129
| | | | and the three functions related to the global mask
* new manual page ASN1_mbstring_copy(3)schwarze2021-10-204-5/+182
| | | | also documenting ASN1_mbstring_ncopy(3)
* new manual page X509_ATTRIBUTE_get0_object(3)schwarze2021-10-203-2/+139
| | | | documenting the four X.501 Attribute read accessors
* document X509_ATTRIBUTE_create(3) and X509_ATTRIBUTE_dup(3)schwarze2021-10-201-6/+60
|
* document X509_get_pubkey_parameters(3) in a new manual pageschwarze2021-10-195-7/+114
|
* more precision, fewer wordsschwarze2021-10-191-28/+43
|
* document i2d_PrivateKey_bio(3) and i2d_PrivateKey_fp(3)schwarze2021-10-191-12/+37
|
* install X509_PKEY_new(3)schwarze2021-10-191-1/+2
|
* document X509_PKEY_new(3) and X509_PKEY_free(3)schwarze2021-10-194-8/+103
|
* document X509_VERIFY_PARAM_inherit(3) and X509_VERIFY_PARAM_set1(3)schwarze2021-10-184-8/+159
|
* split seven functions out of the page X509_VERIFY_PARAM_set_flags(3), whichschwarze2021-10-185-134/+175
| | | | | is becoming excessively long, into a new page X509_VERIFY_PARAM_new(3); no content change
* Use unsigned char instead of u_char for two prototypes (like everywheretb2021-10-141-4/+4
| | | | else in libcrypto's manuals and headers).
* X509_STORE_CTX_init() allows the store to be NULL on init. Add checksclaudio2021-10-061-1/+11
| | | | | | | | for a NULL ctx->ctx in the lookup functions using X509_STORE_CTX. This affects X509_STORE_get1_certs(), X509_STORE_get1_crls(), X509_STORE_CTX_get1_issuer() and X509_STORE_get_by_subject(). With this X509_verify_cert() no longer crashes with a NULL store. With and OK tb@
* Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier.jsing2021-09-301-1/+2
| | | | | | | | | | | | In order to work around the expired DST Root CA X3 certficiate, enable X509_V_FLAG_TRUSTED_FIRST in the legacy verifier. This means that the default chain provided by Let's Encrypt will stop at the ISRG Root X1 intermediate, rather than following the DST Root CA X3 intermediate. Note that the new verifier does not suffer from this issue, so only a small number of things will hit this code path. ok millert@ robert@ tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-09-02 17:05:17 +0000