summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add headers normally contained in include/openssl, verbatim from 1.1.1beck2021-10-282-0/+554
|
* Import Certificate Transparency verbatim from OpenSSL 1.1.1beck2021-10-2813-0/+2321
| | | | | | | This is not yet hooked up and will not compile. Follow on commits will KNF and then make it build. ok jsing@ tb@
* Bring back r1.3, ok becktb2021-10-281-3/+47
| | | | | | | | | | | Original commit message from beck: Validate Subject Alternate Names when they are being added to certificates. With this change we will reject adding SAN DNS, EMAIL, and IP addresses that are malformed at certificate creation time. ok jsing@ tb@
* new manual page X509_REQ_add_extensions(3)schwarze2021-10-274-4/+148
| | | | documenting six functions for extensions in certification requests
* add some .Xrs involving recently added pagesschwarze2021-10-277-15/+22
|
* minor tweaks to wording and punctuation,schwarze2021-10-271-10/+19
| | | | and add .Xrs to relevant objects
* Minor tweaks:schwarze2021-10-271-9/+12
| | | | | | | | | * Say "number of bytes" instead of "length of bytes". * Remove mention of a BUGS section that exists neither here nor in OpenSSL. * List all authors who contributed Copyright-worthy amounts of text. * Remove years from the Copyright line that saw no non-trivial changes. * Add the year 2014: that's when Emilia wrote the i2d_re_X509_tbs() text. * Improve merge comments.
* Revert version 1.3 - not allowing the creation of bogus certificatesbeck2021-10-271-47/+3
| | | | | | | | | breaks the ruby regression tests that expect to make bogus certificates and see that they are rejected :( I am reverting this for now to make the regress tests pass, and will bring it back if we decide to patch the regress tests to remove the problem cases
* Fix to correctly parse the 'to' time into the to_tmbeck2021-10-271-2/+2
|
* Add ASN1_TIME_diff from OpenSSL.beck2021-10-274-5/+106
| | | | | | The symbol is not yet exposed and will show up with tb@'s forthcoming bump ok tb@ jsing@
* Merge documentation for i2d_re_X509*_tbs(3) from OpenSSL 1.1tb2021-10-261-4/+67
|
* spelling fixes;jmc2021-10-262-4/+4
|
* install X509_get_extension_flags.3 and X509_SIG_get0.3tb2021-10-261-1/+3
|
* Remove a line documenting that X509_get_X509_PUBKEY(3) is missingtb2021-10-261-2/+1
| | | | discussed with schwarze
* Document X509_get0_pubkey.3tb2021-10-261-3/+14
|
* Document new signature of X509_get_X509_PUBKEY() and remove claimtb2021-10-261-5/+3
| | | | | that the API is implemented as a macro. This will change in an upcoming bump.
* Add tlsfeature NIDjob2021-10-262-0/+2
| | | | OK beck@ tb@
* Add RFC 3779 checks to both legacy and new verifierjob2021-10-262-2/+20
| | | | OK beck@
* new manual page X509_REQ_add1_attr(3) documenting nine functionsschwarze2021-10-266-8/+199
| | | | for X.501 Attributes in PKCS#10 certification requests
* correct a wrong function name below RETURN VALUESschwarze2021-10-261-3/+3
|
* document X509_REQ_dup(3)schwarze2021-10-261-5/+20
|
* document d2i_X509_PUBKEY(3) and i2d_X509_PUBKEY(3);schwarze2021-10-261-23/+57
| | | | while here, apply the usual conventions for naming d2i and i2d arguments
* Validate Subject Alternate Names when they are being added to certificates.beck2021-10-263-9/+61
| | | | | | | With this change we will reject adding SAN DNS, EMAIL, and IP addresses that are malformed at certificate creation time. ok jsing@ tb@
* sorttb2021-10-251-17/+17
|
* new manual page EVP_PKCS82PKEY(3), also documenting EVP_PKEY2PKCS8(3)schwarze2021-10-256-10/+77
|
* new manual page PKCS8_pkey_set0(3)schwarze2021-10-256-9/+177
| | | | documenting four PKCS#8 PrivateKeyInfo accessors
* Add missing RCS markerstb2021-10-252-0/+2
|
* Zap two unused includesjca2021-10-252-4/+0
| | | | Spotted by egcc. ok tb@
* document ASN1_STRING_set0(3)schwarze2021-10-251-6/+29
|
* For open/openat, if the flags parameter does not contain O_CREAT, thederaadt2021-10-245-10/+10
| | | | | | | | | | | | | 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
* Prepare to provide a number of X509_STORE_CTX_* setters.tb2021-10-242-2/+52
| | | | ok beck jsing
* Prepare to provide EVP_MD_CTX_get_md_data()tb2021-10-242-2/+11
| | | | ok beck jsing
* Prepare to provide a bunch of OCSP_resp_* getters.tb2021-10-243-3/+74
| | | | ok beck jsing
* Prepare to provide X509_STORE_CTX_get_num_untrusted()tb2021-10-242-2/+11
| | | | ok beck jsing
* Prepare to provide BIO_get_init()tb2021-10-242-5/+14
| | | | ok beck jsing
* Since tb@ added DECLARE_STACK_OF(GENERAL_NAMES) to x509v3.h in rev. 1.9schwarze2021-10-241-9/+26
| | | | | | | | | | | and since CMS_ReceiptRequest_get0_values(3) uses it, add it to the list of STACK_OF(3) types. While here, also add the missing CMS_RecipientInfo, CMS_SignerInfo, OPENSSL_STRING, SRTP_PROTECTION_PROFILE, SSL_CIPHER, SSL_COMP and X509_NAME to the list of stack types used by the API, drop STACK_OF(X509_PURPOSE) which is only used internally, and list those STACK_OF(*) types separately that are obfuscated with typedef.
* Prepare to provide X509_OBJECT_{new,free}()tb2021-10-242-3/+25
| | | | ok beck inoguchi jsing
* spelling;jmc2021-10-241-3/+3
|
* Declare STACK_OF(GENERAL_NAMES)tb2021-10-231-3/+4
| | | | ok jsing
* KNF a particularly ugly commenttb2021-10-231-17/+16
|
* Zap trailing whitespacetb2021-10-231-13/+13
|
* Import documentation for X509_get_extension_flags, X509_get_key_usage,tb2021-10-231-0/+211
| | | | | | | X509_get_extended_key_usage from OpenSSL. Will be linked to the build after the bump. input/lgtm schwarze
* Import documentation for X509_SIG_get{0,m} from OpenSSL. Will be linkedtb2021-10-231-0/+90
| | | | | | to the build after the bump. tweak & lgtm schwarze
* tweak previous: add missing OpenBSD CVS tagschwarze2021-10-231-4/+5
| | | | and fix some weird typos in comments (duplicate '@' signs)
* Prepare to make many of the structs in x509.h opaque.tb2021-10-231-76/+86
| | | | ok beck jsing
* Prepare to provide X509_re_X509*_tbs()tb2021-10-234-4/+35
| | | | ok beck jsing
* Prepare to provide X509_get_extension_flags()tb2021-10-232-2/+13
| | | | ok beck jsing
* Prepare to provide X509_SIG_get{0,m}.tb2021-10-232-2/+28
| | | | ok beck jsing
* Add back the fips mode test functions, new stuff requires this.beck2021-10-233-3/+83
| | | | | Symbols.list changes to follow with tb's upcoming bump ok jsing@
* Prepare to provide X509_get_{extended_,}key_usage()tb2021-10-222-2/+32
| | | | ok beck jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-28 07:50:18 +0000