summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Add ED25519 aliases for NID, SN and OBJtb2022-11-131-3/+1
| | | | The Ed25519 versions already existed, but OpenSSL chose to uppercase the D.
* Expose ASN1_buf_print() in asn1.htb2022-11-131-3/+1
| | | | | This is needed to print the 32-byte Ed25519 keys which aren't handled as BNs.
* Hide symbols in libcrypto/uibeck2022-11-126-4/+187
| | | | ok jsing@
* Hide symbols in libcrypto/pkcs12beck2022-11-1218-17/+272
| | | | ok jsing@
* Hide symbols in libcrypto/pkcs7beck2022-11-1211-41/+368
| | | | | | | | This applies the guentherizer 9000(tm) to pkcs7, after moving several pkcs7 funcitions back to pkcs7 that were in x509/x_all.c for reasons known only to the miasma. ok jsing@
* Hide symbols in libcrypto/stackbeck2022-11-113-1/+89
| | | | | | | Automated change from the first attempts at the semi automated Guentherizer 2000. ok jsing@ tb@ joshua@
* Convert the legacy TLS stack to tls_content.jsing2022-11-1110-190/+292
| | | | | | | | | | This converts the legacy TLS stack to tls_content - records are now opened into a tls_content structure, rather than being written back into the same buffer that the sealed record was read into. This will allow for further clean up of the legacy record layer. ok tb@
* Symbols.list: Drop comments and sort.tb2022-11-111-33/+22
| | | | | | | While grouping the API by its purpose is nice, it doesn't help much if >90% is "general API". ok jsing
* Use named initialisers.jsing2022-11-111-3/+4
| | | | Requested by tb@
* Merge bf_pi.h into bf_skey.c.jsing2022-11-112-330/+268
| | | | | | | There's not much point having a static table in a header file that is only included in one source file. Discussed with tb@
* Tidy includes, fix comment style and mop up some blank lines.jsing2022-11-116-17/+22
|
* Whack blowfish with a style(9) bat.jsing2022-11-119-740/+741
|
* Start CBS-ifying the name constraints code.beck2022-11-113-104/+146
| | | | ok jsing@ tb@
* Stop pretending that obj_mac.h is optional.jsing2022-11-111-896/+1
| | | | | | | | This is effectively: unifdef -m -DUSE_OBJ_MAC objects/objects.h ok beck@, with extreme prejudice.
* Add support for symbol hiding disabled by default.beck2022-11-1110-5/+232
| | | | | | | | | | | | Fully explained in libcrypto/README. TL;DR make sure libcrypto and libssl's function calls internally and to each other are via symbol names that won't get overridden by linking other libraries. Mostly work by guenther@, which will currently be gated behind a build setting NAMESPACE=yes. once we convert all the symbols to this method we will do a major bump and pick up the changes. ok tb@ jsing@
* zap stray space (CRITICAL!)tb2022-11-111-2/+2
|
* Bump LibreSSL version to 3.7tb2022-11-101-3/+3
|
* Use tls_buffer for alert and handshake fragments in the legacy stack.jsing2022-11-105-49/+94
| | | | | | This avoids a bunch of pointer munging and a handrolled memmove. ok tb@
* Finish migrating to one source file per line.joshua2022-11-101-17/+78
| | | | ok jsing@ tb@
* In asn1.h rev. 1.65, beck@ provided ASN1_TIME_set_string_X509(3),schwarze2022-11-101-11/+139
| | | | | | | | | ASN1_TIME_normalize(3), ASN1_TIME_to_tm(3), ASN1_TIME_cmp_time_t(3), and ASN1_TIME_compare(3). Merge documentation from the OpenSSL 1.1.1 branch, which is still under a free license, with tweaks by me in several respects to match our implementation, and also using some feedback from beck@. OK beck@.
* Allow explicit cert trusts or distrusts for EKU anybeck2022-11-101-4/+6
| | | | | | | | | This matches the current OpenSSL behaviour introduced in their commit: commit 0daccd4dc1f1ac62181738a91714f35472e50f3c Date: Thu Jan 28 03:01:45 2016 -0500 ok jsing@ tb@
* Implement EVP interfaces for Ed25519 and X25519.jsing2022-11-108-7/+902
| | | | ok beck@ tb@
* Map objects for ED25519 to Ed25519.jsing2022-11-101-1/+7
| | | | | | | OpenSSL used ED25519, even though the RFCs use Ed25519 - as such, we get to provide both. ok tb@
* Continue migrating to one source file per line.joshua2022-11-101-30/+121
| | | | ok jsing@ tb@
* Provide digestsign/digestverify hooks for EVP_PKEY_METHOD.jsing2022-11-104-4/+32
| | | | | | These are needed for EVP implementations of Ed25519 and X25519. ok beck@ tb@
* Continue migrating to one source file per line.joshua2022-11-101-37/+163
| | | | ok jsing@ tb@
* Port EVP raw key API from OpenSSL.jsing2022-11-104-5/+116
| | | | | | This will be needed to deal with Curve25519 based keys. ok beck@ tb@
* Port ASN1_buf_print() from OpenSSL 1.1.jsing2022-11-102-2/+34
| | | | | | This is needed to print byte array based keys, such as Ed25519 and X25519. ok beck@ tb@
* Continue migrating to one source file per line.joshua2022-11-101-26/+110
| | | | ok jsing@ tb@
* Fix a few more leaks in *_print() functions.tobhe2022-11-102-14/+28
| | | | ok jsing@
* Move bn_prime.h to the public domain.tb2022-11-101-57/+4
| | | | | | It's entirely trivial. ok beck
* Start migrating to one source file per line.joshua2022-11-091-18/+83
| | | | ok jsing@ tb@
* Sync CBS_strdup() documentation update from libcrypto.jsing2022-11-091-6/+4
|
* Move table in bn_primes.h to a .c file and get rid of prime_ttb2022-11-095-335/+292
| | | | | | | This way we deduplicate two inclusions of the same big table and eliminate lots of stupid casts. input and ok many
* Fix up indentation for EVP_PKEY_* defines.jsing2022-11-091-19/+19
|
* Revise CBS_strdup() documentation.jsing2022-11-091-6/+4
| | | | | | | CBS_strdup() now internally checks if the data contains NUL, failing if it does. Prompted by beck@
* Clean up EVP_PKEY_METHOD related tables and code.jsing2022-11-091-56/+41
| | | | | | | This is effectively the same as done for EVP_PKEY_ASN1_METHOD, although this table only has nine entries. ok tb@
* Clean up EVP_PKEY_ASN1_METHOD related tables and code.jsing2022-11-091-87/+52
| | | | | | | | | | | Rather than messing around with an OBJ_bsearch() for a table that contains 16 entries (and a stack find for any application added methods), simply do a reverse linear scan. This maintains the application method first behaviour, while removing a chunk of code. While here rename some variables and do some style clean up. ok tb@
* Make X25519_public_from_private() internally reachable.jsing2022-11-092-5/+8
|
* Rename public_value to public_key for consistency.jsing2022-11-091-9/+9
| | | | ok tb@
* Rework ED25519 API.jsing2022-11-093-45/+40
| | | | | | | | | | | BoringSSL implemented a compound private key, which includes a copy of the public key as a performance optimisation for signing. However, this does not readily match with how EVP works, makes the ED25519 API inconsistent with the X25519 API, diverges from th RFC and does not align with the OpenSSL API. Instead, the caller can readily compute the public key and pass this in to the signing process. ok tb@
* Sort EVP_PKEY_METHOD externs.jsing2022-11-091-5/+10
|
* Sort EVP_PKEY_ASN1_METHOD externs.jsing2022-11-091-6/+6
|
* Inline use of bn_is_prime_bpsw()tb2022-11-091-24/+20
| | | | | | | | | Instead of using the BN_is_prime_fasttime_ex() API, use a direct call to bn_is_prime_bpsw(). This increases readability and simplifies error handling. Also put a division by two to the natural place now that we no longer need to do Miller-Rabin rounds. ok beck jsing
* Next pass of bn_prime.c cleanuptb2022-11-091-39/+29
| | | | | | | Garbage collect a few pointless variables and remove a loop that wasn't really a loop. Simplify BN_CTX handling and drop some stupid comments. ok jsing miod
* Drop some dead codetb2022-11-091-136/+1
| | | | ok jsing
* Fix possible memory leak in BN_mpi2bn() if BN_bin2bn() fails.tobhe2022-11-091-3/+7
| | | | | | found with CodeChecker feedback from millert@ ok tb@
* In case lh_OBJ_NAME_insert returns NULL due to a failed malloc, onpmbuhl2022-11-081-1/+2
| | | | | | is leaked in OBJ_NAME_add. ok tb Found by CodeChecker.
* Rename out to err to conform with standard naming scheme.tobhe2022-11-081-4/+4
|
* Fix leak of pk if EVP_PKEY_set1_DSA() fails.tobhe2022-11-081-5/+9
| | | | | Found with CodeChecker ok jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-04 07:17:15 +0000