summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove SXNETtb2023-04-259-638/+7
| | | | Unused and no authorative information was found online in 2016
* Move truncated sha-2 and sha3 out of #ifdef wrapperstb2023-04-251-5/+1
|
* Use X509_STORE_CTX_get1_{certs,crls}() instead of an aliastb2023-04-251-3/+3
|
* X509_STORE_get1_{certs,crls} become X509_STORE_CTX_* also intb2023-04-251-2/+2
| | | | Symbols.namespace
* X509_STORE_get1_{certs,crls} become X509_STORE_CTX_*tb2023-04-253-28/+5
| | | | This matches the OpenSSL 1.1 API a bit better.
* Move the policy tree code to internal-onlytb2023-04-258-86/+42
| | | | | A few hooks remain in the legacy validator, which will soon be replaced with something better. The rest of the tentacles are now largely contained.
* Remove i2d_PKCS7_NDEF from the hidden version as welltb2023-04-251-2/+1
|
* Remove documentation for i2d_PKCS7_NDEFtb2023-04-251-15/+2
|
* Remove i2d_PKCS7_NDEFtb2023-04-253-13/+2
|
* BN_RECP_CTX moves to internaltb2023-04-252-5/+4
|
* Remove CTS modetb2023-04-253-298/+2
| | | | ok jsing
* Remove TS_VERIFY_CTX_init()tb2023-04-252-11/+2
|
* Remove PEM wrappers for NETSCAPE_CERT_SEQUENCEtb2023-04-252-36/+2
|
* Remove the horror show that is bn_nist and ecp_nisttb2023-04-254-1529/+2
| | | | | | This code is full of problematic C and is also otherwise of questionable quality. It is far from constant time and jsing informs me it also isn't faster. Good riddance.
* Remove BN_init() documentationtb2023-04-251-40/+2
|
* Remove BN_CTX_init() documentationtb2023-04-251-23/+3
|
* Remove the no longer used BN_MONT_CTX_init()tb2023-04-252-15/+2
|
* Move a few now internal prototypes to bn_local.htb2023-04-252-24/+17
|
* Remove old BN_one/BN_zero compat stufftb2023-04-251-13/+1
| | | | ok jsing
* Remove X9.31 supporttb2023-04-257-493/+6
| | | | ok jsing
* Remove the no longer used BN_CTX_init()tb2023-04-252-14/+2
| | | | ok jsing
* Bump LibreSSL version to 3.8.0tb2023-04-251-2/+2
|
* Document most command constants.schwarze2023-04-251-2/+60
| | | | | They are part of the public API, may be needed for implementing custom BIO types, and application programmers need to avoid clashing with them.
* Bump majors after symbol addition and removaltb2023-04-253-6/+6
|
* Update Symbols.list after symbol addition and removaltb2023-04-251-134/+10
|
* Comment out a few now unused files from Makefiletb2023-04-251-14/+14
|
* Use proper fix for the recent x400Address issuetb2023-04-252-6/+4
| | | | | | From David Benjamin (BoringSSL) ok beck
* Temporarily define LIBRESSL_NEXT_API in opensslfeatures.htb2023-04-251-0/+2
|
* Define OPENSSL_NO_DEPRECATED and OPENSSL_NO_EC2M in opensslfeatures.htb2023-04-251-0/+2
| | | | ok beck jsing
* Wire up truncated SHA-2, SHA-3 and related thingstb2023-04-255-7/+32
| | | | from jsing
* Remove no longer necessary compat #definestb2023-04-251-6/+1
|
* Add NIDs for truncated SHA-2, SHA-3 and related thingstb2023-04-252-7/+72
| | | | From jsing
* The #ifdef missed a few NETSCAPE_CERT thingstb2023-04-251-2/+2
|
* Remove v3_sxnet from the standard extensionstb2023-04-251-3/+2
|
* Invalidate the DER cache earlier on in X509 setter functionsjob2023-04-251-1/+8
| | | | | | | Note that it is important to invalidate the cache before returning, as the return might bubble up an error. OK tb@ jsing@
* Use X509_set_version() and X509_REQ_set_version() instead doing it by handjob2023-04-252-11/+4
| | | | | | | A small side-effect in X509_to_X509_REQ() is that 'x->req_info->enc.modified' now earlier on is set to 1. OK tb@ jsing@
* Fix allocation sizetb2023-04-251-3/+3
| | | | Reported by anton
* Unbreak tree: file missed in last committb2023-04-251-1/+3
| | | | Reported by anton
* Add endbr64 where needed by inspection. Passes regresson tests.deraadt2023-04-2528-1/+113
| | | | ok jsing, and kind of tb an earlier version
* Future users of libcrypto will also have to do without strong extranettb2023-04-242-2/+8
| | | | | | support. discussed with beck and jsing
* Mark NETSCAPE_CERT_SEQUENCE for removaltb2023-04-243-4/+12
| | | | discussed with beck and jsing
* Mark the NDEF API for removaltb2023-04-242-2/+9
| | | | Discussed with jsing and beck
* Free and calloc() the tlsext_build_order and remember its lengthtb2023-04-241-2/+14
| | | | | | | Aligns tlsext_randomize_build_order() with tlsext_linearize_build_order() and will help regression testing. ok jsing
* Fix sk_is_sorted to tread 0 and 1 element lists as sorted.beck2023-04-241-3/+12
| | | | | | from boringssl ok tb@ jsing@
* Use TLSEXT_TYPE_alpn instead of the stupid long onetb2023-04-241-2/+2
|
* Sort X.509 error reasons, use next available error value, and alignjob2023-04-242-4/+4
| | | | | | error message with internal error code name. OK tb@ jsing@
* Revert 1.32job2023-04-241-27/+2
| | | | | | | jsing@ noted that ASN1_OP_D2I_POST might not be the best place to introduce this check (as could lead to pushing errors (ASN1_R_AUX_ERROR) onto the stack). Additionally, without matching validation on the encoding side brittleness is introduced.
* Replace X509v3_get_ext_count() with X509_get_ext_count()job2023-04-231-2/+2
| | | | Error introduced in 1.24
* In the case of V1 certs, the extension count should be exactly 0job2023-04-231-2/+2
| | | | OK tb@
* If extensions are encountered on a X.509 V1 cert, mark as invalidjob2023-04-231-2/+5
| | | | | | | While there, explicitly check for 0 - as X509_get_version() is a wrapper around the less than beloved ASN1_INTEGER_get(). OK tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-28 12:09:16 +0000