summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Unhook and remove the now even more useless ssl_algs.c than it was before.tb2023-11-222-68/+1
| | | | ok jsing
* Make SSL_library_init() a wrapper of OPENSSL_init_ssl()tb2023-11-222-61/+9
| | | | | | | | | | | This way it doesn't do nonsensical work for all those who cargo culted an init sequence. There's no point in having SSL_library_init() as a cheaper version of OPENSSL_init_ssl(): once you do crypto, you'll init crypto... Also move the now trivial implementation to ssl_init.c which has a good license. ok jsing
* Stop calling SSL_library_init() from OPENSSL_init_ssl_internal()tb2023-11-221-2/+1
| | | | | | | | It's pointless: all the ciphers and digests added by SSL_library_init() are already added by OPENSSL_init_crypto(), which was already called at that point. ok jsing
* Move SSL_library_init() next to OPENSSL_init_ssl()tb2023-11-221-3/+2
| | | | | | | Its current position makes no sense and it will become a wrapper of the latter in a subsequent commit. ok jsing
* ec_print.c: Unwrap a linetb2023-11-211-3/+2
|
* Inline a better version of print_bin() in only callertb2023-11-211-42/+27
| | | | | | | | | | Instead of printing to a temporary buffer with weird gymnastics, we can simply write things out to the BIO using proper indent. This still isn't perfect since we have a CBS version of this in ecx_buf_print(), which is basically what used to be ASN1_buf_print(). Annotate this with an XXX for future cleanup. ok beck
* Fix a <= 5-byte buffer overwrite in print_bin()tb2023-11-211-2/+3
| | | | | | | | | | | | If the offset is > 124, this function would overwrite between 1 and 5 bytes of stack space after str[128]. So for a quick fix extend the buffer by 5 bytes. Obviously this is the permanent fix chosen elswehere. The proper fix will be to rewrite this function from scratch. Reported in detail by Masaru Masuda, many thanks! Fixes https://github.com/libressl/openbsd/issues/145 begrudging ok from beck
* Mark up an occurrence of ENGINEtb2023-11-191-2/+3
|
* ENGINE can no longer have ex_data attached to ittb2023-11-191-3/+3
|
* Remove musings how ENGINE may or may not screw everything up.tb2023-11-191-23/+2
|
* Remove ENGINE mention in RSA_new()tb2023-11-191-14/+6
|
* OPENSSL_config() no longer calls ENGINE_load_builtin_engines()tb2023-11-191-5/+4
|
* ENGINE_add_conf_module() no longer existstb2023-11-191-8/+2
|
* Remove ENGINE Xr that I left behindtb2023-11-191-2/+1
|
* zap stray commatb2023-11-191-2/+2
|
* Unifdef OPENSSL_NO_ENGINE in libssltb2023-11-195-69/+5
| | | | | | As usual, a few manual fixes to avoid duplicate lines. ok jsing
* Manually unifdef OPENSSL_NO_ENGINE in ssl_clnt.ctb2023-11-191-17/+4
| | | | | | This allows us to simplify ssl_do_client_cert_cb() a bit. ok jsing
* Rename an ENGINE from e to engine for consistencytb2023-11-191-2/+2
|
* Unifdef OPENSSL_NO_ENGINE in libcryptotb2023-11-1921-431/+21
| | | | | | | This is mechanical apart from a few manual edits to avoid doubled empty lines. ok jsing
* Unifdef OPENSSL_NO_ENGINE in pmeth_lib.ctb2023-11-191-41/+3
| | | | | | | This includes a manual intervention for the call to EVP_PKEY_meth_find() which ended up in the middle of nowhere. ok jsing
* Unifdef OPENSSL_NO_ENGINE in engine.htb2023-11-191-566/+8
| | | | | | | Also rip out all the gross, useless comments. There's still too much garbage in here... ok jsing
* Also mention ENGINE_{cleanup,{ctrl_cmd{,_string}()tb2023-11-191-3/+29
|
* Missing periodtb2023-11-191-2/+2
|
* fix grammartb2023-11-191-2/+2
|
* Remove remaining ENGINE manualstb2023-11-1911-1988/+1
| | | | They document functionality that no longer exists.
* Strip mention of ENGINE out of *_set_method.3tb2023-11-193-98/+26
|
* Strip out mentions of ENGINE_load_builtin_engines()tb2023-11-191-7/+4
| | | | | There's probably more that needs to be updated here, but that can be done another day.
* ex data for ENGINEs is no longer a thingtb2023-11-191-9/+2
|
* Remove section explaining how great and flexible ENGINE is andtb2023-11-191-28/+2
| | | | remove two Xr to ENGINE manuals.
* Remove obsolete engine configuration sectiontb2023-11-191-106/+2
|
* Document the remaining ENGINE stubs in a single manualtb2023-11-191-146/+103
|
* EVP_PKEY_encrypt() simplify exampletb2023-11-191-6/+4
| | | | In particular, do not use an uninitialized engine, simply pass NULL.
* Check for negative EVP_CIPHER_CTX_iv_length() return in libssltb2023-11-182-9/+13
| | | | ok beck
* Forgot to fix one unsigned int vs int confusiontb2023-11-181-3/+3
| | | | CID 468015
* Check for negative IV lengthtb2023-11-185-27/+45
| | | | | | | | | | | | A recent change in EVP_CIPHER_CTX_iv_length() made it possible in principle that this function returns -1. This can only happen for an incorrectly set up EVP_CIPHER. Still it is better form to check for negative lengths before stuffing it into a memcpy(). It would probably be desirable to cap the iv_length to something large enough. This can be done another time. ok beck
* Mention which functions are implemented as macros in the few casesschwarze2023-11-1613-34/+76
| | | | where that information was missing.
* drop some duplicate statements about macrosschwarze2023-11-164-23/+10
|
* fix wrong macroschwarze2023-11-161-3/+3
|
* delete lots of stuff that no longer existsschwarze2023-11-161-300/+17
|
* fix typo: exdata -> ex_dataschwarze2023-11-161-4/+4
|
* Minimal fix to unbreak OPENSSL_{gmtime,timegm}(3)tb2023-11-161-15/+18
| | | | | | I was told not to look since it will magically get fixed. Fine. I'd still have expected a minimal amount of care so that the manpage isn't totally dysfunctional and missing text in the right places. Sigh.
* Drop some unnecessary parenthesestb2023-11-151-19/+19
|
* Shuffle getters and adders down a bittb2023-11-151-34/+30
| | | | These use static helper functions which don't need prototypes this way.
* Make X509_certificate_type() less badtb2023-11-131-24/+29
| | | | | | | This converts to proper single exit and undoes a number of unnecessarily silly muppet antics. ok beck
* Garbage collect an incoherent export crypto checktb2023-11-131-4/+1
| | | | | | | | | | | | Contrast "#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */" with the diff: - /* /8 because it's 1024 bits we look for, not bytes */ - if (EVP_PKEY_size(pk) <= 1024 / 8) - ret |= EVP_PKT_EXP; EVP_PKT_EXP will be nuked at the next opportunity. discussed with jsing
* Use a sensible variable name (i.e. nid) instead of i for a NIDtb2023-11-131-5/+6
|
* Use X509_get_signature_nid() instead of inlining ittb2023-11-131-2/+2
| | | | ok beck jsing
* X509_certificate_type() needs to know about RSA-PSStb2023-11-131-1/+4
| | | | | | | This doesn't do much right now, but is part of the tangle that is adding RSA-PSS support. ok beck jsing
* Prepare to expose OPENSSL_gmtime and OPENSSL_timegm as publicbeck2023-11-134-5/+68
| | | | | | | | | | | This matches when BoringSSL has done, and allows for getting rid of the dependency on system timegm() and gmtime() in libtls. which will make life easier for portable, and remove our dependency on the potentially very slow system versions. ok tb@ - tb will handle the minor bump bits and expose on the next minor bump CVS :----------------------------------------------------------------------
* Remove last caller of ASN1_time_parse(3) in libtlstb2023-11-131-3/+4
| | | | | | | | This one is slightly annoying since ASN1_TIME_to_tm(3) doesn't provide a direct check for a GeneralizedTime, so call ASN1_GENERALIZEDTIME_check() as well. This means LibreSSL parses the time twice. Shrug. ok beck
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-26 10:27:25 +0000