summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* X509_NAME_print() also fails to indenttb2025-01-081-5/+6
|
* X509_NAME_print: remove lie about multiple lines being usedtb2025-01-071-4/+2
| | | | | | | | | | | | | OpenSSL commit 92ada7cc (2007) removed some dead code with flawed logic attempting to print multiple lines if the line exceeded 80 characters. Said flawed logic was there since the start of the git history importing SSLeay 0.8.1b in 1998 and never worked. Rumor has it that it did work prior to that. Be that as it may, it's just wrongly documented since Henson added the docs in commit 0711be16 (2002). Prompted by OpenSSL issue #18004 by davidben https://github.com/quictls/quictls/pull/168 https://github.com/quictls/quictls/issues/75
* Rewrite TS_ASN1_INTEGER_print_bio()tb2025-01-071-14/+19
| | | | | | | | | | | | | | This eliminates another stupid BN_free(&bn) and uses BIO_printf() rather than a ludicrously silly result dance. In fact it appears that this dance was so hard to grok that OpenSSL misread it and made this function return the value -1 on ASN1_INTEGER_to_BN() failure, a value that it had never returned before. It doesn't matter anyway. The only uses of this function are internal to OpenSSL's code and since TS fully conforms to OpenSSL's high QA standards, no caller checks the return of TS_ASN1_INTEGER_print_bio(). ok jsing
* Remove stale comment about methods and memberstb2025-01-071-6/+1
|
* Check discriminant directly in EC_GROUP_set_discriminant()tb2025-01-073-68/+47
| | | | | | | | | | After possibly decoding a and b in EC_GROUP_get_curve(), this is a pure calculation in GFp and as such doesn't make use of any method-specifics. Let's perform this calculation directly in the public API implementation rather than redirecting through the methods and remove yet another method handler. ok jsing
* unitialized -> uninitializedtb2025-01-061-2/+2
|
* ec_lib: create a garbage bin at the end, throw Jprojective stuff in theretb2025-01-061-19/+24
|
* Inline the last two uses of ec_mont_group_clear()tb2025-01-061-14/+11
|
* typo: slighty -> slightlytb2025-01-061-2/+2
|
* group_copy() is no longer a thing...tb2025-01-061-3/+1
|
* Remove get_order_bits() and get_degree() methodstb2025-01-063-28/+5
| | | | | | | The degree made some sense when EC2M was a thing in libcrypto. Fortunately that's not the case anymore. The order handler never made sense. ok jsing
* More dest -> dst renaming missed in previoustb2025-01-061-8/+8
| | | | requested by jsing
* Rename dest into dsttb2025-01-061-21/+21
| | | | requested by jsing
* Inline the copy handlers in EC_GROUP_copy()tb2025-01-062-51/+19
| | | | | | This is another bit of indirection that makes this code so hard to follow. ok jsing
* Use a slightly more sensible order in ec_local.htb2025-01-061-36/+33
|
* BN_div_recp() can't be static since it is directly exercised by bn_test.ctb2025-01-062-3/+5
|
* fix ugly whitespacetb2025-01-061-4/+4
|
* Revise comments to note that these are Jacobian projective coordinates.jsing2025-01-061-3/+6
|
* Shuffle functions into a more sensible ordertb2025-01-062-42/+39
| | | | | | BN_reciprocal() is only called by BN_div_recp() which in turn is only called by BN_mod_mul_reciprocal(). So use this order and make the first two static.
* Remove indirection for coordinate blinding.jsing2025-01-063-28/+4
| | | | | | | This is usually method specific, so remove the indirection and call the appropriate blinding function directly. ok tb@
* Stop caching one in the Montgomery domaintb2025-01-063-56/+16
| | | | | | | | | | | | This is only used by ec_points_make_affine(), which is only used by the wNAF multiplication, which is only used by ECDSA. We can afford computing that one once per ECDSA verification given the cost of the rest of this. Thus, the field_set_to_one() member disappears from the EC_METHOD and the mont_one member disappears from EC_GROUP and with it all the complications when setting/copying/freeing the group. ok jsing
* Prepare removal accessors for Jprojective coordinatestb2025-01-063-150/+16
| | | | | | | | | | | | | | | | | That the BN-driven EC code uses Jacobian projective coordinates as an optimization is an implementation detail. As such this should never have leaked out of the library as part of the public API. No consumer should ever care and if they do they're doing it wrong. The only port that cares is one of those stupid little perl modules that expose all the things and transform terrible OpenSSL regress tests into similarly horrible Perl. In practice, only affine coordinates matter (perhaps in compressed form). This prunes two more function pointers from EC_GROUP and prepares the removal of the field_set_to_one() method which is now only used in ec_points_make_affine(). ok jsing sthen
* Move BIGNUMs in EC_GROUP and EC_POINT to the heaptb2025-01-055-194/+208
| | | | | | | | | | | | | | | | | | | | | The only way to get an EC_GROUP or an EC_POINT is by calling the relevant _new() function and to get rid of it, something must call _free(). Thus we can establish the invariant that every group has Weierstrass coefficients p, a, b as well as order and cofactor hanging off it. Similarly, Every point has allocated BIGNUMs for its Jacobian projective coordinates. Unfortunately, a group has the generator as an optional component in addition to seed and montgomery context/one (where optionality makes more sense). This is a mostly mechanical diff and only drops a few silly comments and a couple of unnecessary NULL checks since in our part of the wrold the word invariant has a meaning. This should also appease Coverity who likes to throw fits at calling BN_free() for BIGNUM on the stack (yes, this is actually a thing). ok jsing
* Remove most of the RSA_FLAG_SIGN_VER documentationtb2025-01-052-33/+6
| | | | ok jsing kn
* Stop requiring the RSA_FLAG_SIGN_VERtb2025-01-052-7/+5
| | | | | | | | | | | | | | | | | | | | You can set custom sign and verify handlers on an RSA method (wihch is used to create RSA private and public key handles). However, even if you set them explicitly with RSA_meth_set_{sign,verify}(3), these handlers aren't used for the sake of "backward compatibility" (with what?). In order to use them, you need to opt your objects into using the custom methods you set by setting the RSA_FLAG_SIGN_VER flag. OpenSSL 1.1 dropped this requirement and therefore nobody sets this flag anyore. Like most of the mechanically added accessors, almost nothing uses them, but, as found by kn, the yubco-piv-tool does. This resulted in a public key being passed to rsa_private_encrypt(), which of course doesn't end well. So follow OpenSSL 1.1 and drop this muppetry. This makes kn's problem with yubico-piv-tool go away. ok jsing kn
* Fix typo: multipy -> multiplytb2025-01-032-18/+18
| | | | | Reflow the comment to avoid some very unfortunate line wraps. "Note that" is like "literally" a bunch of generally useless noise and best omitted.
* Remove now unnecessary initialization of c and itb2025-01-031-2/+2
|
* Remove unnecessary early return if num == 0tb2025-01-031-4/+1
| | | | Review feedback by jsing
* Make obj_bsearch_ex() resemble libc bsearch() a bit moretb2025-01-031-16/+12
| | | | ok jsing
* Garbage collect .group_finish()tb2025-01-013-23/+9
| | | | | | | There is only one caller, EC_GROUP_free(), so inline the relevant free calls there and dispose of a few layers of indirection. ok jsing
* Garbage collect .group_init()tb2025-01-013-37/+3
| | | | | | | | For both in-tree methods these are just complicated ways of zeroing part of the group object. The group is allocated with calloc(), so it's all entirely pointless. ok jsing
* Use the shorthand p rather than &group->p in one more placetb2025-01-011-2/+2
|
* NID_sxnet and NID_proxyCertInfo are no longer supportedtb2024-12-311-7/+2
| | | | The code supporting it was removed in April 2023.
* Prefer the constants EVP_CTRL_AEAD_* over EVP_CTRL_CCM_* and EVP_CTRL_GCM_*schwarze2024-12-292-12/+110
| | | | | | | | | | | | | | because that's what OpenSSL 1.1 suggests. Even though that "unification" doesn't really simplify anything but is more akin to repainting the bikeshed, at least it doesn't cause any additional harm, so keeping recommendations consistent may reduce the risk of code breaking in the future. Provide an example of decryption with AES-CCM in addition to the example of encryption already in place, because there are a number of subtle and non-obvious differences that users have to pay attention to. Both ideas originally suggested by tb@.
* Remove flags argument from obj_bsearch_ex()tb2024-12-281-9/+5
| | | | | | | | | The only caller passes in OBJ_BSEARCH_FIRST_VALUE_ON_MATCH, so the condition involving this flag is always true. On the other hand, while OBJ_BSEARCh_VALUE_ON_NOMATCH is left unset hence the condition involving this flag is also true (since negated). ok jsing
* stack: inline internal_find() in sk_find()tb2024-12-281-10/+4
| | | | | | | internal_find() was a generalization needed for sk_find_ex(), which was removed a while ago. ok jsing
* Document X509V3_ADD_OP_MASK and clarify the description of the flags argument.schwarze2024-12-281-5/+31
| | | | | While here, also add a (c) line for tb@ because he added Copyright-worthy amounts of text to this page during the last two years.
* Document X509_supported_extension(3).schwarze2024-12-281-6/+28
| | | | | | The sentence about X509_EXTENSION_get_critical(3) in the DESCRIPTION contained broken grammar or at least broken punctuation, and more importantly, redundant and misplaced information. While he, shorten it.
* Document X509V3_EXT_print_fp(3).schwarze2024-12-281-28/+67
| | | | | Sort the list of decoding functions alphabetically by extension type. List the printing functions that are already documented.
* new manual page a2i_ipadd(3) written from scratchschwarze2024-12-276-11/+157
|
* Remove disabled code supporting elliptic curves of small ordertb2024-12-241-1014/+1
| | | | ok jsing
* Tweak doc comment of _X509_CHECK_FLAG_DOT_SUBDOMAINStb2024-12-241-4/+3
| | | | | Now that it lives in a .c file, there's no need to point out that it is non-public...
* new manual page v2i_ASN1_BIT_STRING(3) written from scratchschwarze2024-12-246-11/+141
|
* Internal linkage for one constant struct where that was accidentallyschwarze2024-12-241-2/+2
| | | | | | | | | forgotten in rev. 1.3 on July 13 this year. No library bump and no ABI change because libcrypto.so.55.0 did not export the symbol because it wasn't in Symbols.list. Found in a partial code audit focusing on X509V3_EXT_METHOD objects.
* ealier -> earlierjsg2024-12-231-4/+4
|
* Move _X509_CHECK_FLAG_DOT_SUBDOMAINS to x509_utl.ctb2024-12-232-9/+9
| | | | | | | | Unclear why this ever had to be made public since it's only used in a single file. Anyway, nothing uses this, so remove it. This went through a full bulk pointed out by/ok schwarze
* Remove the EXT_* table building macrostb2024-12-231-19/+1
| | | | | | | | These were used in x509_bitst.c and x509_ia5.c for populating tables that have been expanded a long time ago. Nothing uses them, so remove them. This went through a full bulk pointed out by/ok schwarze
* Annotate ENUMERATED_NAMES for potential removaltb2024-12-231-1/+2
| | | | | Only security/xca uses it for no good rean. It can use BIT_STRING_BITNAME if it really needs to.
* Remove X509V3_EXT_{DYNAMIC,CTX_DEP}tb2024-12-231-4/+2
| | | | | | | | | | LibreSSL has removed support for dynamically allocated custom extension methods. The mysterious CTX_DEP define was part of an experimental code dump and that part of the experimental code was never shown hence never reviewed. This went through a full amd64 bulk noticed by/ok schwarze
* Fix the error handling in X509V3_parse_list(3); it ignored failuresschwarze2024-12-231-6/+9
| | | | | | | | | | | | | of the internal subroutine X509V3_add_value(), which could result in silently losing part of the input data on memory exhaustion. I independently rediscovered this bug while writing the documentation, then noticed after fixing it that Zhou Qingyang <zhou1615 at umn dot edu> fixed it in essentially the same way in OpenSSL 3 (commit bcd5645b on Apr 11 02:05:19 2022 +0800), but it wasn't backported to the OpenSSL 1.1.1 branch. OK tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 11:53:51 +0000