summaryrefslogtreecommitdiff
path: root/src (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-01-14Remove NO_ASN1_FIELD_NAMEStb1-5/+1
This follows OpenSSL commit 26f2412d. ok inoguchi jsing
2022-01-14Remove obsolete key formatstb5-578/+3
This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET, Netscape_RSA things. Some of the nasty tentacles that could go in principle are used in some test suites, so we need to keep them... All this was removed as part of OpenSSL commit 0bc2f365. ok inoguchi jsing
2022-01-14Remove ASN1_OBJECT internals from public visibility.tb3-17/+19
Move the struct declaration to asn1_locl.h and add a forward declaration to ossl_typ.h. This makes struct visibility in the asn1 headers match OpenSSL. ok inoguchi jsing
2022-01-14Remove HMAC_CTX_{init,cleanup}() and HMAC_init from public visibilitytb2-6/+5
In OpenSSL commit 32fd54a9a3 HMAC_CTX_cleanup() was integrated into HMAC_CTX_init(), then HMAC_CTX_init() was renamed to HMAC_CTX_reset() in dc0099e1. LibreSSL retained them for API compatibility with OpenSSL 1.0. Not many things use them anymore. In fact, some projects that didn't want to modify their code for OpenSSL 1.1 API compatibility used the removed functions to wrap the OpenSSL 1.1 API. We had to patch some of these and this will now no longer be necessary. Also remove HMAC_cleanup(). Nothing uses this. ok inoguchi jsing
2022-01-14Make structs in evp.h and hmac.h opaquetb4-146/+142
This moves most structs to evp_locl.h and moves HMAC_CTX to hmac_local.h. ok inoguchi jsing
2022-01-14Move BN structs to bn_lcl.htb2-50/+46
This makes all structs in bn.h opaque that are also opaque in OpenSSL. ok inoguchi jsing
2022-01-14Remove BIO_s_file_internaltb1-4/+1
Pointed out by schwarze. How something with this name ever made its way into a public header will remain a mystery. ok inoguchi jsing
2022-01-14Remove ASN1{_const,}_check_infinite_endtb2-30/+2
Suggested by schwarze ok inoguchi jsing
2022-01-14Remove ASN1{,_const}_CTXtb1-35/+1
These are leftovers of the old ASN.1 stuff. Nothing uses this. OpenSSL removed them in a469a677. ok inoguchi jsing
2022-01-14Remove X509_OBJECT_free_contentstb2-19/+11
Inline X509_OBJECT_free_contents() in X509_OBJECT_free() and remove this dangerous API. It was left over when x509_vfy.h was made opaque. ok inoguchi jsing
2022-01-14Remove PEM_Seal{Init,Update,Final}tb3-223/+3
This unused, bug-ridden API was removed in OpenSSL commit 0674427f. ok inoguchi jsing
2022-01-14Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_APItb10-112/+10
This marks the start of major surgery in libcrypto. Do not attempt to build the tree for a while (~50 commits).
2022-01-12zap some stray whitespacetb1-2/+2
2022-01-12ASN1_{,F,T}BOOLEAN_it and the encoding and decoding API will movetb5-147/+7
to internal only soon. Stop documenting them. ok inoguchi jsing
2022-01-12Only evp_pkey_check needs static linkingtb1-2/+4
2022-01-12Add a prototype for OBJ_bsearch_ so this test will keep workingtb1-1/+6
after the bump. Since this tests the public interfaces, we do not want to use LIBRESSL_INTERNAL/LIBRESSL_CRYPTO_INTERNAL here.
2022-01-12Rework ecdsatest to build after the bump and link statically for nowtb2-14/+26
2022-01-12Rework dsatest to use accessors and link statically for nowtb2-7/+7
2022-01-12Rework dhtest to use accessors and link statically for nowtb1-6/+6
For some reason CVS didn't want to commit this the first time around.
2022-01-12Rework dhtest to use accessors and link statically for nowtb1-3/+3
2022-01-12Rework test to use EVP_AEAD_CTX_{new,free}() and link statically for nowtb2-20/+32
2022-01-12Fix typo in header guardtb1-3/+3
2022-01-12Fix asn1x509 build with opaque structures. Link statically for now.tb2-20/+25
2022-01-12Rework Makefile to use regress framework and link asn1basic statically.tb2-14/+16
It will need this for testing {d2i,i2d}_ASN1_BOOLEAN which will be moved to internal-only in the upcoming bump.
2022-01-11forgot to zap some dead assignmentstb1-4/+4
2022-01-11Add regress for EVP_PKEY_{,public_,param_}check()tb2-7/+415
2022-01-11Revise for peer_cert.jsing1-6/+6
2022-01-11Remove peer_pkeys from SSL_SESSION.jsing6-96/+58
peer_pkeys comes from some world where peers can send multiple certificates - in fact, one of each known type. Since we do not live in such a world, get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2 and TLSv1.3, both clients and servers can only send a single leaf (aka end-entity) certificate). ok inoguchi@ tb@
2022-01-11Simplify SSL_get_peer_certificate()jsing1-10/+8
ok inoguchi@ tb@
2022-01-11Rename 'peer' to 'peer_cert' in SSL_SESSION.jsing8-37/+37
The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful. ok inoguchi@ tb@
2022-01-11Revise for changes to tls_key_share_peer_public()jsing1-2/+4
2022-01-11Plumb decode errors through key share parsing code.jsing7-48/+106
Distinguish between decode errors and other errors, so that we can send a SSL_AD_DECODE_ERROR alert when appropriate. Fixes a tlsfuzzer failure, due to it expecting a decode error alert and not receiving one. Prompted by anton@ ok tb@
2022-01-11Use SSL_AD_INTERNAL_ERROR for non-decoding alerts when parsing keyshares.jsing1-4/+10
ok tb@
2022-01-11Simplify tlsext_keyshare_server_parse()jsing1-9/+5
SSL_AD_DECODE_ERROR is the default alert for a TLS extension parsing failure - remove the various gotos and simply return 0 instead. ok tb@
2022-01-11Wrap long linesinoguchi1-42/+74
2022-01-11Check function return valueinoguchi1-32/+57
2022-01-11Suppress warninginoguchi1-1/+3
2022-01-11Compare pointer variable with NULLinoguchi1-44/+44
2022-01-11Remove space between '*' and pointer variable.inoguchi1-11/+9
2022-01-11Convert openssl(1) smime option handlinginoguchi1-357/+744
Apply new option handling to openssl(1) smime and no functional changes. input and ok jsing@
2022-01-10Convert tls_bio_cb for opaque BIOtb1-19/+46
joint with jsing
2022-01-10Document EVP_AEAD_CTX_{new,free}() and adjust example code.tb1-6/+45
looks good to jsing
2022-01-10Unbreak tree. Sorry about that.tb1-7/+7
2022-01-10NULL out pointers after transferring them to the DSA object.tb1-1/+9
2022-01-10Dedup get_dsa*() code.tb1-91/+60
Pointed out by jsing
2022-01-10Convert testdsa to accessors for opaque DSAtb1-30/+90
ok inoguchi jsing
2022-01-10Remove a few unused defines from x509.htb1-6/+1
As suggested by schwarze, this removes X509_EX_V_{INIT,NETSCAPE_HACK} and X509_EXT_PACK_{STRING,UNKNOWN} ok inoguchi jsing
2022-01-10Prepare to provide the EVP_MD_meth_* APItb2-2/+130
This allows implementations to add their own EVP_MD_METHODs. Only the setters are provided. This is used by erlang for the otp_test_engine. ok inoguchi jsing
2022-01-10Document openssl pkey -check,-pubcheck and param -checktb1-2/+12
2022-01-10Implement openssl pkey -{,pub}check and pkeyparam -checktb4-10/+79
These expose EVP_PKEY_{,public_,param_}check() to the command line. They are currently noops and will be enabled in the upcoming bump. ok inoguchi jsing