summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* ec_print.c: Unwrap a linetb2023-11-211-3/+2
|
* Inline a better version of print_bin() in only callertb2023-11-211-42/+27
| | | | | | | | | | Instead of printing to a temporary buffer with weird gymnastics, we can simply write things out to the BIO using proper indent. This still isn't perfect since we have a CBS version of this in ecx_buf_print(), which is basically what used to be ASN1_buf_print(). Annotate this with an XXX for future cleanup. ok beck
* Make a few purpose things consttb2023-11-214-11/+11
| | | | | This should allow us to constify a sizable table in libcrypto in an upcoming bump.
* Fix a <= 5-byte buffer overwrite in print_bin()tb2023-11-211-2/+3
| | | | | | | | | | | | If the offset is > 124, this function would overwrite between 1 and 5 bytes of stack space after str[128]. So for a quick fix extend the buffer by 5 bytes. Obviously this is the permanent fix chosen elswehere. The proper fix will be to rewrite this function from scratch. Reported in detail by Masaru Masuda, many thanks! Fixes https://github.com/libressl/openbsd/issues/145 begrudging ok from beck
* Still need engine.h for ENGINE_free()tb2023-11-201-1/+2
| | | | But do away with the OPENSSL_NO_ENGINE dance.
* Mark up an occurrence of ENGINEtb2023-11-191-2/+3
|
* ENGINE can no longer have ex_data attached to ittb2023-11-191-3/+3
|
* Remove musings how ENGINE may or may not screw everything up.tb2023-11-191-23/+2
|
* Remove ENGINE mention in RSA_new()tb2023-11-191-14/+6
|
* OPENSSL_config() no longer calls ENGINE_load_builtin_engines()tb2023-11-191-5/+4
|
* ENGINE_add_conf_module() no longer existstb2023-11-191-8/+2
|
* Remove ENGINE Xr that I left behindtb2023-11-191-2/+1
|
* zap stray commatb2023-11-191-2/+2
|
* Unifdef OPENSSL_NO_ENGINE in libssltb2023-11-195-69/+5
| | | | | | As usual, a few manual fixes to avoid duplicate lines. ok jsing
* Manually unifdef OPENSSL_NO_ENGINE in ssl_clnt.ctb2023-11-191-17/+4
| | | | | | This allows us to simplify ssl_do_client_cert_cb() a bit. ok jsing
* Rename an ENGINE from e to engine for consistencytb2023-11-191-2/+2
|
* Unifdef OPENSSL_NO_ENGINE in libcryptotb2023-11-1921-431/+21
| | | | | | | This is mechanical apart from a few manual edits to avoid doubled empty lines. ok jsing
* Unifdef OPENSSL_NO_ENGINE in pmeth_lib.ctb2023-11-191-41/+3
| | | | | | | This includes a manual intervention for the call to EVP_PKEY_meth_find() which ended up in the middle of nowhere. ok jsing
* Unifdef OPENSSL_NO_ENGINE in engine.htb2023-11-191-566/+8
| | | | | | | Also rip out all the gross, useless comments. There's still too much garbage in here... ok jsing
* Also mention ENGINE_{cleanup,{ctrl_cmd{,_string}()tb2023-11-191-3/+29
|
* Remove last OPENSSL_NO_ENGINE from libssl regresstb2023-11-191-7/+1
|
* Unifdef OPENSSL_NO_ENGINE in libcrypto regresstb2023-11-198-68/+8
|
* Missing periodtb2023-11-191-2/+2
|
* fix grammartb2023-11-191-2/+2
|
* Remove remaining ENGINE manualstb2023-11-1911-1988/+1
| | | | They document functionality that no longer exists.
* Strip mention of ENGINE out of *_set_method.3tb2023-11-193-98/+26
|
* Strip out mentions of ENGINE_load_builtin_engines()tb2023-11-191-7/+4
| | | | | There's probably more that needs to be updated here, but that can be done another day.
* ex data for ENGINEs is no longer a thingtb2023-11-191-9/+2
|
* Remove section explaining how great and flexible ENGINE is andtb2023-11-191-28/+2
| | | | remove two Xr to ENGINE manuals.
* Remove obsolete engine configuration sectiontb2023-11-191-106/+2
|
* Document the remaining ENGINE stubs in a single manualtb2023-11-191-146/+103
|
* EVP_PKEY_encrypt() simplify exampletb2023-11-191-6/+4
| | | | In particular, do not use an uninitialized engine, simply pass NULL.
* openssl pkcs12: rewrite without reaching into X509_ALGORtb2023-11-191-7/+10
| | | | | | | | | We can call ASN1_item_unpack() which will end up stuffing the same arguments into ASN1_item_d2i() as d2i_PBEPARAM(). This eliminates the last struct access into X509_ALGOR outside libcrypto in the base tree. ok jsing
* openssl ts: convert to X509_ALGOR_set0()tb2023-11-191-5/+8
| | | | ok jsing
* Check for negative EVP_CIPHER_CTX_iv_length() return in libssltb2023-11-182-9/+13
| | | | ok beck
* Forgot to fix one unsigned int vs int confusiontb2023-11-181-3/+3
| | | | CID 468015
* Check for negative IV lengthtb2023-11-185-27/+45
| | | | | | | | | | | | A recent change in EVP_CIPHER_CTX_iv_length() made it possible in principle that this function returns -1. This can only happen for an incorrectly set up EVP_CIPHER. Still it is better form to check for negative lengths before stuffing it into a memcpy(). It would probably be desirable to cap the iv_length to something large enough. This can be done another time. ok beck
* Mention which functions are implemented as macros in the few casesschwarze2023-11-1613-34/+76
| | | | where that information was missing.
* drop some duplicate statements about macrosschwarze2023-11-164-23/+10
|
* fix wrong macroschwarze2023-11-161-3/+3
|
* delete lots of stuff that no longer existsschwarze2023-11-161-300/+17
|
* fix typo: exdata -> ex_dataschwarze2023-11-161-4/+4
|
* Minimal fix to unbreak OPENSSL_{gmtime,timegm}(3)tb2023-11-161-15/+18
| | | | | | I was told not to look since it will magically get fixed. Fine. I'd still have expected a minimal amount of care so that the manpage isn't totally dysfunctional and missing text in the right places. Sigh.
* Drop some unnecessary parenthesestb2023-11-151-19/+19
|
* Shuffle getters and adders down a bittb2023-11-151-34/+30
| | | | These use static helper functions which don't need prototypes this way.
* Make X509_certificate_type() less badtb2023-11-131-24/+29
| | | | | | | This converts to proper single exit and undoes a number of unnecessarily silly muppet antics. ok beck
* Garbage collect an incoherent export crypto checktb2023-11-131-4/+1
| | | | | | | | | | | | Contrast "#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */" with the diff: - /* /8 because it's 1024 bits we look for, not bytes */ - if (EVP_PKEY_size(pk) <= 1024 / 8) - ret |= EVP_PKT_EXP; EVP_PKT_EXP will be nuked at the next opportunity. discussed with jsing
* Use a sensible variable name (i.e. nid) instead of i for a NIDtb2023-11-131-5/+6
|
* Use X509_get_signature_nid() instead of inlining ittb2023-11-131-2/+2
| | | | ok beck jsing
* X509_certificate_type() needs to know about RSA-PSStb2023-11-131-1/+4
| | | | | | | This doesn't do much right now, but is part of the tangle that is adding RSA-PSS support. ok beck jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-13 10:14:34 +0000