| Age | Commit message (Collapse) | Author |
|---|
|
|
|
sk_OPENSSL_STRING_pop_free() is much more explicit and isn't that much
more complicated. x509_util.c can also use it directly...
No binary change
|
|
|
|
|
|
|
|
ok tb@
|
|
ok tb@
|
|
While here, use KECCAK_BYTE_WIDTH instead of hardcoding the value.
|
|
|
|
In addition, ext_cmp() was already prototyped earlier...
|
|
|
|
|
|
|
|
There is no point in having this in a separate internal header.
discussed with jsing
|
|
This supports a mostly forgotten, seemingly unused and long retired
standard. No need for this in our public API Dyson sphere.
ok jsing
|
|
This is unused outside of the library and could do with some reworking.
That's easier without having to care about outside consumers.
ok jsing
|
|
With the corresponding structs now being opaque, the only thing they are
good for outside the library are memory leaks. They will be removed
completely or become internal only.
ok jsing
|
|
The faster nist code is rife with problematic C. While this is generally
considered to be a pleonasm nowadays, here it specifically refers to
aliasing issues and other flavors of undefined behavior. With compilers
and standardization committees becoming seemingly more determined about
making C even more unusable than it already is, this code has resulted
in miscompilations and generally is a target rich environment for fuzzers
to feast on. We're better off without it. Go look while it's still there.
It's some of the very worst we have to offer.
ok jsing
|
|
This is unused and in the way of some house keeping. Thus it will be
relocated to the attic.
ok jsing
|
|
With opaque TS_VERIFY_CTX the init function dangerous and useless.
It will be dropped.
ok jsing
|
|
X509_STORE_get1_{certs,crls}(3) was added to the OpenSSL 1.1 API with the
usual care. At some point later it was noticed that they didn't deal with
an X509_STORE at all, but rather with an X509_STORE_CTX, so were misnamed.
The fact that X509_STORE_CTX and X509_STORE have their roles reversed when
compared to other FOO vs FOO_CTX in this API may or may not be related.
Anyway, the X509_STORE versions will be demoted to compat defines and the
X509_STORE_CTX will be added to match OpenSSL 1.1 API more closely. This
was pointed out by schwarze a long time ago and missed in a few bumps.
Hopefully we'll manage to do it this time around.
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
This removes ProxyCertInfo from extension caching, issuer checking
and it also drops the special path validation for proxy certs from
the legacy verifier.
ok jsing
|
|
The new verifier API is currently unused as we still operate the verifier
in legacy mode. Therefore ctx->xsc is always set and the EXFLAG_PROXY will
soon be dropped from the library, so this error on encountering proxy certs
is effectively doubly dead code.
ok jsing
|
|
This removes the ProxyCertInfo extension from RFC 3820 from the list of
supported extensions. Since it is a critical extension, this means that
certificates containing it will no longer be considered valid by default.
ok jsing
|
|
ok jsing
|
|
Also buy a vowel for rsiz.
|
|
|
|
|
|
|
|
|
|
These will make EVP integration easier, as well as being used in the SHA3
implementation itself.
|
|
|
|
|
|
This isolates the three API functions from the library so they can be
easily removed and any attempt to use RSA_X931_PADDING mode will now
result in an error.
ok jsing
|
|
This wraps the three public functions in the usual #if stanza.
RSA_X931_PADDING is unfortunately exposed by rust-openssl and erlang.
Therefore it will remain visible to avoid breaking the build of
lang/rust. Its use in the library will be neutered shortly.
ok jsing
|
|
|
|
|
|
|
|
|
|
GF2m support will be removed shortly. In the interim drop some of this
unused code already and let it fall back to the C implementation.
ok jsing
|
|
|
|
|
|
Remove various comments that are unhelpful or obvious. Reformat remaining
comments per style(9).
|
|
|
