summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2023-05-08Add RCS tagTheo Buehler
2023-05-08X509_verify_cert(): Garbage collect the unused roots variableTheo Buehler
roots was used to store the trusted stack or pull the roots out of the X509_STORE before beck unmooned Ethel in x509_vfy.c r1.88. Since then this variable is effectively unused. It seems the STACK_OF(3) madness is too complicated for -Wunused-but-set-variable to notice. ok miod
2023-05-08Avoid trailing whitespace in extension printingTheo Buehler
If an extension is non-critical, X509V3_extensions_print() would leave trailing whitespace. This can be trivially avoided. ok miod
2023-05-07Recommit -Wshadow now that the warning on BIG_ENDIAN is fixedTheo Buehler
2023-05-07xts128 mode: avoid two -Wshadow warnings in the BIG_ENDIAN code path.Theo Buehler
Found by, compile tested & ok bluhm.
2023-05-07Backout -Wshadow, it breaks build on powerpc64.Alexander Bluhm
2023-05-07Remove a misplaced empty lineTheo Buehler
2023-05-06Regen cert.pemTheo Buehler
This drops a few certs per the CA's request and TrustCor because of drama. Certainly, a new CA, is added as well as new certs for DigiCert, SECOM and E-Tugra. Unizeto still haven't fixed one of their certs and we still don't want the alternative Firmaprofesional with sha1WithRSAEncryption. ok sthen
2023-05-05Use -Wshadow with clangTheo Buehler
ok jsing (a very long time ago)
2023-05-05Fix error handling in tls_check_common_name()Theo Buehler
A calloc failure should be a fatal error, so make it return -1. Also switch the default rv to -1 and distinguish error cases with acceptable situations with goto err/goto done. ok jsing
2023-05-05Salt shares the blame of the continued existence of the X9.31 padding modeTheo Buehler
2023-05-05Reinstate documentation of RSA_X931_PADDINGTheo Buehler
2023-05-05Add back support for RSA_X931_PADDINGTheo Buehler
This makes the custom stalt stack work again. Tested by robert as part of a larger diff ok jsing
2023-05-05Link rsa_x931.c to buildTheo Buehler
2023-05-05Bring back the X9.31 padding helpersTheo Buehler
Nothing should be using this anymore, except that salt decided to use it in its home-cooked protocol, which already had its share of issues. Hopefully the efforts to switch salt to something more reasonable and standardized like mTLS will succeed sooner rather than later. tested as part of a larger patch by robert ok jsing
2023-05-04Rewrite ECParameters_dup()Theo Buehler
This should leak slightly less than the direct expansion of ASN1_dup_of(). Use freezero() since the DER could contain a private key. ok jsing
2023-05-04Use size_t instead of int in EC_POINT_point2oct()Theo Buehler
An int would be perfectly sufficient for this, but then again there would be fewer traps. ok jsing
2023-05-04Fix line wrappingTheo Buehler
2023-05-04Fix function name in doc commentTheo Buehler
2023-05-03Revert utf-8 fix for X509_NAME_get_index_by_NID to avoid libtlsBob Beck
regress for the moment. this will come back after we rethink the failure versus not there case. ok tb@ jsing@
2023-05-03Bring back length check tb ok'ed and I managed to remove whileBob Beck
changing tests. ok tb@
2023-05-03Fix a few KNF/whitespace issuesTheo Buehler
2023-05-02Change X509_NAME_get_index_by[NID|OBJ] to be safer.Bob Beck
Currently these functions return raw ASN1_STRING bytes as a C string and ignore the encoding in a "hold my beer I am a toolkit not a functioning API surely it's just for testing and you'd never send nasty bytes" kind of way. Sadly some callers seem to use them to fetch things liks subject name components for comparisons, and often just use the result as a C string. Instead, encode the resulting bytes as UTF-8 so it is something like "text", Add a failure case if the length provided is inadequate or if the resulting text would contain an nul byte. based on boringssl. nits by dlg@ ok tb@
2023-05-02Rename P into generatorTheo Buehler
ok jsing
2023-05-02Simplify EC_GROUP_new_by_curve_name()Theo Buehler
Pull the setting of the name a.k.a. nid into ec_group_new_from_data(). This way, we can return early on finding the nid in the curve_list[]. This also avoids a silly bug where a bogus ERR_R_UNKNOWN_BUG is pushed onto the error stack when ec_group_new_from_data() failed. While there rework the exit path of ec_group_new_from_data() a bit. Instead of an ok variable we can use an additional pointer to keep track of the return value and free the EC_GROUP unconditionally. ok jsing
2023-05-02Style tweaks for SMIME_write_PKCS7()Theo Buehler
Initialize the mdalgs stack at the top and test and assign for ctype_nid. Use an empty line to separate variable declarations from the actual code and zap an extra empty line. ok jsing
2023-05-02Unwrap a lineTheo Buehler
2023-05-02Sync with upstreamTheo Buehler
Update some links in the README, remove a duplicate word in a zlib.h doc comment. The only code change is guarded by #if defined(_WIN32).
2023-05-01stray whitespaceTheo Buehler
2023-05-01Add a missing pair of braces.Theo Buehler
2023-05-01Use uppercase for the CURVE_LIST_LENGTH macroTheo Buehler
2023-05-01Consistently use lowercase hex digits for curve parametersTheo Buehler
2023-05-01Now that we have C99 initializers, garbage collect some commentsTheo Buehler
2023-05-01Rework the curve list to use actual structs instead of a customTheo Buehler
serialized format. ok jsing
2023-05-01Drop the now unnecessary and unused field_type from the curve dataTheo Buehler
ok jsing
2023-05-01Convert EC_CURVE_DATA to C99 initializersTheo Buehler
Also clean up the definition of EC_CURVE_DATA a bit. ok jsing
2023-05-01Simplify ec_group_new_from_data() furtherTheo Buehler
We have a BN_CTX available, so we may as well use it. This simplifies the cleanup path at the cost of a bit more code in the setup. Also use an extra BIGNUM for the cofactor. Reusing x for this is just silly. If you were really going to avoid extra allocations, this entire function could easily have been written with three BIGNUMs. ok jsing
2023-05-01Drop some dead codeTheo Buehler
No member of the curve_list[] table has a method set. Thus, curve.meth is always NULL and we never take the EC_GROUP_new(meth) code path. ok jsing
2023-05-01Remove pointless/wrong .meth = 0 entries from curves_list[]Theo Buehler
2023-05-01Mechanically convert curve_list[] to C99 initializersTheo Buehler
ok jsing
2023-05-01Clean up handling of nist_curves[]Theo Buehler
There's no point in introducing a typedef only for two sizeof() calls. We might as well use an anonymous struct for this list. Make it const while there, drop some braces and compare strcmp() return value to 0. ok jsing
2023-05-01Remove ASN1_item_ndef_i2d(3) documentationTheo Buehler
This was the last public API explicitly named ndef/NDEF for indefinite length encoding, so remove that explanation as well.
2023-05-01First pass of removing low-level ASN.1 streaming docsTheo Buehler
2023-05-01spellingJonathan Gray
2023-04-30mandoc -Tlint tells me I forgot to zap a commaTheo Buehler
2023-04-30Remove most documentation pertaining to proxy certificates.Theo Buehler
Update EXFLAG_PROXY and X509_V_FLAG_ALLOW_PROXY_CERTS documentation since we need to keep them for the time being.
2023-04-30Remove proxy cert api remmnantsTheo Buehler
2023-04-30Remove documentation of BN_generate_prime(), BN_is_prime{,_fasttest}()Theo Buehler
2023-04-30Remove documentation of BN_zero_ex() and update BN_one() and BN_zero()Theo Buehler
which are no longer macros (and the latter is no longer deprecated and no longer attempts to allocate memory).
2023-04-30Garbage collect BN_zero_ex()Theo Buehler