Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| 4d5c6b99 | 2025-05-20 07:47:43 | Fix previous - names use underscores and not hyphens. | ||
| c46aa735 | 2025-05-20 05:42:40 | Add ML-KEM768 Hybrid Kems to obj_mac.num ok tb@, joshua@ | ||
| 95a83615 | 2025-05-20 05:41:47 | Add ML-KEM768 Hybrid Kems to objects.txt ok tb@, joshua@ | ||
| 27854fe4 | 2025-05-10 05:54:38 | Use err_local.h rather than err.h in most places ok jsing | ||
| 14166274 | 2025-02-26 10:48:25 | obj_dat: remove parens from return | ||
| a429d9dd | 2025-02-26 09:52:55 | obj_dat: don't shift a->length into the sign bit For an OID of excessive length >= 2^12, a->length << 20L is undefined, so add a cast to the target type of (unsigned long). From Kenjiro Nakayama | ||
| c18c38bc | 2025-02-26 09:49:54 | obj_dat: don't shift ca->type into the sign bit This is undefined for a ca->type of ADDED_LNAME (2) and ADDED_NID (3) when ca->type << 30L results in a shift into the sign bit, so add a cast to the target type of unsigned long. From Kenjiro Nakayama | ||
| 9c6dcd48 | 2024-08-28 06:53:24 | Fix underlying pkey of RSA-PSS There are currently very few differences between the rsa_asn1_meth for plain RSA and the rsa_pss_asn1_meth for RSA-PSS apart from the obviously necessary differnces for base_method, pkey_id, pem_str and info (and the fact that RSA has support for legacy private key encoding). This had the lucky side effect that it didn't really matter which ameth one ended up using after OBJ_find_sigid_algs(). With the upcoming support for X509_get_signature_infO() for RSA-PSS, this needs to change as for RSA-PSS we need to decode the PSS parameters for extracting the "security level", whereas for RSA we can just use the hash length. Thus, for RSA-PSS switch pkey_id from the incorrect rsaEncryption to rassaPss. ok jsing PS: OBJ_find_sigid_algs() manual is no longer entirely correct, but this has been the case since we added Ed25519 support to obj_xref. | ||
| 343bd8e2 | 2024-07-14 14:32:45 | Remove lhash_local.h. lhash_local.h was previously needed since conf/conf_api.c and objects/obj_dat.c were fiddling with lhash internals when deleting via a callback. Since we no longer need to do that, inline the structs in lhash.c and remove the header. ok tb@ | ||
| 22e71e43 | 2024-07-09 16:12:33 | Choose fixed NID for TLS1-PRF | ||
| 18d6a5cd | 2024-07-09 16:12:08 | Add NID for TLS1-PRF ok jsing | ||
| 3dca7526 | 2024-06-24 06:43:22 | libcrypto: constify most error string tables These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing | ||
| 1b9cf3a3 | 2024-05-08 16:35:05 | fix line wrapping in function definition | ||
| b9351927 | 2024-03-02 11:11:11 | Make LHASH_OF() and STACK_OF() use opaque structs This removes internals of these two special snowflakes and will allow further simplifications. Unfortunately, there are some pieces of software that actually use LHASH_OF() (looking at you, pound, Ruby, and openssl(1)), so we get to keep exposing this garbage, at least for now. Expose lh_error() as a symbol to replace a macro reaching into _LHASH. lh_down_load() is no longer available. _LHASH and _STACK are now opaque, LHASH_NODE becomes internal-only. from jsing | ||
| f09dc5a5 | 2024-03-02 09:51:36 | Remove unused OBJ_create_and_add_object() This is an alias for OBJ_create(). I haven't dug into its history. ok jsing | ||
| d9ccd25c | 2024-03-02 09:50:47 | Remove no longer supported OBJ_NAME_TYPEs OBJ_NAME_TYPE_PKEY_METH and OBJ_NAME_TYPE_COMP_METH were never used as far as I can tell. Unfortunately, PHP and Python still use the weirdly named OBJ_NAME_do_all*() API to list available ciphers and digests, so the MD and CIPHER variants need to remain public. ok jsing | ||
| fb2db234 | 2024-03-02 09:49:45 | Make OBJ_add_object() static This is another implementation detail that should never have leaked out of the library. Only OBJ_create() ever used this. ok jsing | ||
| f329cdbc | 2024-03-02 09:47:16 | Remove OBJ_bsearch_() The only reason this has still been part of the public API was that libssl used it for cipher lookup. This was fixed by replacing the lookup by proper bsearch() -- why OpenSSL felt the need to reinvent ANSI C API badly will forever remain a mystery. The stack code in libcrypto still uses a version of this. This should be rewritten. It will be a bit easier once sk_find_ex() is removed. ok jsing | ||
| 91d01677 | 2024-03-02 09:43:10 | Switch name member of OBJ_NAME to const void * Because this is the type it should have had from the get go. ok jsing | ||
| 54848e15 | 2024-03-02 09:41:02 | Remove unused public OBJ_NAME_* API This functionality has been disabled for a few months. Now it is high time to garbage collect it. ok jsing | ||
| 2eb0a250 | 2024-02-26 15:00:30 | Neuter OBJ_bsearch{_,ex_}() Make these functions always fail. A copy of OBJ_bsearch_ex_() is kept in stack.c, where it is still used by internal_find() for sk_find{,_ex}(). sk_find_ex() will be removed in the upcoming bump, and then we can simplify or rewrite what's still needed. ok jsing | ||
| d1290289 | 2024-01-29 20:37:03 | Add id-ct-rpkiSignedPrefixList NID References: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-prefixlist/ https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 OK tb@ | ||
| c82d7e52 | 2024-01-29 20:36:19 | Add id-ct-rpkiSignedPrefixList OID References: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-prefixlist/ https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 OK tb@ | ||
| 0dadb9f5 | 2024-01-27 16:08:43 | Teach OBJ_find_sigid_{,by_}algs(3) about ECDSA with SHA-3 This allows signing and verifying ASN.1 "items" using the ECDSA with SHA-3 signature algorithms. With this diff, ECDSA certificates and CMS products using ECDSA with SHA-3 can be generated using the openssl command line tool. ok jsing | ||
| f0504870 | 2024-01-27 07:28:28 | Allocate a fixed NID for the acmeIdentifer OID ok job jsing | ||
| 046ee52f | 2024-01-27 07:27:41 | Add data for the RFC 8737 acmeIdentifier This teaches the object database OID, long and short names for the ACME identifier X.509v3 extension defined in RFC 8737. ok job jsing | ||
| 20273a99 | 2024-01-24 14:05:10 | Stop fiddling with hash table internals from lhash doall callers. It is now safe to call delete from an lhash doall callback - stop fiddling wit hash table internals from lhash doall callers that previously has to workaround this themselves. ok tb@ | ||
| cb82efff | 2024-01-13 12:18:52 | The OBJ_NAME API joins the party in evp_names.c ... and another file without license disappears. | ||
| 75591f2f | 2024-01-13 11:57:51 | Remove obj_cleanup_defer With check_defer() gone, this is never set to anything but 0, so the two conditional branches it is still involved in are dead code. | ||
| f5d53f8d | 2024-01-13 11:55:31 | Garbage collect check_defer() This was a mechanism to ensure that OBJ_cleanup() doesn't remove the ASN1_OBJECT associated with a custom cipher or digest (that was added with EVP_add_{cipher,digest}(), while the latter is still referenced in the OBJ_NAME table. It had the effect that OBJ_cleanup() wasn't actually called ever from OPENSSL_cleanup() (it is only called if you load the OID conf module). Oh, and of course it was once part of the public API. I fixed that two years ago, almost exactly to the day. Still mentioned in OBJ_create.3. | ||
| 5aae2062 | 2024-01-13 11:38:45 | Remove the guts of the OBJ_NAME API With one exception, none of this is used anymore. All of it will be removed in the next major bump. The exception is OBJ_NAME_add(). scurity/xca ran into issues with their cert renewal logic because RSA certs had a way of mapping the signature algorithms to a hash, but a similar mechanism wasn't available for ECDSA certs. So xca uses EVP_add_digest_alias() to have corresponding aliases for ECDSA. This is a macro wrapping OBJ_NAME_add(). xca now has better logic using the more appropriate OBJ_find_sigid_algs() (which wasn't available back then). We will still add the alias entries that xca still adds ourselves to make sure there are no unexpected side effects. They make sense anyway. The diff will hopefully land in a few days. If your life depends on ECDSA cert renewal in xca please hold off on updating to a new snap. ok jsing | ||
| 4f293816 | 2024-01-13 11:08:39 | Reimplement {EVP_CIPHER,EVP_MD,OBJ_NAME}_do_all{,_sorted}(3) This implements the do_all API by simple loops over the tables of digests and ciphers. Since some ciphers are only available on some platforms, we need to skip them if necessary. We use loops in each of the functions rather the convoluted way of reducing some of the loops to others. Since the tables are sorted, as ensured by regress, both do_all() and do_all_sorted() walk the lists in order. In particular, we no longer need to allocate to be able to sort hash tables by name on the fly in a void function that may end up doing nothing because allocation failed. We still need to do an unchecked OPENSSL_init_crypto() call. But that's what prayer and clean living are there for (as beck put it). The OBJ_NAME API is completely misnamed. It has little to do with objects and a lot to do with EVP. Therefore we implement what will remain from its saner replacement in the evp directory, i.e., evp_names.c. ok jsing | ||
| bd5b787c | 2023-12-15 01:51:23 | Hoist OBJ_sn2nid() over OBJ_ln2nid() In all other places, the short name comes before the long name, so fix the only exception. | ||
| a82d74d5 | 2023-12-15 01:47:50 | Coverity rightly points out that an unsigned int is always >= 0 | ||
| 874d382a | 2023-12-14 18:32:49 | OBJ_create: sorry Omar, aobj is a better name than op Done. | ||
| 5a0b87fd | 2023-12-14 18:31:03 | OBJ_create: use a nid variable to avoid nested function call | ||
| 718766e5 | 2023-12-14 18:16:13 | OBJ_create: malloc() -> calloc() | ||
| 5caa395d | 2023-12-14 18:15:21 | OBJ_create: test and assign as usual | ||
| 30b1f96f | 2023-12-14 18:12:51 | OBJ_create: initialize buf and turn function into single exit | ||
| 386630a6 | 2023-12-14 18:10:32 | OBJ_create: rename ok to ret and make it last declaration | ||
| 010af94e | 2023-12-14 18:09:35 | OBJ_create(): rename i to len | ||
| af5ed569 | 2023-12-14 18:08:18 | OBJ_create(): remove pointless parentheses | ||
| 3db1954f | 2023-12-14 18:06:44 | OBJ_create(): remove useless cast | ||
| 2157d97e | 2023-12-14 15:33:09 | OPENSSL_assert() that the passed nid is within range discussed with deraadt and jsing | ||
| 337c377e | 2023-12-14 14:45:45 | Move the txt to obj/nid conversions a bit down. No code change | ||
| 2de383af | 2023-12-14 14:33:23 | Dedup OBJ_nid2{obj,sn,ln}() First get the obj corresponding to nid, then inspect its sn and ln. Shaves off 40 lines of code and will simplify locking. | ||
| fda3605f | 2023-12-14 14:04:46 | Simplify OBJ_nid2obj() This is now yet another identical copy of the same code... Next step will be to dedup. ok jsing | ||
| cefe4e31 | 2023-12-14 14:02:57 | Simplify OBJ_nid2sn() This is exactly the same as the previous OBJ_nid2ln() change modulo s/ln/sn/g. ok jsing | ||
| b203e67e | 2023-12-14 14:01:42 | Simplify OBJ_nid2ln() If nid is in the range of built-in NIDs, return the corresponding long name, unless some genius left a hole. Otherwise perform a yolo check if there are any user-added objects with matching nid in the global hash. This changes behavior in that we now push an OBJ_R_UNKNOWN_NID error onto the stack even if there are no user-added objects. ok jsing | ||
| dc45ccdd | 2023-12-13 23:34:45 | Simplify OBJ_ln2nid() This is s/sn/ln/g of the previous commit and eliminates another OBJ_bsearch_() user, the last one in this file. The bsearch() uses in this file are possibly the only ones that actually make sense since we're searching tables of roughly 1000 entries. ok jsing | ||
| 63389b84 | 2023-12-13 23:31:25 | Simplify OBJ_sn2nid() Another OBJ_bsearch_() elimination. OBJ_sn2nid() is very similar to OBJ_obj2nid(). First it tries to retrieve an object identifier with matching "short name" from the global hash of added objects and then searches the table of built-in objects. ok jsing | ||
| f4a64515 | 2023-12-13 23:28:47 | Simplify OBJ_obj2nid() Continue with OBJ_bsearch_() elimination. OBJ_obj2nid() first checks if the object identifier passed in has a nid and if so, it returns that. Otherwise, it looks into the global hash of added objects (of course without locking) for a match and then returns the nid thereof. As a last attempt, it searches the table of built-in object identifiers. The last two steps can be cleaned up and simplified quite a bit by using C99 initializers, bsearch() and an appropriate comparison function. Then it becomes obvious that bsearch() already returns a pointer to the nid we're looking for, so there is no point in converting that into its corresponding obj and returning the nid thereof. ok jsing | ||
| 63440589 | 2023-11-27 11:52:32 | Remove silly parentheses | ||
| 281c2125 | 2023-09-05 14:59:00 | Improve error handling in OBJ_add_object() There is no need for a helper function to obfuscate lh_ADDED_OBJ_new(). Just call the real thing directly. Adding an object with a NID of NID_undef basically amounts to disabling a built-in OID. It does so in an incoherent fashion and the caller can't easily tell success from failure of the operation. Arguably the result is a corrupted objects table. Let's not allow adding such an object in an attempt at keeping things slightly more coherent. Issue noted and initial diff by schwarze while writing documentation ok schwarze | ||
| 6071e9eb | 2023-08-17 09:28:43 | Garbage collect two commented abort() | ||
| 812e19bf | 2023-08-17 09:27:43 | Make the local ASN1_OBJECTs const ok jsing | ||
| b0b039de | 2023-08-17 09:26:09 | Remove some unnecessary else branches | ||
| a55266cc | 2023-08-17 09:24:50 | Remove some parents from return statements | ||
| acdf279e | 2023-08-17 09:22:56 | Use cmp instead of i for the result of a comparison ok jsing | ||
| 8128758f | 2023-08-17 09:18:21 | Use OBJ_cmp() instead of inlining two variants This also avoids more undefined behavior with memcmp(). ok jsing PS: Unsolicited advice for no one in particular: there is this awesome tool called grep. If someone reports an issue, you might want to use it to find more instances. | ||
| fdad50ce | 2023-08-17 09:13:01 | Avoid memcmp(NULL, x, 0) in OBJ_cmp() If a->length is 0, either a->data or b->data could be NULL and memcmp() will rely on undefined behavior to compare them as equal. So avoid this comparison in the first place. ok jsing | ||
| 35f2f589 | 2023-07-28 10:25:05 | Remove OBJ_add_sigid() and OBJ_sigid_free() Another bit of unused extensibility that was responsible for a lot of complexity until recently. This removes the remaining stubs from the public API. ok jsing | ||
| f0e1aa8e | 2023-07-22 19:08:03 | Align argument names of OBJ_add_sigid() with the other functions. | ||
| 8e6e37e3 | 2023-07-22 18:32:05 | Rewrite obj_xref.c Instead of having two unreadable tables placed in a header generated by a janky perl script from an ugly text file, use a single table inlined in the C file. This table is used to translate between signature algorithm OIDs and pairs of OIDs of a message digest and a cipher. The table has fewer than fifty entries and isn't used in a hot path. Using binary search is overkill. Just do two linear searches, one for each translation. None of the original code remains apart from the API. ok jsing | ||
| 6afed99b | 2023-07-22 18:12:09 | Neuter OBJ_add_sigid() and OBJ_sigid_free() These functions will be removed in the upcoming bump. Nothing uses them, so it won't hurt if they become noops. This allows us to garbage collect the sig_app and sigx_app stacks and make a first step towards simplifying the OBJ_bsearch_() dances. Also sprinkle some const correctness... because we can. intermediate step towards a diff that is ok jsing | ||
| 1e9308c1 | 2023-07-08 12:27:51 | Hide symbols in objects ok tb@ | ||
| 95f31392 | 2023-06-29 06:11:33 | Move check_defer() and obj_cleanup_defer to evp/names.c These formerly public symbols are the last things hidden by LIBRESSL_CRYPTO_INTERNAL. Most of their use is in evp/names.c Unfortunately, check_defer() needs to know about NUM_NIDS, so its implementation needs to remain in obj_dat.c, the only file that can include obj_dat.h due to NID tables. ok miod | ||
| 443f5255 | 2023-06-15 17:58:27 | regen | ||
| bf730856 | 2023-06-15 17:58:07 | Add RSA with the sha3s to obj_xref.txt ok jsing | ||
| 3cee6f62 | 2023-06-15 16:59:54 | regen obj_xref.h (this and the Ed25519 addition to obj_xref.txt were ok jsing) | ||
| c87a585c | 2023-06-15 16:58:38 | Add Ed25519 to the obj_xref table. Also move part of for RSA-PSS to the top since it doesn't only apply to RSA-PSS. | ||
| fcb77b6b | 2023-05-23 11:51:12 | Simplify OBJ_obj2txt() Instead of adding a NUL termination to OBJ_obj2txt(), move the aobj == NULL or aobj->data == NULL checks to i2t_ASN1_OBJECT_internal(). The only other caller, i2t_ASN1_OBJECT(), fails on aobj == NULL and aobj->length == 0, and the latter condition is implied by aobj->data. Cleaner solution for obj_dat.c r1.52 suggested by/ok jsing | ||
| 04bfea2a | 2023-05-23 11:04:04 | Always NUL terminate buf in OBJ_obj2txt() OBJ_obj2txt() is often called without error checking and is used for reporting unexpected or malformed objects. As such, we should ensure buf is a string even on failure. This had long been the case before it was lost in a recent rewrite. If obj and obj->data are both non-NULL this is already taken care of by i2t_ASN1_OBJECT_internal(), so many callers were still safe. ok miod | ||
| 00cd692d | 2023-04-25 15:46:54 | Add NIDs for truncated SHA-2, SHA-3 and related things From jsing | ||
| 71743258 | 2022-12-26 07:18:50 | spelling fixes; from paul tagliamonte i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb | ||
| c9675a23 | 2022-11-26 16:08:50 | Make internal header file names consistent Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook | ||
| 6c6f701f | 2022-11-13 14:03:13 | Add ED25519 aliases for NID, SN and OBJ The Ed25519 versions already existed, but OpenSSL chose to uppercase the D. | ||
| b112a75f | 2022-11-11 11:53:24 | Stop pretending that obj_mac.h is optional. This is effectively: unifdef -m -DUSE_OBJ_MAC objects/objects.h ok beck@, with extreme prejudice. | ||
| d39f31be | 2022-11-10 16:04:31 | Map objects for ED25519 to Ed25519. OpenSSL used ED25519, even though the RFCs use Ed25519 - as such, we get to provide both. ok tb@ | ||
| a6e77c87 | 2022-11-08 23:19:09 | In case lh_OBJ_NAME_insert returns NULL due to a failed malloc, onp is leaked in OBJ_NAME_add. ok tb Found by CodeChecker. | ||
| d93fb5e8 | 2022-09-15 08:20:34 | Add OID for RPKI signedTAL objects IANA made a permanent registration in the SMI Security for S/MIME CMS Content Type registry at https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 for signed objects conforming to draft-ietf-sidrops-signed-tal. OK tb@ | ||
| 1f6d7615 | 2022-07-16 17:30:33 | Add NID for signingCertificateV2 https://oidref.com/1.2.840.113549.1.9.16.2.47 OK tb | ||
| aeccd9ed | 2022-07-12 14:42:48 | Remove mkerr.pl remnants from LibreSSL This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb | ||
| b36d8df0 | 2022-05-05 07:45:57 | Add NID for HKDF ok beck jsing | ||
| cb5f613c | 2022-03-19 17:49:32 | Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj() The current OBJ_txt2obj() implementation converts the text to ASN.1 object content octets, builds a full DER encoding from it, then feeds the entire thing back through the DER to ASN.1 object conversion. Rather than doing this crazy dance, provide an t2i_ASN1_OBJECT_internal() function that converts the text to ASN.1 object content octets, then creates a new ASN1_OBJECT and attaches the content octets to it. ok inoguchi@ tb@ | ||
| 09967094 | 2022-03-02 11:28:00 | Rewrite ASN1_OBJECT content to ascii/text conversion. Rewrite the ASN1_OBJECT content to ascii/text conversion code using CBB and CBS. Currently there is a strange split with i2t_ASN1_OBJECT() calling OBJ_obj2txt() which implements the conversion, while OBJ_txt2obj() calls back into the misnamed a2d_ASN1_OBJECT() function. Move the conversion code into asn1/a_object.c and have OBJ_txt2obj() call that instead. ok inoguchi@ tb@ | ||
| e0f0c337 | 2022-02-12 03:01:59 | Limit OID text conversion to 64 bits per arc. The current implementation uses an unsigned long, then switches to BN once the arc exceeds its size. However, the complexity of BN_bn2dec() is quadratic in the length of number being converted. This means that OIDs with excessively large arcs take a lot of computation to convert to text. While the X.660 specification states that arcs are unbounded, in reality they are not overly large numbers - 640K^W64 bits ought to be enough for any arc. Remove BN entirely, switch from unsigned long to uin64_t and fail if an arc exceeds this size. Identified via oss-fuzz timeouts - should fix #41028 and #44372. ok tb@ | ||
| 0709e0c5 | 2022-02-11 16:39:16 | Make OBJ_obj2nid() work correctly with NID_undef. Currently OBJ_obj2nid() with NID_undef returns NID_ccitt - this is due to doing a lookup on an empty value and having NID_undef conflict with an uninitialised NID value. Somewhat based on OpenSSL 0fb99904809. ok tb@ | ||
| e7d5586a | 2022-01-14 08:56:00 | Hide OBJ_bsearch_ from public visibility, This removes OBJ_bsearch_ex_() from the exported symbols and makes OBJ_bsearch_() semi-private. It is still used in libssl. While here, remove some hideous unused macros ok inoguchi jsing | ||
| 409e1e2a | 2022-01-14 08:52:05 | Remove check_defer and obj_cleanup_defer from public visibility ok inoguchi jsing | ||
| 326063fd | 2022-01-14 07:49:49 | Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_API This marks the start of major surgery in libcrypto. Do not attempt to build the tree for a while (~50 commits). | ||
| 460715d7 | 2022-01-08 21:36:39 | Prepare to provide OBJ_length() and OBJ_get0_data() OBJ_length() turns the int obj->length into a size_t, so add an overflow check. While obj->length should never be negative, who knows... ok jsing | ||
| 97125bc4 | 2022-01-08 15:34:59 | tiny whitespace tweak | ||
| ec30313d | 2022-01-07 11:13:54 | include asn1_locl.h where it will be needed for the bump. discussed with jsing | ||
| aff4783b | 2021-11-24 01:12:43 | Make the certificate transparency code build with the rest of the library Do not expose it yet, this will wait for an upcoming bump ok tb@ | ||
| 1bce098d | 2021-11-09 15:41:10 | Add ASPA OID draft-ietf-sidrops-aspa-profile OK tb@ | ||
| 3fa9b996 | 2021-10-26 17:35:38 | Add tlsfeature NID OK beck@ tb@ | ||
| 088e00a5 | 2021-09-11 13:31:31 | Add BGPSec Router (RFC 8209) Key Purpose OID OK tb@ | ||
| 6ed312b1 | 2021-09-01 09:42:28 | Remove assignment of value that is never read. ok tb@ | ||
| 6a181954 | 2021-05-19 10:12:55 | Adjust libcrypto obj_xref.txt to obj_xref.h To generate current obj_xref.h, third item of lines id_tc26_signwithdigest_gost3410_2012_256/512 should be id_GostR3410_2001. obj_xref.txt r1.2 and obj_xref.h r1.3 were committed at the same time, and these third item were coded different value each other. This adjusts obj_xref.txt to current obj_xref.h. ok tb@ |