openbsd/src/lib/libcrypto/crypto/Makefile, branch OPENBSD_5_6A mirror of https://github.com/libressl/openbsd.git
https://git.lua4.win/openbsd/atom?h=OPENBSD_5_62014-07-28T17:57:18+00:00Remove SRP code. It contains a bug (this should not surprise anyone), but2014-07-28T17:57:18+00:00tedu2014-07-28T17:57:18+00:00urn:sha1:b63eafac49ed0f1d07ded42d6190c3f2fbcc71af
the details are under embargo. The original plan was to wait for the
embargo to lift, but we've been waiting for quite some time, and there's no
indication of when or even if it will end. No sense in dragging this out
any longer.
The SRP code has never been enabled in OpenBSD, though I understand it is
in use by some other people. However, in light of this and other issues,
we're officially saying SRP is outside the scope of libressl. (For now.)
Remove private_{Camellia,RC4}_set_key FIPS indirection tentacles, as has been2014-07-12T20:11:45+00:00miod2014-07-12T20:11:45+00:00urn:sha1:2a72c5676a40e96a23c12ceab5a102979732cca1
done for other symmetric algorithms recently.
move all the feature settings to a common header.2014-07-11T14:01:38+00:00tedu2014-07-11T14:01:38+00:00urn:sha1:1c92e50863c312a71d4b1f75553972fc03dc100c
probably ok beck jsing miod
RSA_NULL used to be a compile option allowing the RSA interfaces to be2014-07-09T08:44:53+00:00miod2014-07-09T08:44:53+00:00urn:sha1:8aaccb2b363c116445366eb5a3873e444308d101
compiled-in, with nonfunctional code, to be able to cope with the RSA
patent.
However, we don't use this option, and the RSA patent has expired more than 10
years ago, so just drop this piece.
Remove undocumented _des_crypt() interface and its companion header file,2014-07-08T16:07:37+00:00miod2014-07-08T16:07:37+00:00urn:sha1:7fe3a8bc98ac25e33c1da163ac4e6f5dc7603a30
which had never been installed, so it's unlikely something ever used this
in the last 15~20 years.
ok deraadt@ jsing@ beck@
Remove BIO_f_reliable(), guilty of playing with EVP_MD_CTX internals it2014-06-24T19:31:50+00:00miod2014-06-24T19:31:50+00:00urn:sha1:9e128b95b8a756730fcc5632b61591615c2b6aef
should not know anything about. Verified not to be used in ports; riding upon
the recent libcrypto major bump.
Provide support for non-funopen systems.2014-06-11T15:08:43+00:00deraadt2014-06-11T15:08:43+00:00urn:sha1:1cb9257d81d89a6f2d941f4e009fdd8c4061956e
ok beck
Abandon the auto-ENGINE /dev/crypto interface. VIA 3des cbc receives2014-06-10T16:15:19+00:00deraadt2014-06-10T16:15:19+00:00urn:sha1:b147e3087c995acd3d243bd1df04a843ea6babbc
collateral damage.
The syncronous nature of this mechanism has hampered performance for
symmetric crypto relative to brute-force cpu. The assymetric crypto
support never really materialized in drivers.
So abandon the complexity.
ok tedu beck mikeb
some disagrement from djm but if he wants to test /dev/crypto ciphers
he should do it without this this gigantic API in the way
A few months back there was a big community fuss regarding direct-use2014-06-02T15:08:38+00:00deraadt2014-06-02T15:08:38+00:00urn:sha1:63bcac43aa0d6361864d2102a9cbe8ec910b763e
of the intel RDRAND instruction. Consensus was RDRAND should probably
only be used as an additional source of entropy in a mixer.
Guess which library bends over backwards to provide easy access to
RDRAND? Yep. Guess which applications are using this support? Not
even one... but still, this is being placed as a trap for someone.
Send this support straight to the abyss.
ok kettenis
define LIBRESSL_INTERNAL, and use it to hide the bad stuff from ourselves2014-05-25T17:29:51+00:00tedu2014-05-25T17:29:51+00:00urn:sha1:6e84ac6fa467558e7d7da6e08b87eb71d5c3b51e
ok beck