summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Add missing space before =tb2023-08-071-2/+2
|
* remove trailing comma in NAME;jmc2023-08-051-3/+3
|
* Move the ENGINE_new() prototype a line downtb2023-08-041-2/+2
|
* Link new ccs test to buildtb2023-08-031-1/+7
| | | | | Exception needed since the test expects an unexpected_message alert, while we throw a decode_error.
* Make the bn_rand_interval() API a bit more ergonomictb2023-08-0311-52/+57
| | | | | | | | | | | | | | | | | | Provide bn_rand_in_range() which is a slightly tweaked version of what was previously called bn_rand_range(). The way bn_rand_range() is called in libcrypto, the lower bound is always expressible as a word. In fact, most of the time it is 1, the DH code uses a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in the Tonelli-Shanks implementation where we use 32. Converting these lower bounds to BIGNUMs on the call site is annoying so let bn_rand_interval() do that internally and route that through bn_rand_in_range(). This way we can avoid using BN_sub_word(). Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the only caller that uses actual BIGNUMs as lower bounds. ok jsing
* Retire the bn_rand_interval() testtb2023-08-032-115/+1
| | | | | | This test was never particularly useful. An upcoming API change for the internal bn_rand_interval() API would require some adjustments. It's not worth it.
* Remove unused sk/lh macrostb2023-08-031-170/+1
| | | | ok jsing miod
* More whitespace fixes from knfmttb2023-08-021-7/+7
|
* Remove extraneous parentheses and fix weird whitespace.tb2023-08-021-16/+15
|
* Drop the _ex from BN_BLINDING_{convert,invert}_ex()tb2023-08-023-12/+12
|
* Remove the unused BN_BLINDING_{convert,invert}()tb2023-08-022-16/+2
| | | | ok jsing
* Make BN_BLINDING_{new,update}() static in bn_blind.ctb2023-08-022-6/+4
| | | | ok jsing
* Remove the unused flags member of BN_BLINDINGtb2023-08-022-10/+4
| | | | | | | Nothing sets this, so remove it along with BN_BLINDING_NO_{UPDATE,RECREATE} and some checks that are always true. ok jsing
* Remove the unused flags accessors for BN_BLINDINGtb2023-08-022-16/+2
| | | | ok jsing
* Remove a 16 year old confusing lietb2023-08-021-2/+2
| | | | | The mod member of BN_BLINDING hasn't been /* just a reference */ since the branch prediction mitigations in OpenSSL bd31fb21 from March 2007.
* Remove unused prototypetb2023-08-011-3/+1
|
* Remove more *_options() stufftb2023-07-315-50/+5
| | | | | | | The public symbols were removed. Some prototypes and in the case of DES even the implementation remained. ok jsing
* Drop unused conf, pem, and x509 headers, add unistd for pledgetb2023-07-291-4/+2
|
* Move HAVE_FUNOPEN out of !NOPICtb2023-07-291-5/+1
| | | | | | | | Due to some historic accident, HAVE_FUNOPEN was grouped with DSO_DLFCN and HAVE_DLFCN_H inside !defined(NOPIC). While the two DLFCN bits belong there, HAVE_FUNOPEN doesn't. ok jsing, millert agrees
* Garbage collect rodata only used by RC4_options()tb2023-07-291-5/+0
| | | | build tested by miod
* Add _libre_CMS_{,SignerInfo}_get_versiontb2023-07-291-0/+2
|
* Remove {BN,idea}_options() leftoverstb2023-07-293-6/+2
| | | | | Some *_options() prototypes were left behind in headers. I will remove them after my amd64 ports bulk completes.
* Remove BF_options() documentationtb2023-07-291-9/+3
|
* reinstate KNF for commenttb2023-07-291-2/+2
|
* Some of these functions no longer exist or are no longer publictb2023-07-281-4/+1
|
* DSO has left the buildingtb2023-07-281-4/+1
|
* Also remove ecdh.h use from libssltb2023-07-281-2/+1
|
* Stop including ecdsa.h and ecdh.h internallytb2023-07-288-21/+9
| | | | | | | | These headers are now reduced to #include <openssl/ec.h> and are provided for compatiblity only. There's no point in using them. At the same time garbage collect the last uses of OPENSSL_NO_{ECDSA,ECDH} in our tree. ok jsing
* The CRYPTO_EX_DATA type is not opaquetb2023-07-281-5/+2
| | | | | | | | | By API misdesign, it cannot be opaque. The incorrect documentation was added as a part of a huge commit with a lot of churn. CRYPTO_EX_DATA typically lives as an embedded struct of an opaque struct, but it can also be used by applications, for example to initialize libssl. documentation error pointed out by jsing
* remove X509_ATTRIBUTE_SET_itjsg2023-07-281-14/+1
| | | | | public symbol removed in April ok tb@
* dhtest: simplify printing and make the output slightly less uglytb2023-07-281-34/+29
| | | | CID 463174
* Combine ripemd into a single C file.jsing2023-07-283-84/+20
|
* Combine md5 into a single C file.jsing2023-07-283-83/+20
|
* Combine md4 into a single C file.jsing2023-07-283-83/+20
|
* bump libcrypto, libssl, libtls majorstb2023-07-283-3/+3
|
* Two files did not want to go away. Go!tb2023-07-282-0/+0
|
* Remove various ${thing}_optionstb2023-07-2812-224/+7
| | | | | | | | | | Various, ancient ciphers exposed some of their innards via an _options() API. Apart from openssl version/speed, only some lua thingie in nmap ever looked at these. Go figure. hppa testing by miod, i386 testing by sthen. Thanks! ok jsing
* Remove more ASN1_BIT_STRING APItb2023-07-285-72/+3
| | | | | | | | | This removes ASN1_BIT_STRING_name_print(), ASN1_BIT_STRING_{num,set}_asc(). Before trust was properly handled using OIDs, there was a period where it used bit strings. The actual interfaces used in openssl x509 were removed, but the functions they wrapped remained unused for the next 24 years. ok jsing
* Remove ASN1_BIT_STRING_checktb2023-07-285-35/+3
| | | | | | | | This was added with the TS code for no discernible reason. I could not find a single consumer. In the unlikely event that you need this, it is easy enough to write a better version of it yourself. ok jsing
* Provide CMS{,_SignerInfo}_get_versiontb2023-07-284-3/+53
| | | | | | | Add accessors for the syntax versions of ContentInfo and SignerInfo. These will be used soon in rpki-client for some more compliance checks. ok job jsing
* Remove sk_nid_triple_*()tb2023-07-281-23/+1
| | | | | | | The nid_triple stack is no more. Its type never was part of the public API. Why its stack macros were will remain a mystery. ok jsing
* Remove OBJ_add_sigid() and OBJ_sigid_free()tb2023-07-285-24/+3
| | | | | | | | Another bit of unused extensibility that was responsible for a lot of complexity until recently. This removes the remaining stubs from the public API. ok jsing
* Remove more ERR crufttb2023-07-285-40/+3
| | | | | | | Ever wondered how many entries populate the various err hashes? Me neither. Remove this garbage. ok jsing
* Remove ERR_{get,set}_implementation()tb2023-07-286-48/+6
| | | | | | | Much like ex_data, applications can make the library use their own error stack implementation. Well, except as of right now they no longer can. ok jsing
* Make ex_data implementations internaltb2023-07-286-114/+41
| | | | | | | | | | | | | To state the obvious: library suffers from way too much extensibility. In theory, applications can implement their own ex_data implementation. In practice, none did. A glance at ex_data.c might give an idea as to why. Make this internal so this particular turd can be replaced with something slightly saner. Also sync up the CRYPTO_EX_INDEX_* defines with OpenSSL - at least the parts we support. ok jsing
* Remove BUF_[a-z]* APItb2023-07-284-104/+2
| | | | | | | | This are a bunch of strange string handlers with NULL checks that make no real sense except to some devs who like to sprinkle them everywhere. Fortunately, nothing uses these anymore, so they can go. ok jsing
* Drop BIO_n{read,write}{,0}()tb2023-07-284-268/+3
| | | | | | | | | | | | | | | | | | This is one of those strange things that should never have made it into a security-oriented libraries. From BIO_s_bio.3: .\" The following non-copying I/O functions are intentionally undocumented .\" because they seem fragile and unused by anything: It was used in a single place: the gorgeous ssltest. I'm not smart enough to follow. Also: /* WARNING: The non-copying interface is largely untested as of yet * and may contain bugs. */ Oh, really? Into the great bitbucket in the sky you go. ok jsing
* Remove the get_rfc*_prime_*() APItb2023-07-285-91/+3
| | | | | | | Inconsistently named with the rest of the API, so OpenSSL 1.1 introduced the same functions with a BN_ prefix. We'll keep the latter. ok jsing
* Make BN_BLINDING internaltb2023-07-2811-79/+33
| | | | | | | | | | RSA is pretty bad. In my most optimistic moments I dream of a world that stopped using it. That won't happen during my lifetime, unfortunately. Blinding is one way of making it a little less leaky. Unfortunately this side-channel leak mitigation leaked out of the library for no good reason. Let's at least fix that aspect of it. ok jsing
* Remove ASN1_bn_print() and ASN1_buf_print()tb2023-07-286-160/+3
| | | | | | | | | | ASN1_bn_print() is a hilariously bad API that was replaced with a saner interface internally. ASN1_buf_print() isn't terrible, but it is too specialized to be of real use. It was only exposed because ASN1_bn_print() was already there. Its only use had been in the EdDSA printing code before it was replaced with an internal helper. ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-12 17:10:34 +0000