summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Remove legacy sign/verify from EVP_MD.tb2022-01-1420-657/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This removes m_dss.c, m_dss1.c, and m_ecdsa.c and the corresponding public API EVP_{dss,dss1,ecdsa}(). This is basically the following OpenSSL commit. The mentioned change in RSA is already present in rsa/rsa_pmeth.c. ok inoguchi jsing commit 7f572e958b13041056f377a62d3219633cfb1e8a Author: Dr. Stephen Henson <steve@openssl.org> Date: Wed Dec 2 13:57:04 2015 +0000 Remove legacy sign/verify from EVP_MD. Remove sign/verify and required_pkey_type fields of EVP_MD: these are a legacy from when digests were linked to public key types. All signing is now handled by the corresponding EVP_PKEY_METHOD. Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms already block unsupported types. Remove now obsolete EVP_dss1() and EVP_ecdsa(). Reviewed-by: Richard Levitte <levitte@openssl.org> Plus OpenSSL commit 625a9baf11c1dd94f17e5876b6ee8d6271b3921d for m_dss.c
* Make RSA, RSA_PSS_PARAMS and RSA_METHOD opaquetb2022-01-143-83/+80
| | | | | | | Move the struct internals to rsa_locl.h and provide a missing typedef in ossl_typ.h. ok inoguchi jsing
* Make structs in ocsp.h opaquetb2022-01-142-234/+260
| | | | | | This adds a little order to this pig sty. ok inoguchi jsing
* Move ECDSA_SIG to ecs_locl.htb2022-01-142-11/+7
| | | | | | We can't make ECDSA_METHOD opaque since it is still used in smtpd(8) ok inoguchi jsing
* Simplify DSAPublicKey_ittb2022-01-144-56/+25
| | | | | | | | | | | | | | | | | | | | | | | | | This was obtained by porting the OpenSSL commit below and then using expand_crypto_asn1.go to unroll the new ASN.1 macros - actually the ones from 987157f6f63 which fixed the omission of dsa_cb() in the first commit. ok inoguchi jsing commit ea6b07b54c1f8fc2275a121cdda071e2df7bd6c1 Author: Dr. Stephen Henson <steve@openssl.org> Date: Thu Mar 26 14:35:49 2015 +0000 Simplify DSA public key handling. DSA public keys could exist in two forms: a single Integer type or a SEQUENCE containing the parameters and public key with a field called "write_params" deciding which form to use. These forms are non standard and were only used by functions containing "DSAPublicKey" in the name. Simplify code to only use the parameter form and encode the public key component directly in the DSA public key method. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Make DSA opaquetb2022-01-142-65/+57
| | | | | | This moves DSA_SIG, DSA and DSA_METHOD to dsa_locl.h. ok inoguchi jsing
* Make structs in dh.h opaquetb2022-01-142-51/+44
| | | | | | This moves the struct internals for DH and DH_METHOD to dh_local.h. ok inoguchi jsing
* Garbage collect the unused OPENSSL_ITEMtb2022-01-141-10/+1
| | | | ok inoguchi jsing
* Make structs in comp.h opaquetb2022-01-143-30/+32
| | | | | | | This moves COMP_CTX and COMP_METHOD to comp_local.h and provides missing typedefs in ossl_typ.h. ok inoguchi jsing
* Make structs in bio.h opaquetb2022-01-143-61/+62
| | | | | | | Move BIO, BIO_METHOD and BIO_F_BUFFER_CTX to bio_local.h and provide BIO typedef in ossl_typ.h. ok inoguchi jsing
* Garbage collect the app_items field of ASN1_ADBtb2022-01-146-14/+6
| | | | | | | This is unused and was removed in OpenSSL 5b70372d when it was replaced with an ASN.1 ADB callback (which we don't support). ok inoguchi jsing
* Remove NO_ASN1_FIELD_NAMEStb2022-01-141-5/+1
| | | | | | This follows OpenSSL commit 26f2412d. ok inoguchi jsing
* Remove obsolete key formatstb2022-01-145-578/+3
| | | | | | | | | | This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET, Netscape_RSA things. Some of the nasty tentacles that could go in principle are used in some test suites, so we need to keep them... All this was removed as part of OpenSSL commit 0bc2f365. ok inoguchi jsing
* Remove ASN1_OBJECT internals from public visibility.tb2022-01-143-17/+19
| | | | | | | | Move the struct declaration to asn1_locl.h and add a forward declaration to ossl_typ.h. This makes struct visibility in the asn1 headers match OpenSSL. ok inoguchi jsing
* Remove HMAC_CTX_{init,cleanup}() and HMAC_init from public visibilitytb2022-01-142-6/+5
| | | | | | | | | | | | | | | | In OpenSSL commit 32fd54a9a3 HMAC_CTX_cleanup() was integrated into HMAC_CTX_init(), then HMAC_CTX_init() was renamed to HMAC_CTX_reset() in dc0099e1. LibreSSL retained them for API compatibility with OpenSSL 1.0. Not many things use them anymore. In fact, some projects that didn't want to modify their code for OpenSSL 1.1 API compatibility used the removed functions to wrap the OpenSSL 1.1 API. We had to patch some of these and this will now no longer be necessary. Also remove HMAC_cleanup(). Nothing uses this. ok inoguchi jsing
* Make structs in evp.h and hmac.h opaquetb2022-01-144-146/+142
| | | | | | This moves most structs to evp_locl.h and moves HMAC_CTX to hmac_local.h. ok inoguchi jsing
* Move BN structs to bn_lcl.htb2022-01-142-50/+46
| | | | | | This makes all structs in bn.h opaque that are also opaque in OpenSSL. ok inoguchi jsing
* Remove BIO_s_file_internaltb2022-01-141-4/+1
| | | | | | | Pointed out by schwarze. How something with this name ever made its way into a public header will remain a mystery. ok inoguchi jsing
* Remove ASN1{_const,}_check_infinite_endtb2022-01-142-30/+2
| | | | | | Suggested by schwarze ok inoguchi jsing
* Remove ASN1{,_const}_CTXtb2022-01-141-35/+1
| | | | | | | These are leftovers of the old ASN.1 stuff. Nothing uses this. OpenSSL removed them in a469a677. ok inoguchi jsing
* Remove X509_OBJECT_free_contentstb2022-01-142-19/+11
| | | | | | | | Inline X509_OBJECT_free_contents() in X509_OBJECT_free() and remove this dangerous API. It was left over when x509_vfy.h was made opaque. ok inoguchi jsing
* Remove PEM_Seal{Init,Update,Final}tb2022-01-143-223/+3
| | | | | | This unused, bug-ridden API was removed in OpenSSL commit 0674427f. ok inoguchi jsing
* Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_APItb2022-01-1410-112/+10
| | | | | This marks the start of major surgery in libcrypto. Do not attempt to build the tree for a while (~50 commits).
* zap some stray whitespacetb2022-01-121-2/+2
|
* ASN1_{,F,T}BOOLEAN_it and the encoding and decoding API will movetb2022-01-125-147/+7
| | | | | | to internal only soon. Stop documenting them. ok inoguchi jsing
* Only evp_pkey_check needs static linkingtb2022-01-121-2/+4
|
* Add a prototype for OBJ_bsearch_ so this test will keep workingtb2022-01-121-1/+6
| | | | | after the bump. Since this tests the public interfaces, we do not want to use LIBRESSL_INTERNAL/LIBRESSL_CRYPTO_INTERNAL here.
* Rework ecdsatest to build after the bump and link statically for nowtb2022-01-122-14/+26
|
* Rework dsatest to use accessors and link statically for nowtb2022-01-122-7/+7
|
* Rework dhtest to use accessors and link statically for nowtb2022-01-121-6/+6
| | | | For some reason CVS didn't want to commit this the first time around.
* Rework dhtest to use accessors and link statically for nowtb2022-01-121-3/+3
|
* Rework test to use EVP_AEAD_CTX_{new,free}() and link statically for nowtb2022-01-122-20/+32
|
* Fix typo in header guardtb2022-01-121-3/+3
|
* Fix asn1x509 build with opaque structures. Link statically for now.tb2022-01-122-20/+25
|
* Rework Makefile to use regress framework and link asn1basic statically.tb2022-01-122-14/+16
| | | | | It will need this for testing {d2i,i2d}_ASN1_BOOLEAN which will be moved to internal-only in the upcoming bump.
* forgot to zap some dead assignmentstb2022-01-111-4/+4
|
* Add regress for EVP_PKEY_{,public_,param_}check()tb2022-01-112-7/+415
|
* Revise for peer_cert.jsing2022-01-111-6/+6
|
* Remove peer_pkeys from SSL_SESSION.jsing2022-01-116-96/+58
| | | | | | | | | | peer_pkeys comes from some world where peers can send multiple certificates - in fact, one of each known type. Since we do not live in such a world, get rid of peer_pkeys and simply use peer_cert instead (in both TLSv1.2 and TLSv1.3, both clients and servers can only send a single leaf (aka end-entity) certificate). ok inoguchi@ tb@
* Simplify SSL_get_peer_certificate()jsing2022-01-111-10/+8
| | | | ok inoguchi@ tb@
* Rename 'peer' to 'peer_cert' in SSL_SESSION.jsing2022-01-118-37/+37
| | | | | | | The 'peer' member of SSL_SESSION is the leaf/end-entity certificate provided by our peer. Rename it since 'peer' on its own is unhelpful. ok inoguchi@ tb@
* Revise for changes to tls_key_share_peer_public()jsing2022-01-111-2/+4
|
* Plumb decode errors through key share parsing code.jsing2022-01-117-48/+106
| | | | | | | | | | | | Distinguish between decode errors and other errors, so that we can send a SSL_AD_DECODE_ERROR alert when appropriate. Fixes a tlsfuzzer failure, due to it expecting a decode error alert and not receiving one. Prompted by anton@ ok tb@
* Use SSL_AD_INTERNAL_ERROR for non-decoding alerts when parsing keyshares.jsing2022-01-111-4/+10
| | | | ok tb@
* Simplify tlsext_keyshare_server_parse()jsing2022-01-111-9/+5
| | | | | | | SSL_AD_DECODE_ERROR is the default alert for a TLS extension parsing failure - remove the various gotos and simply return 0 instead. ok tb@
* Wrap long linesinoguchi2022-01-111-42/+74
|
* Check function return valueinoguchi2022-01-111-32/+57
|
* Suppress warninginoguchi2022-01-111-1/+3
|
* Compare pointer variable with NULLinoguchi2022-01-111-44/+44
|
* Remove space between '*' and pointer variable.inoguchi2022-01-111-11/+9
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-02 06:11:51 +0000