summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/Makefile (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Merge asn_pack.c into asn1_item.c - these are two ASN1_item_* functions.jsing2021-12-251-2/+2
| | | | No functional change.
* Merge evp_asn1.c into a_type.c - these are all ASN1_TYPE_* functions.jsing2021-12-251-2/+2
| | | | No functional change.
* More consolidation of ASN.1 code.jsing2021-12-251-4/+4
| | | | | | | | | | | Consolidate various ASN1_item_* functions into asn1_item.c and the remaining NO_OLD_ASN1 code (not to be confused with the NO_ASN1_OLD code) into asn1_old.c. This is preferable to having many files, often with one or two functions per file. No functional change. Discussed with tb@
* Rewrite ASN.1 identifier/length parsing in CBS.jsing2021-12-251-2/+2
| | | | | | | | | Provide internal asn1_get_identifier_cbs() and asn1_get_length_cbs() functions that are called from asn1_get_object_cbs(). Convert the existing ASN1_get_object() function so that it calls asn1_get_object_cbs(), before mapping the result into the API that it implements. ok tb@
* alphabetical order is hard, tb...tb2021-12-171-2/+2
|
* Rename asn1_lib.c to asn1_old_lib.cjsing2021-12-151-2/+2
| | | | | | | This will allow us to add a new asn1_lib.c while replacing the code that is in currently in asn1_old_lib.c. Discussed with tb@
* Consolidate various ASN.1 code.jsing2021-12-151-5/+5
| | | | | | | | | Rather than having multiple files per type (with minimal code per file), use one file per type (a_<type>.c). No functional change. Discussed with tb@
* Consolidate ASN.1 universal tag type data.jsing2021-12-141-2/+2
| | | | | | | | | | | | There are currently three different tables in three different files that contain information about ASN.1 universal class tag types. Range checking is also implemented in three different places (with different implementations). Consolidate all of this into a single table, provide a lookup function that deals with the range checks and wrappers to deal with specific types. ok inoguchi@ tb@
* Clean up d2i_ASN1_BOOLEAN() and i2d_ASN1_BOOLEAN().jsing2021-12-131-2/+2
| | | | | | Convert these to templated ASN.1, given we already have ASN1_BOOLEAN_it. ok inoguchi@ tb@
* Add -I${LIBCRYPTO_SRC}/hmac to CFLAGS. Needed in an upcoming commit.tb2021-12-121-1/+2
| | | | ok inoguchi
* List subdirectories as a simple list. Avoids a source of many mergetb2021-12-041-6/+8
| | | | | | conflicts in my work on making much of libcrypto opaque. discussed with jsing
* Consolidate {d2i,i2d}_{pr,pu}.cjsing2021-12-041-3/+3
| | | | | | | | | | | | Currently there are two files for private key ASN.1 (d2i_pr.c, i2d_pr.c) and two files for public key ASN.1 (d2i_pu.c, i2d_pu.c). All of the other ASN.1 code has d2i and i2d in the same per-object file. Consolidate d2i_pr.c/i2d_pr.c into a_pkey.c and consolidate d2i_pu.c/i2d_pu.c into a_pubkey.c before making any further changes to this code. ok tb@
* Make the certificate transparency code build with the rest of the librarybeck2021-11-241-2/+9
| | | | | | Do not expose it yet, this will wait for an upcoming bump ok tb@
* Provide the bytestring APIs for libcrypto internal use.jsing2021-11-201-3/+7
| | | | | | | Bring a copy of the bytestring APIs (CBB/CBS) from libssl, for use in libcrypto - these are not exposed publicly. Discussed with beck@ and tb@
* Move the now internal X.509-related structs into x509_lcl.h.tb2021-11-011-3/+3
| | | | | | | | Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds. ok jsing
* Hide struct internals under LIBRESSL_CRYPTO_INTERNAL so that othertb2021-10-311-2/+2
| | | | | | parts of LibreSSL can no longer reach into them. discussed with beck, jsing
* Add back the fips mode test functions, new stuff requires this.beck2021-10-231-2/+2
| | | | | Symbols.list changes to follow with tb's upcoming bump ok jsing@
* Add X509 Extensions for IP Addresses and AS Identifiersjob2021-09-031-1/+2
| | | | | | (subordinate code paths are include guarded) OK tb@
* Add new x509 certificate chain validator in x509_verify.cbeck2020-09-131-2/+3
| | | | | | | | | | | | | | | | | | | The new validator finds multiple validated chains to handle the modern PKI cases which may frequently have multiple paths via different intermediates to different roots. It is loosely based on golang's x509 validator This includes integration so that the new validator can be used via X509_verify_cert() as well as a new api x509_verify() which will return multiple chains (similar to go). The new validator is not enabled by default with this commit, this will be changed in a follow on commit. The new public API is not yet exposed, and will be finalized and exposed with a man page and a library minor bump later. ok tb@ inoguchi@ jsing@
* Add x509_constraints.c - a new implementation of x509 name constraints, withbeck2020-09-111-2/+2
| | | | | | | regression tests. The use of the new name constraints is not yet activated in x509_vfy.c and will be activated in a follow on commit ok jsing@
* Add issuer cache, to be used by upcoming changes to validation code.beck2020-09-111-1/+2
| | | | ok tb@ jsing@
* The check_includes step is incorrect dependency management model forderaadt2020-06-091-11/+1
| | | | | | how our tree gets built. If this was done in all the libraries (imagine sys/dev), it would disrupt the development process hugely. So it should not be done here either. use 'make includes' by hand instead.
* One error file per directory is plenty.jsing2020-06-051-2/+2
|
* Collapse the x509v3 directory into x509.jsing2020-06-041-10/+7
| | | | | | | This avoids the need to grep across directories to find functions and prepares for further rototilling and chainsawing. Discussed with tb@ (who also tested the release build)
* Add checks to ensure that lib{crypto,ssl,tls} public headers have actuallyjsing2020-01-221-1/+11
| | | | | | been installed prior to building. Requested by and ok tb@
* Simplify header installation by combining the HDRS and HDRS_GEN loops.jsing2020-01-221-9/+2
| | | | ok beck@
* Enable CMS in LibreSSL.jsing2019-11-021-1/+6
| | | | ok bcook@ deraadt@ inoguchi@ job@ tb@
* Install the openssl/cms.h header.jsing2019-09-091-1/+3
| | | | | | | | This header includes OPENSSL_NO_CMS guards, so even if things find the header it provides no useful content (and other code should technically also be using OPENSSL_NO_CMS...). ok deraadt@ inoguchi@
* Add various macros and controls for EC_PKEY_CTX.jsing2019-09-061-1/+2
| | | | | | | | | These are needed for the upcoming EC CMS support (nothing else appears to use them). This largely syncs our ec_pmeth.c with OpenSSL 1.1.1b. With input from inoguchi@ and tb@. ok inoguchi@ tb@
* Build ecdh_kdf.cjsing2019-09-051-2/+2
|
* Add the SM4 block cipher from the Chinese standard GB/T 32907-2016.tb2019-03-171-1/+7
| | | | | | | | This is an ISC licensed version based on the sources by Ribose Inc that were ported to OpenSSL in 2017. Patch from Daniel Wyatt with minor tweaks. ok inoguchi, jsing
* No need to include <bsd.prog.mk> here.tb2019-01-231-2/+1
| | | | ok bcook
* Partial port of EC_KEY_METHOD from OpenSSL 1.1.tb2019-01-191-3/+7
| | | | | | | This commit adds init/free, support for signing, setting and getting the method, engine support as well as extra data. from markus
* Add Ribose Inc's implementation of the SM3 hashing function withtb2018-11-111-2/+7
| | | | | | | | | tweaks from jsing and myself. The SM2/SM3/SM4 algorithms are mandatory for legal use of cryptography within China and [are] widely applied in the country, covering identification/financial cards, contactless, TPM 2.0 and PKI. ok beck inoguchi jsing
* Add automatic threading initialization for libcrypto.bcook2018-11-111-2/+2
| | | | | | | | | | | | | | This implements automatic thread support initialization in libcrypto. This does not remove any functions from the ABI, but does turn them into no-ops. Stub implementations of pthread_mutex_(init|lock|unlock) are provided for ramdisks. This does not implement the new OpenSSL 1.1 thread API internally, keeping the original CRYTPO_lock / CRYPTO_add_lock functions for library locking. For -portable, crypto_lock.c can be reimplemented with OS-specific primitives as needed. ok beck@, tb@, looks sane guenther@
* Remove a bunch of ancient and highly crufty ASN.1 related code fromjsing2018-10-241-4/+2
| | | | | | libcrypto (the "new" stuff replaced this back around 2000 or so...). ok tb@
* Bring in compatibility for OpenSSL 1.1 style init functions.beck2018-03-171-2/+2
| | | | | | | | | This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL ok jsing@, nits by tb@ and deraadt@
* Add DSA_meth_{dup,free,new,set_{finish,sign}}()tb2018-03-171-1/+2
| | | | | | | As in RSA_meth_*, note that these functions return NULL in out-of-memory situations, but they do not set an error explicitly. ok jsing
* Provide RSA_meth_{dup,free,new,set_{finish,priv_{dec,enc}}}()tb2018-03-171-2/+2
| | | | | | | Note that these functions return NULL in out-of-memory situations, but contrary to OpenSSL's versions they do not set an error. ok jsing
* Provide BIO_meth_{free,new}() and BIO_meth_set_{create,crtl,destroy}()tb2018-02-171-2/+2
| | | | | | and BIO_meth_set_{puts,read,write}(). ok jsing
* Remove RSA_padding_add_SSLv23()/RSA_padding_check_SSLv23() and relatedjsing2017-08-281-2/+2
| | | | | | code. We removed SSLv2/SSLv3 a long time ago... Discussed with doug@
* sprinkle a few missing dependencies on perl scripts internal bits.espie2017-08-201-3/+3
| | | | 'it works' deraadt@
* Switch to -Werror with clang for libressl.doug2017-08-131-2/+2
| | | | | Discussed with beck@ and jsing@ ok beck@
* remove misc. depend and yacc nits that no longer matter.espie2017-07-101-2/+1
| | | | okay millert@
* mark files as BUILDFIRST, or write explicit dependencies, so that mostespie2017-06-161-1/+2
| | | | | programs will build even without a make depend first. okay tb@ millert@
* Randomize link-order of libcrypto as we do with libc. This libraryderaadt2017-05-291-1/+2
| | | | | | | | | | | | | | has many small functions without significant local storage, therefore less tail protection from -fstack-protector-strong to prevent their use as ROP gadgets. It is used in security contexts. Also many functions dribble pointers onto the stack, allowing discovery of gadgets via the fixed relative addresses, so let's randomly bias those. ok tedu jsing The rc script will soon need a strategy for skipping this step on machines with poor IO performance. Or maybe do it less often? However, I don't see many more libraries we'll do this with, these are the two most important ones.
* Bring in HKDF, from BoringSSL, with regress tests modified to bebeck2017-05-061-1/+6
| | | | | in C. Ride previous minor bump ok tom@ inoguchi@ jsing@
* Only enable -Werror on libcrypto/libssl/libtls if we are building withjsing2017-04-301-3/+6
| | | | | | | gcc4. This should avoid failed builds while transitioning compilers. While here also make the CFLAGS blocks consistent across makefiles. Discussed with deraadt@, ok beck@
* Add an EVP interface that provides concatenated MD5+SHA1 hashes, which arejsing2017-02-281-1/+2
| | | | | | | | | | used in various parts of TLS 1.0/1.1. This will allow for code simplification in libssl. The same interface exists in OpenSSL 1.1. ok beck@ deraadt@ inoguchi@ millert@
* Make explicit _ct and _nonct versions of bn_mod_exp funcitons thatbeck2017-01-211-2/+3
| | | | | | | | | | | | matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-02-15 18:21:25 +0000