summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/Makefile (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Move table in bn_primes.h to a .c file and get rid of prime_ttb2022-11-091-2/+2
| | | | | | | This way we deduplicate two inclusions of the same big table and eliminate lots of stupid casts. input and ok many
* Replace the old OpenSSL julian date stuff with BoringSSL'sbeck2022-11-081-3/+3
| | | | | | | | | | | | OpenSSL dealt with time conversion using a classical julian day scheme. BoringSSL got rid of it and uses only a julian style calculation for seconds since the POSIX time epoch. This changes libressl to use the seconds calculation exculusively instead of a mix of the julian day based conversions and the system time conversions to and from time_t to tm. ok tb@ jsing@
* Add an empty pkcs12_local.h and include it where it will soon be needed.tb2022-08-201-1/+2
|
* Prepare to provide PKCS12 accessorstb2022-08-031-2/+2
| | | | | | | | | | | | | | In order to be able to make pkcs12/ opaque, we need an entire family of accessors. These are in a particularly nasty tangle since this was done in about a dozen steps while sprinkling const, renaming functions, etc. The public API also adds backward compat macros for functions that were in the tree for half a day and then renamed. Of course some of them got picked up by some ports. Some of the gruesome hacks in here will go away with the next bump, but that doesn't mean that the pkcs12 directory will be prettier afterward. ok jsing
* Start making ts opaquetb2022-07-241-1/+2
| | | | | | | | | Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move the ASN.1 function prototypes that we don't want to expose with them. Include ts_local.h where necessary or where it will be needed soon. ok jsing
* Link bn_bpsw.c to buildtb2022-07-131-2/+2
| | | | ok jsing
* Link bn_isqrt.c to buildtb2022-07-131-1/+2
| | | | ok jsing
* Remove openssl/cterr.h and inline it in openssl/ct.htb2022-05-081-2/+1
| | | | ok jsing
* Link kdf/ to the buildtb2022-05-051-1/+7
| | | | ok beck jsing
* Start disentangling armv7 and aarch64 codetb2022-03-231-1/+2
| | | | | | | | | arm_arch.h and armcap.c are shared between armv7 and aarch64 which results in an inscrutable #ifdef maze. Move copies of these files into arch/{arm,aarch64}/ with appropriate names and some trivial minor adjustments. ok deraadt inoguchi kettenis
* Remove legacy sign/verify from EVP_MD.tb2022-01-141-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This removes m_dss.c, m_dss1.c, and m_ecdsa.c and the corresponding public API EVP_{dss,dss1,ecdsa}(). This is basically the following OpenSSL commit. The mentioned change in RSA is already present in rsa/rsa_pmeth.c. ok inoguchi jsing commit 7f572e958b13041056f377a62d3219633cfb1e8a Author: Dr. Stephen Henson <steve@openssl.org> Date: Wed Dec 2 13:57:04 2015 +0000 Remove legacy sign/verify from EVP_MD. Remove sign/verify and required_pkey_type fields of EVP_MD: these are a legacy from when digests were linked to public key types. All signing is now handled by the corresponding EVP_PKEY_METHOD. Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms already block unsupported types. Remove now obsolete EVP_dss1() and EVP_ecdsa(). Reviewed-by: Richard Levitte <levitte@openssl.org> Plus OpenSSL commit 625a9baf11c1dd94f17e5876b6ee8d6271b3921d for m_dss.c
* Remove obsolete key formatstb2022-01-141-3/+1
| | | | | | | | | | This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET, Netscape_RSA things. Some of the nasty tentacles that could go in principle are used in some test suites, so we need to keep them... All this was removed as part of OpenSSL commit 0bc2f365. ok inoguchi jsing
* Remove PEM_Seal{Init,Update,Final}tb2022-01-141-2/+2
| | | | | | This unused, bug-ridden API was removed in OpenSSL commit 0674427f. ok inoguchi jsing
* Prepare to make RSA and RSA_METHOD opaque by including rsa_locl.htb2022-01-071-1/+2
| | | | | | where it will be needed in the upcoming bump. discussed with jsing
* Add an essentially empty ocsp_local.h and include it in the filestb2022-01-071-1/+2
| | | | | | that will need it in the upcoming bump. discussed with jsing
* Prepare the move of DSA_SIG, DSA_METHOD and DSA to dsa_locl.h bytb2022-01-071-1/+2
| | | | | | including the local header where it will be needed. discussed with jsing
* Add an essentially empty dh_local.h and include it in the files wheretb2022-01-071-1/+2
| | | | | | it will be needed in the upcoming bump. discussed with jsing
* Add a new, mostly empty, bio_local.h and include it in the filestb2022-01-071-1/+2
| | | | | | that will need it in the upcoming bump. discussed with jsing
* Merge asn_pack.c into asn1_item.c - these are two ASN1_item_* functions.jsing2021-12-251-2/+2
| | | | No functional change.
* Merge evp_asn1.c into a_type.c - these are all ASN1_TYPE_* functions.jsing2021-12-251-2/+2
| | | | No functional change.
* More consolidation of ASN.1 code.jsing2021-12-251-4/+4
| | | | | | | | | | | Consolidate various ASN1_item_* functions into asn1_item.c and the remaining NO_OLD_ASN1 code (not to be confused with the NO_ASN1_OLD code) into asn1_old.c. This is preferable to having many files, often with one or two functions per file. No functional change. Discussed with tb@
* Rewrite ASN.1 identifier/length parsing in CBS.jsing2021-12-251-2/+2
| | | | | | | | | Provide internal asn1_get_identifier_cbs() and asn1_get_length_cbs() functions that are called from asn1_get_object_cbs(). Convert the existing ASN1_get_object() function so that it calls asn1_get_object_cbs(), before mapping the result into the API that it implements. ok tb@
* alphabetical order is hard, tb...tb2021-12-171-2/+2
|
* Rename asn1_lib.c to asn1_old_lib.cjsing2021-12-151-2/+2
| | | | | | | This will allow us to add a new asn1_lib.c while replacing the code that is in currently in asn1_old_lib.c. Discussed with tb@
* Consolidate various ASN.1 code.jsing2021-12-151-5/+5
| | | | | | | | | Rather than having multiple files per type (with minimal code per file), use one file per type (a_<type>.c). No functional change. Discussed with tb@
* Consolidate ASN.1 universal tag type data.jsing2021-12-141-2/+2
| | | | | | | | | | | | There are currently three different tables in three different files that contain information about ASN.1 universal class tag types. Range checking is also implemented in three different places (with different implementations). Consolidate all of this into a single table, provide a lookup function that deals with the range checks and wrappers to deal with specific types. ok inoguchi@ tb@
* Clean up d2i_ASN1_BOOLEAN() and i2d_ASN1_BOOLEAN().jsing2021-12-131-2/+2
| | | | | | Convert these to templated ASN.1, given we already have ASN1_BOOLEAN_it. ok inoguchi@ tb@
* Add -I${LIBCRYPTO_SRC}/hmac to CFLAGS. Needed in an upcoming commit.tb2021-12-121-1/+2
| | | | ok inoguchi
* List subdirectories as a simple list. Avoids a source of many mergetb2021-12-041-6/+8
| | | | | | conflicts in my work on making much of libcrypto opaque. discussed with jsing
* Consolidate {d2i,i2d}_{pr,pu}.cjsing2021-12-041-3/+3
| | | | | | | | | | | | Currently there are two files for private key ASN.1 (d2i_pr.c, i2d_pr.c) and two files for public key ASN.1 (d2i_pu.c, i2d_pu.c). All of the other ASN.1 code has d2i and i2d in the same per-object file. Consolidate d2i_pr.c/i2d_pr.c into a_pkey.c and consolidate d2i_pu.c/i2d_pu.c into a_pubkey.c before making any further changes to this code. ok tb@
* Make the certificate transparency code build with the rest of the librarybeck2021-11-241-2/+9
| | | | | | Do not expose it yet, this will wait for an upcoming bump ok tb@
* Provide the bytestring APIs for libcrypto internal use.jsing2021-11-201-3/+7
| | | | | | | Bring a copy of the bytestring APIs (CBB/CBS) from libssl, for use in libcrypto - these are not exposed publicly. Discussed with beck@ and tb@
* Move the now internal X.509-related structs into x509_lcl.h.tb2021-11-011-3/+3
| | | | | | | | Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds. ok jsing
* Hide struct internals under LIBRESSL_CRYPTO_INTERNAL so that othertb2021-10-311-2/+2
| | | | | | parts of LibreSSL can no longer reach into them. discussed with beck, jsing
* Add back the fips mode test functions, new stuff requires this.beck2021-10-231-2/+2
| | | | | Symbols.list changes to follow with tb's upcoming bump ok jsing@
* Add X509 Extensions for IP Addresses and AS Identifiersjob2021-09-031-1/+2
| | | | | | (subordinate code paths are include guarded) OK tb@
* Add new x509 certificate chain validator in x509_verify.cbeck2020-09-131-2/+3
| | | | | | | | | | | | | | | | | | | The new validator finds multiple validated chains to handle the modern PKI cases which may frequently have multiple paths via different intermediates to different roots. It is loosely based on golang's x509 validator This includes integration so that the new validator can be used via X509_verify_cert() as well as a new api x509_verify() which will return multiple chains (similar to go). The new validator is not enabled by default with this commit, this will be changed in a follow on commit. The new public API is not yet exposed, and will be finalized and exposed with a man page and a library minor bump later. ok tb@ inoguchi@ jsing@
* Add x509_constraints.c - a new implementation of x509 name constraints, withbeck2020-09-111-2/+2
| | | | | | | regression tests. The use of the new name constraints is not yet activated in x509_vfy.c and will be activated in a follow on commit ok jsing@
* Add issuer cache, to be used by upcoming changes to validation code.beck2020-09-111-1/+2
| | | | ok tb@ jsing@
* The check_includes step is incorrect dependency management model forderaadt2020-06-091-11/+1
| | | | | | how our tree gets built. If this was done in all the libraries (imagine sys/dev), it would disrupt the development process hugely. So it should not be done here either. use 'make includes' by hand instead.
* One error file per directory is plenty.jsing2020-06-051-2/+2
|
* Collapse the x509v3 directory into x509.jsing2020-06-041-10/+7
| | | | | | | This avoids the need to grep across directories to find functions and prepares for further rototilling and chainsawing. Discussed with tb@ (who also tested the release build)
* Add checks to ensure that lib{crypto,ssl,tls} public headers have actuallyjsing2020-01-221-1/+11
| | | | | | been installed prior to building. Requested by and ok tb@
* Simplify header installation by combining the HDRS and HDRS_GEN loops.jsing2020-01-221-9/+2
| | | | ok beck@
* Enable CMS in LibreSSL.jsing2019-11-021-1/+6
| | | | ok bcook@ deraadt@ inoguchi@ job@ tb@
* Install the openssl/cms.h header.jsing2019-09-091-1/+3
| | | | | | | | This header includes OPENSSL_NO_CMS guards, so even if things find the header it provides no useful content (and other code should technically also be using OPENSSL_NO_CMS...). ok deraadt@ inoguchi@
* Add various macros and controls for EC_PKEY_CTX.jsing2019-09-061-1/+2
| | | | | | | | | These are needed for the upcoming EC CMS support (nothing else appears to use them). This largely syncs our ec_pmeth.c with OpenSSL 1.1.1b. With input from inoguchi@ and tb@. ok inoguchi@ tb@
* Build ecdh_kdf.cjsing2019-09-051-2/+2
|
* Add the SM4 block cipher from the Chinese standard GB/T 32907-2016.tb2019-03-171-1/+7
| | | | | | | | This is an ISC licensed version based on the sources by Ribose Inc that were ported to OpenSSL in 2017. Patch from Daniel Wyatt with minor tweaks. ok inoguchi, jsing
* No need to include <bsd.prog.mk> here.tb2019-01-231-2/+1
| | | | ok bcook
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 08:09:09 +0000