| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
Now that all platforms use a C des implementation, move it to the primary
Makefile.
|
| |
|
|
| |
Discussed with tb@
|
| | |
|
| |
|
|
| |
Discussed with tb@
|
| |
|
|
| |
Requested by tb@
|
| |
|
|
|
| |
Now that all architectures are using bf_enc.c, it does not make sense to
have it in every Makefile.inc file.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This stops compiling the GOST source. The current implementation is low
quality and got in the way, especially in libssl. While we would be open
for GOST support, it needs to be significantly better than what we have
had and it also needs a maintainer.
Add OPENSSL_NO_GOST to opensslfeatures and stop installing gost.h.
Some code wrapped in #ifndef OPENSSL_NO_GOST will be removed later.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This removes internals of these two special snowflakes and will allow
further simplifications. Unfortunately, there are some pieces of
software that actually use LHASH_OF() (looking at you, pound, Ruby, and
openssl(1)), so we get to keep exposing this garbage, at least for now.
Expose lh_error() as a symbol to replace a macro reaching into _LHASH.
lh_down_load() is no longer available. _LHASH and _STACK are now opaque,
LHASH_NODE becomes internal-only.
from jsing
|
| |
|
|
|
|
|
| |
This could have been removed in an earlier bump. Now it's time for it to
say goodbye.
ok jsing
|
| |
|
|
|
|
|
| |
"Stitched" mode AEADs were removed from libssl a long time ago. Nothing
uses these CIPHERs anymore.
ok jsing
|
| |
|
|
|
|
|
|
| |
This is accessor API for ASN.1 methods needed for custom PKEYs.
Nothing has ever used this. This has been neutered for months.
The EVP_PKEY_asn1_* API that needs to stay was moved elsewhere.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is prepares to expose some internal API as OPENSSL_tm_to_posix() and
OPENSSL_posix_to_tm(). They will be used in libtls and ocspcheck(8) to get
rid of the portability nightmare that is timegm().
Also fix the location of OPENSSL_gmtime() and OPENSSL_timegm() (this API
is not yet exposed). The former is from OpenSSL and surprisingly lives in
crypto.h, not asn1.h, and the latter is BoringSSL API and lives in the new
posix_time.h.
Initial diff from beck, this pulls in further upstream work after review
feedback.
ok jsing
|
| |
|
|
|
| |
These are only used by the EVP_PBE routines and will become internal in
the next major bump.
|
| |
|
|
| |
... and another file without license disappears.
|
| |
|
|
| |
They will await their removal in the next major bump.
|
| |
|
|
|
|
|
|
|
|
|
| |
These serve no purpose anymore (and really haven't for many years) but
will have to be kept since there's a number of software that still uses
them because many years ago they had to.
Relocate the stubs to crypto_init.c since library initialization's what
they were there for.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This arranges the data provided by dynamic library initialization
in a static table and will help avoid gross code with missing error
checking and other defects on every use of the library. This table
isn't pretty due to various naming inconsistecies accumulated over
the decades. It will significantly simplify the implementation of
API such as EVP_get_cipherbyname() and EVP_CIPHER_do_all().
All the table does is map strings to ciphers, typically used on the
openssl(1) command line or in code it's the mechanism that underlies
the map from NID_chacha20 to the data returned by EVP_chacha20().
It's of course more complicated because it just had to be stupid.
This is one of the places where the use of bsearch() is justified.
The price to pay for the simplification is that adding custom aliases
and custom ciphers to this table will no longer be supported. It is
one significant user of the LHASH madness. That's just another piece
of the awful "toolkit aspect"-guided misdesign that contributes to
making this codebase so terrible.
A corresponding table for the digests will be added in the next
commit.
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
EVP_Digest{Init,Update,Final}() move from digest.c to evp_digest.c which
will become the home of all things related to EVP_MD{,_CTX} handling.
EVP_Cipher{Init,Update,Final}() move from evp_enc.c to evp_cipher.c which
will become the home of all things related to EVP_CIPHER{,_CTX} handling.
EVP_Encode{Init,Update,Final}() move from encode.c to evp_encode.c which
already is the home of EVP_ENCODE_CTX_{new,free}().
discussed with jsing
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
|
| |
There's no need to have 60 lines of license for 4 lines of actual code.
Move DES_random_key() to set_key.c.
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
| |
Most of these are one line wrappers around methods implemented in rsa_eay.c
by default.
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
|
|
|
|
| |
Due to some historic accident, HAVE_FUNOPEN was grouped with DSO_DLFCN
and HAVE_DLFCN_H inside !defined(NOPIC). While the two DLFCN bits belong
there, HAVE_FUNOPEN doesn't.
ok jsing, millert agrees
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Various, ancient ciphers exposed some of their innards via an _options()
API. Apart from openssl version/speed, only some lua thingie in nmap ever
looked at these. Go figure.
hppa testing by miod, i386 testing by sthen. Thanks!
ok jsing
|
| |
|
|
|
|
|
|
| |
This are a bunch of strange string handlers with NULL checks that make
no real sense except to some devs who like to sprinkle them everywhere.
Fortunately, nothing uses these anymore, so they can go.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
ASN1_bn_print() is a hilariously bad API that was replaced with a saner
interface internally. ASN1_buf_print() isn't terrible, but it is too
specialized to be of real use. It was only exposed because ASN1_bn_print()
was already there. Its only use had been in the EdDSA printing code before
it was replaced with an internal helper.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
ENGINE was special. It's horrible code even by the low standards of this
library. Some ports may now try to use the stubs which will fail, but
the fallout from this should be minimal. Of course there are various
language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE
by default will likely help fixing this at some point.
ok jsing
|
| |
|
|
|
|
|
|
| |
DSO and in particular dlopen() was used for dynamic engines, which we
removed a long time ago and for dynamic conf modules, which we removed
only very recently. Now remove this dangerous interface.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
opensslfeatures.h has long defined OPENSSL_NO_COMP and the build with
ZLIB was broken in openssl(1) since 2015 and in libcrypto since 2022.
ZLIB was unifdefed a while ago, now we can retire the public API.
The comp.h header stays devoid of code because a number of ports use it
for historic reasons.
ok jsing
|
| |
|
|
|
|
|
|
| |
Unlike ECDSA_METHOD, this has been unused forever but kind of needed to
stay for symmetry with ECDSA_METHOD. Now we can finally take it behind
the barn and remove its tendrils into ENGINE.
ok jsing
|
| |
|
|
|
|
|
| |
Much like the ECDSA errors, the ECDH errors have been unused for a
while. Garbage collect them.
ok jsing
|
| |
|
|
|
|
|
|
| |
After smtpd (in base) and libtls finally switched from ECDSA_METHOD to
EC_KEY_METHOD, much of the ECDSA_METHOD code was neutered. Remove the
remaining public API as well as numerous tentacles into ENGINE.
ok jsing
|
| |
|
|
|
|
|
| |
These error codes have been unused for a while, so the public API loading
them is pointless.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a few symbols under OPENSSL_NO_ENGINE. They will be used
after the main ENGINE code is disabled in the next bump.
The ecosystem is mostly prepared for dealing with a libcrypto compiled
with OPENSSL_NO_ENGINE. There are a few stragglers like M2Crypto, dovecot
and the latest apr-util release (fixed in their development branch).
To avoid intrusive patching in these ports, we need to keep a bunch of
ENGINE symbols around despite adding OPENSSL_NO_ENGINE. This of course
meant patching some other ports, but that was way easier.
ok jsing
|
| |
|
|
| |
discussed with jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
ASN1_bn_print() will be removed in an upcoming bump. This adds an internal
API that covers the same functionality but doesn't require that the caller
pass in a sufficiently large scratch space that ASN1_bn_print() may or may
not use. In addition, this takes a format string, which allows us to ditch
some extra dances.
ok jsing
|
| | |
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
| |
ok miod
|
| | |
|
