summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/Makefile (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Do not install mlkem.h and bytestring.h into /usr/include/openssl for nowtb2024-12-191-3/+1
| | | | | | More work in mlkem is needed and this was premature. discussed with beck and jsing
* Add ML-KEM 1024 from BoringSSLbeck2024-12-131-1/+2
| | | | | | | | | | | | | | | Changes include conversion from C++, basic KNF, then adaptation to use our sha3 functions for sha3 and shake instead of the BorinSSL version. This Adds units tests to run against BoringSSL and NIST test vectors. The future public API is the same as Boring's - but is not yet exposed pending making bytestring.h public (which will happen separately) and a minor bump Currently this will just ensure we build and run regress. ok tb@ to get it into the tree and massage from there.
* Add ML-KEM 768 from BoringSSLbeck2024-12-131-1/+8
| | | | | | | | | | | | | | | Changes include conversion from C++, basic KNF, then adaptation to use our sha3 functions for sha3 and shake instead of the BorinSSL version. This Adds units tests to run against BoringSSL and NIST test vectors. The future public API is the same as Boring's - but is not yet exposed pending making bytesring.h public (which will happen separately) and a minor bump Currently this will just ensure we build and run regress. ok tb@ to get it into the tree and massage from there.
* Merge ec_kmeth into ec_keytb2024-11-161-2/+1
|
* Merge ecp_mont.c into ecp_methods.ctb2024-11-121-2/+1
|
* Rename ecp_smpl.c to ecp_methods.ctb2024-11-121-2/+2
| | | | | | | | While not the greatest of names, ecp_methods.c is better than ecp_smpl.c. It matches the naming ecx_methods.c and in a subsequent commit it will become the new home of the stuff in ecp_mont.c as well. discussed with jsing
* Rename malloc-wrapper.c to crypto_memory.ctb2024-11-061-2/+2
| | | | | | | | | Apparently it's important that five trivial one-line wrappers remain in a file with the ISC license. So instead of cleaning the root directory of our favorite pigsty further by squashing all the useless legacy garbage into a single file, rename the oddly-named malloc-wrapper.c into crypto_memory.c. discussed with beck, jsing
* Rename cpt_err.c into crypto_err.ctb2024-11-051-2/+2
| | | | | | | It is a bit sad, because cpt is such an apt abbreviation for crypto that everybody immediately understands. discussed with jsing
* Relocate FIPS stubs to crpyto_legacy.ctb2024-11-051-2/+1
| | | | discussed with jsing
* CRYPTO_mem_ctrl() is also relocated to crypto_legacy.ctb2024-11-051-2/+1
| | | | discussed with jsing
* Move OPENSSL_cleanse() to crypto_legacy()tb2024-11-051-2/+1
| | | | | | The correct spelling is explicit_bzero() and it doesn't need its own file. discussed with jsing
* Fold cversion.c into crypto_legacy.ctb2024-11-051-2/+1
| | | | discussed with jsing
* Rename cryptlib.c into crypto_legacy.ctb2024-11-051-2/+2
| | | | discussed with jsing
* Merge compressed coordinate setting back into ecp_smpl and ec_libtb2024-11-021-3/+1
| | | | The reason these were in separate files was FIPS. Not our problem.
* sorttb2024-11-011-2/+2
|
* Move the point2bn and point2hex API to ec_convert.ctb2024-10-301-2/+1
| | | | discussed with jsing
* Move public point <-> octets API to a new ec_convert.ctb2024-10-301-1/+2
| | | | discussed with jsing
* Move EC_GROUP_check() to ec_lib.ctb2024-10-191-2/+1
| | | | EC_GROUP_check() is quite simple. It doesn't need to use its own file.
* Inline last use of OPENSSL_load_builtin_modules()tb2024-10-181-2/+1
| | | | | | | This used to be a trivial wrapper of the ASN1_add_oid_module() horror. It's no longer exported, so it can go away. It moves from the terribly named file conf_mall.c to the equally terribly named file conf_sap.c. I have no idea what mall and sap are supposed to mean in this context.
* Move EC_GROUP_new_curve_GFp() into ec_lib.ctb2024-10-181-2/+1
| | | | Another single-function file goes away.
* Combine DES code into a smaller set of files.jsing2024-08-311-18/+5
| | | | Discussed with tb@
* Merge fcrypt_b.c into fcrypt.c.jsing2024-08-311-2/+1
| | | | | | | There is no need for these to be separate (presumably done due to assembly implementations, even though there are #ifdef as well). Discussed with tb@
* Unexport OPENSSL_cpuid_setup and OPENSSL_ia32cap_Ptb2024-08-311-5/+1
| | | | | | | | | This allows us in particular to get rid of the MD Symbols.list which were needed on amd64 and i386 for llvm 16 a while back. OPENSSL_ia32cap_P was never properly exported since the symbols were marked .hidden in the asm. ok beck jsing
* Nuke the whrlpool (named after the galaxy) from orbittb2024-08-311-7/+1
| | | | | | | It's just gross. Only used by a popular disk encryption utility on an all-too-popular OS one or two decades back. ok beck jsing
* Remove DES_enc_{read,write} and DES_rw_modetb2024-08-311-2/+1
| | | | | | | Unfortunately we'll probably never be able to get rid of DES entirely. One part of it that is old enough to be a grandparent can go, though. ok beck jsing
* Garbage collec UI_UTIL remnantstb2024-08-311-2/+1
| | | | ok beck jsing
* Retire conf_api.h and the API thereintb2024-08-311-2/+1
| | | | | | | This makes the _CONF_* layer of the conf module internal and gets rid of the entirely unused conf_api.h. ok beck jsing
* Make CONF_METHOD opaquetb2024-08-311-1/+2
| | | | | | | Much of conf is designed in such a way that you really have to reach into its structs. This one piece can be hidden. It might even be removed soon. ok beck jsing
* Implement X509_get_signature_info()tb2024-08-281-1/+2
| | | | | | | | | | | | | | | | This is a slightly strange combination of OBJ_find_sigid_algs() and the security level API necessary because OBJ_find_sigid_algs() on its own isn't smart enough for the special needs of RSA-PSS and EdDSA. The API extracts the hash's NID and the pubkey's NID from the certificate's signatureAlgorithm and invokes special handlers for RSA-PSS and EdDSA for retrieving the corresponding information. This isn't entirely free for RSA-PSS, but for now we don't cache this information. The security bits calculation is a bit hand-wavy, but that's something that comes along with this sort of numerology. ok jsing
* Remove the empty ui_compat.htb2024-08-101-2/+1
| | | | unused in ports and on codesearch
* Rewrite CRYPTO_EX_DATA.jsing2024-08-021-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | CRYPTO_EX_DATA exists as a way to allow an application to attach data to various components in libcrypto and libssl. The general idea is that there are various "classes" (e.g. RSA) and an application can get an "index" (which can have new/dup/free functions provided). The application can then use the index to store a pointer to some form of data within that class, for later retrieval. However, even by OpenSSL standards, this is an insane API. The current implementation allows for data to be set without calling new, indexes can be used without allocation, new can be called without actually getting an index and dup can be called either after new or without new (see regress and RSA_get_ex_new_index(3)/CRYPTO_set_ex_data(3) for more details). On top of this, the previous "overhaul" of the code was written to be infinitely extensible. For now, the rewrite intends to maintain the existing behaviour - once we bed this down we can attempt to ratchet the API requirements and require some sort of sensible sequence. The only intentional change is that there is now a hard limit on the number of indexes that can be allocated (previously there was none, relying only on ENOMEM). ok tb@
* Remove the static symbols.namespace, and just generate the _libre_beck2024-07-101-4/+3
| | | | | | symbols from symbols.list now that we have everything hidden ok tb@
* link tls1_prf.c to buildtb2024-07-091-1/+2
| | | | ok jsing
* Actually enable namespaced builds in both libcrypto and libsslbeck2024-07-091-8/+1
| | | | (instead of commiting only one part)
* Enable namespaced builds by default for libssl and libcrypto.beck2024-07-091-3/+3
| | | | | | | | | | | Some further refinements will happen to the build process to automatically generate the Symbols.namespace file, and to remove our last public unhidden symbol (which was a mistake, but waits for a major bump to get removed) But for now everything should be using this. ok tb@
* libcrypto: constify most error string tablestb2024-06-241-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing
* Stub out DES_enc_{read,write}(3)tb2024-05-241-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The most terrible code in OpenSSL has its roots in libdes, which came before SSLeay. Hello, LHASH. Hello speed app. Hello DES (obviously). There are some diary-style changelog comments dating all the way back to 1990. /* This has some uglies in it but it works - even over sockets. */ Well, kind of: * - This code cannot handle non-blocking sockets. Also: /* >output is a multiple of 8 byes, if len < rnum * >we must be careful. The user must be aware that this * >routine will write more bytes than he asked for. * >The length of the buffer must be correct. * FIXED - Should be ok now 18-9-90 - eay */ Or /* This is really a bad error - very bad * It will stuff-up both ends. */ Or #ifdef _LIBC extern unsigned long time(); extern int write(); #endif I can't even... Delete, delete, delete. ok jsing
* Take pem2.h behind the barntb2024-04-251-2/+1
| | | | | | | | | | | /* * This header only exists to break a circular dependency between pem and err * Ben 30 Jan 1999. */ 25 years of uselessness is about a quarter century more than enough. discussed with jsing
* Bye, bye, OPENSSL_str{,n}casecmp()tb2024-04-151-2/+1
| | | | ok jsing
* Consolidate cast code.jsing2024-03-291-6/+2
|
* Consolidate camellia code.jsing2024-03-291-7/+1
|
* Move camellia to primary Makefile.jsing2024-03-291-4/+4
| | | | These files are now built on all platforms.
* Move aes_core.c to the primary Makefile.jsing2024-03-291-2/+2
| | | | This is now built on all platforms.
* Consolidate idea into a single C file.jsing2024-03-291-6/+2
|
* Consolidate whirlpool into a single C file.jsing2024-03-291-3/+2
| | | | | | | Buy a vowel at the same time, since we're no longer limited to 8.3 file names. Discussed with tb@
* Move wp_block.c to the primary Makefile.jsing2024-03-291-2/+2
| | | | This is now built on all platforms.
* Merge aes_cbc.c into aes.c now that aes_cbc.c is used on all platforms.jsing2024-03-281-2/+1
|
* Nuke more leftover GOST tendrils.beck2024-03-281-2/+1
| | | | ok tb@
* Remove fallback files that are now always included in the build.jsing2024-03-281-5/+1
|
* Move rc4.c to primary Makefile.jsing2024-03-281-1/+4
| | | | This is now built on all platforms.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 15:17:58 +0000