summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/Symbols.list (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove lh statstb2024-03-021-6/+0
| | | | | | | This could have been removed in an earlier bump. Now it's time for it to say goodbye. ok jsing
* Remove X509_CRL_METHOD APItb2024-03-021-5/+0
| | | | | | I would keep repeating myself... In the bit bucket you go. ok jsing
* Garbage collect most of the public LOOKUP APItb2024-03-021-7/+0
| | | | | | | | Yet another bit of extensibility that no one ever really used. X509_LOOKUP_free() needs to stay because of ... rust-openssl (and kdelibs4support). ok jsing
* Expose X509_STORE_get1_objects()tb2024-03-021-0/+1
| | | | | | Safer replacement API for the unsafe X509_STORE_get0_objects(). ok jsing
* Make X509_CERT_AUX internaltb2024-03-021-6/+0
| | | | | | Another struct/API that should never have leaked out of the library. ok jsing
* Remove unused public X509_TRUST APItb2024-03-021-10/+0
| | | | | | | Another thing that should never have leaked out of the library. It will become internal entirely, where the code can be simplified greatly. ok jsing
* Remove unused parts of the purpose APItb2024-03-021-6/+0
| | | | | | | | | Most of this is the ability to add custom purposes. Also the astounding X509_STORE_CTX_purpose_inherit(). The names are used by PHP, and M2Crypto exposes X509_check_purpose(), so these remain public. Some weird, most likely invalid, uses also remain in rust-openssl. ok jsing
* Remove X509V3_EXT extensibility APItb2024-03-021-4/+0
| | | | | | | | | | You used to be able to define your own X.509 extension handlers. Great. Even greater: the verifier would ignore any custom extensions. So this was only ever useful for serialization and deserialization. In other words, almost entirely pointless. The API was also unused except for a hack in kore-acme, which was fixed recently. ok jsing
* Remove X509_ALGOR_set_md()tb2024-03-021-1/+0
| | | | | | | | One of those void APIs that are super hard to use safely since they can fail but can't communicate failure. Nothing uses this. Internal uses have been converted to error checked X509_ALGOR_set_evp_md(). ok jsing
* Remove ERR_get_statetb2024-03-021-1/+0
| | | | | | | | | The ERR_STATE struct is an unused implementation detail of the horrific error stack code. It is the last public consumer of CRYPTO_THREAD internals. Make this and its accessor internal so we can make the CRYPTO_THREAD struct opaque. ok jsing
* Remove more PBE stuff from the public APItb2024-03-021-7/+0
| | | | | | | This is still needed internally for CMS and its predecessors. This removal will enable disentangling some of its innards. ok jsing
* Remove most PBEPARAM stuff from public visibilitytb2024-03-021-14/+0
| | | | | | The struct itself needs to remain public, unfortunately. ok jsing
* Remove a lot of PKCS12 garbage from the public APItb2024-03-021-39/+0
| | | | | | | | PKCS12 is a hot mess. Please participate in the survey at the end of https://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html to increase its credibility and unanimity. ok jsing
* Remove RC4-HMAC-MD5 and AES-{128,256}-CBC-HMAC-SHA-1tb2024-03-021-3/+0
| | | | | | | "Stitched" mode AEADs were removed from libssl a long time ago. Nothing uses these CIPHERs anymore. ok jsing
* Make legacy cipher methods internaltb2024-03-021-4/+0
| | | | | | | These are ASN.1 handlers for CIPHERs, still used by CMS and its predecessors. They should never have been public. ok jsing
* Remove EVP_PBE_* API from public visibilitytb2024-03-021-6/+0
| | | | | | | You can no longer add your custom PBE algorithm. Pity. EVP_PBE_CipherInit() stays for internal use, the rest goes away copmletely. ok jsing
* Remove EVP_PKEY_meth_*() APItb2024-03-021-23/+0
| | | | | | After ameth, the second bit of custom EVP_PKEY API removal. ok jsing
* Remove the ameth libtb2024-03-021-14/+0
| | | | | | | | This is accessor API for ASN.1 methods needed for custom PKEYs. Nothing has ever used this. This has been neutered for months. The EVP_PKEY_asn1_* API that needs to stay was moved elsewhere. ok jsing
* Remove EVP_MD_meth* againtb2024-03-021-13/+0
| | | | | | | | | | | Erlang upstream disabled the otp_test_engine for LibreSSL >= 3.5 without explanation. It was the only reason we added this garbage API in the first place. Meanwhile libfido2 started using it for a mock up of OpenSSL 3's broken fetch design with old API. This is pointless, so all this garbage goes away again (in particular we can remove the absolutely horrifying EVP_MD_meth_set_app_datasize() again). ok jsing
* Make OBJ_add_object() statictb2024-03-021-1/+0
| | | | | | | This is another implementation detail that should never have leaked out of the library. Only OBJ_create() ever used this. ok jsing
* Remove OBJ_bsearch_()tb2024-03-021-1/+0
| | | | | | | | | | | | The only reason this has still been part of the public API was that libssl used it for cipher lookup. This was fixed by replacing the lookup by proper bsearch() -- why OpenSSL felt the need to reinvent ANSI C API badly will forever remain a mystery. The stack code in libcrypto still uses a version of this. This should be rewritten. It will be a bit easier once sk_find_ex() is removed. ok jsing
* Remove unused public OBJ_NAME_* APItb2024-03-021-6/+0
| | | | | | | This functionality has been disabled for a few months. Now it is high time to garbage collect it. ok jsing
* Remove EVP_add_{cipher,digest}() from public APItb2024-03-021-2/+0
| | | | | | | | | | | Ciphers and digests are now handled in a static lookup table and no longer by the associative array that used to underlie the OBJ_NAME API. Adding ciphers is no longer possible. What uses this API does so for historic reasons coming from a time where SHA-2 and some AES variants needed to be enabled explicitly. Ports doing this (PHP and DANE code) were fixed. ok jsing
* Remove DSA_generate_parameterstb2024-03-021-1/+0
| | | | | | | | | | | This was deprecated in 0.9.8 and used until recently by rust-openssl and by keynote (keynote has the excuse that it was written before the deprecation). Fortunately Paul Kehrer fixed this in rust-openssl, so we can garbage collect this turd. (It was replaced with the less ergonomic DSA_generate_parameters_ex() to expose a new fancy way of displaying dots, stars and pluses on key generation). ok jsing
* Remove CMAC_resume()tb2024-03-021-1/+0
| | | | | | | | | While it is a neat design detail of CMAC that you can resume it after having finalized it, nothing uses this functionality and it adds some gross things such as retaining intermediate secrets in the CMAC ctx. Once this is gone, we can simplify the CMAC code a bit. ok jsing
* Make BN_mod_exp2_mont() and BN_mod_exp_mont_word() internaltb2024-03-021-2/+0
| | | | | | | | The former could be useful but nothing uses it. The latter is a dangerous implementation detail of Montgomery exponentiation that should never have been leaked out of the library. Fix this. ok jsing
* Make BN_mod_exp_simple() internaltb2024-03-021-1/+0
| | | | | | | This function is very slow and useful for testing purposes only. It should never have been part of the public API. Remove it from there. ok jsing
* Remove BIO_set()tb2024-03-021-1/+0
| | | | | | | This used to be a dangerous implementation detail of BIO_new() that was never used outside of libcrypto. ok jsing
* Remove BIO_dump_*{cb,fp}()tb2024-03-021-4/+0
| | | | | | | These were disabled and the internals that need to remain were fixed. Time for this garbage to go. ok jsing
* Remove BIO_{sn,v,vsn}printf(3)tb2024-03-021-3/+0
| | | | | | | Unsued printing functionality. If something should need this we can readily add it back. ok jsing
* Expose OPENSSL_{gmtime,posix_to_tm,timegm,tm_to_posix}()tb2024-03-021-0/+4
| | | | | | | Apart from OPENSSL_gmtime(), which is OpenSSL API, this is BoringSSL's interface to deal with the time related portability and code mess. ok jsing
* Remove beck's ASN.1 time API from public visibilitytb2024-03-021-3/+0
| | | | | | | | | | | | This API was needed since OpenSSL didn't have one. We now have variants of OpenSSL's API and will also expose BoringSSL's complementary API. The users of this API were ported to the OpenSSL variants and some may switch to BoringSSL's in the future. Part of it is still used internally. ASN1_time_tm_clamp_notafter() is still used by libtls (and only libtls). This will be fixed in a future bump. ok jsing
* Remove ASN1_PCTX nonsensetb2024-03-021-12/+0
| | | | | | | | This is only used by the fuzzing code. Another bit of poorly thought out extensibility that makes people pass NULL pointers to a bunch of APIs. ok jsing
* Make ASN1_add_oid_module internaltb2024-03-021-1/+0
| | | | ok jsing
* Remove ASN1_STRING_TABLE_{add,cleanup}tb2024-03-021-2/+0
| | | | | | | This was API for the ASN1_STRING_TABLE extensibility which has been neutered for months and was completely unused in the ecosystem. ok jsing
* split the Symbols.list up so that arch specific symbols do not end up everywhererobert2023-11-121-1/+0
| | | | ok tb@
* Remove various ${thing}_optionstb2023-07-281-6/+0
| | | | | | | | | | Various, ancient ciphers exposed some of their innards via an _options() API. Apart from openssl version/speed, only some lua thingie in nmap ever looked at these. Go figure. hppa testing by miod, i386 testing by sthen. Thanks! ok jsing
* Remove more ASN1_BIT_STRING APItb2023-07-281-3/+0
| | | | | | | | | This removes ASN1_BIT_STRING_name_print(), ASN1_BIT_STRING_{num,set}_asc(). Before trust was properly handled using OIDs, there was a period where it used bit strings. The actual interfaces used in openssl x509 were removed, but the functions they wrapped remained unused for the next 24 years. ok jsing
* Remove ASN1_BIT_STRING_checktb2023-07-281-1/+0
| | | | | | | | This was added with the TS code for no discernible reason. I could not find a single consumer. In the unlikely event that you need this, it is easy enough to write a better version of it yourself. ok jsing
* Provide CMS{,_SignerInfo}_get_versiontb2023-07-281-0/+2
| | | | | | | Add accessors for the syntax versions of ContentInfo and SignerInfo. These will be used soon in rpki-client for some more compliance checks. ok job jsing
* Remove OBJ_add_sigid() and OBJ_sigid_free()tb2023-07-281-2/+0
| | | | | | | | Another bit of unused extensibility that was responsible for a lot of complexity until recently. This removes the remaining stubs from the public API. ok jsing
* Remove more ERR crufttb2023-07-281-3/+0
| | | | | | | Ever wondered how many entries populate the various err hashes? Me neither. Remove this garbage. ok jsing
* Remove ERR_{get,set}_implementation()tb2023-07-281-2/+0
| | | | | | | Much like ex_data, applications can make the library use their own error stack implementation. Well, except as of right now they no longer can. ok jsing
* Make ex_data implementations internaltb2023-07-281-3/+0
| | | | | | | | | | | | | To state the obvious: library suffers from way too much extensibility. In theory, applications can implement their own ex_data implementation. In practice, none did. A glance at ex_data.c might give an idea as to why. Make this internal so this particular turd can be replaced with something slightly saner. Also sync up the CRYPTO_EX_INDEX_* defines with OpenSSL - at least the parts we support. ok jsing
* Remove BUF_[a-z]* APItb2023-07-281-6/+0
| | | | | | | | This are a bunch of strange string handlers with NULL checks that make no real sense except to some devs who like to sprinkle them everywhere. Fortunately, nothing uses these anymore, so they can go. ok jsing
* Drop BIO_n{read,write}{,0}()tb2023-07-281-4/+0
| | | | | | | | | | | | | | | | | | This is one of those strange things that should never have made it into a security-oriented libraries. From BIO_s_bio.3: .\" The following non-copying I/O functions are intentionally undocumented .\" because they seem fragile and unused by anything: It was used in a single place: the gorgeous ssltest. I'm not smart enough to follow. Also: /* WARNING: The non-copying interface is largely untested as of yet * and may contain bugs. */ Oh, really? Into the great bitbucket in the sky you go. ok jsing
* Remove the get_rfc*_prime_*() APItb2023-07-281-8/+0
| | | | | | | Inconsistently named with the rest of the API, so OpenSSL 1.1 introduced the same functions with a BN_ prefix. We'll keep the latter. ok jsing
* Make BN_BLINDING internaltb2023-07-281-12/+0
| | | | | | | | | | RSA is pretty bad. In my most optimistic moments I dream of a world that stopped using it. That won't happen during my lifetime, unfortunately. Blinding is one way of making it a little less leaky. Unfortunately this side-channel leak mitigation leaked out of the library for no good reason. Let's at least fix that aspect of it. ok jsing
* Remove ASN1_bn_print() and ASN1_buf_print()tb2023-07-281-2/+0
| | | | | | | | | | ASN1_bn_print() is a hilariously bad API that was replaced with a saner interface internally. ASN1_buf_print() isn't terrible, but it is too specialized to be of real use. It was only exposed because ASN1_bn_print() was already there. Its only use had been in the EdDSA printing code before it was replaced with an internal helper. ok jsing
* Make ASN1_{primitive,template}_* internaltb2023-07-281-6/+0
| | | | | | | These were long removed from the public OpenSSL API, so we can do the same. Remove ASN1_template_{d2i,i2d}() - those are unused internally. ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 10:39:02 +0000