| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
|
|
|
|
| |
Rename it to DSA_prime_checks and add an XXX comment mentioning that
we could reduce the number of rounds thanks to BPSW. There are no
plans of changing that as DSA is on its way out.
discussed with miod
|
| |
|
|
|
|
| |
It aliases BN_is_prime(), which was removed in April 2023.
makes sense to miod
|
| |
|
|
|
|
|
|
|
|
|
| |
This was deprecated in 0.9.8 and used until recently by rust-openssl
and by keynote (keynote has the excuse that it was written before the
deprecation). Fortunately Paul Kehrer fixed this in rust-openssl,
so we can garbage collect this turd. (It was replaced with the less
ergonomic DSA_generate_parameters_ex() to expose a new fancy way of
displaying dots, stars and pluses on key generation).
ok jsing
|
| |
|
|
| |
Requested by jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes
that eventually the mess of everything includes everything will magically
resolve itself. Of course everyone would end up building openssl with
OPENSSL_NO_DEPRECATED over time... Right.
Surprisingly, the ecosystem has come to rely on these implicit inclusions,
so about two dozen ports would fail to build because of this. Patching this
would be easy but really not worth the effort.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Geoff Thorpe added OPENSSL_NO_DEPRECATED nearly two decades ago. The hope
was that at some point some functions can be dropped. Most of the functions
marked deprecated are actually unused nowadays but unfortunately some of
them are still used in the ecosystem. Move them out of OPENSSL_NO_DEPRECATED
so we can define it without breaking the consumers in the next bump.
ERR_remove_state() is still used by a dozen or so ports. This isn't a big
deal since it is just a stupid wrapper for the not quite as deprecated
ERR_remove_thread_state(). It's not worth patching these ports.
Annoyingly, {DH,DSA}_generate_parameters() and RSA_generate_key() are still
used. They "make use" of the old-style BN_GENCB callback, which is therefore
more difficult to remove - in case you don't know know: that's the thing
responsible for printing pretty '.', '+' and '*' when you generate keys.
Most annoyingly, DH_generate_parameters() was added to rust-openssl in 2020
for "advanced DH support". This is very unfortunate since cargo bundles a
rust-openssl and updates it only every few years or so. As a consequence
we're going to be stuck with this nonsense for a good while.
ok beck jsing
|
| |
|
|
|
|
|
| |
This has been missing for a while already and will be used in a
few upcoming commits.
ok beck jsing
|
| |
|
|
|
|
|
| |
This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
| |
|
|
|
|
|
| |
These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.
ok jsing
|
| |
|
|
|
|
|
|
| |
Also follow OpenSSL by making the name non-const to avoid ugly casting.
Used by OpenSC's pkcs11-helper, as reported by Fabrice Fontaine in
https://github.com/libressl-portable/openbsd/issues/130
ok jsing sthen
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
| |
This moves DSA_SIG, DSA and DSA_METHOD to dsa_locl.h.
ok inoguchi jsing
|
| |
|
|
|
| |
This marks the start of major surgery in libcrypto. Do not attempt to
build the tree for a while (~50 commits).
|
| |
|
|
|
|
| |
Used by Qt5 and Qt6 and slightly reduces the patching in there.
ok inoguchi jsing
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
|
|
|
|
| |
for DSA key generation.
From Kurt Roeckx, OpenSSL 74ee3796
ok bcook inoguchi jsing
|
| |
|
|
|
|
|
| |
As in RSA_meth_*, note that these functions return NULL in
out-of-memory situations, but they do not set an error explicitly.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
|
|
| |
EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key().
ok jsing
|
| |
|
|
|
|
| |
ASN1_item_{d2i,i2d}_* equivalents.
ok guenther@ miod@
|
| |
|
|
|
|
|
|
| |
This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME,
and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally
constant-time.
Based on the original patch by César Pereid. ok beck@
|
| |
|
|
|
|
|
| |
Improved patch from Cesar Pereida. See
https://github.com/libressl-portable/openbsd/pull/61 for more details.
ok beck@
|
| |
|
|
| |
DSAPublicKey, DSAPrivateKey and DSAparams ASN1_ITEMs.
|
| |
|
|
|
|
|
| |
Improves readability, keeps the code smaller so that it is warmer in your
cache.
review & ok deraadt@
|
| | |
|
| |
|
|
| |
ok to firebomb from tedu@
|
| |
|
|
|
|
|
| |
including it they get <openssl/opensslconf.h>. So instead of pulling in
<openssl/e_os2.h>, just pull in <openssl/opensslconf.h>.
"go ahead" miod@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
by dtucker@
|
| | |
|
| |
|
|
| |
http://www.openssl.org/news/secadv_20060928.txt for more
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Note that this is a maintenence release, API's appear *not* to have changed.
As such, I have only increased the minor number on these libraries
|
| | |
|
| |
|
|
|
|
| |
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
| | |
|
|
|
functionality for shared libs.
Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in this library.
Needs documentation and help from ports for easy upgrade to full
functionality where legally possible.
|
