summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/engine (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Hide symbols in enginetb2024-03-271-1/+20
| | | | ok jsing
* Simplify engine.htb2024-03-021-45/+1
| | | | | | Garbage collect some more of this former horror show. ok jsing
* Rename an ENGINE from e to engine for consistencytb2023-11-191-2/+2
|
* Unifdef OPENSSL_NO_ENGINE in libcryptotb2023-11-191-5/+1
| | | | | | | This is mechanical apart from a few manual edits to avoid doubled empty lines. ok jsing
* Unifdef OPENSSL_NO_ENGINE in engine.htb2023-11-191-566/+8
| | | | | | | Also rip out all the gross, useless comments. There's still too much garbage in here... ok jsing
* Move the ENGINE_new() prototype a line downtb2023-08-041-2/+2
|
* Set OPENSSL_NO_ENGINE, remove engine codetb2023-07-2824-4812/+0
| | | | | | | | | | ENGINE was special. It's horrible code even by the low standards of this library. Some ports may now try to use the stubs which will fail, but the fallout from this should be minimal. Of course there are various language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE by default will likely help fixing this at some point. ok jsing
* Excise ECDH_METHODtb2023-07-286-174/+5
| | | | | | | | Unlike ECDSA_METHOD, this has been unused forever but kind of needed to stay for symmetry with ECDSA_METHOD. Now we can finally take it behind the barn and remove its tendrils into ENGINE. ok jsing
* Remove ECDSA_METHODtb2023-07-286-160/+5
| | | | | | | | After smtpd (in base) and libtls finally switched from ECDSA_METHOD to EC_KEY_METHOD, much of the ECDSA_METHOD code was neutered. Remove the remaining public API as well as numerous tentacles into ENGINE. ok jsing
* Provide a bunch of always failing ENGINE APItb2023-07-212-5/+164
| | | | | | | | | | | | | | | This commit adds a few symbols under OPENSSL_NO_ENGINE. They will be used after the main ENGINE code is disabled in the next bump. The ecosystem is mostly prepared for dealing with a libcrypto compiled with OPENSSL_NO_ENGINE. There are a few stragglers like M2Crypto, dovecot and the latest apr-util release (fixed in their development branch). To avoid intrusive patching in these ports, we need to keep a bunch of ENGINE symbols around despite adding OPENSSL_NO_ENGINE. This of course meant patching some other ports, but that was way easier. ok jsing
* Remove some ancient cruft that hasn't been used in agestb2023-07-203-1692/+0
| | | | discussed with jsing
* Remove unnecessary inclusion of dso.htb2023-07-203-6/+3
|
* eng_aesni.c: add evp_local.h so it compiles again.tb2023-07-201-1/+3
|
* Move x509.h inclusion into alphabetical ordertb2023-04-181-3/+2
|
* Bring includes into canonical ordertb2023-04-181-8/+8
| | | | Requested by jsing
* Move some includes out of OPENSSL_NO_DEPRECATEDtb2023-04-181-3/+1
| | | | | | | | | | | | | Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes that eventually the mess of everything includes everything will magically resolve itself. Of course everyone would end up building openssl with OPENSSL_NO_DEPRECATED over time... Right. Surprisingly, the ecosystem has come to rely on these implicit inclusions, so about two dozen ports would fail to build because of this. Patching this would be easy but really not worth the effort. ok jsing
* spelling fixes; from paul tagliamontejmc2022-12-266-14/+14
| | | | | | | i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
* Make internal header file names consistenttb2022-11-262-4/+4
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Remove mkerr.pl remnants from LibreSSLkn2022-07-122-12/+2
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* Use C99 initializers for test_sha_mdtb2022-01-091-13/+12
| | | | ok inoguchi jsing
* Include evp_locl.h where it will be needed once most structs fromtb2021-12-121-1/+3
| | | | | | evp.h will be moved to evp_locl.h in an upcoming bump. ok inoguchi
* $OpenBSD$tb2019-01-191-0/+1
|
* Partial port of EC_KEY_METHOD from OpenSSL 1.1.tb2019-01-195-4/+152
| | | | | | | This commit adds init/free, support for signing, setting and getting the method, engine support as well as extra data. from markus
* Add automatic threading initialization for libcrypto.bcook2018-11-111-6/+1
| | | | | | | | | | | | | | This implements automatic thread support initialization in libcrypto. This does not remove any functions from the ABI, but does turn them into no-ops. Stub implementations of pthread_mutex_(init|lock|unlock) are provided for ramdisks. This does not implement the new OpenSSL 1.1 thread API internally, keeping the original CRYTPO_lock / CRYPTO_add_lock functions for library locking. For -portable, crypto_lock.c can be reimplemented with OS-specific primitives as needed. ok beck@, tb@, looks sane guenther@
* In ENGINE_up_ref(), check return value of CRYPTO_add() and reporttb2018-08-241-3/+5
| | | | | | failure accordingly. ok jsing
* Make ENGINE_free() succeed on NULL. Matches OpenSSL's behavior andtb2018-04-145-27/+25
| | | | | | simplifies the caller side. tested by & ok inoguchi; discussed with schwarze
* make ENGINE_finish() succeed on NULL and simplify callers as intb2018-04-141-5/+3
| | | | | | | | | | | OpenSSL commit 7c96dbcdab9 by Rich Salz. This cleans up the caller side quite a bit and reduces the number of lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net shows that almost nothing checks the return value of ENGINE_finish(). While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'. ok jsing, tested by & ok inoguchi
* Bring in compatibility for OpenSSL 1.1 style init functions.beck2018-03-172-6/+19
| | | | | | | | | This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL ok jsing@, nits by tb@ and deraadt@
* Send the function codes from the error functions to the bit bucket,beck2017-01-2914-171/+80
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Explicitly export a list of symbols from libcrypto.jsing2016-12-211-7/+3
| | | | | | | | | | | | | | | | Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@
* Replace all uses of magic numbers when operating on OPENSSL_ia32_P[] bymiod2016-11-041-11/+5
| | | | | | | | | | | | | | | meaningful constants in a private header file, so that reviewers can actually get a chance to figure out what the code is attempting to do without knowing all cpuid bits. While there, turn it from an array of two 32-bit ints into a properly aligned 64-bit int. Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will now always use OPENSSL_cpu_caps() and check for the proper bits in the whole 64-bit word it returns. i386 tests and ok jsing@
* Remove I386_ONLY define. It was only used to prefer amiod2016-11-041-2/+2
| | | | | | | faster-on-genuine-80386-but-slower-on-80486-onwards innstruction sequence in the SHA512 code, and had not been enabled in years, if at all. ok tom@ bcook@
* Remove SHA0 check, as we did in v1.21 of sha.h.bcook2015-12-071-2/+2
| | | | | | This enables ENGINE_get_digest to work again with SHA1. noted by NARUSE, Yui, @nurse from github
* Kill coverity 128475beck2015-08-281-2/+2
| | | | ok doug@
* Remove OpenSSL engine RSAX.doug2015-07-193-701/+2
| | | | | | | | | OpenSSL stopped building it last year and removed it this year. Based on OpenSSL commit c436e05bdc7f49985a750df64122c960240b3ae1. Also cranked major version in libcrypto, libssl and libtls. "fine with me" bcook@ miod@
* abort when ENGINE_remove fails, fix Coverity 21656bcook2015-07-191-5/+2
| | | | ok doug@, beck@
* Return the failing engine ID in the error stack.bcook2015-06-191-2/+4
| | | | | Noted by doug@ in an earlier revision of the dynamic engine removal patch, but I had forgotten to include it in the latest version.
* Disable ENGINE_load_dynamic (dynamic engine support).bcook2015-06-193-513/+7
| | | | | | | We do not build, test or ship any dynamic engines, so we can remove the dynamic engine loader as well. This leaves a stub initialization function in its place. ok beck@, reyk@, miod@
* Remove all getenv() calls, especially those wrapped by issetugid().deraadt2015-04-111-7/+2
| | | | | | | | | getenv()'s wrapped by issetugid() are safe, but issetugid() is correct difficult to impliment on many operating systems. By accident, a grand experiment was run over the last year, where issetugid() returned 1 (the safe value) on a few operating systems. Noone noticed & complained that certain environment variables were not working....... ok doug beck jsing, discussion with others
* Enable building with -DOPENSSL_NO_DEPRECATED.doug2015-02-1114-14/+38
| | | | | | | | | | | | | | | If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@
* Remove assert() or OPENSSL_assert() of pointers being non-NULL. The policymiod2015-02-101-6/+1
| | | | | for libraries in OpenBSD is to deliberately let NULL pointers cause a SIGSEGV. ok doug@ jsing@
* BN_CTX_get() can fail - consistently check its return value.jsing2015-02-091-4/+7
| | | | | | | | | | | | | | | There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine). Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify. Note there are still a handful of cases that do not follow the idiom - these will be handled separately. ok beck@ doug@
* Delete a lot of #if 0 code in libressl.doug2015-02-074-45/+9
| | | | | | | | | | | | | | | | | | | | | | | | | There are a few instances where #if 1 is removed but the code remains. Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits. 6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008 input + ok jsing@, miod@, tedu@
* Nuke yet more obvious #include duplications.krw2014-11-191-3/+1
| | | | ok deraadt@
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-221-2/+3
| | | | | | | | arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@
* None of these need to include <openssl/rand.h>jsing2014-10-182-4/+2
|
* Guard RSA / RC4-5 ASM when NO_ASM is not definedbcook2014-08-111-3/+4
| | | | | | | | | Most assembly blocks remain inactive if OPENSSL_NO_ASM is not defined, only enabling inline assembly, but the RSA / RC4-5 blocks (used only in amd64 systems) turn on implicitly. Guard these two as well. This simplifies enabling just inline ASM in portable, no effective change in OpenBSD.
* The bell tolls for BUF_strdup - Start the migration to usingbeck2014-07-131-4/+4
| | | | | | intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-121-7/+4
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-115-18/+16
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 08:51:53 +0000