| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
Unlike ECDSA_METHOD, this has been unused forever but kind of needed to
stay for symmetry with ECDSA_METHOD. Now we can finally take it behind
the barn and remove its tendrils into ENGINE.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Move the remaining ECDSA API into ec.h to match OpenSSL 1.1's interface
better. In particular, the EC_KEY sign and verify method accessors are
moved to the right header. Whether the rest of the ECDSA stuff belongs
there is debatable, but that was upstream's choice.
ok jsing
|
| |
|
|
|
|
|
|
| |
After smtpd (in base) and libtls finally switched from ECDSA_METHOD to
EC_KEY_METHOD, much of the ECDSA_METHOD code was neutered. Remove the
remaining public API as well as numerous tentacles into ENGINE.
ok jsing
|
| |
|
|
|
|
|
| |
These error codes have been unused for a while, so the public API loading
them is pointless.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ECDSA_sign_setup() permits precomputing the values of the inverse of the
random k and the corresponding r. These can then be fed into the signing
routines ECDSA_{do_,}sign_ex() multiple times if needed. This is not a
great idea and the interface adds a lot of unwanted complexity.
Not to mention that nothing ever used this correctly - if s works out to
0, a special error code is thrown requesting that the caller provide new
kinv and r values. Unsurprisingly, nobody ever checked for that special
error code.
ok jsing
This commit marks the start of a libcrypto major bump. Do not build the
tree until I bumped the shlib_version and synced file sets (in about 35
commits).
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@ after some puking in his mouth.
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok tb@ jsing@
|
| |
|
|
| |
to cvs add
|
| |
|
|
|
|
|
|
| |
me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok beck@, tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
| |
Fixes -DNAMESPACE
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
| |
This used to be public API but is now only used for debug code that has
certainly never been used since it was released to the public. It drags
that debug nonsense with it.
ok beck
|
| |
|
|
| |
Unused and no authorative information was found online in 2016
|
| |
|
|
| |
This matches the OpenSSL 1.1 API a bit better.
|
| |
|
|
|
| |
A few hooks remain in the legacy validator, which will soon be replaced
with something better. The rest of the tentacles are now largely contained.
|
| | |
|
| |
|
|
|
|
|
| |
By introducing X509_get0_uids(), one can add RPKI profile compliance
checks to conform the absence of the issuerUID and subjectUID.
OK tb@ jsing@
|
| |
|
|
|
|
|
|
|
|
| |
xmlsec needs this, nothing else. Our linkers link libxmlsec1-openssl,
only warns and since nothing uses this library in ports, this wasn't
noticed for a long time.
Reported by Thomas Mitterfellner
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Open62541 uses X509_STORE_CTX_get_check_issued(), so provide it along
with X509_STORE_{get,set}_check_issued(). As you would expect, they all
return or take an X509_STORE_CTX_check_issued_fn. The getters aren't const
in OpenSSL 1.1, but they now are in OpenSSL 3...
These will be made available in the next minor bump and will ship in the
stable release of LibreSSL 3.7
Part of OpenSSL commit 1060a50b
See also https://github.com/libressl-portable/portable/issues/748
ok beck jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
| |
This applies the guentherizer 9000(tm) to pkcs7, after moving
several pkcs7 funcitions back to pkcs7 that were in x509/x_all.c
for reasons known only to the miasma.
ok jsing@
|
| |
|
|
|
|
|
| |
Automated change from the first attempts at the semi automated
Guentherizer 2000.
ok jsing@ tb@ joshua@
|
|
|
Fully explained in libcrypto/README. TL;DR make sure libcrypto
and libssl's function calls internally and to each other are via
symbol names that won't get overridden by linking other libraries.
Mostly work by guenther@, which will currently be gated behind a
build setting NAMESPACE=yes. once we convert all the symbols to
this method we will do a major bump and pick up the changes.
ok tb@ jsing@
|
