| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
Ever wondered how many entries populate the various err hashes?
Me neither. Remove this garbage.
ok jsing
|
| |
|
|
|
|
|
| |
Much like ex_data, applications can make the library use their own error
stack implementation. Well, except as of right now they no longer can.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
To state the obvious: library suffers from way too much extensibility. In
theory, applications can implement their own ex_data implementation. In
practice, none did. A glance at ex_data.c might give an idea as to why.
Make this internal so this particular turd can be replaced with something
slightly saner.
Also sync up the CRYPTO_EX_INDEX_* defines with OpenSSL - at least
the parts we support.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is one of those strange things that should never have made it into
a security-oriented libraries. From BIO_s_bio.3:
.\" The following non-copying I/O functions are intentionally undocumented
.\" because they seem fragile and unused by anything:
It was used in a single place: the gorgeous ssltest. I'm not smart enough
to follow. Also:
/* WARNING: The non-copying interface is largely untested as of yet
* and may contain bugs. */
Oh, really? Into the great bitbucket in the sky you go.
ok jsing
|
| |
|
|
|
|
|
| |
Inconsistently named with the rest of the API, so OpenSSL 1.1 introduced
the same functions with a BN_ prefix. We'll keep the latter.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
RSA is pretty bad. In my most optimistic moments I dream of a world that
stopped using it. That won't happen during my lifetime, unfortunately.
Blinding is one way of making it a little less leaky. Unfortunately this
side-channel leak mitigation leaked out of the library for no good reason.
Let's at least fix that aspect of it.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
ASN1_bn_print() is a hilariously bad API that was replaced with a saner
interface internally. ASN1_buf_print() isn't terrible, but it is too
specialized to be of real use. It was only exposed because ASN1_bn_print()
was already there. Its only use had been in the EdDSA printing code before
it was replaced with an internal helper.
ok jsing
|
| |
|
|
|
|
|
| |
These were long removed from the public OpenSSL API, so we can do the
same. Remove ASN1_template_{d2i,i2d}() - those are unused internally.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
With every bump we can remove a bit more of the ASN.1 BIO and the
streaming interface. At some point enough will be internal so that
we can rewrite it and bring it in a shape where mere mortals can
follow all the twists and turns. This is the next step: BIO_f_asn1(3)
goes away and takes BIO_asn1_{get,set}_{prefix,suffix}() with it,
a bunch of functions helping along in a write-after-free recently.
The getters go away, the setters stay for now.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
ENGINE was special. It's horrible code even by the low standards of this
library. Some ports may now try to use the stubs which will fail, but
the fallout from this should be minimal. Of course there are various
language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE
by default will likely help fixing this at some point.
ok jsing
|
| |
|
|
|
|
|
|
| |
DSO and in particular dlopen() was used for dynamic engines, which we
removed a long time ago and for dynamic conf modules, which we removed
only very recently. Now remove this dangerous interface.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
opensslfeatures.h has long defined OPENSSL_NO_COMP and the build with
ZLIB was broken in openssl(1) since 2015 and in libcrypto since 2022.
ZLIB was unifdefed a while ago, now we can retire the public API.
The comp.h header stays devoid of code because a number of ports use it
for historic reasons.
ok jsing
|
| |
|
|
|
|
|
| |
The remaining two ECDH interfaces are relocated into ec.h. ecdh.h
remains. It does nothing but include ec.h.
ok jsing
|
| |
|
|
|
|
|
|
| |
Unlike ECDSA_METHOD, this has been unused forever but kind of needed to
stay for symmetry with ECDSA_METHOD. Now we can finally take it behind
the barn and remove its tendrils into ENGINE.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Move the remaining ECDSA API into ec.h to match OpenSSL 1.1's interface
better. In particular, the EC_KEY sign and verify method accessors are
moved to the right header. Whether the rest of the ECDSA stuff belongs
there is debatable, but that was upstream's choice.
ok jsing
|
| |
|
|
|
|
|
|
| |
After smtpd (in base) and libtls finally switched from ECDSA_METHOD to
EC_KEY_METHOD, much of the ECDSA_METHOD code was neutered. Remove the
remaining public API as well as numerous tentacles into ENGINE.
ok jsing
|
| |
|
|
|
|
|
| |
These error codes have been unused for a while, so the public API loading
them is pointless.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ECDSA_sign_setup() permits precomputing the values of the inverse of the
random k and the corresponding r. These can then be fed into the signing
routines ECDSA_{do_,}sign_ex() multiple times if needed. This is not a
great idea and the interface adds a lot of unwanted complexity.
Not to mention that nothing ever used this correctly - if s works out to
0, a special error code is thrown requesting that the caller provide new
kinv and r values. Unsurprisingly, nobody ever checked for that special
error code.
ok jsing
This commit marks the start of a libcrypto major bump. Do not build the
tree until I bumped the shlib_version and synced file sets (in about 35
commits).
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@ after some puking in his mouth.
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok tb@ jsing@
|
| |
|
|
| |
to cvs add
|
| |
|
|
|
|
|
|
| |
me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok beck@, tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
| |
Fixes -DNAMESPACE
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
| |
This used to be public API but is now only used for debug code that has
certainly never been used since it was released to the public. It drags
that debug nonsense with it.
ok beck
|
| |
|
|
| |
Unused and no authorative information was found online in 2016
|
| |
|
|
| |
This matches the OpenSSL 1.1 API a bit better.
|
| |
|
|
|
| |
A few hooks remain in the legacy validator, which will soon be replaced
with something better. The rest of the tentacles are now largely contained.
|
