| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
This internalizes a particularly scary layer of conf used for X.509
extensions. Again unused public API...
ok beck jsing
|
| |
|
|
|
|
|
|
| |
Thankfully sthen removed the out-of-support PHP versions 7.4 and 8.0,
which were the last users of this API, which in turn permitted much of
this conf rampage. Now the stub can join its guts in the attic.
ok beck jsing
|
| |
|
|
|
|
|
|
| |
Fortunately all projects who want to configure their extensions using
a dangerous string DSL/API figured out the fact that one was supposed to
be using the nconf version of these (the hint is the 'n', as in new).
ok beck jsing
|
| |
|
|
|
|
|
| |
This became obsolete with the automatic library initialization. Now it
is time for it to become an internal API.
ok beck jsing
|
| |
|
|
|
|
|
| |
This translation device from old to new conf guts will need to stay
for a while. However, it's only needed internally.
ok beck jsing
|
| |
|
|
|
|
|
|
| |
This is the next layer of unused cruft that can now go. The code lovingly
called it 'the "CONF classic" functions'. No tear was shed. Don't worry,
we still have the "New CONF" functions!
ok beck jsing
|
| |
|
|
|
|
|
|
| |
The only project I'm aware of that ever used this was rust-openssl
and they did so for no good reason. So remove this API, the crate's
code is already adjusted accordingly.
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
| |
Undocumented and entirely unused. Gets rid of a big, modifiable, global
table.
ok beck jsing
|
| |
|
|
|
|
|
| |
This makes the _CONF_* layer of the conf module internal and gets rid
of the entirely unused conf_api.h.
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
imodules are called imodules because they contain Information about
modules that have been Initialized. Which one of these two I it is
is anyone's best guess. Why anything outside of libcrypto would ever
possibly care will also remain a mystery.
Remove the old way of adding a conf module, user data, stop allowing
to set a method (it's opaque now, remember?) and drop a couple bits
more from the public api interface.
ok beck jsing
|
| |
|
|
|
|
|
|
| |
It's time to start removing some horrors from the conf/ garbage. If the
current top layer wasn't terrible enough, you could always slap another
one on top of it and it would then be truly marvellous.
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This API turned out to be a really bad idea. OpenSSL 3 extended it, with
the result that basically every key type had its own DoS issues fixed in
a recent security release. We eschewed these by having some upper bounds
that kick in when keys get insanely large.
Initially added on tobhe's request who fortunately never used it in iked,
this was picked up only by ruby/openssl (one of the rare projects doing
proper configure checks rather than branching on VERSION defines) and of
course xca, since it uses everything it can. So it was easy to get rid of
this again.
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Nothing touches db_meth in ports. Thus only way a db_meth can be set is
now as a side effect X509V3_set_conf() in which case the db is an NCONF
database and the db_meth will be a thin wrapper of NCONF_get_section().
Make that explicit in the implementation, remove the guts of the unused
X509V3_get_string() and X509V3_string_free(), turn X509V3_section_free()
into a noop and replace several checks for ctx->db, ctx->db->meth, ...
with a simple ctx->db != NULL check.
ok beck jsing
|
| |
|
|
|
|
| |
Another legacy turd that was only used by PHP 7.4 and 8.0.
ok beck jsing
|
| | |
|
| |
|
|
|
|
|
| |
These legacy interfaces were only used by PHP 7.4 and 8.0 and they will
be removed in an upcoming bump.
ok beck jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
This would have prevented the PKCS12 oopsie.
|
| |
|
|
|
|
|
| |
different asm stanzas to produce strong aliases.
This unbreaks libcrypto (and thus ssh, among other things) on hppa after the
recent switch to LIBRESSL_CRYPTO_NAMESPACE.
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
| |
use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard
ok tb@
|
| |
|
|
|
|
| |
use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard around them.
ok tb@
|
| |
|
|
|
|
|
| |
Mark them LCRYPTO_UNUSED appropriately and remove the LIBRESSL_INTERNAL
guards around them
ok tb@
|
| |
|
|
|
|
| |
and remove the LIBRESSL_INTERNAL guards around them
ok tb@
|
| |
|
|
|
| |
This removes the LIBRESSL_INTERNAL guards and marks
the functions within as LCRYPTO_UNUSED
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
crypto.h already had the symbols not hidden behind LIBRESSL_INTERNAL
hidden - This now picks up the reset of them marking them as
LCRYPTO_UNUSED, and removes the LIBRESSL_INTERNAL guard.
These symbols will now be hidden, but if we use them inside
the library in a namespaced build we will get a deprecation
warning. use outside the library will be as with any other hidden
symbol, so fine.
ok tb@
|
| | |
|
| |
|
|
|
|
|
| |
This picks up most of the remaining public symbols in
x509.h
ok tb@
|
| |
|
|
|
|
| |
largely mechanically done by the guentherizer 9000
ok tb@
|
| |
|
|
|
|
|
|
|
| |
If namespace builds are enabled, static links don't work due to missing
_lcry_* symbols. Make LCRYPTO_UNUSED() match LCRYPTO_USED() with an extra
deprecated attribute. This way we can remove the !LIBRESSL_INTERNAL #ifdef
wrapping in public headers.
ok beck joshua
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok tb
|
| |
|
|
| |
ok tb
|
| |
|
|
| |
ok jsing
|
