summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/hidden (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Reinstate PKCS12_key_gen_uni()tb8 days1-1/+2
| | | | | | | Unfortunately, this is used in acsm-calibre-plugin, via oscrypto. Fixes https://github.com/Leseratte10/acsm-calibre-plugin/issues/112 ok jsing
* Remove EC_POINTs_* APItb8 days1-3/+1
| | | | | | | | | | And another one... Completely overengineered for the sake of academic credentials and only Ruby ever picked this garbage up. Fortunately, it's no longer used with LibreSSL since we defanged this in 2018. The latest version of ruby/openssl has completely removed this as part of their post 1.0.x cleanup. ok jsing
* Remove Jprojective_coordinates APItb8 days1-3/+1
| | | | | | | There goes another implementation detail that should never have been leaked out of the library. ok jsing
* Unexport EC_GROUP_*precompute_mult()tb8 days1-3/+1
| | | | | | | These have been noops for a while and as usual some Perl module was the only thing "using" it. ok jsing
* Unexport EC_GROUP_copy()tb8 days1-2/+1
| | | | | | Without EC_GROUP_new(), this API is useless. There's EC_GROUP_dup(). ok jsing
* Unexport EC_METHOD and all API using ittb8 days1-7/+1
| | | | | | | | | | | | This is an implementation detail and there is no reason to leak it from the library. This removes EC_GFp_{mont,simple}_method(), EC_GROUP_{method_of,new}(), EC_METHOD_get_field_type(), EC_POINT_method_of() from the public API. EC_GROUP_copy() is now quite useless, so it will go as well. ok jsing
* Align CRYPTO_set_mem*_functions with OpenSSL 1.1tb8 days1-2/+1
| | | | | | | | | | | | | | CRYPTO_set_mem_ex_functions() was renamed to CRYPTO_set_mem_functions(), replacing the latter while also correcting the arguments for the free pointer. The backstory is that a commit that was never compiled was fixed the wrong way an hour later (both committed without review, obviously), and here we are, still cleaning up the mess 23 years later. We carry patches in cjose and stunnel for this; dovecot and links+ have autoconf checks and will adapt. Oh, and then there's the mariadb configure time insanity passing wrong function pointers... ok jsing
* Unexport the weird X509_OBJECT_up_ref_count()tb8 days1-2/+1
| | | | | | | | It's only used in x509_lu.c, so move it there. X509_OBJECT is not itself refcounted. This API bumps the refcount of its cert or CRL member. This isn't really useful outside of the library. ok jsing
* Unexport X509_NAME_print()tb8 days1-2/+1
| | | | | | | | | | Nothing uses this anymore. M2Crypto has been patched and a fix for opensc has been upstreamed. ok jsing This is the start of a major bump. Don't build the tree until I have synced sets in about 20 commits.
* hidden mlkem.h: add comment to #endiftb2024-12-201-2/+2
|
* #ifdef out the inclusion of openssl/mlkem.h for nowtb2024-12-191-3/+4
| | | | discussed with beck and jsing
* Add ML-KEM 1024 from BoringSSLbeck2024-12-131-1/+9
| | | | | | | | | | | | | | | Changes include conversion from C++, basic KNF, then adaptation to use our sha3 functions for sha3 and shake instead of the BorinSSL version. This Adds units tests to run against BoringSSL and NIST test vectors. The future public API is the same as Boring's - but is not yet exposed pending making bytestring.h public (which will happen separately) and a minor bump Currently this will just ensure we build and run regress. ok tb@ to get it into the tree and massage from there.
* Add ML-KEM 768 from BoringSSLbeck2024-12-131-0/+40
| | | | | | | | | | | | | | | Changes include conversion from C++, basic KNF, then adaptation to use our sha3 functions for sha3 and shake instead of the BorinSSL version. This Adds units tests to run against BoringSSL and NIST test vectors. The future public API is the same as Boring's - but is not yet exposed pending making bytesring.h public (which will happen separately) and a minor bump Currently this will just ensure we build and run regress. ok tb@ to get it into the tree and massage from there.
* Revert marking EC_GROUP_method_of() and EC_METHOD_get_field_type() unusedtb2024-10-221-3/+3
| | | | breaks tree as noted by krw
* Mark EC_GROUP_method_of() and EC_METHOD_get_field_type() as unusedtb2024-10-221-3/+3
| | | | ok jsing
* Make X509at_* API internaltb2024-08-311-11/+1
| | | | | | | | The only consumer, yara, has been adjusted. It will be some more work to remove this idiocy internally, but at least we will no longer have to care about external consumers. ok beck jsing
* Zap HMAC_Inittb2024-08-311-2/+1
| | | | | | Long deprecated, last users have been fixed. ok beck jsing
* Nuke the whrlpool (named after the galaxy) from orbittb2024-08-312-36/+1
| | | | | | | It's just gross. Only used by a popular disk encryption utility on an all-too-popular OS one or two decades back. ok beck jsing
* Remove DES_enc_{read,write} and DES_rw_modetb2024-08-311-4/+1
| | | | | | | Unfortunately we'll probably never be able to get rid of DES entirely. One part of it that is old enough to be a grandparent can go, though. ok beck jsing
* Garbage collec UI_UTIL remnantstb2024-08-311-3/+1
| | | | ok beck jsing
* Remove EVP_PKEY.*attr* APItb2024-08-311-10/+1
| | | | | | I ranted enough about this recently. PKCS#12. Microsoft. 'nuff said. ok beck jsing
* Remove X509_REQ_{set,get}_extension_nids()tb2024-08-311-3/+1
| | | | | | | | LibreSSL no longer supports non-standard OIDs for use in the extensions attribute of CSRs. The API that enabled that (and nobody used of course) can now go. ok beck jsing
* Remove X509_check_trust() and some related definestb2024-08-311-2/+1
| | | | | | | | | Someone thought it would be a good idea to append non-standard trust information to the certs in the trust store. This API is used to inspect that depending on the intended purpose of the cert. Only M2Crypto thought it necessary to expose this. It was adjusted. ok beck jsing
* Remove ERR_add_{,v}data()tb2024-08-311-3/+1
| | | | | | Another unused bit of legacy API... ok beck jsing
* Make some more x509 conf stuff internaltb2024-08-311-12/+1
| | | | | | | This internalizes a particularly scary layer of conf used for X.509 extensions. Again unused public API... ok beck jsing
* Retire X509V3_set_conf_lhash()tb2024-08-311-2/+1
| | | | | | | | Thankfully sthen removed the out-of-support PHP versions 7.4 and 8.0, which were the last users of this API, which in turn permitted much of this conf rampage. Now the stub can join its guts in the attic. ok beck jsing
* Retire X509V3_EXT_{,CRL_,REQ_}add_conf()tb2024-08-311-4/+1
| | | | | | | | Fortunately all projects who want to configure their extensions using a dangerous string DSL/API figured out the fact that one was supposed to be using the nconf version of these (the hint is the 'n', as in new). ok beck jsing
* Remove OPENSSL_load_builtin_modulestb2024-08-311-2/+1
| | | | | | | This became obsolete with the automatic library initialization. Now it is time for it to become an internal API. ok beck jsing
* Unexport CONF_set_nconf()tb2024-08-311-2/+1
| | | | | | | This translation device from old to new conf guts will need to stay for a while. However, it's only needed internally. ok beck jsing
* Remove more CONF_* functions that are no longer neededtb2024-08-311-9/+1
| | | | | | | | This is the next layer of unused cruft that can now go. The code lovingly called it 'the "CONF classic" functions'. No tear was shed. Don't worry, we still have the "New CONF" functions! ok beck jsing
* Unexport NCONF_defaulttb2024-08-311-2/+1
| | | | | | | | The only project I'm aware of that ever used this was rust-openssl and they did so for no good reason. So remove this API, the crate's code is already adjusted accordingly. ok beck jsing
* Inline NCONF_free_data in its only usertb2024-08-311-2/+1
| | | | ok beck jsing
* Remove NCONF_WIN32tb2024-08-311-2/+1
| | | | | | | Undocumented and entirely unused. Gets rid of a big, modifiable, global table. ok beck jsing
* Retire conf_api.h and the API thereintb2024-08-311-36/+0
| | | | | | | This makes the _CONF_* layer of the conf module internal and gets rid of the entirely unused conf_api.h. ok beck jsing
* Unexport some conf layers unused outside of libcryptotb2024-08-311-13/+1
| | | | | | | | | | | | | imodules are called imodules because they contain Information about modules that have been Initialized. Which one of these two I it is is anyone's best guess. Why anything outside of libcrypto would ever possibly care will also remain a mystery. Remove the old way of adding a conf module, user data, stop allowing to set a method (it's opaque now, remember?) and drop a couple bits more from the public api interface. ok beck jsing
* Remove unused {,N}CONF_dump_{bio,fp}()tb2024-08-311-5/+1
| | | | | | | | It's time to start removing some horrors from the conf/ garbage. If the current top layer wasn't terrible enough, you could always slap another one on top of it and it would then be truly marvellous. ok beck jsing
* Remove EVP_PKEY_*check againtb2024-08-311-4/+1
| | | | | | | | | | | | | | | This API turned out to be a really bad idea. OpenSSL 3 extended it, with the result that basically every key type had its own DoS issues fixed in a recent security release. We eschewed these by having some upper bounds that kick in when keys get insanely large. Initially added on tobhe's request who fortunately never used it in iked, this was picked up only by ruby/openssl (one of the rare projects doing proper configure checks rather than branching on VERSION defines) and of course xca, since it uses everything it can. So it was easy to get rid of this again. ok beck jsing
* Get rid of last use of db_methtb2024-08-281-3/+3
| | | | | | | | | | | | Nothing touches db_meth in ports. Thus only way a db_meth can be set is now as a side effect X509V3_set_conf() in which case the db is an NCONF database and the db_meth will be a thin wrapper of NCONF_get_section(). Make that explicit in the implementation, remove the guts of the unused X509V3_get_string() and X509V3_string_free(), turn X509V3_section_free() into a noop and replace several checks for ctx->db, ctx->db->meth, ... with a simple ctx->db != NULL check. ok beck jsing
* Turn X509V3_set_conf_lhash() into a nooptb2024-08-281-2/+2
| | | | | | Another legacy turd that was only used by PHP 7.4 and 8.0. ok beck jsing
* Add LCRYPTO_USED(X509_get_signature_info)tb2024-08-281-1/+2
|
* Disable X509V3_EXT{,_CRL,_REQ}_add_conf()tb2024-08-281-4/+4
| | | | | | | These legacy interfaces were only used by PHP 7.4 and 8.0 and they will be removed in an upcoming bump. ok beck jsing
* Switch UI_UTIL_read_pw* to LCRYPTO_UNUSED()tb2024-08-241-3/+3
| | | | ok jsing
* Mark X509at_get_attr{,_count}() and X509at_delete_attr() as unusedtb2024-07-261-4/+4
| | | | ok jsing
* Switch the EVP_PKEY_*attr* API to LCRYPTO_UNUSED()tb2024-07-151-10/+10
| | | | This would have prevented the PKCS12 oopsie.
* Despite being an ELF citizen, hppa is its own special snowflake and requiresmiod2024-07-111-1/+5
| | | | | | | different asm stanzas to produce strong aliases. This unbreaks libcrypto (and thus ssh, among other things) on hppa after the recent switch to LIBRESSL_CRYPTO_NAMESPACE.
* Hide remaining unused ERR functions in err.hbeck2024-07-091-1/+3
| | | | ok tb@
* Hide CRYPTO_get_dynlock_create_callbackbeck2024-07-091-1/+2
| | | | ok tb@
* Hide DES global variablesbeck2024-07-091-1/+5
| | | | ok tb@
* Hide symbols for two missed public functions in bio.hbeck2024-07-091-1/+3
| | | | ok tb@
* Hide global _it symbols in pkcs12.hbeck2024-07-091-1/+5
| | | | ok tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 08:39:10 +0000