| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
It's just gross. Only used by a popular disk encryption utility on an
all-too-popular OS one or two decades back.
ok beck jsing
|
| |
|
|
|
|
|
| |
This syncs the list with some version of upstream and exposes a few
OPENSSL_NO_* that may now be relevant.
from jsing (a long time ago)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This stops compiling the GOST source. The current implementation is low
quality and got in the way, especially in libssl. While we would be open
for GOST support, it needs to be significantly better than what we have
had and it also needs a maintainer.
Add OPENSSL_NO_GOST to opensslfeatures and stop installing gost.h.
Some code wrapped in #ifndef OPENSSL_NO_GOST will be removed later.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
ENGINE was special. It's horrible code even by the low standards of this
library. Some ports may now try to use the stubs which will fail, but
the fallout from this should be minimal. Of course there are various
language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE
by default will likely help fixing this at some point.
ok jsing
|
| |
|
|
|
|
|
|
| |
DSO and in particular dlopen() was used for dynamic engines, which we
removed a long time ago and for dynamic conf modules, which we removed
only very recently. Now remove this dangerous interface.
ok jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
We have no tls 1.0 or 1.1 or methods for them.
These "in theory" will make things that check the openssl #ifdef
soup for all the floating eyeballs make the correct decisions, or
if they do not they at least can not blame us.
ok tb@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
| |
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
The define implies that we have the RFC 3779 API and corresponding
symbols publicly exposed. We don't do that since there are still
concerns about its suitability and security. oss-fuzz has code
depending on this define and this broke its build as tracked down
by jsing. This commit gets us oss-fuzz builds back while keeping
job happy since the extension pretty printing will continue to work.
ok jsing
|
| |
|
|
|
|
| |
Do not expose it yet, this will wait for an upcoming bump
ok tb@
|
| |
|
|
|
|
|
|
| |
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.
ok jsing
|
| |
|
|
|
|
| |
no longer needed.
ok jsing
|
| |
|
|
| |
From job. Discussed at length with beck, claudio, job during h2k21
|
| | |
|
| | |
|
| |
|
|
| |
ok bcook inoguchi jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok jsing@ tb@
|
| |
|
|
| |
ok bcook@ deraadt@ inoguchi@ job@ tb@
|
| |
|
|
|
|
|
| |
for LibreSSL. Add a (commented out) feature flag for TLSv1.3 and define the
OPENSSL_NO_TLS1_3 anti-feature flag based on the feature flag.
ok beck@ bluhm@ tb@
|
| |
|
|
| |
features (and possibly never will).
|
| |
|
|
|
|
|
|
|
|
| |
currently exist in OpenSSL - comment out that ones that we do not already
define. Some OPENSSL_NO_* flags that we define have been removed from
OpenSSL (and code that depended on these to know when features are not
available now think that the features have been enabled...). We keep these
defined but in their own separate group.
ok bluhm@ tb@
|
| | |
|
| |
|
|
|
| |
prototypes if we have both OPENSSL_NO_NEXTPROTONEG and the prototypes
defined.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
MD4 should have been removed a long time ago. Also, RFC 6150 moved it to
historic in 2011. Rides the major crank from removing SHA-0.
Discussed with many including beck@, millert@, djm@, sthen@
ok jsing@, input + ok bcook@
|
| |
|
|
|
|
|
| |
SHA-0 was withdrawn shortly after publication 20 years ago and replaced
with SHA-1. This will require a major crank.
ok bcook@, jsing@
|
| |
|
|
|
|
|
|
|
|
| |
This is the first wave of SSLv3 removal which removes the main SSLv3
functions. Future commits will remove the rest of the SSLv3 support.
Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@,
sthen@, naddy@, and deraadt@.
ok jsing@, beck@
|
| |
|
|
|
|
|
|
|
| |
OpenSSL stopped building it last year and removed it this year.
Based on OpenSSL commit c436e05bdc7f49985a750df64122c960240b3ae1.
Also cranked major version in libcrypto, libssl and libtls.
"fine with me" bcook@ miod@
|
| |
|
|
| |
ok deraadt@ jsing@ miod@
|
| |
|
|
|
|
|
| |
Since RAND_egd has been removed from LibreSSL, simplify porting software that
relies on it. See https://github.com/libressl-portable/openbsd/pull/34
from Bernard Spil, ok deraadt@
|
| |
|
|
| |
libcrypto minor bump.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There used to be a strong reluctance to provide this cipher in LibreSSL in the
past, because the licence terms under which Cammelia was released by NTT were
free-but-not-in-the-corners, by restricting the right to modify the source
code, as well retaining the right to enforce their patents against anyone
in the future.
However, as stated in http://www.ntt.co.jp/news/news06e/0604/060413a.html ,
NTT changed its mind and made this code truly free. We only wish there had
been more visibility of this, for we could have had enabled Cammelia
earlier (-:
Licence change noticed by deraadt@. General agreement from the usual LibreSSL
suspects.
Crank libcrypto.so minor version due to the added symbols.
|
| |
|
|
|
| |
for apps that haven't had time to make the appropriate changes was added.
time's up.
|
| | |
|
| | |
|
|
|
probably ok beck jsing miod
|
