summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove the now unused ex_pcpathlen from the X509 structtb2023-04-161-2/+1
| | | | ok jsing
* More ProxyCertInfo tentacles go to the attictb2023-04-162-65/+6
| | | | | | | | This removes ProxyCertInfo from extension caching, issuer checking and it also drops the special path validation for proxy certs from the legacy verifier. ok jsing
* Remove some dead code from the new verifiertb2023-04-161-7/+1
| | | | | | | | | The new verifier API is currently unused as we still operate the verifier in legacy mode. Therefore ctx->xsc is always set and the EXFLAG_PROXY will soon be dropped from the library, so this error on encountering proxy certs is effectively doubly dead code. ok jsing
* Drop support for the ProxyCertInfo extensiontb2023-04-161-3/+2
| | | | | | | | This removes the ProxyCertInfo extension from RFC 3820 from the list of supported extensions. Since it is a critical extension, this means that certificates containing it will no longer be considered valid by default. ok jsing
* Make pcy_int.h pull in x509_local.h it will need it soontb2023-04-161-1/+4
| | | | ok jsing
* Use size_t rather than int.jsing2023-04-152-13/+13
| | | | Also buy a vowel for rsiz.
* Add SHA3 digest length define that was previously missed.jsing2023-04-151-1/+2
|
* Remove sha3() function, which will not be used or exposed.jsing2023-04-152-16/+2
|
* Mark sha3_keccakf() as static and remove prototype from header.jsing2023-04-152-5/+3
|
* Use memset() to zero the context, instead of zeroing manually.jsing2023-04-151-5/+3
|
* Provide SHA3 length related defines.jsing2023-04-151-1/+27
| | | | | These will make EVP integration easier, as well as being used in the SHA3 implementation itself.
* Use the same byte order tests as we do elsewhere in libcrypto.jsing2023-04-151-3/+5
|
* Adjust documentation of X9.31 padding modetb2023-04-151-6/+6
|
* Stop supporting the long-retired X9.31 standardtb2023-04-152-113/+57
| | | | | | | | This isolates the three API functions from the library so they can be easily removed and any attempt to use RSA_X931_PADDING mode will now result in an error. ok jsing
* Prepare rsa.h for X9.31 support removaltb2023-04-151-1/+5
| | | | | | | | | | This wraps the three public functions in the usual #if stanza. RSA_X931_PADDING is unfortunately exposed by rust-openssl and erlang. Therefore it will remain visible to avoid breaking the build of lang/rust. Its use in the library will be neutered shortly. ok jsing
* Remove now unused GF2m perlasm generatorstb2023-04-153-980/+0
|
* Rename SHA3 context struct field from 'st' to 'state'.jsing2023-04-152-15/+15
|
* Rename SHA3 context to align with existing code.jsing2023-04-152-14/+14
|
* Move some defines out of the sha3_internal.h header.jsing2023-04-152-10/+6
|
* Stop building GF2m assemblytb2023-04-153-8/+2
| | | | | | | GF2m support will be removed shortly. In the interim drop some of this unused code already and let it fall back to the C implementation. ok jsing
* Revise header guards.jsing2023-04-151-4/+4
|
* Pull constant tables out of sha3_keccakf().jsing2023-04-151-24/+24
|
* Strip and reformat comments.jsing2023-04-152-44/+14
| | | | | Remove various comments that are unhelpful or obvious. Reformat remaining comments per style(9).
* Apply style(9) (first pass).jsing2023-04-152-146/+152
|
* Import sha3_internal.h.jsing2023-04-151-2/+2
|
* Add license to sha3 files.jsing2023-04-152-0/+50
|
* Import tiny_sha3jsing2023-04-152-0/+238
| | | | | | This is a minimal and readable SHA3 implementation. ok tb@
* Rename the largely misnamed bn_print.c to bn_convert.cjsing2023-04-142-3/+3
| | | | | | | | This file primarily contains the various BN_bn2*() and BN_*2bn() functions (along with BN_print() and BN_options()). More function shuffling will follow. Discussed with tb@
* Provide and use bn_copy_words() in BN_copy().jsing2023-04-141-31/+15
| | | | | | | | This is simpler than the current code, while still being well optimised by compilers, across a range of architectures. In many cases we even get a performance gain for the BN sizes that we primarily care about. Joint work with tb@
* Add support for truncated SHA512 variants.jsing2023-04-142-2/+115
| | | | | | | This adds support for SHA512/224 and SHA512/256, as specified in FIPS FIPS 180-4. These are truncated versions of the SHA512 hash. ok tb@
* Provide soon to be used crypto_store_htobe32().jsing2023-04-141-1/+20
| | | | ok tb@
* Use memset() and only initialise non-zero struct members.jsing2023-04-141-7/+7
| | | | ok tb@
* The NBs have been duly noted and ignored. Drop them.tb2023-04-132-20/+2
|
* Zap trailing whitespacetb2023-04-131-9/+9
|
* Remove files that definitely contain no code anymoretb2023-04-135-354/+0
| | | | (experts disagree whether they ever did)
* Drop now useless files from the Makefiletb2023-04-131-6/+1
|
* Fold ECDSA sign and verify mess into ecs_ossl.ctb2023-04-133-63/+68
| | | | discussed with jsing
* Move RSA_generate_key() from rsa_depr.c to rsa_gen.ctb2023-04-132-34/+35
| | | | Discussed with jsing
* Move DSA_generate_parameters() from dsa_depr.c to dsa_gen.ctb2023-04-132-21/+23
| | | | Discussed with jsing
* Move DH_generate_parameters() from dh_depr.c to dh_gen.ctb2023-04-132-20/+21
| | | | discussed with jsing
* ec_lib.c: fix a few NULL misspellingstb2023-04-131-6/+6
|
* Fix various early return issues spotted by coveritytb2023-04-131-13/+13
| | | | | | | A large mechanical diff led to sloppy review and gave coverity an opportunity to be right for once. First time in a good many weeks. same diff/ok jsing
* remove duplicate linesjsg2023-04-121-3/+2
|
* Remove now unused sha_local.h.jsing2023-04-121-419/+0
|
* Provide and use crypto_ro{l,r}_u{32,64}().jsing2023-04-123-25/+39
| | | | | | | | | | | | | | | Various code in libcrypto needs bitwise rotation - rather than defining different versions across the code base, provide a common set that can be reused. Any sensible compiler optimises these to a single instruction where the architecture supports it, which means we can ditch the inline assembly. On the chance that we need to provide a platform specific versions, this follows the approach used in BN where a MD crypto_arch.h header could be added in the future, which would then provide more specific versions of these functions. ok tb@
* Provide and use crypto_store_htobe64().jsing2023-04-122-23/+43
| | | | | | | | | It is common to need to store data in a specific endianness - rather than handrolling and deduplicating code to do this, provide a crypto_store_htobe64() function that converts from host endian to big endian, before storing the data to a location with unknown alignment. ok tb@
* Handle BN_CTX at the EC API boundary.jsing2023-04-1111-491/+553
| | | | | | | | | | | The EC API allows callers to optionally pass in a BN_CTX, which means that any code needing a BN_CTX has to check if one was provided, allocate one if not, then free it again. Rather than doing this dance throughout the EC code, handle the BN_CTX existance at the EC API boundary. This means that lower level implementation code can simply assume that the BN_CTX is available. ok tb@
* Clean up unused BIGNUM.jsing2023-04-111-4/+1
|
* Document the RETURN VALUES of BIO_method_type(3) and BIO_method_name(3)schwarze2023-04-1113-26/+149
| | | | for the various BIO types.
* Recommit jsing's r1.27 - portable is readytb2023-04-111-23/+4
| | | | | | Use htobe64() instead of testing BYTE_ORDER and then handrolling htobe64(). Thanks to tobhe for providing most of the fix via openiked-portable
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 19:36:54 +0000