summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove params argument from ec_asn1_group2parameters()tb2024-10-111-13/+8
| | | | | | | Its only caller passes NULL, so we can simplify the entry point and the exit of this function a bit. ok jsing
* Simplify ec_asn1_group2pkparameters()tb2024-10-111-15/+8
| | | | | | | The parameters argument is always NULL, so we can simplify this helper accordingly. ok jsing
* Spell NULL in a simpler fashiontb2024-10-111-3/+5
| | | | | | | | priv_key->parameters is always NULL at this point, since its corresponding entry in the ASN.1 template has ASN1_TFLG_OPTIONAL set, so there is no point in pretending to pass it to ec_asn1_group2pkparameters(). ok jsing
* Clean up i2d_ECPKParameters()tb2024-10-111-10/+13
| | | | | | | | Use better variable names and turn it into single-exit. This changes the behavior slightly in that an error is pushed onto the stack also for i2d_ECPKPARAMETERS() return values < 0. ok jsing
* Remove unused CONF_imodule struct members and accessorstb2024-10-102-69/+2
| | | | ok beck jsing
* Remove the unused field_mod_func from EC_GROUPtb2024-10-031-4/+1
| | | | | | | | This was only used by the NIST method. For all other group methods it's an uninitialized pointer (as EC_GROUP_new() still uses the malloc + set all members to 0 idiom). ok jsing
* Make EC{,PK}PARAMETERS_it statictb2024-10-031-3/+3
| | | | They aren't used outside of this file.
* Fix ASN1_INTEGER_to_BN() misusetb2024-10-031-16/+16
| | | | | | | Same issue/leak as for BN_to_ASN1_INTEGER(). Stop reusing the elliptic curve parameters a and b for order and cofacter. It's confusing. ok jsing
* Switch field_bits to be an inttb2024-10-031-3/+3
| | | | ok jsing
* Fix BN_to_ASN1_INTEGER() misusetb2024-10-031-7/+6
| | | | | | | You can either let this API reuse an existing ASN1_INTEGER or you can let it allocate a new one. If you try to do both at the same time, you'll leak. ok jsing
* Provide OPENSSL_INIT_NO_ATEXIT nooptb2024-10-031-1/+2
| | | | | | | | | | | The brilliant idea of installing a fragile non-idempotent cleanup atexit handler as a library has bitten many people over time. This gets particularly exciting when you can't control who dlopens the lib first (don't we all love Python bindings) or if you are in a threaded context. Fake OpenSSL clones chose not to do this but now get to carry a noop flag since people start opting out of this madness (there's a good old tradition at work here). ok beck joshua jsing millert miod
* X509V3_EXT_get_nid.3: indicate what nid meanstb2024-10-031-3/+3
|
* Reorder functions.jsing2024-10-021-297/+286
| | | | | Reorder functions so that things are somewhat more logical, moving internal functions towards the top (and removing now unnecessary prototypes).
* Remove err_fns and associated machinery.jsing2024-10-021-142/+65
| | | | | | | | | | | | Like all good OpenSSL code, errors was built to be completely extensible. Thankfully, the ERR_{get,set}_implementation() functions were removed in r1.127 of err.c, which means that the extensibility can no longer be used. Take the first of many steps to clean up this code - remove err_fns and associated machinery, calling functions directly. Rename so that we have an 'err_' prefix rather than 'int_' (or nothing). ok joshua@ tb@
* Reenable AES-NI in libcryptotb2024-09-064-10/+29
| | | | | | | | | | | | | | | | | | | The OPENSSL_cpu_caps() change after the last bump missed a crucial bit: there is more MD mess in the MI code than anticipated, with the result that AES is now used without AES-NI on amd64 and i386, hurting machines that previously greatly benefitted from it. Temporarily add an internal crypto_cpu_caps_ia32() API that returns the OPENSSL_ia32cap_P or 0 like OPENSSL_cpu_caps() previously did. This can be improved after the release. Regression reported and fix tested by Mark Patruck. No impact on public ABI or API. with/ok jsing PS: Next time my pkg_add feels very slow, I should perhaps not mechanically blame IEEE 802.11...
* Adjust documentation to work without X509_LOOKUP_by_subject()tb2024-09-061-52/+5
| | | | | X509_LOOKUP_by_subject() was made internal a while back. Its documentation was very detailed, so this was a bit of a tangle to undo.
* Remove X509_check_trust documentationtb2024-09-027-226/+11
|
* The X509at_* manuals are no longer neededtb2024-09-024-299/+4
|
* Also remove .Xr to X509at_*tb2024-09-021-4/+2
|
* Excise X509at_* from X509_REQ_* documentationtb2024-09-021-22/+10
|
* Rename lastpos to start_after to match other, similar manualstb2024-09-021-13/+13
|
* More X509at_* removaltb2024-09-021-8/+4
|
* Remove mention of the no longer public X509at_* functionstb2024-09-021-23/+12
|
* Adjust function signatures for const X509_LOOKUP_METHODtb2024-09-022-8/+8
|
* Rewrite X509V3_add_value() to a single exit idiomtb2024-08-311-19/+32
| | | | ok jsing
* Remove redundant COPYRIGHT file.jsing2024-08-311-50/+0
| | | | | | This is already included at the top of each file in this directory. Prompted by tb@
* Make fcrypt_body() static and remove prototype.jsing2024-08-312-6/+3
|
* Unifdef DES_PTR, DES_RISC1 and DES_RISC2.jsing2024-08-313-162/+3
| | | | | | | These are all go fast knobs that convolute the code and can be dangerous. Lets presume that we have a modern and somewhat capable C compiler instead. ok tb@
* Unifdef OPENBSD_DES_ASM.jsing2024-08-312-10/+2
| | | | | | There are no assembly implementations now. ok tb@
* Inline and remove spr.h.jsing2024-08-312-211/+149
| | | | | | This is only included once in des_enc.c - inline the tables instead. Prompted by tb@
* Combine DES code into a smaller set of files.jsing2024-08-3119-1967/+1185
| | | | Discussed with tb@
* Merge fcrypt_b.c into fcrypt.c.jsing2024-08-313-148/+136
| | | | | | | There is no need for these to be separate (presumably done due to assembly implementations, even though there are #ifdef as well). Discussed with tb@
* Remove now unused ncbc_enc.c.jsing2024-08-311-160/+0
|
* Expand DES_ncbc_encrypt() in des_enc.c.jsing2024-08-311-3/+80
| | | | | | | Copy ncbc_enc.c where it was previously #included, then clean up with `unifdef -m -UCBC_ENC_C__DONT_UPDATE_IV`. Discussed with tb@
* Expand DES_cbc_encrypt() in cbc_enc.c.jsing2024-08-311-3/+73
| | | | | | | Copy ncbc_enc.c where it was previously #included, then clean up with `unifdef -m -DCBC_ENC_C__DONT_UPDATE_IV`. Discussed with tb@
* Make OPENSSL_cpu_caps() machine independent.jsing2024-08-312-18/+23
| | | | | | | | | | | OPENSSL_cpu_caps() is currently machine dependent and exposes CPUID data on amd64 and i386. However, what it is really used for is to indicate whether specific algorithms are accelerated on the given hardware. Change OPENSSL_cpu_caps() so that it returns a machine indepent value, which decouples it from amd64/i386 and will allow it to be used appropriately on other platforms in the future. ok tb@
* major bump for libcrypto libssl and libtlstb2024-08-311-1/+1
|
* Bump LIBRESSL_VERSION_NUMBERtb2024-08-311-3/+3
|
* Expose X509_get_signature_infotb2024-08-312-3/+2
| | | | | | | | To compensate for all the removals, a single, small, constructive piece of this bump: expose X509_get_signature_info() so that libssl's security level API can handle RSA-PSS certificates correctly. ok beck jsing
* Make X509at_* API internaltb2024-08-315-75/+19
| | | | | | | | The only consumer, yara, has been adjusted. It will be some more work to remove this idiocy internally, but at least we will no longer have to care about external consumers. ok beck jsing
* Unexport OPENSSL_cpuid_setup and OPENSSL_ia32cap_Ptb2024-08-314-8/+1
| | | | | | | | | This allows us in particular to get rid of the MD Symbols.list which were needed on amd64 and i386 for llvm 16 a while back. OPENSSL_ia32cap_P was never properly exported since the symbols were marked .hidden in the asm. ok beck jsing
* Zap HMAC_Inittb2024-08-314-16/+3
| | | | | | Long deprecated, last users have been fixed. ok beck jsing
* Nuke the whrlpool (named after the galaxy) from orbittb2024-08-3110-1018/+6
| | | | | | | It's just gross. Only used by a popular disk encryption utility on an all-too-popular OS one or two decades back. ok beck jsing
* Remove DES_enc_{read,write} and DES_rw_modetb2024-08-315-101/+3
| | | | | | | Unfortunately we'll probably never be able to get rid of DES entirely. One part of it that is old enough to be a grandparent can go, though. ok beck jsing
* Garbage collec UI_UTIL remnantstb2024-08-315-89/+3
| | | | ok beck jsing
* Remove EVP_PKEY.*attr* APItb2024-08-314-119/+3
| | | | | | I ranted enough about this recently. PKCS#12. Microsoft. 'nuff said. ok beck jsing
* Move BIT_STRING_BITNAME tables to consttb2024-08-312-6/+6
| | | | | | | | | Another bunch of const correctness fixes for global tables. These are used to map ns cert types, key usage types and CRL reasons to strings and vice versa. By the looks of it, nobody ever figured out how to use this (need I mention that it's convoluted?). ok beck jsing
* const correct X509_LOOKUP_METHODtb2024-08-316-19/+19
| | | | | | | With this another family of global tables becomes const as it should always have been. ok beck jsing
* Remove X509_REQ_{set,get}_extension_nids()tb2024-08-314-28/+3
| | | | | | | | LibreSSL no longer supports non-standard OIDs for use in the extensions attribute of CSRs. The API that enabled that (and nobody used of course) can now go. ok beck jsing
* Make X509_VAL opaquetb2024-08-313-7/+11
| | | | | | | Nothing needs to reach into this structure, which is part of certificates. So hide its innards. ok beck jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 20:52:08 +0000