summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* pkey_ec_derive: fix call to ECDH_compute_key()tb3 days1-2/+2
| | | | The last argument is a pointer to the KDF, so use NULL, not 0.
* Simplify field and private key encodingtb3 days1-13/+3
| | | | | | | | Reach into the group (p and order are always available) and use BN_num_bytes() rather than using clumsy and badly named API. It's shorter and more readable. ok jsing
* Provide an accelerated SHA-512 assembly implementation for aarch64.jsing3 days4-2/+353
| | | | | | | | | | This provides a SHA-512 assembly implementation that makes use of the ARM Cryptographic Extension (CE), which is found on many arm64 CPUs. This gives a performance gain of up to 2.5x on an Apple M2 (dependent on block size). If an aarch64 machine does not have SHA512 support, then we'll fall back to using the existing C implementation. ok kettenis@ tb@
* Use .arch rather than .cpu for sha2 instructions.jsing4 days1-2/+2
| | | | | | | We have code that targets a specific architecture level, hence .arch makes more sense here than .cpu. Suggested by kettenis@
* Streamline X509_VERIFY_PARAM_add0_table()tb4 days1-17/+12
| | | | | | | Unindent, use correct type for idx (int rather than size_t) and make this mess a bit more pleasant on the eyes. ok jsing
* x509_vpm: remove unnecessary NULL check before sk_pop_free()tb4 days1-4/+2
| | | | ok jsing
* ec.h: remove last SunPro pragmastb6 days1-13/+1
| | | | | | | With the removal of the EC_POINTs_* API, this header features no arrays anymore, so this noise can go away. ok miod
* Disambiguate curve commentstb6 days1-21/+21
| | | | | | | | There are three "X9.62 curve over a 239 bit prime field" and the Brainpool curves are a pair for each field size thanks to their characteristic twist. Just include the curve name for each of the curves. discussed with jsing
* X509_NAME_print_ex: zap stray commatb6 days1-2/+2
|
* Bump libcrypto major after symbol removaltb6 days1-1/+1
|
* Bump LibreSSL versiontb6 days1-3/+3
| | | | ok jsing
* Reinstate PKCS12_key_gen_uni()tb6 days5-7/+10
| | | | | | | Unfortunately, this is used in acsm-calibre-plugin, via oscrypto. Fixes https://github.com/Leseratte10/acsm-calibre-plugin/issues/112 ok jsing
* Remove EC_POINTs_* APItb6 days4-34/+3
| | | | | | | | | | And another one... Completely overengineered for the sake of academic credentials and only Ruby ever picked this garbage up. Fortunately, it's no longer used with LibreSSL since we defanged this in 2018. The latest version of ruby/openssl has completely removed this as part of their post 1.0.x cleanup. ok jsing
* Remove Jprojective_coordinates APItb6 days4-29/+3
| | | | | | | There goes another implementation detail that should never have been leaked out of the library. ok jsing
* Unexport EC_GROUP_*precompute_mult()tb6 days4-25/+3
| | | | | | | These have been noops for a while and as usual some Perl module was the only thing "using" it. ok jsing
* Unexport EC_GROUP_copy()tb6 days4-8/+4
| | | | | | Without EC_GROUP_new(), this API is useless. There's EC_GROUP_dup(). ok jsing
* Unexport EC_METHOD and all API using ittb6 days6-56/+10
| | | | | | | | | | | | This is an implementation detail and there is no reason to leak it from the library. This removes EC_GFp_{mont,simple}_method(), EC_GROUP_{method_of,new}(), EC_METHOD_get_field_type(), EC_POINT_method_of() from the public API. EC_GROUP_copy() is now quite useless, so it will go as well. ok jsing
* Align CRYPTO_set_mem*_functions with OpenSSL 1.1tb6 days4-20/+9
| | | | | | | | | | | | | | CRYPTO_set_mem_ex_functions() was renamed to CRYPTO_set_mem_functions(), replacing the latter while also correcting the arguments for the free pointer. The backstory is that a commit that was never compiled was fixed the wrong way an hour later (both committed without review, obviously), and here we are, still cleaning up the mess 23 years later. We carry patches in cjose and stunnel for this; dovecot and links+ have autoconf checks and will adapt. Oh, and then there's the mariadb configure time insanity passing wrong function pointers... ok jsing
* const correct UI_OpenSSL()tb6 days2-5/+5
| | | | ok jsing
* Fix documented signature of UI_OpenSSL()tb6 days1-3/+3
|
* Fix documented signature of BN_MONT_CTX_copy()tb6 days1-3/+3
|
* const correct BN_MONT_CTX_copy()tb6 days2-4/+4
| | | | ok jsing
* Unexport the weird X509_OBJECT_up_ref_count()tb6 days4-8/+6
| | | | | | | | It's only used in x509_lu.c, so move it there. X509_OBJECT is not itself refcounted. This API bumps the refcount of its cert or CRL member. This isn't really useful outside of the library. ok jsing
* Unexport X509_NAME_print()tb6 days4-8/+4
| | | | | | | | | | Nothing uses this anymore. M2Crypto has been patched and a fix for opensc has been upstreamed. ok jsing This is the start of a major bump. Don't build the tree until I have synced sets in about 20 commits.
* Support OPENSSL_NO_FILENAMEStb6 days15-83/+213
| | | | | | | | | | Some people are concerned that leaking a user name is a privacy issue. Allow disabling the __FILE__ and __LINE__ argument in the error stack to avoid this. This can be improved a bit in tree. From Viktor Szakats in https://github.com/libressl/portable/issues/761 ok bcook jsing
* X509_NAME_print_ex.3: move s to the proper placetb6 days1-2/+2
|
* Remove mention of X509_NAME_print(3) in the docstb7 days3-46/+13
|
* Adjust signature of CRYPTO_set_mem_functions and remove _get_ docstb7 days1-23/+5
|
* Rename CRYPTO_get_mem_functions.3 to CRYPTO_set_mem_functions.3tb7 days2-4/+4
|
* Remove EC_POINT_method_of() docstb7 days1-19/+1
|
* Remove X509_OBJECT_free_contets() docstb7 days1-20/+3
|
* Remove X509_OBJECT_up_ref_count() documentationtb7 days1-23/+2
|
* Remove EC_PIONT_{get,set}_Jprojective_coordinates_GFp docstb7 days1-53/+1
|
* Remove EC_POINTs_{make_affine,mul}() docstb7 days1-67/+2
|
* Remove EC_GROUP_{,have_}precompute_mult() docstb7 days1-31/+4
|
* Remove EC_GROUP_method_of() docstb7 days1-20/+1
|
* Remove EC_GFp_* and EC_METHOD_get_field_type docstb7 days7-156/+12
|
* Inline _CONF_get_section_values() in its last caller and remove ittb8 days3-19/+9
| | | | | | NCONF_get_section() isn't any clearer by using this indirection. ok jsing
* Provide an accelerated SHA-256 assembly implementation for aarch64.jsing8 days4-2/+232
| | | | | | | | | | This provides a SHA-256 assembly implementation that makes use of the ARM Cryptographic Extension (CE), which is found on many arm64 CPUs. This gives a performance gain of up to 7.5x on an Apple M2 (dependent on block size). If an aarch64 machine does not have SHA2 support, then we'll fall back to using the existing C implementation. ok kettenis@ tb@
* _CONF_new_section: error check hash insertiontb9 days1-1/+5
| | | | | | | Don't leak v if its insertion into the hash failed and properly free it instead. ok jsing
* _CONF_new_section(): avoid silly ok dancetb9 days1-11/+8
| | | | ok jsing
* _CONF_new_section(): replace hand-rolled strdup() with the real thingtb9 days1-5/+3
| | | | ok jsing
* _CONF_new_section(): malloc() -> calloc()tb9 days1-4/+2
| | | | ok jsing
* asn1_multi: remove a pointless casttb10 days1-2/+2
| | | | | There's no need to cast away const from a const char * if you're going to pass it to a const char * argument of a function.
* Rename X509V3_get_section() to X509V3_get0_section()tb10 days6-15/+15
| | | | | | | | This makes it clear for those fluent in OpenSSL API gibberish that nothing needs to be freed here. This is because it returns something hanging off a hash entry owned by cnf. ok jsing
* Garbage collect X509V3_section_free()tb10 days6-25/+8
| | | | | | | | Historically, X509V3_section_free() could be customized by the conf db method to release memory allocated by X509V3_get_section(). This is no longer supported, so it is always a noop and can be removed. ok jsing
* unifdef OPENSSL_NO_CHAIN_VERIFYtb12 days1-6/+3
| | | | ok jsing
* Zap trailing whitespace in dsa.htb2025-03-011-7/+7
|
* Remove offensive whitespace from x509.htb2025-03-011-27/+27
|
* conf.h: remove outdated commenttb2025-03-011-4/+1
| | | | | Despite the claim in this comment, the "new" conf code did replace the "old" conf code (which no longer exists in the public API).