|  | Commit message (Collapse) | Author | Files | Lines | 
|---|
|  | This is unused and in the way of some house keeping. Thus it will be
relocated to the attic.
ok jsing | 
|  | With opaque TS_VERIFY_CTX the init function dangerous and useless.
It will be dropped.
ok jsing | 
|  | X509_STORE_get1_{certs,crls}(3) was added to the OpenSSL 1.1 API with the
usual care. At some point later it was noticed that they didn't deal with
an X509_STORE at all, but rather with an X509_STORE_CTX, so were misnamed.
The fact that X509_STORE_CTX and X509_STORE have their roles reversed when
compared to other FOO vs FOO_CTX in this API may or may not be related.
Anyway, the X509_STORE versions will be demoted to compat defines and the
X509_STORE_CTX will be added to match OpenSSL 1.1 API more closely. This
was pointed out by schwarze a long time ago and missed in a few bumps.
Hopefully we'll manage to do it this time around.
ok jsing | 
|  | ok jsing | 
|  | ok jsing | 
|  | ok jsing | 
|  | ok jsing | 
|  | ok jsing | 
|  | ok jsing | 
|  | This removes ProxyCertInfo from extension caching, issuer checking
and it also drops the special path validation for proxy certs from
the legacy verifier.
ok jsing | 
|  | The new verifier API is currently unused as we still operate the verifier
in legacy mode. Therefore ctx->xsc is always set and the EXFLAG_PROXY will
soon be dropped from the library, so this error on encountering proxy certs
is effectively doubly dead code.
ok jsing | 
|  | This removes the ProxyCertInfo extension from RFC 3820 from the list of
supported extensions. Since it is a critical extension, this means that
certificates containing it will no longer be considered valid by default.
ok jsing | 
|  | ok jsing | 
|  |  | 
|  | Also buy a vowel for rsiz. | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | These will make EVP integration easier, as well as being used in the SHA3
implementation itself. | 
|  |  | 
|  |  | 
|  | This isolates the three API functions from the library so they can be
easily removed and any attempt to use RSA_X931_PADDING mode will now
result in an error.
ok jsing | 
|  | This wraps the three public functions in the usual #if stanza.
RSA_X931_PADDING is unfortunately exposed by rust-openssl and erlang.
Therefore it will remain visible to avoid breaking the build of
lang/rust. Its use in the library will be neutered shortly.
ok jsing | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | GF2m support will be removed shortly. In the interim drop some of this
unused code already and let it fall back to the C implementation.
ok jsing | 
|  |  | 
|  |  | 
|  | Remove various comments that are unhelpful or obvious. Reformat remaining
comments per style(9). | 
|  |  | 
|  |  | 
|  |  | 
|  | This is a minimal and readable SHA3 implementation.
ok tb@ | 
|  | Hopefully that is all. What an absolutely horrid mess. | 
|  |  | 
|  | This tests the external API, so it should not have visibility to the
inside. Silences two warnings since EC_{GROUP,POINT}_clear_free() are
now wrapped in #ifndef LIBRESSL_INTERNAL. | 
|  | Nothing really uses the policy tree. It's desgined with built-in DoS
capabilities directly from the RFC. It will be removed from the attack
surface and replaced with something equivalent that doesn't grow
exponentially with the depth.
This removes the only reason the policy tree itself ever leaked out of
the library.
ok jsing | 
|  |  | 
|  | SSL_set_session() should really be called SSL_set1_session()... | 
|  | What a wonderful choice between this and that PRI ugliness... | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | This file primarily contains the various BN_bn2*() and BN_*2bn() functions
(along with BN_print() and BN_options()). More function shuffling will
follow.
Discussed with tb@ | 
|  | This is simpler than the current code, while still being well optimised by
compilers, across a range of architectures. In many cases we even get a
performance gain for the BN sizes that we primarily care about.
Joint work with tb@ | 
|  | This adds support for SHA512/224 and SHA512/256, as specified in FIPS
FIPS 180-4. These are truncated versions of the SHA512 hash.
ok tb@ |