summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Mark public bn_nist and ec_nist API for removaltb2023-04-162-2/+6
| | | | | | | | | | | | | The faster nist code is rife with problematic C. While this is generally considered to be a pleonasm nowadays, here it specifically refers to aliasing issues and other flavors of undefined behavior. With compilers and standardization committees becoming seemingly more determined about making C even more unusable than it already is, this code has resulted in miscompilations and generally is a target rich environment for fuzzers to feast on. We're better off without it. Go look while it's still there. It's some of the very worst we have to offer. ok jsing
* Mark EC_KEY_{get,insert}_method_data() for removaltb2023-04-161-1/+5
| | | | | | | This is unused and in the way of some house keeping. Thus it will be relocated to the attic. ok jsing
* Mark TS_VERIFY_CTX_init() for removaltb2023-04-161-1/+3
| | | | | | | With opaque TS_VERIFY_CTX the init function dangerous and useless. It will be dropped. ok jsing
* Prepare addition of X509_STORE_CTX_get1_{certs,crls}(3)tb2023-04-162-2/+27
| | | | | | | | | | | | | | | X509_STORE_get1_{certs,crls}(3) was added to the OpenSSL 1.1 API with the usual care. At some point later it was noticed that they didn't deal with an X509_STORE at all, but rather with an X509_STORE_CTX, so were misnamed. The fact that X509_STORE_CTX and X509_STORE have their roles reversed when compared to other FOO vs FOO_CTX in this API may or may not be related. Anyway, the X509_STORE versions will be demoted to compat defines and the X509_STORE_CTX will be added to match OpenSSL 1.1 API more closely. This was pointed out by schwarze a long time ago and missed in a few bumps. Hopefully we'll manage to do it this time around. ok jsing
* Mark remaining policy tree public API for removaltb2023-04-162-3/+19
| | | | ok jsing
* Annotate policy tree STACK_OF() goo for removal from public APItb2023-04-161-1/+4
| | | | ok jsing
* The policy tree types become internal ony. Annotate them.tb2023-04-161-1/+7
| | | | ok jsing
* Cipher text stealing will go away. Mark it for removal.tb2023-04-161-1/+3
| | | | ok jsing
* Mark proxy policy API for removal in upcoming bumptb2023-04-161-1/+5
| | | | ok jsing
* Remove the now unused ex_pcpathlen from the X509 structtb2023-04-161-2/+1
| | | | ok jsing
* More ProxyCertInfo tentacles go to the attictb2023-04-162-65/+6
| | | | | | | | This removes ProxyCertInfo from extension caching, issuer checking and it also drops the special path validation for proxy certs from the legacy verifier. ok jsing
* Remove some dead code from the new verifiertb2023-04-161-7/+1
| | | | | | | | | The new verifier API is currently unused as we still operate the verifier in legacy mode. Therefore ctx->xsc is always set and the EXFLAG_PROXY will soon be dropped from the library, so this error on encountering proxy certs is effectively doubly dead code. ok jsing
* Drop support for the ProxyCertInfo extensiontb2023-04-161-3/+2
| | | | | | | | This removes the ProxyCertInfo extension from RFC 3820 from the list of supported extensions. Since it is a critical extension, this means that certificates containing it will no longer be considered valid by default. ok jsing
* Make pcy_int.h pull in x509_local.h it will need it soontb2023-04-161-1/+4
| | | | ok jsing
* Use size_t rather than int.jsing2023-04-152-13/+13
| | | | Also buy a vowel for rsiz.
* Add SHA3 digest length define that was previously missed.jsing2023-04-151-1/+2
|
* Remove sha3() function, which will not be used or exposed.jsing2023-04-152-16/+2
|
* Mark sha3_keccakf() as static and remove prototype from header.jsing2023-04-152-5/+3
|
* Use memset() to zero the context, instead of zeroing manually.jsing2023-04-151-5/+3
|
* Provide SHA3 length related defines.jsing2023-04-151-1/+27
| | | | | These will make EVP integration easier, as well as being used in the SHA3 implementation itself.
* Use the same byte order tests as we do elsewhere in libcrypto.jsing2023-04-151-3/+5
|
* Adjust documentation of X9.31 padding modetb2023-04-151-6/+6
|
* Stop supporting the long-retired X9.31 standardtb2023-04-152-113/+57
| | | | | | | | This isolates the three API functions from the library so they can be easily removed and any attempt to use RSA_X931_PADDING mode will now result in an error. ok jsing
* Prepare rsa.h for X9.31 support removaltb2023-04-151-1/+5
| | | | | | | | | | This wraps the three public functions in the usual #if stanza. RSA_X931_PADDING is unfortunately exposed by rust-openssl and erlang. Therefore it will remain visible to avoid breaking the build of lang/rust. Its use in the library will be neutered shortly. ok jsing
* Remove now unused GF2m perlasm generatorstb2023-04-153-980/+0
|
* Rename SHA3 context struct field from 'st' to 'state'.jsing2023-04-152-15/+15
|
* Rename SHA3 context to align with existing code.jsing2023-04-152-14/+14
|
* Move some defines out of the sha3_internal.h header.jsing2023-04-152-10/+6
|
* Stop building GF2m assemblytb2023-04-153-8/+2
| | | | | | | GF2m support will be removed shortly. In the interim drop some of this unused code already and let it fall back to the C implementation. ok jsing
* Revise header guards.jsing2023-04-151-4/+4
|
* Pull constant tables out of sha3_keccakf().jsing2023-04-151-24/+24
|
* Strip and reformat comments.jsing2023-04-152-44/+14
| | | | | Remove various comments that are unhelpful or obvious. Reformat remaining comments per style(9).
* Apply style(9) (first pass).jsing2023-04-152-146/+152
|
* Import sha3_internal.h.jsing2023-04-151-2/+2
|
* Add license to sha3 files.jsing2023-04-152-0/+50
|
* Import tiny_sha3jsing2023-04-152-0/+238
| | | | | | This is a minimal and readable SHA3 implementation. ok tb@
* Rename the largely misnamed bn_print.c to bn_convert.cjsing2023-04-142-3/+3
| | | | | | | | This file primarily contains the various BN_bn2*() and BN_*2bn() functions (along with BN_print() and BN_options()). More function shuffling will follow. Discussed with tb@
* Provide and use bn_copy_words() in BN_copy().jsing2023-04-141-31/+15
| | | | | | | | This is simpler than the current code, while still being well optimised by compilers, across a range of architectures. In many cases we even get a performance gain for the BN sizes that we primarily care about. Joint work with tb@
* Add support for truncated SHA512 variants.jsing2023-04-142-2/+115
| | | | | | | This adds support for SHA512/224 and SHA512/256, as specified in FIPS FIPS 180-4. These are truncated versions of the SHA512 hash. ok tb@
* Provide soon to be used crypto_store_htobe32().jsing2023-04-141-1/+20
| | | | ok tb@
* Use memset() and only initialise non-zero struct members.jsing2023-04-141-7/+7
| | | | ok tb@
* The NBs have been duly noted and ignored. Drop them.tb2023-04-132-20/+2
|
* Zap trailing whitespacetb2023-04-131-9/+9
|
* Remove files that definitely contain no code anymoretb2023-04-135-354/+0
| | | | (experts disagree whether they ever did)
* Drop now useless files from the Makefiletb2023-04-131-6/+1
|
* Fold ECDSA sign and verify mess into ecs_ossl.ctb2023-04-133-63/+68
| | | | discussed with jsing
* Move RSA_generate_key() from rsa_depr.c to rsa_gen.ctb2023-04-132-34/+35
| | | | Discussed with jsing
* Move DSA_generate_parameters() from dsa_depr.c to dsa_gen.ctb2023-04-132-21/+23
| | | | Discussed with jsing
* Move DH_generate_parameters() from dh_depr.c to dh_gen.ctb2023-04-132-20/+21
| | | | discussed with jsing
* ec_lib.c: fix a few NULL misspellingstb2023-04-131-6/+6
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 19:31:05 +0000