| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Whether an X509_LOOKUP with given method already exists or not, this API
returns an internal pointer that must not be freed.
|
|
ok deraadt@ jmc@
|
|
|
|
|
|
|
|
|
|
|
|
Move the description of the EVP_MD_FLAGs to EVP_MD_nid() and add a
reference to the CMS specification.
|
|
|
|
|
|
|
|
|
|
CRYPTO_THREADID_{cpm,cpy,current,hash}() are no longer public, so remove
their documentation.
|
|
This manual is ordered a bit strangely in that some functions are
only documented in RETURN VALUES.
|
|
|
|
ok millert miod
|
|
|
|
|
|
|
|
same bump as libcrypto and libssl
|
|
same bump as libcrypto; symbol removal and addition
|
|
The garbage truck is quite full by now. Collect the last symbol
straggler for this bump.
ok jsing
|
|
And here goes another weird-ass thing of dubious pedigree.
ok jsing
|
|
And here goes a bunch of unused macros that just had to be in two
headers so they could get out of sync. Three of these constants
are used in a single function...
ok jsing
|
|
While this undocumented API would have been much nicer and saner than
SSL_CIPHER_find(), nothing used this except for the exporter test.
Let's get rid of it again. libssl uses ssl3_get_cipher_by_{id,value}()
directly.
ok jsing
|
|
Also move the prototypes to the correct header.
Oversight reported by Frank Lichtenheld, thanks!
Fixes https://github.com/libressl/openbsd/issues/147
ok jsing
|
|
There were symbol addition, removal, function signature changes and
struct visibility changes.
|
|
Requested by jsing
|
|
When tedu tedued OPENSSL_isservice(), tedus chainsaw missed crypto.h.
Finish the teduing of the hack for Visual C++ 5.0 (!), which is still
present in the latest and greatest OpenSSL.
ok jsing
|
|
With ERR_STATE out of the way, we can make CRYPTO_THREADID opaque.
The type is still accessed by used public API, but some of the public
API can also go away.
ok jsing
|
|
Importantly, the size in malloc is now a size_t instead of an int. The API
now also takes a file and line to match upstream's signature.
ok jsing
|
|
Long time neutered, only used (pointlessly without error checking) in the
error code until very recently.
ok jsing
|
|
This was neutered early on in the fork and has been rotting ever since.
Some parts of the API are still used, but it's easier to clean up when
most of the mess is gone.
ok jsing
|
|
This syncs the list with some version of upstream and exposes a few
OPENSSL_NO_* that may now be relevant.
from jsing (a long time ago)
|
|
ok jsing
|
|
This API intends to find the closest match to the needle. M2Crypto
exposes it because it can. This will be fixed by patching the port.
ok jsing
|
|
This stops compiling the GOST source. The current implementation is low
quality and got in the way, especially in libssl. While we would be open
for GOST support, it needs to be significantly better than what we have
had and it also needs a maintainer.
Add OPENSSL_NO_GOST to opensslfeatures and stop installing gost.h.
Some code wrapped in #ifndef OPENSSL_NO_GOST will be removed later.
ok jsing
|
|
This removes internals of these two special snowflakes and will allow
further simplifications. Unfortunately, there are some pieces of
software that actually use LHASH_OF() (looking at you, pound, Ruby, and
openssl(1)), so we get to keep exposing this garbage, at least for now.
Expose lh_error() as a symbol to replace a macro reaching into _LHASH.
lh_down_load() is no longer available. _LHASH and _STACK are now opaque,
LHASH_NODE becomes internal-only.
from jsing
|
|
This could have been removed in an earlier bump. Now it's time for it to
say goodbye.
ok jsing
|
|
I would keep repeating myself... In the bit bucket you go.
ok jsing
|
|
Yet another bit of extensibility that no one ever really used.
X509_LOOKUP_free() needs to stay because of ... rust-openssl
(and kdelibs4support).
ok jsing
|
|
Safer replacement API for the unsafe X509_STORE_get0_objects().
ok jsing
|
|
Another struct/API that should never have leaked out of the library.
ok jsing
|
|
With API and other users internal, this struct can now go.
ok jsing
|
|
Unused since the extensibility was neutered.
ok jsing
|
|
Another thing that should never have leaked out of the library. It
will become internal entirely, where the code can be simplified greatly.
ok jsing
|
|
Unfortunately, PHP and rust-openssl still need this API. At least we
can make the table read-only now since we disabled its extensibility.
ok jsing
|
|
Code using details of X509_PURPOSE does so by using API. So we can make
this struct opaque.
ok jsing
|
|
Most of this is the ability to add custom purposes. Also the astounding
X509_STORE_CTX_purpose_inherit(). The names are used by PHP, and M2Crypto
exposes X509_check_purpose(), so these remain public. Some weird, most
likely invalid, uses also remain in rust-openssl.
ok jsing
|
|
You used to be able to define your own X.509 extension handlers. Great.
Even greater: the verifier would ignore any custom extensions. So this
was only ever useful for serialization and deserialization. In other
words, almost entirely pointless. The API was also unused except for
a hack in kore-acme, which was fixed recently.
ok jsing
|
