remove prototypes with no matching function
feedback and ok tb@

Make BN_BLINDING internal

RSA is pretty bad. In my most optimistic moments I dream of a world that
stopped using it. That won't happen during my lifetime, unfortunately.
Blinding is one way of making it a little less leaky. Unfortunately this
side-channel leak mitigation leaked out of the library for no good reason.
Let's at least fix that aspect of it.

ok jsing

Salt shares the blame of the continued existence of the X9.31 padding mode

Remove X9.31 support

ok jsing

Bring includes into canonical order

Requested by jsing

Move some includes out of OPENSSL_NO_DEPRECATED

Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes
that eventually the mess of everything includes everything will magically
resolve itself. Of course everyone would end up building openssl with
OPENSSL_NO_DEPRECATED over time... Right.

Surprisingly, the ecosystem has come to rely on these implicit inclusions,
so about two dozen ports would fail to build because of this. Patching this
would be easy but really not worth the effort.

ok jsing

Prepare rsa.h for X9.31 support removal

This wraps the three public functions in the usual #if stanza.

RSA_X931_PADDING is unfortunately exposed by rust-openssl and erlang.
Therefore it will remain visible to avoid breaking the build of
lang/rust. Its use in the library will be neutered shortly.

ok jsing

Move a few functions out of OPENSSL_NO_DEPRECATED

Geoff Thorpe added OPENSSL_NO_DEPRECATED nearly two decades ago. The hope
was that at some point some functions can be dropped. Most of the functions
marked deprecated are actually unused nowadays but unfortunately some of
them are still used in the ecosystem. Move them out of OPENSSL_NO_DEPRECATED
so we can define it without breaking the consumers in the next bump.

ERR_remove_state() is still used by a dozen or so ports. This isn't a big
deal since it is just a stupid wrapper for the not quite as deprecated
ERR_remove_thread_state(). It's not worth patching these ports.

Annoyingly, {DH,DSA}_generate_parameters() and RSA_generate_key() are still
used. They "make use" of the old-style BN_GENCB callback, which is therefore
more difficult to remove - in case you don't know know: that's the thing
responsible for printing pretty '.', '+' and '*' when you generate keys.

Most annoyingly, DH_generate_parameters() was added to rust-openssl in 2020
for "advanced DH support". This is very unfortunate since cargo bundles a
rust-openssl and updates it only every few years or so. As a consequence
we're going to be stuck with this nonsense for a good while.

ok beck jsing

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Expose new API in headers.

These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.

ok jsing

Prepare to provide RSA_security_bits()

ok beck jsing

Make RSA, RSA_PSS_PARAMS and RSA_METHOD opaque

Move the struct internals to rsa_locl.h and provide a missing
typedef in ossl_typ.h.

ok inoguchi jsing

Remove obsolete key formats

This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET,
Netscape_RSA things. Some of the nasty tentacles that could go in
principle are used in some test suites, so we need to keep them...

All this was removed as part of OpenSSL commit 0bc2f365.

ok inoguchi jsing

Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_API

This marks the start of major surgery in libcrypto. Do not attempt to
build the tree for a while (~50 commits).

Prepare to provide a number of RSA accessors

This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will
be exposed in the upcoming bump.

ok inoguchi jsing

Reshuffle RSA_PSS_PARAMS and RSA_OAEP_PARAMS to avoid duplicate typedef.

Issue spotted by bcook@

ok bcook@ inoguchi@

Provide RSA_PKCS1_OpenSSL().

Prompted by inoguchi@

Make RSA_padding_{add,check}_PKCS1_OAEP_mgf1() public.

Make RSA_OAEP_PARAMs public.

Add RSA CMS support.

From OpenSSL 1.1.1d.

ok tb@

Update RSA ASN.1 code to handle RSA-PSS.

From OpenSSL 1.1.1d.

ok tb@

Add support for RSA-PSS.

From OpenSSL 1.1.1d.

ok inoguchi@

Update RSA OAEP code.

This syncs the RSA OAEP code with OpenSSL 1.1.1d, correctly handling OAEP
padding and providing various OAEP related controls.

ok inoguchi@ tb@

Add RSA_PSS_PARAMS pointer to RSA struct.

This will be used by upcoming RSA-PSS code.

ok tb@

Add maskHash field to RSA_PSS_PARAMS.

This will be soon used as an optimisation and reduces the differences
between OpenSSL.

ok tb@

Provide RSA_pkey_ctx_ctrl().

This is a wrapper around EVP_PKEY_CTX_ctrl() which requires the key to be
either RSA or RSA-PSS.

From OpenSSL 1.1.1d.

ok tb@

provide getters and setters for the RSA_METHOD interface

ok tb@, jsing@, sthen@

Add some accessor functions:

RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv()

feedback and ok jsing@ tb@

Provide RSA_meth_{dup,free,new,set_{finish,priv_{dec,enc}}}()

Note that these functions return NULL in out-of-memory situations,
but contrary to OpenSSL's versions they do not set an error.

ok jsing

Provide RSA_{clear,set,test}_flasg()

ok jsing

Provide RSA_{g,s}et0_crt_params()

ok jsing

Use usual order of RSA_{g,s}et0_key().

ok jsing

Provide RSA_{g,s}et0_factors()

ok jsing

Provide RSA_bits()

ok jsing

Provide further parts of the OpenSSL 1.1 API: {DH,DSA}_get0_{key,pqg}(),
EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key().

ok jsing

Bring back the RSA_SSLV23_PADDING define.

Several pieces of software expect this to be available unconditionally.

Remove RSA_padding_add_SSLv23()/RSA_padding_check_SSLv23() and related
code. We removed SSLv2/SSLv3 a long time ago...

Discussed with doug@

Expand DECLARE_ASN1_.*FUNCTIONS macros.

No change in preprocessed output, ignoring whitespace and line numbers.

Remove flags for disabling constant-time operations.

This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME,
and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally
constant-time.

Based on the original patch by C��sar Pereid. ok beck@

Check for allocation error in RSA_eay_mod_exp(). Coverity CID 25217.
ok jsing@

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

Tweak some comments. We do not really need to know that "New!" flags were
added 10+ years ago (they're kinda somewhat stale by now...)

Remove RSA_FLAG_NO_EXP_CONSTTIME, which was deprecated 12+ years ago.

sthen@ confirmed that no ports are referencing it.

ok miod@.

Make comments readable.

KNF.

Remove RSA_memory_lock(). This undocumented function sort-of serializes your
RSA components to memory and clears them, but there is no unserializing
function, so its usefulness is close to zero.

A grep through the ports tree sources show that it is only present in ports
embedding their own openssl copy, and never used otherwise.

ok jsing@

tags as requested by miod and tedu

Everything sane has stdio, and FILE *. we don't need ifdefs for this.
ok to firebomb from tedu@

Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

update to openssl-0.9.8i; tested by several, especially krw@

resolve conflicts

openssl security fixes, diff from markus@, ok & "commit it" djm@
http://www.openssl.org/news/secadv_20060928.txt for more

branches: 1.10.2;
resolve conflicts

branches: 1.9.2; 1.9.4;
resolve conflicts

merge 0.9.7c; minor bugsfixes;
API addition: ERR_release_err_state_table
[make includes before you build libssl/libcrypto]

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

merge openssl-0.9.7-beta3, tested on vax by miod@

OpenSSL 0.9.7 stable 2002 05 08 merge

openssl-engine-0.9.6 merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Make BN_BLINDING internal

RSA is pretty bad. In my most optimistic moments I dream of a world that
stopped using it. That won't happen during my lifetime, unfortunately.
Blinding is one way of making it a little less leaky. Unfortunately this
side-channel leak mitigation leaked out of the library for no good reason.
Let's at least fix that aspect of it.

ok jsing

Salt shares the blame of the continued existence of the X9.31 padding mode

Remove X9.31 support

ok jsing

Bring includes into canonical order

Requested by jsing

Move some includes out of OPENSSL_NO_DEPRECATED

Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes
that eventually the mess of everything includes everything will magically
resolve itself. Of course everyone would end up building openssl with
OPENSSL_NO_DEPRECATED over time... Right.

Surprisingly, the ecosystem has come to rely on these implicit inclusions,
so about two dozen ports would fail to build because of this. Patching this
would be easy but really not worth the effort.

ok jsing

Prepare rsa.h for X9.31 support removal

This wraps the three public functions in the usual #if stanza.

RSA_X931_PADDING is unfortunately exposed by rust-openssl and erlang.
Therefore it will remain visible to avoid breaking the build of
lang/rust. Its use in the library will be neutered shortly.

ok jsing

Move a few functions out of OPENSSL_NO_DEPRECATED

Geoff Thorpe added OPENSSL_NO_DEPRECATED nearly two decades ago. The hope
was that at some point some functions can be dropped. Most of the functions
marked deprecated are actually unused nowadays but unfortunately some of
them are still used in the ecosystem. Move them out of OPENSSL_NO_DEPRECATED
so we can define it without breaking the consumers in the next bump.

ERR_remove_state() is still used by a dozen or so ports. This isn't a big
deal since it is just a stupid wrapper for the not quite as deprecated
ERR_remove_thread_state(). It's not worth patching these ports.

Annoyingly, {DH,DSA}_generate_parameters() and RSA_generate_key() are still
used. They "make use" of the old-style BN_GENCB callback, which is therefore
more difficult to remove - in case you don't know know: that's the thing
responsible for printing pretty '.', '+' and '*' when you generate keys.

Most annoyingly, DH_generate_parameters() was added to rust-openssl in 2020
for "advanced DH support". This is very unfortunate since cargo bundles a
rust-openssl and updates it only every few years or so. As a consequence
we're going to be stuck with this nonsense for a good while.

ok beck jsing

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Expose new API in headers.

These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.

ok jsing

Prepare to provide RSA_security_bits()

ok beck jsing

Make RSA, RSA_PSS_PARAMS and RSA_METHOD opaque

Move the struct internals to rsa_locl.h and provide a missing
typedef in ossl_typ.h.

ok inoguchi jsing

Remove obsolete key formats

This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET,
Netscape_RSA things. Some of the nasty tentacles that could go in
principle are used in some test suites, so we need to keep them...

All this was removed as part of OpenSSL commit 0bc2f365.

ok inoguchi jsing

Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_API

This marks the start of major surgery in libcrypto. Do not attempt to
build the tree for a while (~50 commits).

Prepare to provide a number of RSA accessors

This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will
be exposed in the upcoming bump.

ok inoguchi jsing

Reshuffle RSA_PSS_PARAMS and RSA_OAEP_PARAMS to avoid duplicate typedef.

Issue spotted by bcook@

ok bcook@ inoguchi@

Provide RSA_PKCS1_OpenSSL().

Prompted by inoguchi@

Make RSA_padding_{add,check}_PKCS1_OAEP_mgf1() public.

Make RSA_OAEP_PARAMs public.

Add RSA CMS support.

From OpenSSL 1.1.1d.

ok tb@

Update RSA ASN.1 code to handle RSA-PSS.

From OpenSSL 1.1.1d.

ok tb@

Add support for RSA-PSS.

From OpenSSL 1.1.1d.

ok inoguchi@

Update RSA OAEP code.

This syncs the RSA OAEP code with OpenSSL 1.1.1d, correctly handling OAEP
padding and providing various OAEP related controls.

ok inoguchi@ tb@

Add RSA_PSS_PARAMS pointer to RSA struct.

This will be used by upcoming RSA-PSS code.

ok tb@

Add maskHash field to RSA_PSS_PARAMS.

This will be soon used as an optimisation and reduces the differences
between OpenSSL.

ok tb@

Provide RSA_pkey_ctx_ctrl().

This is a wrapper around EVP_PKEY_CTX_ctrl() which requires the key to be
either RSA or RSA-PSS.

From OpenSSL 1.1.1d.

ok tb@

provide getters and setters for the RSA_METHOD interface

ok tb@, jsing@, sthen@

Add some accessor functions:

RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv()

feedback and ok jsing@ tb@

Provide RSA_meth_{dup,free,new,set_{finish,priv_{dec,enc}}}()

Note that these functions return NULL in out-of-memory situations,
but contrary to OpenSSL's versions they do not set an error.

ok jsing

Provide RSA_{clear,set,test}_flasg()

ok jsing

Provide RSA_{g,s}et0_crt_params()

ok jsing

Use usual order of RSA_{g,s}et0_key().

ok jsing

Provide RSA_{g,s}et0_factors()

ok jsing

Provide RSA_bits()

ok jsing

Provide further parts of the OpenSSL 1.1 API: {DH,DSA}_get0_{key,pqg}(),
EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key().

ok jsing

Bring back the RSA_SSLV23_PADDING define.

Several pieces of software expect this to be available unconditionally.

Remove RSA_padding_add_SSLv23()/RSA_padding_check_SSLv23() and related
code. We removed SSLv2/SSLv3 a long time ago...

Discussed with doug@

Expand DECLARE_ASN1_.*FUNCTIONS macros.

No change in preprocessed output, ignoring whitespace and line numbers.

Remove flags for disabling constant-time operations.

This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME,
and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally
constant-time.

Based on the original patch by C��sar Pereid. ok beck@

Check for allocation error in RSA_eay_mod_exp(). Coverity CID 25217.
ok jsing@

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

Tweak some comments. We do not really need to know that "New!" flags were
added 10+ years ago (they're kinda somewhat stale by now...)

Remove RSA_FLAG_NO_EXP_CONSTTIME, which was deprecated 12+ years ago.

sthen@ confirmed that no ports are referencing it.

ok miod@.

Make comments readable.

KNF.

Remove RSA_memory_lock(). This undocumented function sort-of serializes your
RSA components to memory and clears them, but there is no unserializing
function, so its usefulness is close to zero.

A grep through the ports tree sources show that it is only present in ports
embedding their own openssl copy, and never used otherwise.

ok jsing@

tags as requested by miod and tedu

Everything sane has stdio, and FILE *. we don't need ifdefs for this.
ok to firebomb from tedu@

Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

update to openssl-0.9.8i; tested by several, especially krw@

resolve conflicts

openssl security fixes, diff from markus@, ok & "commit it" djm@
http://www.openssl.org/news/secadv_20060928.txt for more

branches: 1.10.2;
resolve conflicts

branches: 1.9.2; 1.9.4;
resolve conflicts

merge 0.9.7c; minor bugsfixes;
API addition: ERR_release_err_state_table
[make includes before you build libssl/libcrypto]

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

merge openssl-0.9.7-beta3, tested on vax by miod@

OpenSSL 0.9.7 stable 2002 05 08 merge

openssl-engine-0.9.6 merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Salt shares the blame of the continued existence of the X9.31 padding mode

Remove X9.31 support

ok jsing

Bring includes into canonical order

Requested by jsing

Move some includes out of OPENSSL_NO_DEPRECATED

Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes
that eventually the mess of everything includes everything will magically
resolve itself. Of course everyone would end up building openssl with
OPENSSL_NO_DEPRECATED over time... Right.

Surprisingly, the ecosystem has come to rely on these implicit inclusions,
so about two dozen ports would fail to build because of this. Patching this
would be easy but really not worth the effort.

ok jsing

Prepare rsa.h for X9.31 support removal

This wraps the three public functions in the usual #if stanza.

RSA_X931_PADDING is unfortunately exposed by rust-openssl and erlang.
Therefore it will remain visible to avoid breaking the build of
lang/rust. Its use in the library will be neutered shortly.

ok jsing

Move a few functions out of OPENSSL_NO_DEPRECATED

Geoff Thorpe added OPENSSL_NO_DEPRECATED nearly two decades ago. The hope
was that at some point some functions can be dropped. Most of the functions
marked deprecated are actually unused nowadays but unfortunately some of
them are still used in the ecosystem. Move them out of OPENSSL_NO_DEPRECATED
so we can define it without breaking the consumers in the next bump.

ERR_remove_state() is still used by a dozen or so ports. This isn't a big
deal since it is just a stupid wrapper for the not quite as deprecated
ERR_remove_thread_state(). It's not worth patching these ports.

Annoyingly, {DH,DSA}_generate_parameters() and RSA_generate_key() are still
used. They "make use" of the old-style BN_GENCB callback, which is therefore
more difficult to remove - in case you don't know know: that's the thing
responsible for printing pretty '.', '+' and '*' when you generate keys.

Most annoyingly, DH_generate_parameters() was added to rust-openssl in 2020
for "advanced DH support". This is very unfortunate since cargo bundles a
rust-openssl and updates it only every few years or so. As a consequence
we're going to be stuck with this nonsense for a good while.

ok beck jsing

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Expose new API in headers.

These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.

ok jsing

Prepare to provide RSA_security_bits()

ok beck jsing

Make RSA, RSA_PSS_PARAMS and RSA_METHOD opaque

Move the struct internals to rsa_locl.h and provide a missing
typedef in ossl_typ.h.

ok inoguchi jsing

Remove obsolete key formats

This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET,
Netscape_RSA things. Some of the nasty tentacles that could go in
principle are used in some test suites, so we need to keep them...

All this was removed as part of OpenSSL commit 0bc2f365.

ok inoguchi jsing

Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_API

This marks the start of major surgery in libcrypto. Do not attempt to
build the tree for a while (~50 commits).

Prepare to provide a number of RSA accessors

This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will
be exposed in the upcoming bump.

ok inoguchi jsing

Reshuffle RSA_PSS_PARAMS and RSA_OAEP_PARAMS to avoid duplicate typedef.

Issue spotted by bcook@

ok bcook@ inoguchi@

Provide RSA_PKCS1_OpenSSL().

Prompted by inoguchi@

Make RSA_padding_{add,check}_PKCS1_OAEP_mgf1() public.

Make RSA_OAEP_PARAMs public.

Add RSA CMS support.

From OpenSSL 1.1.1d.

ok tb@

Update RSA ASN.1 code to handle RSA-PSS.

From OpenSSL 1.1.1d.

ok tb@

Add support for RSA-PSS.

From OpenSSL 1.1.1d.

ok inoguchi@

Update RSA OAEP code.

This syncs the RSA OAEP code with OpenSSL 1.1.1d, correctly handling OAEP
padding and providing various OAEP related controls.

ok inoguchi@ tb@

Add RSA_PSS_PARAMS pointer to RSA struct.

This will be used by upcoming RSA-PSS code.

ok tb@

Add maskHash field to RSA_PSS_PARAMS.

This will be soon used as an optimisation and reduces the differences
between OpenSSL.

ok tb@

Provide RSA_pkey_ctx_ctrl().

This is a wrapper around EVP_PKEY_CTX_ctrl() which requires the key to be
either RSA or RSA-PSS.

From OpenSSL 1.1.1d.

ok tb@

provide getters and setters for the RSA_METHOD interface

ok tb@, jsing@, sthen@

Add some accessor functions:

RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv()

feedback and ok jsing@ tb@

Provide RSA_meth_{dup,free,new,set_{finish,priv_{dec,enc}}}()

Note that these functions return NULL in out-of-memory situations,
but contrary to OpenSSL's versions they do not set an error.

ok jsing

Provide RSA_{clear,set,test}_flasg()

ok jsing

Provide RSA_{g,s}et0_crt_params()

ok jsing

Use usual order of RSA_{g,s}et0_key().

ok jsing

Provide RSA_{g,s}et0_factors()

ok jsing

Provide RSA_bits()

ok jsing

Provide further parts of the OpenSSL 1.1 API: {DH,DSA}_get0_{key,pqg}(),
EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key().

ok jsing

Bring back the RSA_SSLV23_PADDING define.

Several pieces of software expect this to be available unconditionally.

Remove RSA_padding_add_SSLv23()/RSA_padding_check_SSLv23() and related
code. We removed SSLv2/SSLv3 a long time ago...

Discussed with doug@

Expand DECLARE_ASN1_.*FUNCTIONS macros.

No change in preprocessed output, ignoring whitespace and line numbers.

Remove flags for disabling constant-time operations.

This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME,
and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally
constant-time.

Based on the original patch by C��sar Pereid. ok beck@

Check for allocation error in RSA_eay_mod_exp(). Coverity CID 25217.
ok jsing@

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

Tweak some comments. We do not really need to know that "New!" flags were
added 10+ years ago (they're kinda somewhat stale by now...)

Remove RSA_FLAG_NO_EXP_CONSTTIME, which was deprecated 12+ years ago.

sthen@ confirmed that no ports are referencing it.

ok miod@.

Make comments readable.

KNF.

Remove RSA_memory_lock(). This undocumented function sort-of serializes your
RSA components to memory and clears them, but there is no unserializing
function, so its usefulness is close to zero.

A grep through the ports tree sources show that it is only present in ports
embedding their own openssl copy, and never used otherwise.

ok jsing@

tags as requested by miod and tedu

Everything sane has stdio, and FILE *. we don't need ifdefs for this.
ok to firebomb from tedu@

Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

update to openssl-0.9.8i; tested by several, especially krw@

resolve conflicts

openssl security fixes, diff from markus@, ok & "commit it" djm@
http://www.openssl.org/news/secadv_20060928.txt for more

branches: 1.10.2;
resolve conflicts

branches: 1.9.2; 1.9.4;
resolve conflicts

merge 0.9.7c; minor bugsfixes;
API addition: ERR_release_err_state_table
[make includes before you build libssl/libcrypto]

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

merge openssl-0.9.7-beta3, tested on vax by miod@

OpenSSL 0.9.7 stable 2002 05 08 merge

openssl-engine-0.9.6 merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Remove X9.31 support

ok jsing

Bring includes into canonical order

Requested by jsing

Move some includes out of OPENSSL_NO_DEPRECATED

Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes
that eventually the mess of everything includes everything will magically
resolve itself. Of course everyone would end up building openssl with
OPENSSL_NO_DEPRECATED over time... Right.

Surprisingly, the ecosystem has come to rely on these implicit inclusions,
so about two dozen ports would fail to build because of this. Patching this
would be easy but really not worth the effort.

ok jsing

Prepare rsa.h for X9.31 support removal

This wraps the three public functions in the usual #if stanza.

RSA_X931_PADDING is unfortunately exposed by rust-openssl and erlang.
Therefore it will remain visible to avoid breaking the build of
lang/rust. Its use in the library will be neutered shortly.

ok jsing

Move a few functions out of OPENSSL_NO_DEPRECATED

Geoff Thorpe added OPENSSL_NO_DEPRECATED nearly two decades ago. The hope
was that at some point some functions can be dropped. Most of the functions
marked deprecated are actually unused nowadays but unfortunately some of
them are still used in the ecosystem. Move them out of OPENSSL_NO_DEPRECATED
so we can define it without breaking the consumers in the next bump.

ERR_remove_state() is still used by a dozen or so ports. This isn't a big
deal since it is just a stupid wrapper for the not quite as deprecated
ERR_remove_thread_state(). It's not worth patching these ports.

Annoyingly, {DH,DSA}_generate_parameters() and RSA_generate_key() are still
used. They "make use" of the old-style BN_GENCB callback, which is therefore
more difficult to remove - in case you don't know know: that's the thing
responsible for printing pretty '.', '+' and '*' when you generate keys.

Most annoyingly, DH_generate_parameters() was added to rust-openssl in 2020
for "advanced DH support". This is very unfortunate since cargo bundles a
rust-openssl and updates it only every few years or so. As a consequence
we're going to be stuck with this nonsense for a good while.

ok beck jsing

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Expose new API in headers.

These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.

ok jsing

Prepare to provide RSA_security_bits()

ok beck jsing

Make RSA, RSA_PSS_PARAMS and RSA_METHOD opaque

Move the struct internals to rsa_locl.h and provide a missing
typedef in ossl_typ.h.

ok inoguchi jsing

Remove obsolete key formats

This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET,
Netscape_RSA things. Some of the nasty tentacles that could go in
principle are used in some test suites, so we need to keep them...

All this was removed as part of OpenSSL commit 0bc2f365.

ok inoguchi jsing

Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_API

This marks the start of major surgery in libcrypto. Do not attempt to
build the tree for a while (~50 commits).

Prepare to provide a number of RSA accessors

This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will
be exposed in the upcoming bump.

ok inoguchi jsing

Reshuffle RSA_PSS_PARAMS and RSA_OAEP_PARAMS to avoid duplicate typedef.

Issue spotted by bcook@

ok bcook@ inoguchi@

Provide RSA_PKCS1_OpenSSL().

Prompted by inoguchi@

Make RSA_padding_{add,check}_PKCS1_OAEP_mgf1() public.

Make RSA_OAEP_PARAMs public.

Add RSA CMS support.

From OpenSSL 1.1.1d.

ok tb@

Update RSA ASN.1 code to handle RSA-PSS.

From OpenSSL 1.1.1d.

ok tb@

Add support for RSA-PSS.

From OpenSSL 1.1.1d.

ok inoguchi@

Update RSA OAEP code.

This syncs the RSA OAEP code with OpenSSL 1.1.1d, correctly handling OAEP
padding and providing various OAEP related controls.

ok inoguchi@ tb@

Add RSA_PSS_PARAMS pointer to RSA struct.

This will be used by upcoming RSA-PSS code.

ok tb@

Add maskHash field to RSA_PSS_PARAMS.

This will be soon used as an optimisation and reduces the differences
between OpenSSL.

ok tb@

Provide RSA_pkey_ctx_ctrl().

This is a wrapper around EVP_PKEY_CTX_ctrl() which requires the key to be
either RSA or RSA-PSS.

From OpenSSL 1.1.1d.

ok tb@

provide getters and setters for the RSA_METHOD interface

ok tb@, jsing@, sthen@

Add some accessor functions:

RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv()

feedback and ok jsing@ tb@

Provide RSA_meth_{dup,free,new,set_{finish,priv_{dec,enc}}}()

Note that these functions return NULL in out-of-memory situations,
but contrary to OpenSSL's versions they do not set an error.

ok jsing

Provide RSA_{clear,set,test}_flasg()

ok jsing

Provide RSA_{g,s}et0_crt_params()

ok jsing

Use usual order of RSA_{g,s}et0_key().

ok jsing

Provide RSA_{g,s}et0_factors()

ok jsing

Provide RSA_bits()

ok jsing

Provide further parts of the OpenSSL 1.1 API: {DH,DSA}_get0_{key,pqg}(),
EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key().

ok jsing

Bring back the RSA_SSLV23_PADDING define.

Several pieces of software expect this to be available unconditionally.

Remove RSA_padding_add_SSLv23()/RSA_padding_check_SSLv23() and related
code. We removed SSLv2/SSLv3 a long time ago...

Discussed with doug@

Expand DECLARE_ASN1_.*FUNCTIONS macros.

No change in preprocessed output, ignoring whitespace and line numbers.

Remove flags for disabling constant-time operations.

This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME,
and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally
constant-time.

Based on the original patch by C��sar Pereid. ok beck@

Check for allocation error in RSA_eay_mod_exp(). Coverity CID 25217.
ok jsing@

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

Tweak some comments. We do not really need to know that "New!" flags were
added 10+ years ago (they're kinda somewhat stale by now...)

Remove RSA_FLAG_NO_EXP_CONSTTIME, which was deprecated 12+ years ago.

sthen@ confirmed that no ports are referencing it.

ok miod@.

Make comments readable.

KNF.

Remove RSA_memory_lock(). This undocumented function sort-of serializes your
RSA components to memory and clears them, but there is no unserializing
function, so its usefulness is close to zero.

A grep through the ports tree sources show that it is only present in ports
embedding their own openssl copy, and never used otherwise.

ok jsing@

tags as requested by miod and tedu

Everything sane has stdio, and FILE *. we don't need ifdefs for this.
ok to firebomb from tedu@

Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

update to openssl-0.9.8i; tested by several, especially krw@

resolve conflicts

openssl security fixes, diff from markus@, ok & "commit it" djm@
http://www.openssl.org/news/secadv_20060928.txt for more

branches: 1.10.2;
resolve conflicts

branches: 1.9.2; 1.9.4;
resolve conflicts

merge 0.9.7c; minor bugsfixes;
API addition: ERR_release_err_state_table
[make includes before you build libssl/libcrypto]

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

merge openssl-0.9.7-beta3, tested on vax by miod@

OpenSSL 0.9.7 stable 2002 05 08 merge

openssl-engine-0.9.6 merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Bring includes into canonical order

Requested by jsing

Move some includes out of OPENSSL_NO_DEPRECATED

Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes
that eventually the mess of everything includes everything will magically
resolve itself. Of course everyone would end up building openssl with
OPENSSL_NO_DEPRECATED over time... Right.

Surprisingly, the ecosystem has come to rely on these implicit inclusions,
so about two dozen ports would fail to build because of this. Patching this
would be easy but really not worth the effort.

ok jsing

Prepare rsa.h for X9.31 support removal

This wraps the three public functions in the usual #if stanza.

RSA_X931_PADDING is unfortunately exposed by rust-openssl and erlang.
Therefore it will remain visible to avoid breaking the build of
lang/rust. Its use in the library will be neutered shortly.

ok jsing

Move a few functions out of OPENSSL_NO_DEPRECATED

Geoff Thorpe added OPENSSL_NO_DEPRECATED nearly two decades ago. The hope
was that at some point some functions can be dropped. Most of the functions
marked deprecated are actually unused nowadays but unfortunately some of
them are still used in the ecosystem. Move them out of OPENSSL_NO_DEPRECATED
so we can define it without breaking the consumers in the next bump.

ERR_remove_state() is still used by a dozen or so ports. This isn't a big
deal since it is just a stupid wrapper for the not quite as deprecated
ERR_remove_thread_state(). It's not worth patching these ports.

Annoyingly, {DH,DSA}_generate_parameters() and RSA_generate_key() are still
used. They "make use" of the old-style BN_GENCB callback, which is therefore
more difficult to remove - in case you don't know know: that's the thing
responsible for printing pretty '.', '+' and '*' when you generate keys.

Most annoyingly, DH_generate_parameters() was added to rust-openssl in 2020
for "advanced DH support". This is very unfortunate since cargo bundles a
rust-openssl and updates it only every few years or so. As a consequence
we're going to be stuck with this nonsense for a good while.

ok beck jsing

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Expose new API in headers.

These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.

ok jsing

Prepare to provide RSA_security_bits()

ok beck jsing

Make RSA, RSA_PSS_PARAMS and RSA_METHOD opaque

Move the struct internals to rsa_locl.h and provide a missing
typedef in ossl_typ.h.

ok inoguchi jsing

Remove obsolete key formats

This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET,
Netscape_RSA things. Some of the nasty tentacles that could go in
principle are used in some test suites, so we need to keep them...

All this was removed as part of OpenSSL commit 0bc2f365.

ok inoguchi jsing

Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_API

This marks the start of major surgery in libcrypto. Do not attempt to
build the tree for a while (~50 commits).

Prepare to provide a number of RSA accessors

This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will
be exposed in the upcoming bump.

ok inoguchi jsing

Reshuffle RSA_PSS_PARAMS and RSA_OAEP_PARAMS to avoid duplicate typedef.

Issue spotted by bcook@

ok bcook@ inoguchi@

Provide RSA_PKCS1_OpenSSL().

Prompted by inoguchi@

Make RSA_padding_{add,check}_PKCS1_OAEP_mgf1() public.

Make RSA_OAEP_PARAMs public.

Add RSA CMS support.

From OpenSSL 1.1.1d.

ok tb@

Update RSA ASN.1 code to handle RSA-PSS.

From OpenSSL 1.1.1d.

ok tb@

Add support for RSA-PSS.

From OpenSSL 1.1.1d.

ok inoguchi@

Update RSA OAEP code.

This syncs the RSA OAEP code with OpenSSL 1.1.1d, correctly handling OAEP
padding and providing various OAEP related controls.

ok inoguchi@ tb@

Add RSA_PSS_PARAMS pointer to RSA struct.

This will be used by upcoming RSA-PSS code.

ok tb@

Add maskHash field to RSA_PSS_PARAMS.

This will be soon used as an optimisation and reduces the differences
between OpenSSL.

ok tb@

Provide RSA_pkey_ctx_ctrl().

This is a wrapper around EVP_PKEY_CTX_ctrl() which requires the key to be
either RSA or RSA-PSS.

From OpenSSL 1.1.1d.

ok tb@

provide getters and setters for the RSA_METHOD interface

ok tb@, jsing@, sthen@

Add some accessor functions:

RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv()

feedback and ok jsing@ tb@

Provide RSA_meth_{dup,free,new,set_{finish,priv_{dec,enc}}}()

Note that these functions return NULL in out-of-memory situations,
but contrary to OpenSSL's versions they do not set an error.

ok jsing

Provide RSA_{clear,set,test}_flasg()

ok jsing

Provide RSA_{g,s}et0_crt_params()

ok jsing

Use usual order of RSA_{g,s}et0_key().

ok jsing

Provide RSA_{g,s}et0_factors()

ok jsing

Provide RSA_bits()

ok jsing

Provide further parts of the OpenSSL 1.1 API: {DH,DSA}_get0_{key,pqg}(),
EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key().

ok jsing

Bring back the RSA_SSLV23_PADDING define.

Several pieces of software expect this to be available unconditionally.

Remove RSA_padding_add_SSLv23()/RSA_padding_check_SSLv23() and related
code. We removed SSLv2/SSLv3 a long time ago...

Discussed with doug@

Expand DECLARE_ASN1_.*FUNCTIONS macros.

No change in preprocessed output, ignoring whitespace and line numbers.

Remove flags for disabling constant-time operations.

This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME,
and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally
constant-time.

Based on the original patch by C��sar Pereid. ok beck@

Check for allocation error in RSA_eay_mod_exp(). Coverity CID 25217.
ok jsing@

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

Tweak some comments. We do not really need to know that "New!" flags were
added 10+ years ago (they're kinda somewhat stale by now...)

Remove RSA_FLAG_NO_EXP_CONSTTIME, which was deprecated 12+ years ago.

sthen@ confirmed that no ports are referencing it.

ok miod@.

Make comments readable.

KNF.

Remove RSA_memory_lock(). This undocumented function sort-of serializes your
RSA components to memory and clears them, but there is no unserializing
function, so its usefulness is close to zero.

A grep through the ports tree sources show that it is only present in ports
embedding their own openssl copy, and never used otherwise.

ok jsing@

tags as requested by miod and tedu

Everything sane has stdio, and FILE *. we don't need ifdefs for this.
ok to firebomb from tedu@

Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

update to openssl-0.9.8i; tested by several, especially krw@

resolve conflicts

openssl security fixes, diff from markus@, ok & "commit it" djm@
http://www.openssl.org/news/secadv_20060928.txt for more

branches: 1.10.2;
resolve conflicts

branches: 1.9.2; 1.9.4;
resolve conflicts

merge 0.9.7c; minor bugsfixes;
API addition: ERR_release_err_state_table
[make includes before you build libssl/libcrypto]

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

merge openssl-0.9.7-beta3, tested on vax by miod@

OpenSSL 0.9.7 stable 2002 05 08 merge

openssl-engine-0.9.6 merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Expose new API in headers.

These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.

ok jsing

Prepare to provide RSA_security_bits()

ok beck jsing

Make RSA, RSA_PSS_PARAMS and RSA_METHOD opaque

Move the struct internals to rsa_locl.h and provide a missing
typedef in ossl_typ.h.

ok inoguchi jsing

Remove obsolete key formats

This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET,
Netscape_RSA things. Some of the nasty tentacles that could go in
principle are used in some test suites, so we need to keep them...

All this was removed as part of OpenSSL commit 0bc2f365.

ok inoguchi jsing

Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_API

This marks the start of major surgery in libcrypto. Do not attempt to
build the tree for a while (~50 commits).

Prepare to provide a number of RSA accessors

This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will
be exposed in the upcoming bump.

ok inoguchi jsing

Reshuffle RSA_PSS_PARAMS and RSA_OAEP_PARAMS to avoid duplicate typedef.

Issue spotted by bcook@

ok bcook@ inoguchi@

Provide RSA_PKCS1_OpenSSL().

Prompted by inoguchi@

Make RSA_padding_{add,check}_PKCS1_OAEP_mgf1() public.

Make RSA_OAEP_PARAMs public.

Add RSA CMS support.

From OpenSSL 1.1.1d.

ok tb@

Update RSA ASN.1 code to handle RSA-PSS.

From OpenSSL 1.1.1d.

ok tb@

Add support for RSA-PSS.

From OpenSSL 1.1.1d.

ok inoguchi@

Update RSA OAEP code.

This syncs the RSA OAEP code with OpenSSL 1.1.1d, correctly handling OAEP
padding and providing various OAEP related controls.

ok inoguchi@ tb@

Add RSA_PSS_PARAMS pointer to RSA struct.

This will be used by upcoming RSA-PSS code.

ok tb@

Add maskHash field to RSA_PSS_PARAMS.

This will be soon used as an optimisation and reduces the differences
between OpenSSL.

ok tb@

Provide RSA_pkey_ctx_ctrl().

This is a wrapper around EVP_PKEY_CTX_ctrl() which requires the key to be
either RSA or RSA-PSS.

From OpenSSL 1.1.1d.

ok tb@

provide getters and setters for the RSA_METHOD interface

ok tb@, jsing@, sthen@

Add some accessor functions:

RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv()

feedback and ok jsing@ tb@

Provide RSA_meth_{dup,free,new,set_{finish,priv_{dec,enc}}}()

Note that these functions return NULL in out-of-memory situations,
but contrary to OpenSSL's versions they do not set an error.

ok jsing

Provide RSA_{clear,set,test}_flasg()

ok jsing

Provide RSA_{g,s}et0_crt_params()

ok jsing

Use usual order of RSA_{g,s}et0_key().

ok jsing

Provide RSA_{g,s}et0_factors()

ok jsing

Provide RSA_bits()

ok jsing

Provide further parts of the OpenSSL 1.1 API: {DH,DSA}_get0_{key,pqg}(),
EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key().

ok jsing

Bring back the RSA_SSLV23_PADDING define.

Several pieces of software expect this to be available unconditionally.

Remove RSA_padding_add_SSLv23()/RSA_padding_check_SSLv23() and related
code. We removed SSLv2/SSLv3 a long time ago...

Discussed with doug@

Expand DECLARE_ASN1_.*FUNCTIONS macros.

No change in preprocessed output, ignoring whitespace and line numbers.

Remove flags for disabling constant-time operations.

This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME,
and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally
constant-time.

Based on the original patch by C��sar Pereid. ok beck@

Check for allocation error in RSA_eay_mod_exp(). Coverity CID 25217.
ok jsing@

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

Tweak some comments. We do not really need to know that "New!" flags were
added 10+ years ago (they're kinda somewhat stale by now...)

Remove RSA_FLAG_NO_EXP_CONSTTIME, which was deprecated 12+ years ago.

sthen@ confirmed that no ports are referencing it.

ok miod@.

Make comments readable.

KNF.

Remove RSA_memory_lock(). This undocumented function sort-of serializes your
RSA components to memory and clears them, but there is no unserializing
function, so its usefulness is close to zero.

A grep through the ports tree sources show that it is only present in ports
embedding their own openssl copy, and never used otherwise.

ok jsing@

tags as requested by miod and tedu

Everything sane has stdio, and FILE *. we don't need ifdefs for this.
ok to firebomb from tedu@

Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

update to openssl-0.9.8i; tested by several, especially krw@

resolve conflicts

openssl security fixes, diff from markus@, ok & "commit it" djm@
http://www.openssl.org/news/secadv_20060928.txt for more

branches: 1.10.2;
resolve conflicts

branches: 1.9.2; 1.9.4;
resolve conflicts

merge 0.9.7c; minor bugsfixes;
API addition: ERR_release_err_state_table
[make includes before you build libssl/libcrypto]

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

merge openssl-0.9.7-beta3, tested on vax by miod@

OpenSSL 0.9.7 stable 2002 05 08 merge

openssl-engine-0.9.6 merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Expose new API in headers.

These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.

ok jsing

Prepare to provide RSA_security_bits()

ok beck jsing

Make RSA, RSA_PSS_PARAMS and RSA_METHOD opaque

Move the struct internals to rsa_locl.h and provide a missing
typedef in ossl_typ.h.

ok inoguchi jsing

Remove obsolete key formats

This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET,
Netscape_RSA things. Some of the nasty tentacles that could go in
principle are used in some test suites, so we need to keep them...

All this was removed as part of OpenSSL commit 0bc2f365.

ok inoguchi jsing

Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_API

This marks the start of major surgery in libcrypto. Do not attempt to
build the tree for a while (~50 commits).

Prepare to provide a number of RSA accessors

This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will
be exposed in the upcoming bump.

ok inoguchi jsing

Reshuffle RSA_PSS_PARAMS and RSA_OAEP_PARAMS to avoid duplicate typedef.

Issue spotted by bcook@

ok bcook@ inoguchi@

Provide RSA_PKCS1_OpenSSL().

Prompted by inoguchi@

Make RSA_padding_{add,check}_PKCS1_OAEP_mgf1() public.

Make RSA_OAEP_PARAMs public.

Add RSA CMS support.

From OpenSSL 1.1.1d.

ok tb@

Update RSA ASN.1 code to handle RSA-PSS.

From OpenSSL 1.1.1d.

ok tb@

Add support for RSA-PSS.

From OpenSSL 1.1.1d.

ok inoguchi@

Update RSA OAEP code.

This syncs the RSA OAEP code with OpenSSL 1.1.1d, correctly handling OAEP
padding and providing various OAEP related controls.

ok inoguchi@ tb@

Add RSA_PSS_PARAMS pointer to RSA struct.

This will be used by upcoming RSA-PSS code.

ok tb@

Add maskHash field to RSA_PSS_PARAMS.

This will be soon used as an optimisation and reduces the differences
between OpenSSL.

ok tb@

Provide RSA_pkey_ctx_ctrl().

This is a wrapper around EVP_PKEY_CTX_ctrl() which requires the key to be
either RSA or RSA-PSS.

From OpenSSL 1.1.1d.

ok tb@

provide getters and setters for the RSA_METHOD interface

ok tb@, jsing@, sthen@

Add some accessor functions:

RSA_meth_get_finish() RSA_meth_set1_name() EVP_CIPHER_CTX_(get|set)_iv()

feedback and ok jsing@ tb@

Provide RSA_meth_{dup,free,new,set_{finish,priv_{dec,enc}}}()

Note that these functions return NULL in out-of-memory situations,
but contrary to OpenSSL's versions they do not set an error.

ok jsing

Provide RSA_{clear,set,test}_flasg()

ok jsing

Provide RSA_{g,s}et0_crt_params()

ok jsing

Use usual order of RSA_{g,s}et0_key().

ok jsing

Provide RSA_{g,s}et0_factors()

ok jsing

Provide RSA_bits()

ok jsing

Provide further parts of the OpenSSL 1.1 API: {DH,DSA}_get0_{key,pqg}(),
EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key().

ok jsing

Bring back the RSA_SSLV23_PADDING define.

Several pieces of software expect this to be available unconditionally.

Remove RSA_padding_add_SSLv23()/RSA_padding_check_SSLv23() and related
code. We removed SSLv2/SSLv3 a long time ago...

Discussed with doug@

Expand DECLARE_ASN1_.*FUNCTIONS macros.

No change in preprocessed output, ignoring whitespace and line numbers.

Remove flags for disabling constant-time operations.

This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME,
and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally
constant-time.

Based on the original patch by C��sar Pereid. ok beck@

Check for allocation error in RSA_eay_mod_exp(). Coverity CID 25217.
ok jsing@

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

Tweak some comments. We do not really need to know that "New!" flags were
added 10+ years ago (they're kinda somewhat stale by now...)

Remove RSA_FLAG_NO_EXP_CONSTTIME, which was deprecated 12+ years ago.

sthen@ confirmed that no ports are referencing it.

ok miod@.

Make comments readable.

KNF.

Remove RSA_memory_lock(). This undocumented function sort-of serializes your
RSA components to memory and clears them, but there is no unserializing
function, so its usefulness is close to zero.

A grep through the ports tree sources show that it is only present in ports
embedding their own openssl copy, and never used otherwise.

ok jsing@

tags as requested by miod and tedu

Everything sane has stdio, and FILE *. we don't need ifdefs for this.
ok to firebomb from tedu@

Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

update to openssl-0.9.8i; tested by several, especially krw@

resolve conflicts

openssl security fixes, diff from markus@, ok & "commit it" djm@
http://www.openssl.org/news/secadv_20060928.txt for more

branches: 1.10.2;
resolve conflicts

branches: 1.9.2; 1.9.4;
resolve conflicts

merge 0.9.7c; minor bugsfixes;
API addition: ERR_release_err_state_table
[make includes before you build libssl/libcrypto]

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

merge openssl-0.9.7-beta3, tested on vax by miod@

OpenSSL 0.9.7 stable 2002 05 08 merge

openssl-engine-0.9.6 merge