Nuke the whrlpool (named after the galaxy) from orbit

It's just gross. Only used by a popular disk encryption utility on an
all-too-popular OS one or two decades back.

ok beck jsing

Remove EVP_PKEY_*check again

This API turned out to be a really bad idea. OpenSSL 3 extended it, with
the result that basically every key type had its own DoS issues fixed in
a recent security relea

Remove EVP_PKEY_*check again

This API turned out to be a really bad idea. OpenSSL 3 extended it, with
the result that basically every key type had its own DoS issues fixed in
a recent security release. We eschewed these by having some upper bounds
that kick in when keys get insanely large.

Initially added on tobhe's request who fortunately never used it in iked,
this was picked up only by ruby/openssl (one of the rare projects doing
proper configure checks rather than branching on VERSION defines) and of
course xca, since it uses everything it can. So it was easy to get rid of
this again.

ok beck jsing

show more ...

Add EVP_PKEY_TLS1_PRF as alias for NID_tls1_prf

ok jsing

Delete a few more GOST remnants

When I unifdefed GOST support, the tree wasn't fully unlocked, so I didn't
want to touch a public header. All this code is in #ifndef OPENSSL_NO_GOST,
which we define

Delete a few more GOST remnants

When I unifdefed GOST support, the tree wasn't fully unlocked, so I didn't
want to touch a public header. All this code is in #ifndef OPENSSL_NO_GOST,
which we define.

ok jsing

show more ...

Hide deprecated functions in evp.h

use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard around them.

ok tb@

Garbage collect CUSTOM_KEY_LENGTH/SET_KEY_LENGTH

These are unused defines that used to add unwanted complications in
EVP_CIPHER_CTX_set_key_lenght().

ok jsing

Remove more PBE stuff from the public API

This is still needed internally for CMS and its predecessors. This
removal will enable disentangling some of its innards.

ok jsing

Remove RC4-HMAC-MD5 and AES-{128,256}-CBC-HMAC-SHA-1

"Stitched" mode AEADs were removed from libssl a long time ago. Nothing
uses these CIPHERs anymore.

ok jsing

Make legacy cipher methods internal

These are ASN.1 handlers for CIPHERs, still used by CMS and its
predecessors. They should never have been public.

ok jsing

Remove EVP_PBE_* API from public visibility

You can no longer add your custom PBE algorithm. Pity. EVP_PBE_CipherInit()
stays for internal use, the rest goes away copmletely.

ok jsing

Remove EVP_PKEY_meth_*() API

After ameth, the second bit of custom EVP_PKEY API removal.

ok jsing

Remove the ameth lib

This is accessor API for ASN.1 methods needed for custom PKEYs.
Nothing has ever used this. This has been neutered for months.
The EVP_PKEY_asn1_* API that needs to stay was mov

Remove the ameth lib

This is accessor API for ASN.1 methods needed for custom PKEYs.
Nothing has ever used this. This has been neutered for months.
The EVP_PKEY_asn1_* API that needs to stay was moved elsewhere.

ok jsing

show more ...

Remove EVP_MD_meth* again

Erlang upstream disabled the otp_test_engine for LibreSSL >= 3.5 without
explanation. It was the only reason we added this garbage API in the first
place. Meanwhile libfido

Remove EVP_MD_meth* again

Erlang upstream disabled the otp_test_engine for LibreSSL >= 3.5 without
explanation. It was the only reason we added this garbage API in the first
place. Meanwhile libfido2 started using it for a mock up of OpenSSL 3's
broken fetch design with old API. This is pointless, so all this garbage
goes away again (in particular we can remove the absolutely horrifying
EVP_MD_meth_set_app_datasize() again).

ok jsing

show more ...

Fix signature and semantics of EVP_{CIPHER,MD}_CTX_init()

When the EVP_CIPHER_CTX and the EVP_MD_CTX were still expected to live
on the stack, these initialization APIs were wrappers around memset.

Fix signature and semantics of EVP_{CIPHER,MD}_CTX_init()

When the EVP_CIPHER_CTX and the EVP_MD_CTX were still expected to live
on the stack, these initialization APIs were wrappers around memset.
In OpenSSL 1.1, somebody removed them and carelessly made _init() an
alias of _reset() aka _cleanup(). As a consequence, both signature and
semantics changed.

Unsurprisingly, there is now code out there that actually uses the new
semantics, which causes leaks on LibreSSL and older OpenSSL. This aligns
our _init() with OpenSSL 1.1 semantics.

ok jsing

show more ...

Remove EVP_{add,delete}_{cipher,digest}_alias()

These are macro wrappers around the neutered OBJ_NAME_{add,remove}() API
(notice the consistency), which will be removed shortly. Only security/xca
us

Remove EVP_{add,delete}_{cipher,digest}_alias()

These are macro wrappers around the neutered OBJ_NAME_{add,remove}() API
(notice the consistency), which will be removed shortly. Only security/xca
used to use this.

ok jsing

show more ...

Remove EVP_add_{cipher,digest}() from public API

Ciphers and digests are now handled in a static lookup table and no
longer by the associative array that used to underlie the OBJ_NAME API.
Adding ci

Remove EVP_add_{cipher,digest}() from public API

Ciphers and digests are now handled in a static lookup table and no
longer by the associative array that used to underlie the OBJ_NAME API.
Adding ciphers is no longer possible. What uses this API does so for
historic reasons coming from a time where SHA-2 and some AES variants
needed to be enabled explicitly. Ports doing this (PHP and DANE code)
were fixed.

ok jsing

show more ...

Hide EVP_{CIPHER,MD}_CTX_init() from internals

ok jsing

Remove EVP_add_alg_module() prototype

This function was the unfortunate protagonist in a series of tragic merge
errors resulting in only a short stint of a year and nine months between
OpenSSL 0.9.8

Remove EVP_add_alg_module() prototype

This function was the unfortunate protagonist in a series of tragic merge
errors resulting in only a short stint of a year and nine months between
OpenSSL 0.9.8j and 1.0.0a actually present in OpenBSD. Then it said good
bye for good, but somehow a prototype came back with 1.0.1g, a famous
version released when there were slightly more pressing things to be
taken care of than a function supporting a config knob whose only purpose
was to turn off fips mode or to error.

from schwarze

PS: The mechanism that it was supposed to provide is still documented in
openssl.cnf(5). I am going remove the relevant bit at some point, but not
today.

show more ...

KNF, no assembly change
OK tb@ jsing@

Move truncated sha-2 and sha3 out of #ifdef wrappers

Remove X9.31 support

ok jsing

Provide EVP methods for SHA3 224/256/384/512.

ok tb@

Provide EVP methods for SHA512/224 and SHA512/256.

ok tb@

Expose the EVP_CIPHER_meth_* API (setter only) in evp.h

Add EVP_CIPHER_meth_* prototypes to evp.h

As usual, this will be guarded by LIBRESSL_INTERNAL || LIBRESSL_NEXT_API
until the next bump.

ok jsing