Remove #error if OPENSSL_NO_FOO is defined

discussed with jsing

remove prototypes with no matching function
feedback and ok tb@

Make BN_BLINDING internal

RSA is pretty bad. In my most optimistic moments I dream of a world that
stopped using it. That won't happen during my lifetime, unfortunately.
Blinding is one way of makin

Make BN_BLINDING internal

RSA is pretty bad. In my most optimistic moments I dream of a world that
stopped using it. That won't happen during my lifetime, unfortunately.
Blinding is one way of making it a little less leaky. Unfortunately this
side-channel leak mitigation leaked out of the library for no good reason.
Let's at least fix that aspect of it.

ok jsing

show more ...

Salt shares the blame of the continued existence of the X9.31 padding mode

Remove X9.31 support

ok jsing

Bring includes into canonical order

Requested by jsing

Move some includes out of OPENSSL_NO_DEPRECATED

Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes
that eventually the mess of everything includes everything will magically
r

Move some includes out of OPENSSL_NO_DEPRECATED

Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes
that eventually the mess of everything includes everything will magically
resolve itself. Of course everyone would end up building openssl with
OPENSSL_NO_DEPRECATED over time... Right.

Surprisingly, the ecosystem has come to rely on these implicit inclusions,
so about two dozen ports would fail to build because of this. Patching this
would be easy but really not worth the effort.

ok jsing

show more ...

Prepare rsa.h for X9.31 support removal

This wraps the three public functions in the usual #if stanza.

RSA_X931_PADDING is unfortunately exposed by rust-openssl and erlang.
Therefore it will remain

Prepare rsa.h for X9.31 support removal

This wraps the three public functions in the usual #if stanza.

RSA_X931_PADDING is unfortunately exposed by rust-openssl and erlang.
Therefore it will remain visible to avoid breaking the build of
lang/rust. Its use in the library will be neutered shortly.

ok jsing

show more ...

Move a few functions out of OPENSSL_NO_DEPRECATED

Geoff Thorpe added OPENSSL_NO_DEPRECATED nearly two decades ago. The hope
was that at some point some functions can be dropped. Most of the function

Move a few functions out of OPENSSL_NO_DEPRECATED

Geoff Thorpe added OPENSSL_NO_DEPRECATED nearly two decades ago. The hope
was that at some point some functions can be dropped. Most of the functions
marked deprecated are actually unused nowadays but unfortunately some of
them are still used in the ecosystem. Move them out of OPENSSL_NO_DEPRECATED
so we can define it without breaking the consumers in the next bump.

ERR_remove_state() is still used by a dozen or so ports. This isn't a big
deal since it is just a stupid wrapper for the not quite as deprecated
ERR_remove_thread_state(). It's not worth patching these ports.

Annoyingly, {DH,DSA}_generate_parameters() and RSA_generate_key() are still
used. They "make use" of the old-style BN_GENCB callback, which is therefore
more difficult to remove - in case you don't know know: that's the thing
responsible for printing pretty '.', '+' and '*' when you generate keys.

Most annoyingly, DH_generate_parameters() was added to rust-openssl in 2020
for "advanced DH support". This is very unfortunate since cargo bundles a
rust-openssl and updates it only every few years or so. As a consequence
we're going to be stuck with this nonsense for a good while.

ok beck jsing

show more ...

Remove mkerr.pl remnants from LibreSSL

This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.

Feedback OK jsing tb

Expose new API in headers.

These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.

ok jsing

Prepare to provide RSA_security_bits()

ok beck jsing

Make RSA, RSA_PSS_PARAMS and RSA_METHOD opaque

Move the struct internals to rsa_locl.h and provide a missing
typedef in ossl_typ.h.

ok inoguchi jsing

Remove obsolete key formats

This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET,
Netscape_RSA things. Some of the nasty tentacles that could go in
principle are used in some test suites,

Remove obsolete key formats

This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET,
Netscape_RSA things. Some of the nasty tentacles that could go in
principle are used in some test suites, so we need to keep them...

All this was removed as part of OpenSSL commit 0bc2f365.

ok inoguchi jsing

show more ...

Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_API

This marks the start of major surgery in libcrypto. Do not attempt to
build the tree for a while (~50 commits).

Prepare to provide a number of RSA accessors

This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will
be exposed in the upcoming bump.

ok inoguchi jsing

Reshuffle RSA_PSS_PARAMS and RSA_OAEP_PARAMS to avoid duplicate typedef.

Issue spotted by bcook@

ok bcook@ inoguchi@

Provide RSA_PKCS1_OpenSSL().

Prompted by inoguchi@

Make RSA_padding_{add,check}_PKCS1_OAEP_mgf1() public.

Make RSA_OAEP_PARAMs public.

Add RSA CMS support.

From OpenSSL 1.1.1d.

ok tb@

Update RSA ASN.1 code to handle RSA-PSS.

From OpenSSL 1.1.1d.

ok tb@

Add support for RSA-PSS.

From OpenSSL 1.1.1d.

ok inoguchi@

Update RSA OAEP code.

This syncs the RSA OAEP code with OpenSSL 1.1.1d, correctly handling OAEP
padding and providing various OAEP related controls.

ok inoguchi@ tb@

Add RSA_PSS_PARAMS pointer to RSA struct.

This will be used by upcoming RSA-PSS code.

ok tb@