Zap trailing whitespace

Take X509_POLICY_NODE_print() behind the barn

This used to be public API but is now only used for debug code that has
certainly never been used since it was released to the public. It drags
that deb

Take X509_POLICY_NODE_print() behind the barn

This used to be public API but is now only used for debug code that has
certainly never been used since it was released to the public. It drags
that debug nonsense with it.

ok beck

show more ...

Make the new policy code in x509_policy.c to be selectable at compile time.

The old policy codes remains the default, with the new policy code
selectable by defining LIBRESSL_HAS_POLICY_DAG.

ok tb@

Make the new policy code in x509_policy.c to be selectable at compile time.

The old policy codes remains the default, with the new policy code
selectable by defining LIBRESSL_HAS_POLICY_DAG.

ok tb@ jsing@

show more ...

Flip the default of explicitText to UTF8String

While it may have been reasonable to use VisibleString back when this
code was written, it's an anachronism nowadays. In particular, configuring
Boring

Flip the default of explicitText to UTF8String

While it may have been reasonable to use VisibleString back when this
code was written, it's an anachronism nowadays. In particular, configuring
BoringSSL reports that they have seen malformed certificates with exactly
the issue caused by this unfortuante default.

Reported by Alex Gaynor in OpenSSL issue 20772

ok jsing

show more ...

libressl *_namespace.h: adjust *_ALIAS() to require a semicolon

LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most

libressl *_namespace.h: adjust *_ALIAS() to require a semicolon

LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h

fix suggested by & ok jsing

show more ...

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_l

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

show more ...

Hide public symbols in libcrypto/x509 .c files

ok tb@

Garbage collect the app_items field of ASN1_ADB

This is unused and was removed in OpenSSL 5b70372d when it was
replaced with an ASN.1 ADB callback (which we don't support).

ok inoguchi jsing

x509_cpols.c will need to include x509_lcl.h soon

Fix various read buffer overflow when printing ASN.1 strings (which are
not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.

From David Benjamin and Matt Caswell (part of the f

Fix various read buffer overflow when printing ASN.1 strings (which are
not necessarily NUL terminated). Same as schwarze's fix in t_x509a.c r1.9.

From David Benjamin and Matt Caswell (part of the fixes in OpenSSL 1.1.1l)

ok inoguchi

show more ...

Collapse the x509v3 directory into x509.

This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.

Discussed with tb@ (who also tested

Collapse the x509v3 directory into x509.

This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.

Discussed with tb@ (who also tested the release build)

show more ...