| #
59fde674 |
| 26-Mar-2024 |
tb <tb@openbsd.org> |
Drop superfluous parentheses in X509_set_version()
|
| #
d08ab464 |
| 26-Mar-2024 |
tb <tb@openbsd.org> |
piuid and psuid have annoyed me for long enough
|
| #
ca68b301 |
| 26-Mar-2024 |
tb <tb@openbsd.org> |
Reject setting invalid versions for certs, CRLs and CSRs
The toolkit aspect bites again. Lots of invalid CRLs and CSRs are produced
because people neither read the RFCs nor does the toolkit check an
Reject setting invalid versions for certs, CRLs and CSRs
The toolkit aspect bites again. Lots of invalid CRLs and CSRs are produced
because people neither read the RFCs nor does the toolkit check anything it
is fed. Reviewers apparently also aren't capable of remembering that they
have three copy-pasted versions of the same API and that adding a version
check to one of the might suggest adding one for the other two.
This requires ruby-openssl 20240326p0 to pass
ok beck job jsing
show more ...
|
| #
aa60c8c3 |
| 23-Jun-2023 |
tb <tb@openbsd.org> |
Remove some redundant parentheses
This file is already enough of an eyesore without them.
|
| #
92e946e3 |
| 25-Apr-2023 |
job <job@openbsd.org> |
Invalidate the DER cache earlier on in X509 setter functions
Note that it is important to invalidate the cache before returning,
as the return might bubble up an error.
OK tb@ jsing@
|
| #
8b6dc78c |
| 23-Feb-2023 |
job <job@openbsd.org> |
Introduce X509_get0_uids() accessor function
By introducing X509_get0_uids(), one can add RPKI profile compliance
checks to conform the absence of the issuerUID and subjectUID.
OK tb@ jsing@
|
| #
cedac418 |
| 16-Feb-2023 |
tb <tb@openbsd.org> |
libressl *_namespace.h: adjust *_ALIAS() to require a semicolon
LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most
libressl *_namespace.h: adjust *_ALIAS() to require a semicolon
LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h
fix suggested by & ok jsing
show more ...
|
| #
c9675a23 |
| 26-Nov-2022 |
tb <tb@openbsd.org> |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_l
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
show more ...
|
| #
06d31337 |
| 14-Nov-2022 |
beck <beck@openbsd.org> |
Hide public symbols in libcrypto/x509 .c files
ok tb@
|
| #
838f0b6d |
| 01-Nov-2021 |
tb <tb@openbsd.org> |
Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of un
Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.
ok jsing
show more ...
|
| #
52156a6f |
| 01-Nov-2021 |
tb <tb@openbsd.org> |
Unifdef LIBRESSL_NEW_API. Now that the library is bumped, this is
no longer needed.
ok jsing
|
| #
16754126 |
| 21-Oct-2021 |
tb <tb@openbsd.org> |
Prepare to provide X509_get_X509_PUBKEY() as a function.
ok jsing
|
| #
ccd620fb |
| 24-Aug-2018 |
tb <tb@openbsd.org> |
Turn a number of #defines into proper functions with prototypes matching
those that OpenSSL has had for ages.
ok jsing
|
| #
f5f16abc |
| 22-Feb-2018 |
jsing <jsing@openbsd.org> |
Provide X509_get0_tbs_sigalg().
|
| #
b21ba6f8 |
| 22-Feb-2018 |
jsing <jsing@openbsd.org> |
Provide X509_set1_notBefore() and X509_set1_notAfter().
|
| #
7998e0ec |
| 17-Feb-2018 |
jsing <jsing@openbsd.org> |
Provide X509_get0_extensions() and X509_get0_signature()
|
| #
7f7bafb1 |
| 14-Feb-2018 |
jsing <jsing@openbsd.org> |
Provide X509_get{0,m}_not{Before,After}().
|
| #
faa4738e |
| 30-Sep-2015 |
jsing <jsing@openbsd.org> |
s/M_ASN1_TIME_free/ASN1_TIME_free/
|
| #
d42c0991 |
| 30-Sep-2015 |
jsing <jsing@openbsd.org> |
Replace M_ASN1_INTEGER_(new|free) with ASN1_INTEGER_(new|free) - this is
different from the macro expansion, but the result is the same. Also
replace some ASN1_STRING_dup() with ASN1_INTEGER_dup().
Replace M_ASN1_INTEGER_(new|free) with ASN1_INTEGER_(new|free) - this is
different from the macro expansion, but the result is the same. Also
replace some ASN1_STRING_dup() with ASN1_INTEGER_dup().
ok beck@ doug@
show more ...
|
| #
3e1a72ea |
| 29-Jul-2015 |
jsing <jsing@openbsd.org> |
Expand obsolete M_ASN1.*(cmp|dup|print|set) macros - no change in generated
assembly.
ok bcook@
|
| #
b6ab114e |
| 11-Jul-2014 |
jsing <jsing@openbsd.org> |
Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need t
Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@
show more ...
|
| #
c3d6a26a |
| 12-Jun-2014 |
deraadt <deraadt@openbsd.org> |
tags as requested by miod and tedu
|
| #
15238b08 |
| 20-Apr-2014 |
jsing <jsing@openbsd.org> |
KNF.
|
| #
7609e5c6 |
| 18-Apr-2014 |
tedu <tedu@openbsd.org> |
blunt force knf
|
| #
0a5d6ede |
| 01-Oct-2010 |
djm <djm@openbsd.org> |
resolve conflicts, fix local changes
|