#
1.45 |
|
09-Apr-2024 |
beck |
Hide public symbols in x509.h
This picks up most of the remaining public symbols in x509.h
ok tb@
|
Revision tags: OPENBSD_7_5_BASE
|
#
1.44 |
|
29-Dec-2023 |
tb |
Move the EVP_PKEY_asn1_* API that will stay to evp/p_lib.c
Most of these functions are only called from this file internally apart from the pem_str lookups from pem/. In the next major bump we can then remove asn/ameth_lib.c. Also move EVP_PKEY_ASN1_METHOD to evp_local.h. While this is used to dispatch to various ASN.1 decoding routines, it doesn't fit into asn1/ at all.
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.43 |
|
07-Jul-2023 |
beck |
Unbreak the namespace build after a broken mk.conf and tool misfire had me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
#
1.42 |
|
05-Jul-2023 |
beck |
Hide symbols in asn1 and bio
ok jsing@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.41 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.40 |
|
11-Aug-2022 |
tb |
Remove unused variable
X509_NAME_print() is documented to print things at a given indentation level. Unfortunately, this never worked since someone got some logic wrong. Part of the wrong logic was removed in a dead code removal in OpenSSL commit 92ada7cc, but the variable l was left behind, which leads to compiler warnings on some platforms. End its sad life pointlessly and incorrectly measuring column width and remove it.
ok jsing
|
#
1.39 |
|
10-Aug-2022 |
tb |
Avoid signed integer overflow due to unary negation
The current X509_print_ex() tries too hard pretty printing negative serialNumbers (which shouldn't occur in the first place). In particular, negating LONG_MAX leads to signed overflow. Ditch the code dealing with negative serialNumbers representable as long and fall back to the long form printing. This simplifies the code and fixes
oss-fuzz #49944
with/ok jsing
|
#
1.38 |
|
10-Aug-2022 |
tb |
Only print versions we know about
The version field of an X.509 Certificate is an enum
Version ::= INTEGER { v1(0), v2(1), v3(2) }
Printing the version as l + 1 only really makes sense with 0 <= l <= 2. Otherwise print a naked l while also indicating that it is an unknown version.
ok jsing
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.37 |
|
25-Dec-2021 |
jsing |
Indent goto labels for diffability.
Whitespace change only.
|
#
1.36 |
|
25-Dec-2021 |
jsing |
Move more ASN1_STRING_* functions to a_string.c.
No functional change.
|
#
1.35 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.34 |
|
26-Jul-2021 |
tb |
Add error checks for i2d_X509_NAME()
This avoids potential malloc(-1) and malloc(0), spotted by schwarze while documenting X509_ocspid_print().
ok schwarze
|
#
1.33 |
|
06-Jul-2021 |
schwarze |
Fix a bug in X509_print_ex(3). If the user set nmflags == X509_FLAG_COMPAT and X509_NAME_print_ex(3) failed, the error return value of 0 was misinterpreted as an indicator of success, causing X509_print_ex(3) to ignore the error, continue printing, and potentially return successfully even though not all the content of the certificate was printed.
The X509_NAME_print_ex(3) manual page explains that this function indicates failure by returning 0 if nmflags == X509_FLAG_COMPAT and by returning -1 if nmflags != X509_FLAG_COMPAT. That's definitely atrocious API design (witnessed by the complexity of the code needed for correct error checking), but changing the API contract and becoming incompatible with OpenSSL would make matters even worse.
Note that just checking for <= 0 in all cases would not be correct either because X509_NAME_print_ex(3) returns 0 to indicate that it successfully printed zero bytes in some cases, for example when all three of the following conditions hold: 1. nmflags != X509_FLAG_COMPAT 2. indent == 0 (which X509_print_ex(3) does use in some cases) 3. the name object is NULL or empty
I found the bug by code inspection and proposed an incomplete patch, then jsing@ proposed this improved version of the patch. OK jsing@.
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.32 |
|
10-Apr-2020 |
tb |
When printing the serialNumber, fall back to the colon separated hex bytes in case ASN1_INTEGER_get() failed. This happens more often since asn1/a_int.c -r1.34. Matches OpenSSL behavior.
Issue in openssl x509 -text output reported by sthen
ok jsing sthen
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.31 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME *' argument of X509_NAME_print{,_ex{,_fp}}(3).
tested in a bulk build by sthen ok jsing
|
#
1.30 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.29 |
|
25-Apr-2018 |
tb |
Put function name on a separate line and zap stray whitespace.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.28 |
|
03-Apr-2017 |
beck |
Fix silly code that printfs NULL when there are no fractional seconds on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.27 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.26 |
|
07-Feb-2015 |
doug |
Delete a lot of #if 0 code in libressl.
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
#
1.25 |
|
12-Jul-2014 |
miod |
Make sure the return value of X509_NAME_oneline(, NULL,) is checked against NULL. ok deraadt@ guenther@ jsing@
|
#
1.24 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.23 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.22 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.21 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.20 |
|
29-May-2014 |
beck |
Everything sane has stdio, and FILE *. we don't need ifdefs for this. ok to firebomb from tedu@
|
#
1.19 |
|
21-Apr-2014 |
deraadt |
improve realloc/calloc/malloc patterns; ok guenther
|
#
1.18 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.17 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.16 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.15 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.14 |
|
15-Apr-2014 |
beck |
Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternity with the bearded ones... some API's that nobody should be using will dissapear with this commit.
|
#
1.13 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.12 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.11 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.10 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.9 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.8 |
|
06-Aug-2003 |
millert |
Remove some double semicolons (hmm, do two semis equal a maxi?). I've skipped the GNU stuff for now. From Patrick Latifi.
|
#
1.7 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
01-Aug-2001 |
beck |
merge openssl 0.9.6b-engine
Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.44 |
|
29-Dec-2023 |
tb |
Move the EVP_PKEY_asn1_* API that will stay to evp/p_lib.c
Most of these functions are only called from this file internally apart from the pem_str lookups from pem/. In the next major bump we can then remove asn/ameth_lib.c. Also move EVP_PKEY_ASN1_METHOD to evp_local.h. While this is used to dispatch to various ASN.1 decoding routines, it doesn't fit into asn1/ at all.
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.43 |
|
07-Jul-2023 |
beck |
Unbreak the namespace build after a broken mk.conf and tool misfire had me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
#
1.42 |
|
05-Jul-2023 |
beck |
Hide symbols in asn1 and bio
ok jsing@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.41 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.40 |
|
11-Aug-2022 |
tb |
Remove unused variable
X509_NAME_print() is documented to print things at a given indentation level. Unfortunately, this never worked since someone got some logic wrong. Part of the wrong logic was removed in a dead code removal in OpenSSL commit 92ada7cc, but the variable l was left behind, which leads to compiler warnings on some platforms. End its sad life pointlessly and incorrectly measuring column width and remove it.
ok jsing
|
#
1.39 |
|
10-Aug-2022 |
tb |
Avoid signed integer overflow due to unary negation
The current X509_print_ex() tries too hard pretty printing negative serialNumbers (which shouldn't occur in the first place). In particular, negating LONG_MAX leads to signed overflow. Ditch the code dealing with negative serialNumbers representable as long and fall back to the long form printing. This simplifies the code and fixes
oss-fuzz #49944
with/ok jsing
|
#
1.38 |
|
10-Aug-2022 |
tb |
Only print versions we know about
The version field of an X.509 Certificate is an enum
Version ::= INTEGER { v1(0), v2(1), v3(2) }
Printing the version as l + 1 only really makes sense with 0 <= l <= 2. Otherwise print a naked l while also indicating that it is an unknown version.
ok jsing
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.37 |
|
25-Dec-2021 |
jsing |
Indent goto labels for diffability.
Whitespace change only.
|
#
1.36 |
|
25-Dec-2021 |
jsing |
Move more ASN1_STRING_* functions to a_string.c.
No functional change.
|
#
1.35 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.34 |
|
26-Jul-2021 |
tb |
Add error checks for i2d_X509_NAME()
This avoids potential malloc(-1) and malloc(0), spotted by schwarze while documenting X509_ocspid_print().
ok schwarze
|
#
1.33 |
|
06-Jul-2021 |
schwarze |
Fix a bug in X509_print_ex(3). If the user set nmflags == X509_FLAG_COMPAT and X509_NAME_print_ex(3) failed, the error return value of 0 was misinterpreted as an indicator of success, causing X509_print_ex(3) to ignore the error, continue printing, and potentially return successfully even though not all the content of the certificate was printed.
The X509_NAME_print_ex(3) manual page explains that this function indicates failure by returning 0 if nmflags == X509_FLAG_COMPAT and by returning -1 if nmflags != X509_FLAG_COMPAT. That's definitely atrocious API design (witnessed by the complexity of the code needed for correct error checking), but changing the API contract and becoming incompatible with OpenSSL would make matters even worse.
Note that just checking for <= 0 in all cases would not be correct either because X509_NAME_print_ex(3) returns 0 to indicate that it successfully printed zero bytes in some cases, for example when all three of the following conditions hold: 1. nmflags != X509_FLAG_COMPAT 2. indent == 0 (which X509_print_ex(3) does use in some cases) 3. the name object is NULL or empty
I found the bug by code inspection and proposed an incomplete patch, then jsing@ proposed this improved version of the patch. OK jsing@.
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.32 |
|
10-Apr-2020 |
tb |
When printing the serialNumber, fall back to the colon separated hex bytes in case ASN1_INTEGER_get() failed. This happens more often since asn1/a_int.c -r1.34. Matches OpenSSL behavior.
Issue in openssl x509 -text output reported by sthen
ok jsing sthen
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.31 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME *' argument of X509_NAME_print{,_ex{,_fp}}(3).
tested in a bulk build by sthen ok jsing
|
#
1.30 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.29 |
|
25-Apr-2018 |
tb |
Put function name on a separate line and zap stray whitespace.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.28 |
|
03-Apr-2017 |
beck |
Fix silly code that printfs NULL when there are no fractional seconds on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.27 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.26 |
|
07-Feb-2015 |
doug |
Delete a lot of #if 0 code in libressl.
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
#
1.25 |
|
12-Jul-2014 |
miod |
Make sure the return value of X509_NAME_oneline(, NULL,) is checked against NULL. ok deraadt@ guenther@ jsing@
|
#
1.24 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.23 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.22 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.21 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.20 |
|
29-May-2014 |
beck |
Everything sane has stdio, and FILE *. we don't need ifdefs for this. ok to firebomb from tedu@
|
#
1.19 |
|
21-Apr-2014 |
deraadt |
improve realloc/calloc/malloc patterns; ok guenther
|
#
1.18 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.17 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.16 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.15 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.14 |
|
15-Apr-2014 |
beck |
Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternity with the bearded ones... some API's that nobody should be using will dissapear with this commit.
|
#
1.13 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.12 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.11 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.10 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.9 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.8 |
|
06-Aug-2003 |
millert |
Remove some double semicolons (hmm, do two semis equal a maxi?). I've skipped the GNU stuff for now. From Patrick Latifi.
|
#
1.7 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
01-Aug-2001 |
beck |
merge openssl 0.9.6b-engine
Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.43 |
|
07-Jul-2023 |
beck |
Unbreak the namespace build after a broken mk.conf and tool misfire had me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
#
1.42 |
|
05-Jul-2023 |
beck |
Hide symbols in asn1 and bio
ok jsing@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.41 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.40 |
|
11-Aug-2022 |
tb |
Remove unused variable
X509_NAME_print() is documented to print things at a given indentation level. Unfortunately, this never worked since someone got some logic wrong. Part of the wrong logic was removed in a dead code removal in OpenSSL commit 92ada7cc, but the variable l was left behind, which leads to compiler warnings on some platforms. End its sad life pointlessly and incorrectly measuring column width and remove it.
ok jsing
|
#
1.39 |
|
10-Aug-2022 |
tb |
Avoid signed integer overflow due to unary negation
The current X509_print_ex() tries too hard pretty printing negative serialNumbers (which shouldn't occur in the first place). In particular, negating LONG_MAX leads to signed overflow. Ditch the code dealing with negative serialNumbers representable as long and fall back to the long form printing. This simplifies the code and fixes
oss-fuzz #49944
with/ok jsing
|
#
1.38 |
|
10-Aug-2022 |
tb |
Only print versions we know about
The version field of an X.509 Certificate is an enum
Version ::= INTEGER { v1(0), v2(1), v3(2) }
Printing the version as l + 1 only really makes sense with 0 <= l <= 2. Otherwise print a naked l while also indicating that it is an unknown version.
ok jsing
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.37 |
|
25-Dec-2021 |
jsing |
Indent goto labels for diffability.
Whitespace change only.
|
#
1.36 |
|
25-Dec-2021 |
jsing |
Move more ASN1_STRING_* functions to a_string.c.
No functional change.
|
#
1.35 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.34 |
|
26-Jul-2021 |
tb |
Add error checks for i2d_X509_NAME()
This avoids potential malloc(-1) and malloc(0), spotted by schwarze while documenting X509_ocspid_print().
ok schwarze
|
#
1.33 |
|
06-Jul-2021 |
schwarze |
Fix a bug in X509_print_ex(3). If the user set nmflags == X509_FLAG_COMPAT and X509_NAME_print_ex(3) failed, the error return value of 0 was misinterpreted as an indicator of success, causing X509_print_ex(3) to ignore the error, continue printing, and potentially return successfully even though not all the content of the certificate was printed.
The X509_NAME_print_ex(3) manual page explains that this function indicates failure by returning 0 if nmflags == X509_FLAG_COMPAT and by returning -1 if nmflags != X509_FLAG_COMPAT. That's definitely atrocious API design (witnessed by the complexity of the code needed for correct error checking), but changing the API contract and becoming incompatible with OpenSSL would make matters even worse.
Note that just checking for <= 0 in all cases would not be correct either because X509_NAME_print_ex(3) returns 0 to indicate that it successfully printed zero bytes in some cases, for example when all three of the following conditions hold: 1. nmflags != X509_FLAG_COMPAT 2. indent == 0 (which X509_print_ex(3) does use in some cases) 3. the name object is NULL or empty
I found the bug by code inspection and proposed an incomplete patch, then jsing@ proposed this improved version of the patch. OK jsing@.
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.32 |
|
10-Apr-2020 |
tb |
When printing the serialNumber, fall back to the colon separated hex bytes in case ASN1_INTEGER_get() failed. This happens more often since asn1/a_int.c -r1.34. Matches OpenSSL behavior.
Issue in openssl x509 -text output reported by sthen
ok jsing sthen
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.31 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME *' argument of X509_NAME_print{,_ex{,_fp}}(3).
tested in a bulk build by sthen ok jsing
|
#
1.30 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.29 |
|
25-Apr-2018 |
tb |
Put function name on a separate line and zap stray whitespace.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.28 |
|
03-Apr-2017 |
beck |
Fix silly code that printfs NULL when there are no fractional seconds on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.27 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.26 |
|
07-Feb-2015 |
doug |
Delete a lot of #if 0 code in libressl.
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
#
1.25 |
|
12-Jul-2014 |
miod |
Make sure the return value of X509_NAME_oneline(, NULL,) is checked against NULL. ok deraadt@ guenther@ jsing@
|
#
1.24 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.23 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.22 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.21 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.20 |
|
29-May-2014 |
beck |
Everything sane has stdio, and FILE *. we don't need ifdefs for this. ok to firebomb from tedu@
|
#
1.19 |
|
21-Apr-2014 |
deraadt |
improve realloc/calloc/malloc patterns; ok guenther
|
#
1.18 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.17 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.16 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.15 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.14 |
|
15-Apr-2014 |
beck |
Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternity with the bearded ones... some API's that nobody should be using will dissapear with this commit.
|
#
1.13 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.12 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.11 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.10 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.9 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.8 |
|
06-Aug-2003 |
millert |
Remove some double semicolons (hmm, do two semis equal a maxi?). I've skipped the GNU stuff for now. From Patrick Latifi.
|
#
1.7 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
01-Aug-2001 |
beck |
merge openssl 0.9.6b-engine
Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.42 |
|
05-Jul-2023 |
beck |
Hide symbols in asn1 and bio
ok jsing@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.41 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.40 |
|
11-Aug-2022 |
tb |
Remove unused variable
X509_NAME_print() is documented to print things at a given indentation level. Unfortunately, this never worked since someone got some logic wrong. Part of the wrong logic was removed in a dead code removal in OpenSSL commit 92ada7cc, but the variable l was left behind, which leads to compiler warnings on some platforms. End its sad life pointlessly and incorrectly measuring column width and remove it.
ok jsing
|
#
1.39 |
|
10-Aug-2022 |
tb |
Avoid signed integer overflow due to unary negation
The current X509_print_ex() tries too hard pretty printing negative serialNumbers (which shouldn't occur in the first place). In particular, negating LONG_MAX leads to signed overflow. Ditch the code dealing with negative serialNumbers representable as long and fall back to the long form printing. This simplifies the code and fixes
oss-fuzz #49944
with/ok jsing
|
#
1.38 |
|
10-Aug-2022 |
tb |
Only print versions we know about
The version field of an X.509 Certificate is an enum
Version ::= INTEGER { v1(0), v2(1), v3(2) }
Printing the version as l + 1 only really makes sense with 0 <= l <= 2. Otherwise print a naked l while also indicating that it is an unknown version.
ok jsing
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.37 |
|
25-Dec-2021 |
jsing |
Indent goto labels for diffability.
Whitespace change only.
|
#
1.36 |
|
25-Dec-2021 |
jsing |
Move more ASN1_STRING_* functions to a_string.c.
No functional change.
|
#
1.35 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.34 |
|
26-Jul-2021 |
tb |
Add error checks for i2d_X509_NAME()
This avoids potential malloc(-1) and malloc(0), spotted by schwarze while documenting X509_ocspid_print().
ok schwarze
|
#
1.33 |
|
06-Jul-2021 |
schwarze |
Fix a bug in X509_print_ex(3). If the user set nmflags == X509_FLAG_COMPAT and X509_NAME_print_ex(3) failed, the error return value of 0 was misinterpreted as an indicator of success, causing X509_print_ex(3) to ignore the error, continue printing, and potentially return successfully even though not all the content of the certificate was printed.
The X509_NAME_print_ex(3) manual page explains that this function indicates failure by returning 0 if nmflags == X509_FLAG_COMPAT and by returning -1 if nmflags != X509_FLAG_COMPAT. That's definitely atrocious API design (witnessed by the complexity of the code needed for correct error checking), but changing the API contract and becoming incompatible with OpenSSL would make matters even worse.
Note that just checking for <= 0 in all cases would not be correct either because X509_NAME_print_ex(3) returns 0 to indicate that it successfully printed zero bytes in some cases, for example when all three of the following conditions hold: 1. nmflags != X509_FLAG_COMPAT 2. indent == 0 (which X509_print_ex(3) does use in some cases) 3. the name object is NULL or empty
I found the bug by code inspection and proposed an incomplete patch, then jsing@ proposed this improved version of the patch. OK jsing@.
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.32 |
|
10-Apr-2020 |
tb |
When printing the serialNumber, fall back to the colon separated hex bytes in case ASN1_INTEGER_get() failed. This happens more often since asn1/a_int.c -r1.34. Matches OpenSSL behavior.
Issue in openssl x509 -text output reported by sthen
ok jsing sthen
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.31 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME *' argument of X509_NAME_print{,_ex{,_fp}}(3).
tested in a bulk build by sthen ok jsing
|
#
1.30 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.29 |
|
25-Apr-2018 |
tb |
Put function name on a separate line and zap stray whitespace.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.28 |
|
03-Apr-2017 |
beck |
Fix silly code that printfs NULL when there are no fractional seconds on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.27 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.26 |
|
07-Feb-2015 |
doug |
Delete a lot of #if 0 code in libressl.
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
#
1.25 |
|
12-Jul-2014 |
miod |
Make sure the return value of X509_NAME_oneline(, NULL,) is checked against NULL. ok deraadt@ guenther@ jsing@
|
#
1.24 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.23 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.22 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.21 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.20 |
|
29-May-2014 |
beck |
Everything sane has stdio, and FILE *. we don't need ifdefs for this. ok to firebomb from tedu@
|
#
1.19 |
|
21-Apr-2014 |
deraadt |
improve realloc/calloc/malloc patterns; ok guenther
|
#
1.18 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.17 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.16 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.15 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.14 |
|
15-Apr-2014 |
beck |
Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternity with the bearded ones... some API's that nobody should be using will dissapear with this commit.
|
#
1.13 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.12 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.11 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.10 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.9 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.8 |
|
06-Aug-2003 |
millert |
Remove some double semicolons (hmm, do two semis equal a maxi?). I've skipped the GNU stuff for now. From Patrick Latifi.
|
#
1.7 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
01-Aug-2001 |
beck |
merge openssl 0.9.6b-engine
Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.41 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.40 |
|
11-Aug-2022 |
tb |
Remove unused variable
X509_NAME_print() is documented to print things at a given indentation level. Unfortunately, this never worked since someone got some logic wrong. Part of the wrong logic was removed in a dead code removal in OpenSSL commit 92ada7cc, but the variable l was left behind, which leads to compiler warnings on some platforms. End its sad life pointlessly and incorrectly measuring column width and remove it.
ok jsing
|
#
1.39 |
|
10-Aug-2022 |
tb |
Avoid signed integer overflow due to unary negation
The current X509_print_ex() tries too hard pretty printing negative serialNumbers (which shouldn't occur in the first place). In particular, negating LONG_MAX leads to signed overflow. Ditch the code dealing with negative serialNumbers representable as long and fall back to the long form printing. This simplifies the code and fixes
oss-fuzz #49944
with/ok jsing
|
#
1.38 |
|
10-Aug-2022 |
tb |
Only print versions we know about
The version field of an X.509 Certificate is an enum
Version ::= INTEGER { v1(0), v2(1), v3(2) }
Printing the version as l + 1 only really makes sense with 0 <= l <= 2. Otherwise print a naked l while also indicating that it is an unknown version.
ok jsing
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.37 |
|
25-Dec-2021 |
jsing |
Indent goto labels for diffability.
Whitespace change only.
|
#
1.36 |
|
25-Dec-2021 |
jsing |
Move more ASN1_STRING_* functions to a_string.c.
No functional change.
|
#
1.35 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.34 |
|
26-Jul-2021 |
tb |
Add error checks for i2d_X509_NAME()
This avoids potential malloc(-1) and malloc(0), spotted by schwarze while documenting X509_ocspid_print().
ok schwarze
|
#
1.33 |
|
06-Jul-2021 |
schwarze |
Fix a bug in X509_print_ex(3). If the user set nmflags == X509_FLAG_COMPAT and X509_NAME_print_ex(3) failed, the error return value of 0 was misinterpreted as an indicator of success, causing X509_print_ex(3) to ignore the error, continue printing, and potentially return successfully even though not all the content of the certificate was printed.
The X509_NAME_print_ex(3) manual page explains that this function indicates failure by returning 0 if nmflags == X509_FLAG_COMPAT and by returning -1 if nmflags != X509_FLAG_COMPAT. That's definitely atrocious API design (witnessed by the complexity of the code needed for correct error checking), but changing the API contract and becoming incompatible with OpenSSL would make matters even worse.
Note that just checking for <= 0 in all cases would not be correct either because X509_NAME_print_ex(3) returns 0 to indicate that it successfully printed zero bytes in some cases, for example when all three of the following conditions hold: 1. nmflags != X509_FLAG_COMPAT 2. indent == 0 (which X509_print_ex(3) does use in some cases) 3. the name object is NULL or empty
I found the bug by code inspection and proposed an incomplete patch, then jsing@ proposed this improved version of the patch. OK jsing@.
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.32 |
|
10-Apr-2020 |
tb |
When printing the serialNumber, fall back to the colon separated hex bytes in case ASN1_INTEGER_get() failed. This happens more often since asn1/a_int.c -r1.34. Matches OpenSSL behavior.
Issue in openssl x509 -text output reported by sthen
ok jsing sthen
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.31 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME *' argument of X509_NAME_print{,_ex{,_fp}}(3).
tested in a bulk build by sthen ok jsing
|
#
1.30 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.29 |
|
25-Apr-2018 |
tb |
Put function name on a separate line and zap stray whitespace.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.28 |
|
03-Apr-2017 |
beck |
Fix silly code that printfs NULL when there are no fractional seconds on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.27 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.26 |
|
07-Feb-2015 |
doug |
Delete a lot of #if 0 code in libressl.
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
#
1.25 |
|
12-Jul-2014 |
miod |
Make sure the return value of X509_NAME_oneline(, NULL,) is checked against NULL. ok deraadt@ guenther@ jsing@
|
#
1.24 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.23 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.22 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.21 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.20 |
|
29-May-2014 |
beck |
Everything sane has stdio, and FILE *. we don't need ifdefs for this. ok to firebomb from tedu@
|
#
1.19 |
|
21-Apr-2014 |
deraadt |
improve realloc/calloc/malloc patterns; ok guenther
|
#
1.18 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.17 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.16 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.15 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.14 |
|
15-Apr-2014 |
beck |
Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternity with the bearded ones... some API's that nobody should be using will dissapear with this commit.
|
#
1.13 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.12 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.11 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.10 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.9 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.8 |
|
06-Aug-2003 |
millert |
Remove some double semicolons (hmm, do two semis equal a maxi?). I've skipped the GNU stuff for now. From Patrick Latifi.
|
#
1.7 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
01-Aug-2001 |
beck |
merge openssl 0.9.6b-engine
Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.40 |
|
11-Aug-2022 |
tb |
Remove unused variable
X509_NAME_print() is documented to print things at a given indentation level. Unfortunately, this never worked since someone got some logic wrong. Part of the wrong logic was removed in a dead code removal in OpenSSL commit 92ada7cc, but the variable l was left behind, which leads to compiler warnings on some platforms. End its sad life pointlessly and incorrectly measuring column width and remove it.
ok jsing
|
#
1.39 |
|
10-Aug-2022 |
tb |
Avoid signed integer overflow due to unary negation
The current X509_print_ex() tries too hard pretty printing negative serialNumbers (which shouldn't occur in the first place). In particular, negating LONG_MAX leads to signed overflow. Ditch the code dealing with negative serialNumbers representable as long and fall back to the long form printing. This simplifies the code and fixes
oss-fuzz #49944
with/ok jsing
|
#
1.38 |
|
10-Aug-2022 |
tb |
Only print versions we know about
The version field of an X.509 Certificate is an enum
Version ::= INTEGER { v1(0), v2(1), v3(2) }
Printing the version as l + 1 only really makes sense with 0 <= l <= 2. Otherwise print a naked l while also indicating that it is an unknown version.
ok jsing
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.37 |
|
25-Dec-2021 |
jsing |
Indent goto labels for diffability.
Whitespace change only.
|
#
1.36 |
|
25-Dec-2021 |
jsing |
Move more ASN1_STRING_* functions to a_string.c.
No functional change.
|
#
1.35 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.34 |
|
26-Jul-2021 |
tb |
Add error checks for i2d_X509_NAME()
This avoids potential malloc(-1) and malloc(0), spotted by schwarze while documenting X509_ocspid_print().
ok schwarze
|
#
1.33 |
|
06-Jul-2021 |
schwarze |
Fix a bug in X509_print_ex(3). If the user set nmflags == X509_FLAG_COMPAT and X509_NAME_print_ex(3) failed, the error return value of 0 was misinterpreted as an indicator of success, causing X509_print_ex(3) to ignore the error, continue printing, and potentially return successfully even though not all the content of the certificate was printed.
The X509_NAME_print_ex(3) manual page explains that this function indicates failure by returning 0 if nmflags == X509_FLAG_COMPAT and by returning -1 if nmflags != X509_FLAG_COMPAT. That's definitely atrocious API design (witnessed by the complexity of the code needed for correct error checking), but changing the API contract and becoming incompatible with OpenSSL would make matters even worse.
Note that just checking for <= 0 in all cases would not be correct either because X509_NAME_print_ex(3) returns 0 to indicate that it successfully printed zero bytes in some cases, for example when all three of the following conditions hold: 1. nmflags != X509_FLAG_COMPAT 2. indent == 0 (which X509_print_ex(3) does use in some cases) 3. the name object is NULL or empty
I found the bug by code inspection and proposed an incomplete patch, then jsing@ proposed this improved version of the patch. OK jsing@.
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.32 |
|
10-Apr-2020 |
tb |
When printing the serialNumber, fall back to the colon separated hex bytes in case ASN1_INTEGER_get() failed. This happens more often since asn1/a_int.c -r1.34. Matches OpenSSL behavior.
Issue in openssl x509 -text output reported by sthen
ok jsing sthen
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.31 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME *' argument of X509_NAME_print{,_ex{,_fp}}(3).
tested in a bulk build by sthen ok jsing
|
#
1.30 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.29 |
|
25-Apr-2018 |
tb |
Put function name on a separate line and zap stray whitespace.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.28 |
|
03-Apr-2017 |
beck |
Fix silly code that printfs NULL when there are no fractional seconds on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.27 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.26 |
|
07-Feb-2015 |
doug |
Delete a lot of #if 0 code in libressl.
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
#
1.25 |
|
12-Jul-2014 |
miod |
Make sure the return value of X509_NAME_oneline(, NULL,) is checked against NULL. ok deraadt@ guenther@ jsing@
|
#
1.24 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.23 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.22 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.21 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.20 |
|
29-May-2014 |
beck |
Everything sane has stdio, and FILE *. we don't need ifdefs for this. ok to firebomb from tedu@
|
#
1.19 |
|
21-Apr-2014 |
deraadt |
improve realloc/calloc/malloc patterns; ok guenther
|
#
1.18 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.17 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.16 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.15 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.14 |
|
15-Apr-2014 |
beck |
Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternity with the bearded ones... some API's that nobody should be using will dissapear with this commit.
|
#
1.13 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.12 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.11 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.10 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.9 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.8 |
|
06-Aug-2003 |
millert |
Remove some double semicolons (hmm, do two semis equal a maxi?). I've skipped the GNU stuff for now. From Patrick Latifi.
|
#
1.7 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
01-Aug-2001 |
beck |
merge openssl 0.9.6b-engine
Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.37 |
|
25-Dec-2021 |
jsing |
Indent goto labels for diffability.
Whitespace change only.
|
#
1.36 |
|
25-Dec-2021 |
jsing |
Move more ASN1_STRING_* functions to a_string.c.
No functional change.
|
#
1.35 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.34 |
|
26-Jul-2021 |
tb |
Add error checks for i2d_X509_NAME()
This avoids potential malloc(-1) and malloc(0), spotted by schwarze while documenting X509_ocspid_print().
ok schwarze
|
#
1.33 |
|
06-Jul-2021 |
schwarze |
Fix a bug in X509_print_ex(3). If the user set nmflags == X509_FLAG_COMPAT and X509_NAME_print_ex(3) failed, the error return value of 0 was misinterpreted as an indicator of success, causing X509_print_ex(3) to ignore the error, continue printing, and potentially return successfully even though not all the content of the certificate was printed.
The X509_NAME_print_ex(3) manual page explains that this function indicates failure by returning 0 if nmflags == X509_FLAG_COMPAT and by returning -1 if nmflags != X509_FLAG_COMPAT. That's definitely atrocious API design (witnessed by the complexity of the code needed for correct error checking), but changing the API contract and becoming incompatible with OpenSSL would make matters even worse.
Note that just checking for <= 0 in all cases would not be correct either because X509_NAME_print_ex(3) returns 0 to indicate that it successfully printed zero bytes in some cases, for example when all three of the following conditions hold: 1. nmflags != X509_FLAG_COMPAT 2. indent == 0 (which X509_print_ex(3) does use in some cases) 3. the name object is NULL or empty
I found the bug by code inspection and proposed an incomplete patch, then jsing@ proposed this improved version of the patch. OK jsing@.
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.32 |
|
10-Apr-2020 |
tb |
When printing the serialNumber, fall back to the colon separated hex bytes in case ASN1_INTEGER_get() failed. This happens more often since asn1/a_int.c -r1.34. Matches OpenSSL behavior.
Issue in openssl x509 -text output reported by sthen
ok jsing sthen
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.31 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME *' argument of X509_NAME_print{,_ex{,_fp}}(3).
tested in a bulk build by sthen ok jsing
|
#
1.30 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.29 |
|
25-Apr-2018 |
tb |
Put function name on a separate line and zap stray whitespace.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.28 |
|
03-Apr-2017 |
beck |
Fix silly code that printfs NULL when there are no fractional seconds on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.27 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.26 |
|
07-Feb-2015 |
doug |
Delete a lot of #if 0 code in libressl.
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
#
1.25 |
|
12-Jul-2014 |
miod |
Make sure the return value of X509_NAME_oneline(, NULL,) is checked against NULL. ok deraadt@ guenther@ jsing@
|
#
1.24 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.23 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.22 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.21 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.20 |
|
29-May-2014 |
beck |
Everything sane has stdio, and FILE *. we don't need ifdefs for this. ok to firebomb from tedu@
|
#
1.19 |
|
21-Apr-2014 |
deraadt |
improve realloc/calloc/malloc patterns; ok guenther
|
#
1.18 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.17 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.16 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.15 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.14 |
|
15-Apr-2014 |
beck |
Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternity with the bearded ones... some API's that nobody should be using will dissapear with this commit.
|
#
1.13 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.12 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.11 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.10 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.9 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.8 |
|
06-Aug-2003 |
millert |
Remove some double semicolons (hmm, do two semis equal a maxi?). I've skipped the GNU stuff for now. From Patrick Latifi.
|
#
1.7 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
01-Aug-2001 |
beck |
merge openssl 0.9.6b-engine
Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.35 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.34 |
|
26-Jul-2021 |
tb |
Add error checks for i2d_X509_NAME()
This avoids potential malloc(-1) and malloc(0), spotted by schwarze while documenting X509_ocspid_print().
ok schwarze
|
#
1.33 |
|
06-Jul-2021 |
schwarze |
Fix a bug in X509_print_ex(3). If the user set nmflags == X509_FLAG_COMPAT and X509_NAME_print_ex(3) failed, the error return value of 0 was misinterpreted as an indicator of success, causing X509_print_ex(3) to ignore the error, continue printing, and potentially return successfully even though not all the content of the certificate was printed.
The X509_NAME_print_ex(3) manual page explains that this function indicates failure by returning 0 if nmflags == X509_FLAG_COMPAT and by returning -1 if nmflags != X509_FLAG_COMPAT. That's definitely atrocious API design (witnessed by the complexity of the code needed for correct error checking), but changing the API contract and becoming incompatible with OpenSSL would make matters even worse.
Note that just checking for <= 0 in all cases would not be correct either because X509_NAME_print_ex(3) returns 0 to indicate that it successfully printed zero bytes in some cases, for example when all three of the following conditions hold: 1. nmflags != X509_FLAG_COMPAT 2. indent == 0 (which X509_print_ex(3) does use in some cases) 3. the name object is NULL or empty
I found the bug by code inspection and proposed an incomplete patch, then jsing@ proposed this improved version of the patch. OK jsing@.
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.32 |
|
10-Apr-2020 |
tb |
When printing the serialNumber, fall back to the colon separated hex bytes in case ASN1_INTEGER_get() failed. This happens more often since asn1/a_int.c -r1.34. Matches OpenSSL behavior.
Issue in openssl x509 -text output reported by sthen
ok jsing sthen
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.31 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME *' argument of X509_NAME_print{,_ex{,_fp}}(3).
tested in a bulk build by sthen ok jsing
|
#
1.30 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.29 |
|
25-Apr-2018 |
tb |
Put function name on a separate line and zap stray whitespace.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.28 |
|
03-Apr-2017 |
beck |
Fix silly code that printfs NULL when there are no fractional seconds on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.27 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.26 |
|
07-Feb-2015 |
doug |
Delete a lot of #if 0 code in libressl.
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
#
1.25 |
|
12-Jul-2014 |
miod |
Make sure the return value of X509_NAME_oneline(, NULL,) is checked against NULL. ok deraadt@ guenther@ jsing@
|
#
1.24 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.23 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.22 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.21 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.20 |
|
29-May-2014 |
beck |
Everything sane has stdio, and FILE *. we don't need ifdefs for this. ok to firebomb from tedu@
|
#
1.19 |
|
21-Apr-2014 |
deraadt |
improve realloc/calloc/malloc patterns; ok guenther
|
#
1.18 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.17 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.16 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.15 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.14 |
|
15-Apr-2014 |
beck |
Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternity with the bearded ones... some API's that nobody should be using will dissapear with this commit.
|
#
1.13 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.12 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.11 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.10 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.9 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.8 |
|
06-Aug-2003 |
millert |
Remove some double semicolons (hmm, do two semis equal a maxi?). I've skipped the GNU stuff for now. From Patrick Latifi.
|
#
1.7 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
01-Aug-2001 |
beck |
merge openssl 0.9.6b-engine
Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.34 |
|
26-Jul-2021 |
tb |
Add error checks for i2d_X509_NAME()
This avoids potential malloc(-1) and malloc(0), spotted by schwarze while documenting X509_ocspid_print().
ok schwarze
|
#
1.33 |
|
06-Jul-2021 |
schwarze |
Fix a bug in X509_print_ex(3). If the user set nmflags == X509_FLAG_COMPAT and X509_NAME_print_ex(3) failed, the error return value of 0 was misinterpreted as an indicator of success, causing X509_print_ex(3) to ignore the error, continue printing, and potentially return successfully even though not all the content of the certificate was printed.
The X509_NAME_print_ex(3) manual page explains that this function indicates failure by returning 0 if nmflags == X509_FLAG_COMPAT and by returning -1 if nmflags != X509_FLAG_COMPAT. That's definitely atrocious API design (witnessed by the complexity of the code needed for correct error checking), but changing the API contract and becoming incompatible with OpenSSL would make matters even worse.
Note that just checking for <= 0 in all cases would not be correct either because X509_NAME_print_ex(3) returns 0 to indicate that it successfully printed zero bytes in some cases, for example when all three of the following conditions hold: 1. nmflags != X509_FLAG_COMPAT 2. indent == 0 (which X509_print_ex(3) does use in some cases) 3. the name object is NULL or empty
I found the bug by code inspection and proposed an incomplete patch, then jsing@ proposed this improved version of the patch. OK jsing@.
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.32 |
|
10-Apr-2020 |
tb |
When printing the serialNumber, fall back to the colon separated hex bytes in case ASN1_INTEGER_get() failed. This happens more often since asn1/a_int.c -r1.34. Matches OpenSSL behavior.
Issue in openssl x509 -text output reported by sthen
ok jsing sthen
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.31 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME *' argument of X509_NAME_print{,_ex{,_fp}}(3).
tested in a bulk build by sthen ok jsing
|
#
1.30 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.29 |
|
25-Apr-2018 |
tb |
Put function name on a separate line and zap stray whitespace.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.28 |
|
03-Apr-2017 |
beck |
Fix silly code that printfs NULL when there are no fractional seconds on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.27 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.26 |
|
07-Feb-2015 |
doug |
Delete a lot of #if 0 code in libressl.
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
#
1.25 |
|
12-Jul-2014 |
miod |
Make sure the return value of X509_NAME_oneline(, NULL,) is checked against NULL. ok deraadt@ guenther@ jsing@
|
#
1.24 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.23 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.22 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.21 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.20 |
|
29-May-2014 |
beck |
Everything sane has stdio, and FILE *. we don't need ifdefs for this. ok to firebomb from tedu@
|
#
1.19 |
|
21-Apr-2014 |
deraadt |
improve realloc/calloc/malloc patterns; ok guenther
|
#
1.18 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.17 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.16 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.15 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.14 |
|
15-Apr-2014 |
beck |
Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternity with the bearded ones... some API's that nobody should be using will dissapear with this commit.
|
#
1.13 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.12 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.11 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.10 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.9 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.8 |
|
06-Aug-2003 |
millert |
Remove some double semicolons (hmm, do two semis equal a maxi?). I've skipped the GNU stuff for now. From Patrick Latifi.
|
#
1.7 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
01-Aug-2001 |
beck |
merge openssl 0.9.6b-engine
Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.33 |
|
06-Jul-2021 |
schwarze |
Fix a bug in X509_print_ex(3). If the user set nmflags == X509_FLAG_COMPAT and X509_NAME_print_ex(3) failed, the error return value of 0 was misinterpreted as an indicator of success, causing X509_print_ex(3) to ignore the error, continue printing, and potentially return successfully even though not all the content of the certificate was printed.
The X509_NAME_print_ex(3) manual page explains that this function indicates failure by returning 0 if nmflags == X509_FLAG_COMPAT and by returning -1 if nmflags != X509_FLAG_COMPAT. That's definitely atrocious API design (witnessed by the complexity of the code needed for correct error checking), but changing the API contract and becoming incompatible with OpenSSL would make matters even worse.
Note that just checking for <= 0 in all cases would not be correct either because X509_NAME_print_ex(3) returns 0 to indicate that it successfully printed zero bytes in some cases, for example when all three of the following conditions hold: 1. nmflags != X509_FLAG_COMPAT 2. indent == 0 (which X509_print_ex(3) does use in some cases) 3. the name object is NULL or empty
I found the bug by code inspection and proposed an incomplete patch, then jsing@ proposed this improved version of the patch. OK jsing@.
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.32 |
|
10-Apr-2020 |
tb |
When printing the serialNumber, fall back to the colon separated hex bytes in case ASN1_INTEGER_get() failed. This happens more often since asn1/a_int.c -r1.34. Matches OpenSSL behavior.
Issue in openssl x509 -text output reported by sthen
ok jsing sthen
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.31 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME *' argument of X509_NAME_print{,_ex{,_fp}}(3).
tested in a bulk build by sthen ok jsing
|
#
1.30 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.29 |
|
25-Apr-2018 |
tb |
Put function name on a separate line and zap stray whitespace.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.28 |
|
03-Apr-2017 |
beck |
Fix silly code that printfs NULL when there are no fractional seconds on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.27 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.26 |
|
07-Feb-2015 |
doug |
Delete a lot of #if 0 code in libressl.
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
#
1.25 |
|
12-Jul-2014 |
miod |
Make sure the return value of X509_NAME_oneline(, NULL,) is checked against NULL. ok deraadt@ guenther@ jsing@
|
#
1.24 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.23 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.22 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.21 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.20 |
|
29-May-2014 |
beck |
Everything sane has stdio, and FILE *. we don't need ifdefs for this. ok to firebomb from tedu@
|
#
1.19 |
|
21-Apr-2014 |
deraadt |
improve realloc/calloc/malloc patterns; ok guenther
|
#
1.18 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.17 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.16 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.15 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.14 |
|
15-Apr-2014 |
beck |
Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternity with the bearded ones... some API's that nobody should be using will dissapear with this commit.
|
#
1.13 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.12 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.11 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.10 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.9 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.8 |
|
06-Aug-2003 |
millert |
Remove some double semicolons (hmm, do two semis equal a maxi?). I've skipped the GNU stuff for now. From Patrick Latifi.
|
#
1.7 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
01-Aug-2001 |
beck |
merge openssl 0.9.6b-engine
Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.32 |
|
10-Apr-2020 |
tb |
When printing the serialNumber, fall back to the colon separated hex bytes in case ASN1_INTEGER_get() failed. This happens more often since asn1/a_int.c -r1.34. Matches OpenSSL behavior.
Issue in openssl x509 -text output reported by sthen
ok jsing sthen
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.31 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME *' argument of X509_NAME_print{,_ex{,_fp}}(3).
tested in a bulk build by sthen ok jsing
|
#
1.30 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.29 |
|
25-Apr-2018 |
tb |
Put function name on a separate line and zap stray whitespace.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.28 |
|
03-Apr-2017 |
beck |
Fix silly code that printfs NULL when there are no fractional seconds on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.27 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.26 |
|
07-Feb-2015 |
doug |
Delete a lot of #if 0 code in libressl.
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
#
1.25 |
|
12-Jul-2014 |
miod |
Make sure the return value of X509_NAME_oneline(, NULL,) is checked against NULL. ok deraadt@ guenther@ jsing@
|
#
1.24 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.23 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.22 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.21 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.20 |
|
29-May-2014 |
beck |
Everything sane has stdio, and FILE *. we don't need ifdefs for this. ok to firebomb from tedu@
|
#
1.19 |
|
21-Apr-2014 |
deraadt |
improve realloc/calloc/malloc patterns; ok guenther
|
#
1.18 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.17 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.16 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.15 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.14 |
|
15-Apr-2014 |
beck |
Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternity with the bearded ones... some API's that nobody should be using will dissapear with this commit.
|
#
1.13 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.12 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.11 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.10 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.9 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.8 |
|
06-Aug-2003 |
millert |
Remove some double semicolons (hmm, do two semis equal a maxi?). I've skipped the GNU stuff for now. From Patrick Latifi.
|
#
1.7 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
01-Aug-2001 |
beck |
merge openssl 0.9.6b-engine
Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.31 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME *' argument of X509_NAME_print{,_ex{,_fp}}(3).
tested in a bulk build by sthen ok jsing
|
#
1.30 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.29 |
|
25-Apr-2018 |
tb |
Put function name on a separate line and zap stray whitespace.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.28 |
|
03-Apr-2017 |
beck |
Fix silly code that printfs NULL when there are no fractional seconds on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.27 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.26 |
|
07-Feb-2015 |
doug |
Delete a lot of #if 0 code in libressl.
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
#
1.25 |
|
12-Jul-2014 |
miod |
Make sure the return value of X509_NAME_oneline(, NULL,) is checked against NULL. ok deraadt@ guenther@ jsing@
|
#
1.24 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.23 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.22 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.21 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.20 |
|
29-May-2014 |
beck |
Everything sane has stdio, and FILE *. we don't need ifdefs for this. ok to firebomb from tedu@
|
#
1.19 |
|
21-Apr-2014 |
deraadt |
improve realloc/calloc/malloc patterns; ok guenther
|
#
1.18 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.17 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.16 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.15 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.14 |
|
15-Apr-2014 |
beck |
Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternity with the bearded ones... some API's that nobody should be using will dissapear with this commit.
|
#
1.13 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.12 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.11 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.10 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.9 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.8 |
|
06-Aug-2003 |
millert |
Remove some double semicolons (hmm, do two semis equal a maxi?). I've skipped the GNU stuff for now. From Patrick Latifi.
|
#
1.7 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
01-Aug-2001 |
beck |
merge openssl 0.9.6b-engine
Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.30 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.29 |
|
25-Apr-2018 |
tb |
Put function name on a separate line and zap stray whitespace.
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.28 |
|
03-Apr-2017 |
beck |
Fix silly code that printfs NULL when there are no fractional seconds on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.27 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.26 |
|
07-Feb-2015 |
doug |
Delete a lot of #if 0 code in libressl.
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
#
1.25 |
|
12-Jul-2014 |
miod |
Make sure the return value of X509_NAME_oneline(, NULL,) is checked against NULL. ok deraadt@ guenther@ jsing@
|
#
1.24 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.23 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.22 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.21 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.20 |
|
29-May-2014 |
beck |
Everything sane has stdio, and FILE *. we don't need ifdefs for this. ok to firebomb from tedu@
|
#
1.19 |
|
21-Apr-2014 |
deraadt |
improve realloc/calloc/malloc patterns; ok guenther
|
#
1.18 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.17 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.16 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.15 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.14 |
|
15-Apr-2014 |
beck |
Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternity with the bearded ones... some API's that nobody should be using will dissapear with this commit.
|
#
1.13 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.12 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.11 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.10 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.9 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.8 |
|
06-Aug-2003 |
millert |
Remove some double semicolons (hmm, do two semis equal a maxi?). I've skipped the GNU stuff for now. From Patrick Latifi.
|
#
1.7 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
01-Aug-2001 |
beck |
merge openssl 0.9.6b-engine
Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.28 |
|
03-Apr-2017 |
beck |
Fix silly code that printfs NULL when there are no fractional seconds on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.27 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.26 |
|
07-Feb-2015 |
doug |
Delete a lot of #if 0 code in libressl.
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
#
1.25 |
|
12-Jul-2014 |
miod |
Make sure the return value of X509_NAME_oneline(, NULL,) is checked against NULL. ok deraadt@ guenther@ jsing@
|
#
1.24 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.23 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.22 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.21 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.20 |
|
29-May-2014 |
beck |
Everything sane has stdio, and FILE *. we don't need ifdefs for this. ok to firebomb from tedu@
|
#
1.19 |
|
21-Apr-2014 |
deraadt |
improve realloc/calloc/malloc patterns; ok guenther
|
#
1.18 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.17 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.16 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.15 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.14 |
|
15-Apr-2014 |
beck |
Send the rotIBM stream cipher (ebcdic) to Valhalla to party for eternity with the bearded ones... some API's that nobody should be using will dissapear with this commit.
|
#
1.13 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.12 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.11 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.10 |
|
05-Jan-2009 |
djm |
update to openssl-0.9.8i; tested by several, especially krw@
|
#
1.9 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.8 |
|
06-Aug-2003 |
millert |
Remove some double semicolons (hmm, do two semis equal a maxi?). I've skipped the GNU stuff for now. From Patrick Latifi.
|
#
1.7 |
|
12-May-2003 |
markus |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
|
#
1.6 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.5 |
|
01-Aug-2001 |
beck |
merge openssl 0.9.6b-engine
Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|