#
1.38 |
|
09-Apr-2024 |
beck |
Hide public symbols in x509.h
This picks up most of the remaining public symbols in x509.h
ok tb@
|
Revision tags: OPENBSD_7_4_BASE OPENBSD_7_5_BASE
|
#
1.37 |
|
07-Jul-2023 |
beck |
Unbreak the namespace build after a broken mk.conf and tool misfire had me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
#
1.36 |
|
05-Jul-2023 |
beck |
Hide symbols in asn1 and bio
ok jsing@
|
#
1.35 |
|
28-Apr-2023 |
tb |
Unifdef LIBRESSL_HAS_POLICY_DAG and remove it from the Makefile
with beck
|
#
1.34 |
|
26-Apr-2023 |
beck |
Make the new policy code in x509_policy.c to be selectable at compile time.
The old policy codes remains the default, with the new policy code selectable by defining LIBRESSL_HAS_POLICY_DAG.
ok tb@ jsing@
|
#
1.33 |
|
24-Apr-2023 |
job |
Revert 1.32
jsing@ noted that ASN1_OP_D2I_POST might not be the best place to introduce this check (as could lead to pushing errors (ASN1_R_AUX_ERROR) onto the stack). Additionally, without matching validation on the encoding side brittleness is introduced.
|
#
1.32 |
|
23-Apr-2023 |
job |
Add compliance checks for the X.509 version field
Check whether the X.509 version is in the range of valid version values, and also checks whether the version is consistent with fields new to those versions (such as X.509 v3 extensions).
X.690 section 11.5 states: "The encoding of a set value or a sequence value shall not include an encoding for any component value which is equal to its default value." However, enforcing version 1 (value 0) to be absent reportedly caused some issues as recent as July 2020, so accept version 1 even if it is explicitly encoded.
OK tb@ beck@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.31 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.30 |
|
25-Dec-2021 |
jsing |
Indent goto labels for diffability.
Whitespace change only.
|
#
1.29 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
#
1.28 |
|
23-Oct-2021 |
tb |
Prepare to provide X509_re_X509*_tbs()
ok beck jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.27 |
|
02-Sep-2021 |
job |
Lay groundwork to support X.509 v3 extensions for IP Addresses and AS Identifiers
These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360). Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf) This changeset is a no-op, as there are 10+ issues and at least 2 security issues. Work will continue in-tree.
OK tb@, discussed with beck@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.26 |
|
17-Feb-2018 |
jsing |
Provide X509_get0_extensions() and X509_get0_signature()
|
#
1.25 |
|
14-Feb-2018 |
jsing |
Provide X509_get_signature_nid().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.24 |
|
19-Mar-2015 |
tedu |
Fix several crash causing defects from OpenSSL. These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
|
#
1.23 |
|
11-Feb-2015 |
jsing |
branches: 1.23.4; Remove initialisers with default values from the ASN1 data structures.
Minor changes in generated assembly due to the compiler swapping from .quad 0/.long 0 to .zero, along with changes due to line numbering.
|
#
1.22 |
|
11-Feb-2015 |
jsing |
Expand most of the ASN1_SEQUENCE* and associated macros, making the data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.21 |
|
10-Feb-2015 |
jsing |
unifdef OPENSSL_NO_RFC3779 - this is currently disabled and unlikely to be enabled, mostly since people use SANs instead.
ok beck@ guenther@
|
#
1.20 |
|
10-Feb-2015 |
jsing |
Manually expand ASN1_ITEM_rptr macros that should have been expanded with the IMPLEMENT_ASN1_DUP_FUNCTION macro.
|
#
1.19 |
|
10-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.17 |
|
11-Jul-2014 |
jsing |
branches: 1.17.4; Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.16 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.15 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.14 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.13 |
|
23-Apr-2014 |
beck |
Make sure ret->name is NULL'ed before return when freeing. from Dirk Engling <erdgeist@erdgeist.org>
|
#
1.12 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.11 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.10 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.9 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.8 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.7 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.37 |
|
07-Jul-2023 |
beck |
Unbreak the namespace build after a broken mk.conf and tool misfire had me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
#
1.36 |
|
05-Jul-2023 |
beck |
Hide symbols in asn1 and bio
ok jsing@
|
#
1.35 |
|
28-Apr-2023 |
tb |
Unifdef LIBRESSL_HAS_POLICY_DAG and remove it from the Makefile
with beck
|
#
1.34 |
|
26-Apr-2023 |
beck |
Make the new policy code in x509_policy.c to be selectable at compile time.
The old policy codes remains the default, with the new policy code selectable by defining LIBRESSL_HAS_POLICY_DAG.
ok tb@ jsing@
|
#
1.33 |
|
24-Apr-2023 |
job |
Revert 1.32
jsing@ noted that ASN1_OP_D2I_POST might not be the best place to introduce this check (as could lead to pushing errors (ASN1_R_AUX_ERROR) onto the stack). Additionally, without matching validation on the encoding side brittleness is introduced.
|
#
1.32 |
|
23-Apr-2023 |
job |
Add compliance checks for the X.509 version field
Check whether the X.509 version is in the range of valid version values, and also checks whether the version is consistent with fields new to those versions (such as X.509 v3 extensions).
X.690 section 11.5 states: "The encoding of a set value or a sequence value shall not include an encoding for any component value which is equal to its default value." However, enforcing version 1 (value 0) to be absent reportedly caused some issues as recent as July 2020, so accept version 1 even if it is explicitly encoded.
OK tb@ beck@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.31 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.30 |
|
25-Dec-2021 |
jsing |
Indent goto labels for diffability.
Whitespace change only.
|
#
1.29 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
#
1.28 |
|
23-Oct-2021 |
tb |
Prepare to provide X509_re_X509*_tbs()
ok beck jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.27 |
|
02-Sep-2021 |
job |
Lay groundwork to support X.509 v3 extensions for IP Addresses and AS Identifiers
These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360). Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf) This changeset is a no-op, as there are 10+ issues and at least 2 security issues. Work will continue in-tree.
OK tb@, discussed with beck@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.26 |
|
17-Feb-2018 |
jsing |
Provide X509_get0_extensions() and X509_get0_signature()
|
#
1.25 |
|
14-Feb-2018 |
jsing |
Provide X509_get_signature_nid().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.24 |
|
19-Mar-2015 |
tedu |
Fix several crash causing defects from OpenSSL. These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
|
#
1.23 |
|
11-Feb-2015 |
jsing |
branches: 1.23.4; Remove initialisers with default values from the ASN1 data structures.
Minor changes in generated assembly due to the compiler swapping from .quad 0/.long 0 to .zero, along with changes due to line numbering.
|
#
1.22 |
|
11-Feb-2015 |
jsing |
Expand most of the ASN1_SEQUENCE* and associated macros, making the data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.21 |
|
10-Feb-2015 |
jsing |
unifdef OPENSSL_NO_RFC3779 - this is currently disabled and unlikely to be enabled, mostly since people use SANs instead.
ok beck@ guenther@
|
#
1.20 |
|
10-Feb-2015 |
jsing |
Manually expand ASN1_ITEM_rptr macros that should have been expanded with the IMPLEMENT_ASN1_DUP_FUNCTION macro.
|
#
1.19 |
|
10-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.17 |
|
11-Jul-2014 |
jsing |
branches: 1.17.4; Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.16 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.15 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.14 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.13 |
|
23-Apr-2014 |
beck |
Make sure ret->name is NULL'ed before return when freeing. from Dirk Engling <erdgeist@erdgeist.org>
|
#
1.12 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.11 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.10 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.9 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.8 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.7 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.36 |
|
05-Jul-2023 |
beck |
Hide symbols in asn1 and bio
ok jsing@
|
#
1.35 |
|
28-Apr-2023 |
tb |
Unifdef LIBRESSL_HAS_POLICY_DAG and remove it from the Makefile
with beck
|
#
1.34 |
|
26-Apr-2023 |
beck |
Make the new policy code in x509_policy.c to be selectable at compile time.
The old policy codes remains the default, with the new policy code selectable by defining LIBRESSL_HAS_POLICY_DAG.
ok tb@ jsing@
|
#
1.33 |
|
24-Apr-2023 |
job |
Revert 1.32
jsing@ noted that ASN1_OP_D2I_POST might not be the best place to introduce this check (as could lead to pushing errors (ASN1_R_AUX_ERROR) onto the stack). Additionally, without matching validation on the encoding side brittleness is introduced.
|
#
1.32 |
|
23-Apr-2023 |
job |
Add compliance checks for the X.509 version field
Check whether the X.509 version is in the range of valid version values, and also checks whether the version is consistent with fields new to those versions (such as X.509 v3 extensions).
X.690 section 11.5 states: "The encoding of a set value or a sequence value shall not include an encoding for any component value which is equal to its default value." However, enforcing version 1 (value 0) to be absent reportedly caused some issues as recent as July 2020, so accept version 1 even if it is explicitly encoded.
OK tb@ beck@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.31 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.30 |
|
25-Dec-2021 |
jsing |
Indent goto labels for diffability.
Whitespace change only.
|
#
1.29 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
#
1.28 |
|
23-Oct-2021 |
tb |
Prepare to provide X509_re_X509*_tbs()
ok beck jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.27 |
|
02-Sep-2021 |
job |
Lay groundwork to support X.509 v3 extensions for IP Addresses and AS Identifiers
These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360). Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf) This changeset is a no-op, as there are 10+ issues and at least 2 security issues. Work will continue in-tree.
OK tb@, discussed with beck@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.26 |
|
17-Feb-2018 |
jsing |
Provide X509_get0_extensions() and X509_get0_signature()
|
#
1.25 |
|
14-Feb-2018 |
jsing |
Provide X509_get_signature_nid().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.24 |
|
19-Mar-2015 |
tedu |
Fix several crash causing defects from OpenSSL. These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
|
#
1.23 |
|
11-Feb-2015 |
jsing |
branches: 1.23.4; Remove initialisers with default values from the ASN1 data structures.
Minor changes in generated assembly due to the compiler swapping from .quad 0/.long 0 to .zero, along with changes due to line numbering.
|
#
1.22 |
|
11-Feb-2015 |
jsing |
Expand most of the ASN1_SEQUENCE* and associated macros, making the data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.21 |
|
10-Feb-2015 |
jsing |
unifdef OPENSSL_NO_RFC3779 - this is currently disabled and unlikely to be enabled, mostly since people use SANs instead.
ok beck@ guenther@
|
#
1.20 |
|
10-Feb-2015 |
jsing |
Manually expand ASN1_ITEM_rptr macros that should have been expanded with the IMPLEMENT_ASN1_DUP_FUNCTION macro.
|
#
1.19 |
|
10-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.17 |
|
11-Jul-2014 |
jsing |
branches: 1.17.4; Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.16 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.15 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.14 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.13 |
|
23-Apr-2014 |
beck |
Make sure ret->name is NULL'ed before return when freeing. from Dirk Engling <erdgeist@erdgeist.org>
|
#
1.12 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.11 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.10 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.9 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.8 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.7 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.35 |
|
28-Apr-2023 |
tb |
Unifdef LIBRESSL_HAS_POLICY_DAG and remove it from the Makefile
with beck
|
#
1.34 |
|
26-Apr-2023 |
beck |
Make the new policy code in x509_policy.c to be selectable at compile time.
The old policy codes remains the default, with the new policy code selectable by defining LIBRESSL_HAS_POLICY_DAG.
ok tb@ jsing@
|
#
1.33 |
|
24-Apr-2023 |
job |
Revert 1.32
jsing@ noted that ASN1_OP_D2I_POST might not be the best place to introduce this check (as could lead to pushing errors (ASN1_R_AUX_ERROR) onto the stack). Additionally, without matching validation on the encoding side brittleness is introduced.
|
#
1.32 |
|
23-Apr-2023 |
job |
Add compliance checks for the X.509 version field
Check whether the X.509 version is in the range of valid version values, and also checks whether the version is consistent with fields new to those versions (such as X.509 v3 extensions).
X.690 section 11.5 states: "The encoding of a set value or a sequence value shall not include an encoding for any component value which is equal to its default value." However, enforcing version 1 (value 0) to be absent reportedly caused some issues as recent as July 2020, so accept version 1 even if it is explicitly encoded.
OK tb@ beck@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.31 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.30 |
|
25-Dec-2021 |
jsing |
Indent goto labels for diffability.
Whitespace change only.
|
#
1.29 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
#
1.28 |
|
23-Oct-2021 |
tb |
Prepare to provide X509_re_X509*_tbs()
ok beck jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.27 |
|
02-Sep-2021 |
job |
Lay groundwork to support X.509 v3 extensions for IP Addresses and AS Identifiers
These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360). Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf) This changeset is a no-op, as there are 10+ issues and at least 2 security issues. Work will continue in-tree.
OK tb@, discussed with beck@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.26 |
|
17-Feb-2018 |
jsing |
Provide X509_get0_extensions() and X509_get0_signature()
|
#
1.25 |
|
14-Feb-2018 |
jsing |
Provide X509_get_signature_nid().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.24 |
|
19-Mar-2015 |
tedu |
Fix several crash causing defects from OpenSSL. These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
|
#
1.23 |
|
11-Feb-2015 |
jsing |
branches: 1.23.4; Remove initialisers with default values from the ASN1 data structures.
Minor changes in generated assembly due to the compiler swapping from .quad 0/.long 0 to .zero, along with changes due to line numbering.
|
#
1.22 |
|
11-Feb-2015 |
jsing |
Expand most of the ASN1_SEQUENCE* and associated macros, making the data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.21 |
|
10-Feb-2015 |
jsing |
unifdef OPENSSL_NO_RFC3779 - this is currently disabled and unlikely to be enabled, mostly since people use SANs instead.
ok beck@ guenther@
|
#
1.20 |
|
10-Feb-2015 |
jsing |
Manually expand ASN1_ITEM_rptr macros that should have been expanded with the IMPLEMENT_ASN1_DUP_FUNCTION macro.
|
#
1.19 |
|
10-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.17 |
|
11-Jul-2014 |
jsing |
branches: 1.17.4; Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.16 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.15 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.14 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.13 |
|
23-Apr-2014 |
beck |
Make sure ret->name is NULL'ed before return when freeing. from Dirk Engling <erdgeist@erdgeist.org>
|
#
1.12 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.11 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.10 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.9 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.8 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.7 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.34 |
|
26-Apr-2023 |
beck |
Make the new policy code in x509_policy.c to be selectable at compile time.
The old policy codes remains the default, with the new policy code selectable by defining LIBRESSL_HAS_POLICY_DAG.
ok tb@ jsing@
|
#
1.33 |
|
24-Apr-2023 |
job |
Revert 1.32
jsing@ noted that ASN1_OP_D2I_POST might not be the best place to introduce this check (as could lead to pushing errors (ASN1_R_AUX_ERROR) onto the stack). Additionally, without matching validation on the encoding side brittleness is introduced.
|
#
1.32 |
|
23-Apr-2023 |
job |
Add compliance checks for the X.509 version field
Check whether the X.509 version is in the range of valid version values, and also checks whether the version is consistent with fields new to those versions (such as X.509 v3 extensions).
X.690 section 11.5 states: "The encoding of a set value or a sequence value shall not include an encoding for any component value which is equal to its default value." However, enforcing version 1 (value 0) to be absent reportedly caused some issues as recent as July 2020, so accept version 1 even if it is explicitly encoded.
OK tb@ beck@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.31 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.30 |
|
25-Dec-2021 |
jsing |
Indent goto labels for diffability.
Whitespace change only.
|
#
1.29 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
#
1.28 |
|
23-Oct-2021 |
tb |
Prepare to provide X509_re_X509*_tbs()
ok beck jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.27 |
|
02-Sep-2021 |
job |
Lay groundwork to support X.509 v3 extensions for IP Addresses and AS Identifiers
These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360). Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf) This changeset is a no-op, as there are 10+ issues and at least 2 security issues. Work will continue in-tree.
OK tb@, discussed with beck@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.26 |
|
17-Feb-2018 |
jsing |
Provide X509_get0_extensions() and X509_get0_signature()
|
#
1.25 |
|
14-Feb-2018 |
jsing |
Provide X509_get_signature_nid().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.24 |
|
19-Mar-2015 |
tedu |
Fix several crash causing defects from OpenSSL. These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
|
#
1.23 |
|
11-Feb-2015 |
jsing |
branches: 1.23.4; Remove initialisers with default values from the ASN1 data structures.
Minor changes in generated assembly due to the compiler swapping from .quad 0/.long 0 to .zero, along with changes due to line numbering.
|
#
1.22 |
|
11-Feb-2015 |
jsing |
Expand most of the ASN1_SEQUENCE* and associated macros, making the data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.21 |
|
10-Feb-2015 |
jsing |
unifdef OPENSSL_NO_RFC3779 - this is currently disabled and unlikely to be enabled, mostly since people use SANs instead.
ok beck@ guenther@
|
#
1.20 |
|
10-Feb-2015 |
jsing |
Manually expand ASN1_ITEM_rptr macros that should have been expanded with the IMPLEMENT_ASN1_DUP_FUNCTION macro.
|
#
1.19 |
|
10-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.17 |
|
11-Jul-2014 |
jsing |
branches: 1.17.4; Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.16 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.15 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.14 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.13 |
|
23-Apr-2014 |
beck |
Make sure ret->name is NULL'ed before return when freeing. from Dirk Engling <erdgeist@erdgeist.org>
|
#
1.12 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.11 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.10 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.9 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.8 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.7 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.33 |
|
24-Apr-2023 |
job |
Revert 1.32
jsing@ noted that ASN1_OP_D2I_POST might not be the best place to introduce this check (as could lead to pushing errors (ASN1_R_AUX_ERROR) onto the stack). Additionally, without matching validation on the encoding side brittleness is introduced.
|
#
1.32 |
|
23-Apr-2023 |
job |
Add compliance checks for the X.509 version field
Check whether the X.509 version is in the range of valid version values, and also checks whether the version is consistent with fields new to those versions (such as X.509 v3 extensions).
X.690 section 11.5 states: "The encoding of a set value or a sequence value shall not include an encoding for any component value which is equal to its default value." However, enforcing version 1 (value 0) to be absent reportedly caused some issues as recent as July 2020, so accept version 1 even if it is explicitly encoded.
OK tb@ beck@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.31 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.30 |
|
25-Dec-2021 |
jsing |
Indent goto labels for diffability.
Whitespace change only.
|
#
1.29 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
#
1.28 |
|
23-Oct-2021 |
tb |
Prepare to provide X509_re_X509*_tbs()
ok beck jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.27 |
|
02-Sep-2021 |
job |
Lay groundwork to support X.509 v3 extensions for IP Addresses and AS Identifiers
These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360). Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf) This changeset is a no-op, as there are 10+ issues and at least 2 security issues. Work will continue in-tree.
OK tb@, discussed with beck@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.26 |
|
17-Feb-2018 |
jsing |
Provide X509_get0_extensions() and X509_get0_signature()
|
#
1.25 |
|
14-Feb-2018 |
jsing |
Provide X509_get_signature_nid().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.24 |
|
19-Mar-2015 |
tedu |
Fix several crash causing defects from OpenSSL. These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
|
#
1.23 |
|
11-Feb-2015 |
jsing |
branches: 1.23.4; Remove initialisers with default values from the ASN1 data structures.
Minor changes in generated assembly due to the compiler swapping from .quad 0/.long 0 to .zero, along with changes due to line numbering.
|
#
1.22 |
|
11-Feb-2015 |
jsing |
Expand most of the ASN1_SEQUENCE* and associated macros, making the data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.21 |
|
10-Feb-2015 |
jsing |
unifdef OPENSSL_NO_RFC3779 - this is currently disabled and unlikely to be enabled, mostly since people use SANs instead.
ok beck@ guenther@
|
#
1.20 |
|
10-Feb-2015 |
jsing |
Manually expand ASN1_ITEM_rptr macros that should have been expanded with the IMPLEMENT_ASN1_DUP_FUNCTION macro.
|
#
1.19 |
|
10-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.17 |
|
11-Jul-2014 |
jsing |
branches: 1.17.4; Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.16 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.15 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.14 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.13 |
|
23-Apr-2014 |
beck |
Make sure ret->name is NULL'ed before return when freeing. from Dirk Engling <erdgeist@erdgeist.org>
|
#
1.12 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.11 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.10 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.9 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.8 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.7 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.31 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.30 |
|
25-Dec-2021 |
jsing |
Indent goto labels for diffability.
Whitespace change only.
|
#
1.29 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
#
1.28 |
|
23-Oct-2021 |
tb |
Prepare to provide X509_re_X509*_tbs()
ok beck jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.27 |
|
02-Sep-2021 |
job |
Lay groundwork to support X.509 v3 extensions for IP Addresses and AS Identifiers
These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360). Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf) This changeset is a no-op, as there are 10+ issues and at least 2 security issues. Work will continue in-tree.
OK tb@, discussed with beck@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.26 |
|
17-Feb-2018 |
jsing |
Provide X509_get0_extensions() and X509_get0_signature()
|
#
1.25 |
|
14-Feb-2018 |
jsing |
Provide X509_get_signature_nid().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.24 |
|
19-Mar-2015 |
tedu |
Fix several crash causing defects from OpenSSL. These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
|
#
1.23 |
|
11-Feb-2015 |
jsing |
branches: 1.23.4; Remove initialisers with default values from the ASN1 data structures.
Minor changes in generated assembly due to the compiler swapping from .quad 0/.long 0 to .zero, along with changes due to line numbering.
|
#
1.22 |
|
11-Feb-2015 |
jsing |
Expand most of the ASN1_SEQUENCE* and associated macros, making the data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.21 |
|
10-Feb-2015 |
jsing |
unifdef OPENSSL_NO_RFC3779 - this is currently disabled and unlikely to be enabled, mostly since people use SANs instead.
ok beck@ guenther@
|
#
1.20 |
|
10-Feb-2015 |
jsing |
Manually expand ASN1_ITEM_rptr macros that should have been expanded with the IMPLEMENT_ASN1_DUP_FUNCTION macro.
|
#
1.19 |
|
10-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.17 |
|
11-Jul-2014 |
jsing |
branches: 1.17.4; Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.16 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.15 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.14 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.13 |
|
23-Apr-2014 |
beck |
Make sure ret->name is NULL'ed before return when freeing. from Dirk Engling <erdgeist@erdgeist.org>
|
#
1.12 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.11 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.10 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.9 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.8 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.7 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.30 |
|
25-Dec-2021 |
jsing |
Indent goto labels for diffability.
Whitespace change only.
|
#
1.29 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
#
1.28 |
|
23-Oct-2021 |
tb |
Prepare to provide X509_re_X509*_tbs()
ok beck jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.27 |
|
02-Sep-2021 |
job |
Lay groundwork to support X.509 v3 extensions for IP Addresses and AS Identifiers
These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360). Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf) This changeset is a no-op, as there are 10+ issues and at least 2 security issues. Work will continue in-tree.
OK tb@, discussed with beck@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.26 |
|
17-Feb-2018 |
jsing |
Provide X509_get0_extensions() and X509_get0_signature()
|
#
1.25 |
|
14-Feb-2018 |
jsing |
Provide X509_get_signature_nid().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.24 |
|
19-Mar-2015 |
tedu |
Fix several crash causing defects from OpenSSL. These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
|
#
1.23 |
|
11-Feb-2015 |
jsing |
branches: 1.23.4; Remove initialisers with default values from the ASN1 data structures.
Minor changes in generated assembly due to the compiler swapping from .quad 0/.long 0 to .zero, along with changes due to line numbering.
|
#
1.22 |
|
11-Feb-2015 |
jsing |
Expand most of the ASN1_SEQUENCE* and associated macros, making the data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.21 |
|
10-Feb-2015 |
jsing |
unifdef OPENSSL_NO_RFC3779 - this is currently disabled and unlikely to be enabled, mostly since people use SANs instead.
ok beck@ guenther@
|
#
1.20 |
|
10-Feb-2015 |
jsing |
Manually expand ASN1_ITEM_rptr macros that should have been expanded with the IMPLEMENT_ASN1_DUP_FUNCTION macro.
|
#
1.19 |
|
10-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.17 |
|
11-Jul-2014 |
jsing |
branches: 1.17.4; Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.16 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.15 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.14 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.13 |
|
23-Apr-2014 |
beck |
Make sure ret->name is NULL'ed before return when freeing. from Dirk Engling <erdgeist@erdgeist.org>
|
#
1.12 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.11 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.10 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.9 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.8 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.7 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.29 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
#
1.28 |
|
23-Oct-2021 |
tb |
Prepare to provide X509_re_X509*_tbs()
ok beck jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.27 |
|
02-Sep-2021 |
job |
Lay groundwork to support X.509 v3 extensions for IP Addresses and AS Identifiers
These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360). Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf) This changeset is a no-op, as there are 10+ issues and at least 2 security issues. Work will continue in-tree.
OK tb@, discussed with beck@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.26 |
|
17-Feb-2018 |
jsing |
Provide X509_get0_extensions() and X509_get0_signature()
|
#
1.25 |
|
14-Feb-2018 |
jsing |
Provide X509_get_signature_nid().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.24 |
|
19-Mar-2015 |
tedu |
Fix several crash causing defects from OpenSSL. These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
|
#
1.23 |
|
11-Feb-2015 |
jsing |
branches: 1.23.4; Remove initialisers with default values from the ASN1 data structures.
Minor changes in generated assembly due to the compiler swapping from .quad 0/.long 0 to .zero, along with changes due to line numbering.
|
#
1.22 |
|
11-Feb-2015 |
jsing |
Expand most of the ASN1_SEQUENCE* and associated macros, making the data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.21 |
|
10-Feb-2015 |
jsing |
unifdef OPENSSL_NO_RFC3779 - this is currently disabled and unlikely to be enabled, mostly since people use SANs instead.
ok beck@ guenther@
|
#
1.20 |
|
10-Feb-2015 |
jsing |
Manually expand ASN1_ITEM_rptr macros that should have been expanded with the IMPLEMENT_ASN1_DUP_FUNCTION macro.
|
#
1.19 |
|
10-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.17 |
|
11-Jul-2014 |
jsing |
branches: 1.17.4; Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.16 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.15 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.14 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.13 |
|
23-Apr-2014 |
beck |
Make sure ret->name is NULL'ed before return when freeing. from Dirk Engling <erdgeist@erdgeist.org>
|
#
1.12 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.11 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.10 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.9 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.8 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.7 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.28 |
|
23-Oct-2021 |
tb |
Prepare to provide X509_re_X509*_tbs()
ok beck jsing
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.27 |
|
02-Sep-2021 |
job |
Lay groundwork to support X.509 v3 extensions for IP Addresses and AS Identifiers
These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360). Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf) This changeset is a no-op, as there are 10+ issues and at least 2 security issues. Work will continue in-tree.
OK tb@, discussed with beck@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.26 |
|
17-Feb-2018 |
jsing |
Provide X509_get0_extensions() and X509_get0_signature()
|
#
1.25 |
|
14-Feb-2018 |
jsing |
Provide X509_get_signature_nid().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.24 |
|
19-Mar-2015 |
tedu |
Fix several crash causing defects from OpenSSL. These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
|
#
1.23 |
|
11-Feb-2015 |
jsing |
branches: 1.23.4; Remove initialisers with default values from the ASN1 data structures.
Minor changes in generated assembly due to the compiler swapping from .quad 0/.long 0 to .zero, along with changes due to line numbering.
|
#
1.22 |
|
11-Feb-2015 |
jsing |
Expand most of the ASN1_SEQUENCE* and associated macros, making the data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.21 |
|
10-Feb-2015 |
jsing |
unifdef OPENSSL_NO_RFC3779 - this is currently disabled and unlikely to be enabled, mostly since people use SANs instead.
ok beck@ guenther@
|
#
1.20 |
|
10-Feb-2015 |
jsing |
Manually expand ASN1_ITEM_rptr macros that should have been expanded with the IMPLEMENT_ASN1_DUP_FUNCTION macro.
|
#
1.19 |
|
10-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.17 |
|
11-Jul-2014 |
jsing |
branches: 1.17.4; Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.16 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.15 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.14 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.13 |
|
23-Apr-2014 |
beck |
Make sure ret->name is NULL'ed before return when freeing. from Dirk Engling <erdgeist@erdgeist.org>
|
#
1.12 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.11 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.10 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.9 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.8 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.7 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.27 |
|
02-Sep-2021 |
job |
Lay groundwork to support X.509 v3 extensions for IP Addresses and AS Identifiers
These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360). Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf) This changeset is a no-op, as there are 10+ issues and at least 2 security issues. Work will continue in-tree.
OK tb@, discussed with beck@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.26 |
|
17-Feb-2018 |
jsing |
Provide X509_get0_extensions() and X509_get0_signature()
|
#
1.25 |
|
14-Feb-2018 |
jsing |
Provide X509_get_signature_nid().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.24 |
|
19-Mar-2015 |
tedu |
Fix several crash causing defects from OpenSSL. These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
|
#
1.23 |
|
11-Feb-2015 |
jsing |
branches: 1.23.4; Remove initialisers with default values from the ASN1 data structures.
Minor changes in generated assembly due to the compiler swapping from .quad 0/.long 0 to .zero, along with changes due to line numbering.
|
#
1.22 |
|
11-Feb-2015 |
jsing |
Expand most of the ASN1_SEQUENCE* and associated macros, making the data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.21 |
|
10-Feb-2015 |
jsing |
unifdef OPENSSL_NO_RFC3779 - this is currently disabled and unlikely to be enabled, mostly since people use SANs instead.
ok beck@ guenther@
|
#
1.20 |
|
10-Feb-2015 |
jsing |
Manually expand ASN1_ITEM_rptr macros that should have been expanded with the IMPLEMENT_ASN1_DUP_FUNCTION macro.
|
#
1.19 |
|
10-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.17 |
|
11-Jul-2014 |
jsing |
branches: 1.17.4; Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.16 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.15 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.14 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.13 |
|
23-Apr-2014 |
beck |
Make sure ret->name is NULL'ed before return when freeing. from Dirk Engling <erdgeist@erdgeist.org>
|
#
1.12 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.11 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.10 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.9 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.8 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.7 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.26 |
|
17-Feb-2018 |
jsing |
Provide X509_get0_extensions() and X509_get0_signature()
|
#
1.25 |
|
14-Feb-2018 |
jsing |
Provide X509_get_signature_nid().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.24 |
|
19-Mar-2015 |
tedu |
Fix several crash causing defects from OpenSSL. These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
|
#
1.23 |
|
11-Feb-2015 |
jsing |
branches: 1.23.4; Remove initialisers with default values from the ASN1 data structures.
Minor changes in generated assembly due to the compiler swapping from .quad 0/.long 0 to .zero, along with changes due to line numbering.
|
#
1.22 |
|
11-Feb-2015 |
jsing |
Expand most of the ASN1_SEQUENCE* and associated macros, making the data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.21 |
|
10-Feb-2015 |
jsing |
unifdef OPENSSL_NO_RFC3779 - this is currently disabled and unlikely to be enabled, mostly since people use SANs instead.
ok beck@ guenther@
|
#
1.20 |
|
10-Feb-2015 |
jsing |
Manually expand ASN1_ITEM_rptr macros that should have been expanded with the IMPLEMENT_ASN1_DUP_FUNCTION macro.
|
#
1.19 |
|
10-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.17 |
|
11-Jul-2014 |
jsing |
branches: 1.17.4; Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.16 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.15 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.14 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.13 |
|
23-Apr-2014 |
beck |
Make sure ret->name is NULL'ed before return when freeing. from Dirk Engling <erdgeist@erdgeist.org>
|
#
1.12 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.11 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.10 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.9 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.8 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.7 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.25 |
|
14-Feb-2018 |
jsing |
Provide X509_get_signature_nid().
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.24 |
|
19-Mar-2015 |
tedu |
Fix several crash causing defects from OpenSSL. These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
|
#
1.23 |
|
11-Feb-2015 |
jsing |
branches: 1.23.4; Remove initialisers with default values from the ASN1 data structures.
Minor changes in generated assembly due to the compiler swapping from .quad 0/.long 0 to .zero, along with changes due to line numbering.
|
#
1.22 |
|
11-Feb-2015 |
jsing |
Expand most of the ASN1_SEQUENCE* and associated macros, making the data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.21 |
|
10-Feb-2015 |
jsing |
unifdef OPENSSL_NO_RFC3779 - this is currently disabled and unlikely to be enabled, mostly since people use SANs instead.
ok beck@ guenther@
|
#
1.20 |
|
10-Feb-2015 |
jsing |
Manually expand ASN1_ITEM_rptr macros that should have been expanded with the IMPLEMENT_ASN1_DUP_FUNCTION macro.
|
#
1.19 |
|
10-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_DUP_FUNCTION macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible and functions can be readily located.
Change has been scripted and the generated assembly only differs by changes to line numbers.
Discussed with beck@ miod@ tedu@
|
#
1.17 |
|
11-Jul-2014 |
jsing |
branches: 1.17.4; Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.16 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.15 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.14 |
|
30-May-2014 |
deraadt |
more: no need for null check before free ok tedu guenther
|
#
1.13 |
|
23-Apr-2014 |
beck |
Make sure ret->name is NULL'ed before return when freeing. from Dirk Engling <erdgeist@erdgeist.org>
|
#
1.12 |
|
18-Apr-2014 |
jsing |
More KNF.
|
#
1.11 |
|
18-Apr-2014 |
tedu |
lob a few more knf grenades in here to soften things up.
|
#
1.10 |
|
18-Apr-2014 |
tedu |
putting most of the braces in the right column is the very least we can do.
|
#
1.9 |
|
17-Apr-2014 |
beck |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|
#
1.8 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.7 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.4 |
|
15-Dec-2000 |
beck |
openssl-engine-0.9.6 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|