#
1.24 |
|
26-Mar-2024 |
beck |
Change ts to only support one second precision.
RFC 3631 allows for sub second ASN1 GENERALIZED times, if you choose to support sub second time precison. It does not indicate that an implementation must support them.
Supporting sub second timestamps is just silly and unrealistic, so set our maximum to one second of precision. We then simplify this code by removing some nasty eye-bleed that made artisinally hand crafted strings and jammed them into an ASN1_GENERALIZEDTIME.
ok tb@, jsing@, with one second precision tested by kn@
|
Revision tags: OPENBSD_7_5_BASE
|
#
1.23 |
|
19-Nov-2023 |
tb |
Unifdef OPENSSL_NO_ENGINE in libcrypto
This is mechanical apart from a few manual edits to avoid doubled empty lines.
ok jsing
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.22 |
|
28-Jul-2023 |
tb |
Set OPENSSL_NO_ENGINE, remove engine code
ENGINE was special. It's horrible code even by the low standards of this library. Some ports may now try to use the stubs which will fail, but the fallout from this should be minimal. Of course there are various language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE by default will likely help fixing this at some point.
ok jsing
|
#
1.21 |
|
25-Apr-2023 |
tb |
Remove TS_VERIFY_CTX_init()
|
#
1.20 |
|
16-Apr-2023 |
tb |
Mark TS_VERIFY_CTX_init() for removal
With opaque TS_VERIFY_CTX the init function dangerous and useless. It will be dropped.
ok jsing
|
Revision tags: OPENBSD_7_2_BASE OPENBSD_7_3_BASE
|
#
1.19 |
|
11-Sep-2022 |
tb |
Make structs in ts.h opaque
ok jsing
|
#
1.18 |
|
24-Jul-2022 |
tb |
Prepare to resurrect TS_RESP_CTX_set_time_cb()
This was removed shortly after the fork since TS is not 2038-ready and since there were no consumers of this API. Now there are consumers and they add it themselves if it's missing from libcrypto. This will no longer be possible with opaque TS structs, so begrudgingly add it back.
ok jsing kn
|
#
1.17 |
|
24-Jul-2022 |
tb |
Prepare to provide TS_VERIFY_CTX accessors
The setters make no sense since they do not free the old members and return what was passed in instead of returning the old struct member so that the caller has a chance of freeing them. This has the side effect that calling a setter a second time will likely result in a leak.
TS_VERIFY_CTX_set_imprint() was "fixed" upstream by adding a free() but the other three setters were missed since discussing the contributor's CLA was more important. Also missed was that adding frees will result in double frees: careful consumers like openssl/ruby have workarounds for the strange existing semantics.
Add a compat #define for TS_VERIF_CTS_set_certs() that made it into the public API with a typo.
A good illustration of the amount of thought and care that went into the OpenSSL 1.1 API by both the implementers and the reviewers. Amazing job overall.
We will be stuck with this nonsense for a long time.
ok jsing kn
|
#
1.16 |
|
24-Jul-2022 |
tb |
Prepare to provide various TS_STATUS_INFO accessors
This adds TS_STATUS_get0_{failure_info,text,status}() as well as TS_STATUS_INFO_set_status(). These will be needed by Ruby and openssl(1) when we make the structs in ts.h opaque.
ok kn jsing
|
#
1.15 |
|
24-Jul-2022 |
tb |
Start making ts opaque
Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move the ASN.1 function prototypes that we don't want to expose with them.
Include ts_local.h where necessary or where it will be needed soon.
ok jsing
|
#
1.14 |
|
23-Jul-2022 |
tb |
Fix file names in comments.
|
#
1.13 |
|
16-Jul-2022 |
kn |
Add ESSCertIDv2 ASN.1 boilerplate
Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and minor library bump (thanks tb).
ts/ts.h bits from RFC 5035 Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility
ts/ts_asn1.c bits expanded from ASN1_SEQUENCE(ESS_CERT_ID_V2) = { ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) } static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
Feedback OK tb
|
#
1.12 |
|
16-Jul-2022 |
kn |
Zap duplicate ERR_load_TS_strings() prototype
It's defined again (more appropiately) further down above the error codes.
OK jsing tb
|
#
1.11 |
|
12-Jul-2022 |
kn |
Remove mkerr.pl remnants from LibreSSL
This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.10 |
|
13-May-2018 |
tb |
Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3). Should have been part of the previous commit. Omission noted by schwarze.
tested in bulk build by sthen ok jsing
|
#
1.9 |
|
13-May-2018 |
tb |
Add const qualifier to the ASN1_OBJ * argument of TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3), TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3), and TS_TST_INFO_get_ext_by_OBJ(3)
tested in a bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.8 |
|
27-Dec-2016 |
jsing |
Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
|
#
1.7 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
27-May-2014 |
deraadt |
Fix a Y2038 problem, by conversion of long to time_t.
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible.
ok miod guenther
|
#
1.4 |
|
28-Apr-2014 |
miod |
Remove WIN32, WIN64 and MINGW32 tentacles. Also check for _LP64 rather than __arch64__ (the former being more reliable than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
|
#
1.3 |
|
21-Apr-2014 |
jsing |
KNF.
|
#
1.2 |
|
13-Apr-2014 |
deraadt |
Cope with the removal of openssl/symhacks.h
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.23 |
|
19-Nov-2023 |
tb |
Unifdef OPENSSL_NO_ENGINE in libcrypto
This is mechanical apart from a few manual edits to avoid doubled empty lines.
ok jsing
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.22 |
|
28-Jul-2023 |
tb |
Set OPENSSL_NO_ENGINE, remove engine code
ENGINE was special. It's horrible code even by the low standards of this library. Some ports may now try to use the stubs which will fail, but the fallout from this should be minimal. Of course there are various language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE by default will likely help fixing this at some point.
ok jsing
|
#
1.21 |
|
25-Apr-2023 |
tb |
Remove TS_VERIFY_CTX_init()
|
#
1.20 |
|
16-Apr-2023 |
tb |
Mark TS_VERIFY_CTX_init() for removal
With opaque TS_VERIFY_CTX the init function dangerous and useless. It will be dropped.
ok jsing
|
Revision tags: OPENBSD_7_2_BASE OPENBSD_7_3_BASE
|
#
1.19 |
|
11-Sep-2022 |
tb |
Make structs in ts.h opaque
ok jsing
|
#
1.18 |
|
24-Jul-2022 |
tb |
Prepare to resurrect TS_RESP_CTX_set_time_cb()
This was removed shortly after the fork since TS is not 2038-ready and since there were no consumers of this API. Now there are consumers and they add it themselves if it's missing from libcrypto. This will no longer be possible with opaque TS structs, so begrudgingly add it back.
ok jsing kn
|
#
1.17 |
|
24-Jul-2022 |
tb |
Prepare to provide TS_VERIFY_CTX accessors
The setters make no sense since they do not free the old members and return what was passed in instead of returning the old struct member so that the caller has a chance of freeing them. This has the side effect that calling a setter a second time will likely result in a leak.
TS_VERIFY_CTX_set_imprint() was "fixed" upstream by adding a free() but the other three setters were missed since discussing the contributor's CLA was more important. Also missed was that adding frees will result in double frees: careful consumers like openssl/ruby have workarounds for the strange existing semantics.
Add a compat #define for TS_VERIF_CTS_set_certs() that made it into the public API with a typo.
A good illustration of the amount of thought and care that went into the OpenSSL 1.1 API by both the implementers and the reviewers. Amazing job overall.
We will be stuck with this nonsense for a long time.
ok jsing kn
|
#
1.16 |
|
24-Jul-2022 |
tb |
Prepare to provide various TS_STATUS_INFO accessors
This adds TS_STATUS_get0_{failure_info,text,status}() as well as TS_STATUS_INFO_set_status(). These will be needed by Ruby and openssl(1) when we make the structs in ts.h opaque.
ok kn jsing
|
#
1.15 |
|
24-Jul-2022 |
tb |
Start making ts opaque
Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move the ASN.1 function prototypes that we don't want to expose with them.
Include ts_local.h where necessary or where it will be needed soon.
ok jsing
|
#
1.14 |
|
23-Jul-2022 |
tb |
Fix file names in comments.
|
#
1.13 |
|
16-Jul-2022 |
kn |
Add ESSCertIDv2 ASN.1 boilerplate
Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and minor library bump (thanks tb).
ts/ts.h bits from RFC 5035 Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility
ts/ts_asn1.c bits expanded from ASN1_SEQUENCE(ESS_CERT_ID_V2) = { ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) } static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
Feedback OK tb
|
#
1.12 |
|
16-Jul-2022 |
kn |
Zap duplicate ERR_load_TS_strings() prototype
It's defined again (more appropiately) further down above the error codes.
OK jsing tb
|
#
1.11 |
|
12-Jul-2022 |
kn |
Remove mkerr.pl remnants from LibreSSL
This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.10 |
|
13-May-2018 |
tb |
Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3). Should have been part of the previous commit. Omission noted by schwarze.
tested in bulk build by sthen ok jsing
|
#
1.9 |
|
13-May-2018 |
tb |
Add const qualifier to the ASN1_OBJ * argument of TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3), TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3), and TS_TST_INFO_get_ext_by_OBJ(3)
tested in a bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.8 |
|
27-Dec-2016 |
jsing |
Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
|
#
1.7 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
27-May-2014 |
deraadt |
Fix a Y2038 problem, by conversion of long to time_t.
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible.
ok miod guenther
|
#
1.4 |
|
28-Apr-2014 |
miod |
Remove WIN32, WIN64 and MINGW32 tentacles. Also check for _LP64 rather than __arch64__ (the former being more reliable than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
|
#
1.3 |
|
21-Apr-2014 |
jsing |
KNF.
|
#
1.2 |
|
13-Apr-2014 |
deraadt |
Cope with the removal of openssl/symhacks.h
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.22 |
|
28-Jul-2023 |
tb |
Set OPENSSL_NO_ENGINE, remove engine code
ENGINE was special. It's horrible code even by the low standards of this library. Some ports may now try to use the stubs which will fail, but the fallout from this should be minimal. Of course there are various language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE by default will likely help fixing this at some point.
ok jsing
|
#
1.21 |
|
25-Apr-2023 |
tb |
Remove TS_VERIFY_CTX_init()
|
#
1.20 |
|
16-Apr-2023 |
tb |
Mark TS_VERIFY_CTX_init() for removal
With opaque TS_VERIFY_CTX the init function dangerous and useless. It will be dropped.
ok jsing
|
Revision tags: OPENBSD_7_2_BASE OPENBSD_7_3_BASE
|
#
1.19 |
|
11-Sep-2022 |
tb |
Make structs in ts.h opaque
ok jsing
|
#
1.18 |
|
24-Jul-2022 |
tb |
Prepare to resurrect TS_RESP_CTX_set_time_cb()
This was removed shortly after the fork since TS is not 2038-ready and since there were no consumers of this API. Now there are consumers and they add it themselves if it's missing from libcrypto. This will no longer be possible with opaque TS structs, so begrudgingly add it back.
ok jsing kn
|
#
1.17 |
|
24-Jul-2022 |
tb |
Prepare to provide TS_VERIFY_CTX accessors
The setters make no sense since they do not free the old members and return what was passed in instead of returning the old struct member so that the caller has a chance of freeing them. This has the side effect that calling a setter a second time will likely result in a leak.
TS_VERIFY_CTX_set_imprint() was "fixed" upstream by adding a free() but the other three setters were missed since discussing the contributor's CLA was more important. Also missed was that adding frees will result in double frees: careful consumers like openssl/ruby have workarounds for the strange existing semantics.
Add a compat #define for TS_VERIF_CTS_set_certs() that made it into the public API with a typo.
A good illustration of the amount of thought and care that went into the OpenSSL 1.1 API by both the implementers and the reviewers. Amazing job overall.
We will be stuck with this nonsense for a long time.
ok jsing kn
|
#
1.16 |
|
24-Jul-2022 |
tb |
Prepare to provide various TS_STATUS_INFO accessors
This adds TS_STATUS_get0_{failure_info,text,status}() as well as TS_STATUS_INFO_set_status(). These will be needed by Ruby and openssl(1) when we make the structs in ts.h opaque.
ok kn jsing
|
#
1.15 |
|
24-Jul-2022 |
tb |
Start making ts opaque
Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move the ASN.1 function prototypes that we don't want to expose with them.
Include ts_local.h where necessary or where it will be needed soon.
ok jsing
|
#
1.14 |
|
23-Jul-2022 |
tb |
Fix file names in comments.
|
#
1.13 |
|
16-Jul-2022 |
kn |
Add ESSCertIDv2 ASN.1 boilerplate
Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and minor library bump (thanks tb).
ts/ts.h bits from RFC 5035 Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility
ts/ts_asn1.c bits expanded from ASN1_SEQUENCE(ESS_CERT_ID_V2) = { ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) } static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
Feedback OK tb
|
#
1.12 |
|
16-Jul-2022 |
kn |
Zap duplicate ERR_load_TS_strings() prototype
It's defined again (more appropiately) further down above the error codes.
OK jsing tb
|
#
1.11 |
|
12-Jul-2022 |
kn |
Remove mkerr.pl remnants from LibreSSL
This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.10 |
|
13-May-2018 |
tb |
Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3). Should have been part of the previous commit. Omission noted by schwarze.
tested in bulk build by sthen ok jsing
|
#
1.9 |
|
13-May-2018 |
tb |
Add const qualifier to the ASN1_OBJ * argument of TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3), TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3), and TS_TST_INFO_get_ext_by_OBJ(3)
tested in a bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.8 |
|
27-Dec-2016 |
jsing |
Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
|
#
1.7 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
27-May-2014 |
deraadt |
Fix a Y2038 problem, by conversion of long to time_t.
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible.
ok miod guenther
|
#
1.4 |
|
28-Apr-2014 |
miod |
Remove WIN32, WIN64 and MINGW32 tentacles. Also check for _LP64 rather than __arch64__ (the former being more reliable than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
|
#
1.3 |
|
21-Apr-2014 |
jsing |
KNF.
|
#
1.2 |
|
13-Apr-2014 |
deraadt |
Cope with the removal of openssl/symhacks.h
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.21 |
|
25-Apr-2023 |
tb |
Remove TS_VERIFY_CTX_init()
|
#
1.20 |
|
16-Apr-2023 |
tb |
Mark TS_VERIFY_CTX_init() for removal
With opaque TS_VERIFY_CTX the init function dangerous and useless. It will be dropped.
ok jsing
|
Revision tags: OPENBSD_7_2_BASE OPENBSD_7_3_BASE
|
#
1.19 |
|
11-Sep-2022 |
tb |
Make structs in ts.h opaque
ok jsing
|
#
1.18 |
|
24-Jul-2022 |
tb |
Prepare to resurrect TS_RESP_CTX_set_time_cb()
This was removed shortly after the fork since TS is not 2038-ready and since there were no consumers of this API. Now there are consumers and they add it themselves if it's missing from libcrypto. This will no longer be possible with opaque TS structs, so begrudgingly add it back.
ok jsing kn
|
#
1.17 |
|
24-Jul-2022 |
tb |
Prepare to provide TS_VERIFY_CTX accessors
The setters make no sense since they do not free the old members and return what was passed in instead of returning the old struct member so that the caller has a chance of freeing them. This has the side effect that calling a setter a second time will likely result in a leak.
TS_VERIFY_CTX_set_imprint() was "fixed" upstream by adding a free() but the other three setters were missed since discussing the contributor's CLA was more important. Also missed was that adding frees will result in double frees: careful consumers like openssl/ruby have workarounds for the strange existing semantics.
Add a compat #define for TS_VERIF_CTS_set_certs() that made it into the public API with a typo.
A good illustration of the amount of thought and care that went into the OpenSSL 1.1 API by both the implementers and the reviewers. Amazing job overall.
We will be stuck with this nonsense for a long time.
ok jsing kn
|
#
1.16 |
|
24-Jul-2022 |
tb |
Prepare to provide various TS_STATUS_INFO accessors
This adds TS_STATUS_get0_{failure_info,text,status}() as well as TS_STATUS_INFO_set_status(). These will be needed by Ruby and openssl(1) when we make the structs in ts.h opaque.
ok kn jsing
|
#
1.15 |
|
24-Jul-2022 |
tb |
Start making ts opaque
Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move the ASN.1 function prototypes that we don't want to expose with them.
Include ts_local.h where necessary or where it will be needed soon.
ok jsing
|
#
1.14 |
|
23-Jul-2022 |
tb |
Fix file names in comments.
|
#
1.13 |
|
16-Jul-2022 |
kn |
Add ESSCertIDv2 ASN.1 boilerplate
Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and minor library bump (thanks tb).
ts/ts.h bits from RFC 5035 Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility
ts/ts_asn1.c bits expanded from ASN1_SEQUENCE(ESS_CERT_ID_V2) = { ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) } static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
Feedback OK tb
|
#
1.12 |
|
16-Jul-2022 |
kn |
Zap duplicate ERR_load_TS_strings() prototype
It's defined again (more appropiately) further down above the error codes.
OK jsing tb
|
#
1.11 |
|
12-Jul-2022 |
kn |
Remove mkerr.pl remnants from LibreSSL
This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.10 |
|
13-May-2018 |
tb |
Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3). Should have been part of the previous commit. Omission noted by schwarze.
tested in bulk build by sthen ok jsing
|
#
1.9 |
|
13-May-2018 |
tb |
Add const qualifier to the ASN1_OBJ * argument of TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3), TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3), and TS_TST_INFO_get_ext_by_OBJ(3)
tested in a bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.8 |
|
27-Dec-2016 |
jsing |
Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
|
#
1.7 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
27-May-2014 |
deraadt |
Fix a Y2038 problem, by conversion of long to time_t.
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible.
ok miod guenther
|
#
1.4 |
|
28-Apr-2014 |
miod |
Remove WIN32, WIN64 and MINGW32 tentacles. Also check for _LP64 rather than __arch64__ (the former being more reliable than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
|
#
1.3 |
|
21-Apr-2014 |
jsing |
KNF.
|
#
1.2 |
|
13-Apr-2014 |
deraadt |
Cope with the removal of openssl/symhacks.h
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.20 |
|
16-Apr-2023 |
tb |
Mark TS_VERIFY_CTX_init() for removal
With opaque TS_VERIFY_CTX the init function dangerous and useless. It will be dropped.
ok jsing
|
Revision tags: OPENBSD_7_2_BASE OPENBSD_7_3_BASE
|
#
1.19 |
|
11-Sep-2022 |
tb |
Make structs in ts.h opaque
ok jsing
|
#
1.18 |
|
24-Jul-2022 |
tb |
Prepare to resurrect TS_RESP_CTX_set_time_cb()
This was removed shortly after the fork since TS is not 2038-ready and since there were no consumers of this API. Now there are consumers and they add it themselves if it's missing from libcrypto. This will no longer be possible with opaque TS structs, so begrudgingly add it back.
ok jsing kn
|
#
1.17 |
|
24-Jul-2022 |
tb |
Prepare to provide TS_VERIFY_CTX accessors
The setters make no sense since they do not free the old members and return what was passed in instead of returning the old struct member so that the caller has a chance of freeing them. This has the side effect that calling a setter a second time will likely result in a leak.
TS_VERIFY_CTX_set_imprint() was "fixed" upstream by adding a free() but the other three setters were missed since discussing the contributor's CLA was more important. Also missed was that adding frees will result in double frees: careful consumers like openssl/ruby have workarounds for the strange existing semantics.
Add a compat #define for TS_VERIF_CTS_set_certs() that made it into the public API with a typo.
A good illustration of the amount of thought and care that went into the OpenSSL 1.1 API by both the implementers and the reviewers. Amazing job overall.
We will be stuck with this nonsense for a long time.
ok jsing kn
|
#
1.16 |
|
24-Jul-2022 |
tb |
Prepare to provide various TS_STATUS_INFO accessors
This adds TS_STATUS_get0_{failure_info,text,status}() as well as TS_STATUS_INFO_set_status(). These will be needed by Ruby and openssl(1) when we make the structs in ts.h opaque.
ok kn jsing
|
#
1.15 |
|
24-Jul-2022 |
tb |
Start making ts opaque
Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move the ASN.1 function prototypes that we don't want to expose with them.
Include ts_local.h where necessary or where it will be needed soon.
ok jsing
|
#
1.14 |
|
23-Jul-2022 |
tb |
Fix file names in comments.
|
#
1.13 |
|
16-Jul-2022 |
kn |
Add ESSCertIDv2 ASN.1 boilerplate
Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and minor library bump (thanks tb).
ts/ts.h bits from RFC 5035 Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility
ts/ts_asn1.c bits expanded from ASN1_SEQUENCE(ESS_CERT_ID_V2) = { ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) } static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
Feedback OK tb
|
#
1.12 |
|
16-Jul-2022 |
kn |
Zap duplicate ERR_load_TS_strings() prototype
It's defined again (more appropiately) further down above the error codes.
OK jsing tb
|
#
1.11 |
|
12-Jul-2022 |
kn |
Remove mkerr.pl remnants from LibreSSL
This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.10 |
|
13-May-2018 |
tb |
Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3). Should have been part of the previous commit. Omission noted by schwarze.
tested in bulk build by sthen ok jsing
|
#
1.9 |
|
13-May-2018 |
tb |
Add const qualifier to the ASN1_OBJ * argument of TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3), TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3), and TS_TST_INFO_get_ext_by_OBJ(3)
tested in a bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.8 |
|
27-Dec-2016 |
jsing |
Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
|
#
1.7 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
27-May-2014 |
deraadt |
Fix a Y2038 problem, by conversion of long to time_t.
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible.
ok miod guenther
|
#
1.4 |
|
28-Apr-2014 |
miod |
Remove WIN32, WIN64 and MINGW32 tentacles. Also check for _LP64 rather than __arch64__ (the former being more reliable than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
|
#
1.3 |
|
21-Apr-2014 |
jsing |
KNF.
|
#
1.2 |
|
13-Apr-2014 |
deraadt |
Cope with the removal of openssl/symhacks.h
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.19 |
|
11-Sep-2022 |
tb |
Make structs in ts.h opaque
ok jsing
|
#
1.18 |
|
24-Jul-2022 |
tb |
Prepare to resurrect TS_RESP_CTX_set_time_cb()
This was removed shortly after the fork since TS is not 2038-ready and since there were no consumers of this API. Now there are consumers and they add it themselves if it's missing from libcrypto. This will no longer be possible with opaque TS structs, so begrudgingly add it back.
ok jsing kn
|
#
1.17 |
|
24-Jul-2022 |
tb |
Prepare to provide TS_VERIFY_CTX accessors
The setters make no sense since they do not free the old members and return what was passed in instead of returning the old struct member so that the caller has a chance of freeing them. This has the side effect that calling a setter a second time will likely result in a leak.
TS_VERIFY_CTX_set_imprint() was "fixed" upstream by adding a free() but the other three setters were missed since discussing the contributor's CLA was more important. Also missed was that adding frees will result in double frees: careful consumers like openssl/ruby have workarounds for the strange existing semantics.
Add a compat #define for TS_VERIF_CTS_set_certs() that made it into the public API with a typo.
A good illustration of the amount of thought and care that went into the OpenSSL 1.1 API by both the implementers and the reviewers. Amazing job overall.
We will be stuck with this nonsense for a long time.
ok jsing kn
|
#
1.16 |
|
24-Jul-2022 |
tb |
Prepare to provide various TS_STATUS_INFO accessors
This adds TS_STATUS_get0_{failure_info,text,status}() as well as TS_STATUS_INFO_set_status(). These will be needed by Ruby and openssl(1) when we make the structs in ts.h opaque.
ok kn jsing
|
#
1.15 |
|
24-Jul-2022 |
tb |
Start making ts opaque
Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move the ASN.1 function prototypes that we don't want to expose with them.
Include ts_local.h where necessary or where it will be needed soon.
ok jsing
|
#
1.14 |
|
23-Jul-2022 |
tb |
Fix file names in comments.
|
#
1.13 |
|
16-Jul-2022 |
kn |
Add ESSCertIDv2 ASN.1 boilerplate
Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and minor library bump (thanks tb).
ts/ts.h bits from RFC 5035 Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility
ts/ts_asn1.c bits expanded from ASN1_SEQUENCE(ESS_CERT_ID_V2) = { ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) } static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
Feedback OK tb
|
#
1.12 |
|
16-Jul-2022 |
kn |
Zap duplicate ERR_load_TS_strings() prototype
It's defined again (more appropiately) further down above the error codes.
OK jsing tb
|
#
1.11 |
|
12-Jul-2022 |
kn |
Remove mkerr.pl remnants from LibreSSL
This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.10 |
|
13-May-2018 |
tb |
Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3). Should have been part of the previous commit. Omission noted by schwarze.
tested in bulk build by sthen ok jsing
|
#
1.9 |
|
13-May-2018 |
tb |
Add const qualifier to the ASN1_OBJ * argument of TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3), TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3), and TS_TST_INFO_get_ext_by_OBJ(3)
tested in a bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.8 |
|
27-Dec-2016 |
jsing |
Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
|
#
1.7 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
27-May-2014 |
deraadt |
Fix a Y2038 problem, by conversion of long to time_t.
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible.
ok miod guenther
|
#
1.4 |
|
28-Apr-2014 |
miod |
Remove WIN32, WIN64 and MINGW32 tentacles. Also check for _LP64 rather than __arch64__ (the former being more reliable than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
|
#
1.3 |
|
21-Apr-2014 |
jsing |
KNF.
|
#
1.2 |
|
13-Apr-2014 |
deraadt |
Cope with the removal of openssl/symhacks.h
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.18 |
|
24-Jul-2022 |
tb |
Prepare to resurrect TS_RESP_CTX_set_time_cb()
This was removed shortly after the fork since TS is not 2038-ready and since there were no consumers of this API. Now there are consumers and they add it themselves if it's missing from libcrypto. This will no longer be possible with opaque TS structs, so begrudgingly add it back.
ok jsing kn
|
#
1.17 |
|
24-Jul-2022 |
tb |
Prepare to provide TS_VERIFY_CTX accessors
The setters make no sense since they do not free the old members and return what was passed in instead of returning the old struct member so that the caller has a chance of freeing them. This has the side effect that calling a setter a second time will likely result in a leak.
TS_VERIFY_CTX_set_imprint() was "fixed" upstream by adding a free() but the other three setters were missed since discussing the contributor's CLA was more important. Also missed was that adding frees will result in double frees: careful consumers like openssl/ruby have workarounds for the strange existing semantics.
Add a compat #define for TS_VERIF_CTS_set_certs() that made it into the public API with a typo.
A good illustration of the amount of thought and care that went into the OpenSSL 1.1 API by both the implementers and the reviewers. Amazing job overall.
We will be stuck with this nonsense for a long time.
ok jsing kn
|
#
1.16 |
|
24-Jul-2022 |
tb |
Prepare to provide various TS_STATUS_INFO accessors
This adds TS_STATUS_get0_{failure_info,text,status}() as well as TS_STATUS_INFO_set_status(). These will be needed by Ruby and openssl(1) when we make the structs in ts.h opaque.
ok kn jsing
|
#
1.15 |
|
24-Jul-2022 |
tb |
Start making ts opaque
Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move the ASN.1 function prototypes that we don't want to expose with them.
Include ts_local.h where necessary or where it will be needed soon.
ok jsing
|
#
1.14 |
|
23-Jul-2022 |
tb |
Fix file names in comments.
|
#
1.13 |
|
16-Jul-2022 |
kn |
Add ESSCertIDv2 ASN.1 boilerplate
Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and minor library bump (thanks tb).
ts/ts.h bits from RFC 5035 Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility
ts/ts_asn1.c bits expanded from ASN1_SEQUENCE(ESS_CERT_ID_V2) = { ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) } static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
Feedback OK tb
|
#
1.12 |
|
16-Jul-2022 |
kn |
Zap duplicate ERR_load_TS_strings() prototype
It's defined again (more appropiately) further down above the error codes.
OK jsing tb
|
#
1.11 |
|
12-Jul-2022 |
kn |
Remove mkerr.pl remnants from LibreSSL
This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.10 |
|
13-May-2018 |
tb |
Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3). Should have been part of the previous commit. Omission noted by schwarze.
tested in bulk build by sthen ok jsing
|
#
1.9 |
|
13-May-2018 |
tb |
Add const qualifier to the ASN1_OBJ * argument of TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3), TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3), and TS_TST_INFO_get_ext_by_OBJ(3)
tested in a bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.8 |
|
27-Dec-2016 |
jsing |
Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
|
#
1.7 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
27-May-2014 |
deraadt |
Fix a Y2038 problem, by conversion of long to time_t.
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible.
ok miod guenther
|
#
1.4 |
|
28-Apr-2014 |
miod |
Remove WIN32, WIN64 and MINGW32 tentacles. Also check for _LP64 rather than __arch64__ (the former being more reliable than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
|
#
1.3 |
|
21-Apr-2014 |
jsing |
KNF.
|
#
1.2 |
|
13-Apr-2014 |
deraadt |
Cope with the removal of openssl/symhacks.h
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.15 |
|
24-Jul-2022 |
tb |
Start making ts opaque
Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move the ASN.1 function prototypes that we don't want to expose with them.
Include ts_local.h where necessary or where it will be needed soon.
ok jsing
|
#
1.14 |
|
23-Jul-2022 |
tb |
Fix file names in comments.
|
#
1.13 |
|
16-Jul-2022 |
kn |
Add ESSCertIDv2 ASN.1 boilerplate
Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and minor library bump (thanks tb).
ts/ts.h bits from RFC 5035 Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility
ts/ts_asn1.c bits expanded from ASN1_SEQUENCE(ESS_CERT_ID_V2) = { ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) } static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
Feedback OK tb
|
#
1.12 |
|
16-Jul-2022 |
kn |
Zap duplicate ERR_load_TS_strings() prototype
It's defined again (more appropiately) further down above the error codes.
OK jsing tb
|
#
1.11 |
|
12-Jul-2022 |
kn |
Remove mkerr.pl remnants from LibreSSL
This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.10 |
|
13-May-2018 |
tb |
Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3). Should have been part of the previous commit. Omission noted by schwarze.
tested in bulk build by sthen ok jsing
|
#
1.9 |
|
13-May-2018 |
tb |
Add const qualifier to the ASN1_OBJ * argument of TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3), TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3), and TS_TST_INFO_get_ext_by_OBJ(3)
tested in a bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.8 |
|
27-Dec-2016 |
jsing |
Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
|
#
1.7 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
27-May-2014 |
deraadt |
Fix a Y2038 problem, by conversion of long to time_t.
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible.
ok miod guenther
|
#
1.4 |
|
28-Apr-2014 |
miod |
Remove WIN32, WIN64 and MINGW32 tentacles. Also check for _LP64 rather than __arch64__ (the former being more reliable than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
|
#
1.3 |
|
21-Apr-2014 |
jsing |
KNF.
|
#
1.2 |
|
13-Apr-2014 |
deraadt |
Cope with the removal of openssl/symhacks.h
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.14 |
|
23-Jul-2022 |
tb |
Fix file names in comments.
|
#
1.13 |
|
16-Jul-2022 |
kn |
Add ESSCertIDv2 ASN.1 boilerplate
Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and minor library bump (thanks tb).
ts/ts.h bits from RFC 5035 Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility
ts/ts_asn1.c bits expanded from ASN1_SEQUENCE(ESS_CERT_ID_V2) = { ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) } static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
Feedback OK tb
|
#
1.12 |
|
16-Jul-2022 |
kn |
Zap duplicate ERR_load_TS_strings() prototype
It's defined again (more appropiately) further down above the error codes.
OK jsing tb
|
#
1.11 |
|
12-Jul-2022 |
kn |
Remove mkerr.pl remnants from LibreSSL
This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.10 |
|
13-May-2018 |
tb |
Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3). Should have been part of the previous commit. Omission noted by schwarze.
tested in bulk build by sthen ok jsing
|
#
1.9 |
|
13-May-2018 |
tb |
Add const qualifier to the ASN1_OBJ * argument of TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3), TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3), and TS_TST_INFO_get_ext_by_OBJ(3)
tested in a bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.8 |
|
27-Dec-2016 |
jsing |
Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
|
#
1.7 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
27-May-2014 |
deraadt |
Fix a Y2038 problem, by conversion of long to time_t.
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible.
ok miod guenther
|
#
1.4 |
|
28-Apr-2014 |
miod |
Remove WIN32, WIN64 and MINGW32 tentacles. Also check for _LP64 rather than __arch64__ (the former being more reliable than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
|
#
1.3 |
|
21-Apr-2014 |
jsing |
KNF.
|
#
1.2 |
|
13-Apr-2014 |
deraadt |
Cope with the removal of openssl/symhacks.h
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.13 |
|
16-Jul-2022 |
kn |
Add ESSCertIDv2 ASN.1 boilerplate
Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and minor library bump (thanks tb).
ts/ts.h bits from RFC 5035 Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility
ts/ts_asn1.c bits expanded from ASN1_SEQUENCE(ESS_CERT_ID_V2) = { ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) } static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
Feedback OK tb
|
#
1.12 |
|
16-Jul-2022 |
kn |
Zap duplicate ERR_load_TS_strings() prototype
It's defined again (more appropiately) further down above the error codes.
OK jsing tb
|
#
1.11 |
|
12-Jul-2022 |
kn |
Remove mkerr.pl remnants from LibreSSL
This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.10 |
|
13-May-2018 |
tb |
Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3). Should have been part of the previous commit. Omission noted by schwarze.
tested in bulk build by sthen ok jsing
|
#
1.9 |
|
13-May-2018 |
tb |
Add const qualifier to the ASN1_OBJ * argument of TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3), TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3), and TS_TST_INFO_get_ext_by_OBJ(3)
tested in a bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.8 |
|
27-Dec-2016 |
jsing |
Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
|
#
1.7 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
27-May-2014 |
deraadt |
Fix a Y2038 problem, by conversion of long to time_t.
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible.
ok miod guenther
|
#
1.4 |
|
28-Apr-2014 |
miod |
Remove WIN32, WIN64 and MINGW32 tentacles. Also check for _LP64 rather than __arch64__ (the former being more reliable than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
|
#
1.3 |
|
21-Apr-2014 |
jsing |
KNF.
|
#
1.2 |
|
13-Apr-2014 |
deraadt |
Cope with the removal of openssl/symhacks.h
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.11 |
|
12-Jul-2022 |
kn |
Remove mkerr.pl remnants from LibreSSL
This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.10 |
|
13-May-2018 |
tb |
Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3). Should have been part of the previous commit. Omission noted by schwarze.
tested in bulk build by sthen ok jsing
|
#
1.9 |
|
13-May-2018 |
tb |
Add const qualifier to the ASN1_OBJ * argument of TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3), TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3), and TS_TST_INFO_get_ext_by_OBJ(3)
tested in a bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.8 |
|
27-Dec-2016 |
jsing |
Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
|
#
1.7 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
27-May-2014 |
deraadt |
Fix a Y2038 problem, by conversion of long to time_t.
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible.
ok miod guenther
|
#
1.4 |
|
28-Apr-2014 |
miod |
Remove WIN32, WIN64 and MINGW32 tentacles. Also check for _LP64 rather than __arch64__ (the former being more reliable than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
|
#
1.3 |
|
21-Apr-2014 |
jsing |
KNF.
|
#
1.2 |
|
13-Apr-2014 |
deraadt |
Cope with the removal of openssl/symhacks.h
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
#
1.10 |
|
13-May-2018 |
tb |
Add const to the ASN1_OBJECT argument of TS_TST_INFO_get_ext_by_OBJ(3). Should have been part of the previous commit. Omission noted by schwarze.
tested in bulk build by sthen ok jsing
|
#
1.9 |
|
13-May-2018 |
tb |
Add const qualifier to the ASN1_OBJ * argument of TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3), TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3), and TS_TST_INFO_get_ext_by_OBJ(3)
tested in a bulk by sthen ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.8 |
|
27-Dec-2016 |
jsing |
Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
|
#
1.7 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
27-May-2014 |
deraadt |
Fix a Y2038 problem, by conversion of long to time_t.
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible.
ok miod guenther
|
#
1.4 |
|
28-Apr-2014 |
miod |
Remove WIN32, WIN64 and MINGW32 tentacles. Also check for _LP64 rather than __arch64__ (the former being more reliable than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
|
#
1.3 |
|
21-Apr-2014 |
jsing |
KNF.
|
#
1.2 |
|
13-Apr-2014 |
deraadt |
Cope with the removal of openssl/symhacks.h
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.8 |
|
27-Dec-2016 |
jsing |
Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014.
|
#
1.7 |
|
10-Jul-2014 |
jsing |
Explicitly include <openssl/opensslconf.h> in every file that references an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
#
1.6 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.5 |
|
27-May-2014 |
deraadt |
Fix a Y2038 problem, by conversion of long to time_t.
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater ecosystem ever calls it. This API needs to be removed, because if anyone ever calls on a BE 32 system assuming long rather than time_t, it will be dangerously incompatible.
ok miod guenther
|
#
1.4 |
|
28-Apr-2014 |
miod |
Remove WIN32, WIN64 and MINGW32 tentacles. Also check for _LP64 rather than __arch64__ (the former being more reliable than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
|
#
1.3 |
|
21-Apr-2014 |
jsing |
KNF.
|
#
1.2 |
|
13-Apr-2014 |
deraadt |
Cope with the removal of openssl/symhacks.h
|
#
1.1 |
|
01-Oct-2010 |
djm |
branches: 1.1.1; Initial revision
|