#
1.35 |
|
29-May-2023 |
beck |
Make X509_NAME_get_text_by[NID|OBJ] safer.
This is an un-revert with nits of the previously landed change to do this which broke libtls. libtls has now been changed to not use this function.
This change ensures that if something is returned it is "text" (UTF-8) and a C string not containing a NUL byte. Historically callers to this function assume the result is text and a C string however the OpenSSL version simply hands them the bytes from an ASN1_STRING and expects them to know bad things can happen which they almost universally do not check for. Partly inspired by goings on in boringssl.
ok jsing@ tb@
|
#
1.34 |
|
03-May-2023 |
beck |
Revert utf-8 fix for X509_NAME_get_index_by_NID to avoid libtls regress for the moment. this will come back after we rethink the failure versus not there case.
ok tb@ jsing@
|
#
1.33 |
|
03-May-2023 |
beck |
Bring back length check tb ok'ed and I managed to remove while changing tests.
ok tb@
|
#
1.32 |
|
02-May-2023 |
beck |
Change X509_NAME_get_index_by[NID|OBJ] to be safer.
Currently these functions return raw ASN1_STRING bytes as a C string and ignore the encoding in a "hold my beer I am a toolkit not a functioning API surely it's just for testing and you'd never send nasty bytes" kind of way.
Sadly some callers seem to use them to fetch things liks subject name components for comparisons, and often just use the result as a C string.
Instead, encode the resulting bytes as UTF-8 so it is something like "text",
Add a failure case if the length provided is inadequate or if the resulting text would contain an nul byte.
based on boringssl.
nits by dlg@ ok tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.31 |
|
16-Feb-2023 |
tb |
libressl *_namespace.h: adjust *_ALIAS() to require a semicolon
LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon. This does not conform to style(9), breaks editors and ctags and (most importantly) my workflow. Fix this by neutering them with asm("") so that -Wpedantic doesn't complain. There's precedent in libc's namespace.h
fix suggested by & ok jsing
|
#
1.30 |
|
26-Dec-2022 |
jmc |
spelling fixes; from paul tagliamonte i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct
ok tb
|
#
1.29 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
#
1.28 |
|
14-Nov-2022 |
beck |
Hide public symbols in libcrypto/x509 .c files
ok tb@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.27 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.26 |
|
30-May-2018 |
tb |
Add a const qualifier to the `name' argument of X509_NAME_get_index_by_{OBJ,NID}().
tested in a bulk build by sthen suggested by & ok jsing
|
#
1.25 |
|
19-May-2018 |
tb |
Add const to the obj argument of X509_NAME_add_entry_by_OBJ()
tested in a bulk build by sthen ok jsing
|
#
1.24 |
|
18-May-2018 |
tb |
Add const to the 'obj' argument of X509_NAME_get_text_by_OBJ(3).
tested in a bulk by sthen ok jsing
|
#
1.23 |
|
18-May-2018 |
tb |
Add a const qualififer to the 'name' argument of X509_NAME_get_entry(3) and to the 'obj' argument of X509_NAME_get_index_by_OBJ(3)
tested in a bulk build by sthen ok jsing
|
#
1.22 |
|
18-May-2018 |
tb |
Add const to the argument of X509_NAME_entry_count().
tested in a bulk build by sthen ok jsing
|
#
1.21 |
|
18-May-2018 |
tb |
The 'bytes' arguments of X509_NAME_add_entry_by_NID(3) and X509_NAME_add_entry_by_OBJ(3) are now const.
tested in a bulk build by sthen ok jsing
|
#
1.20 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME_ENTRY *ne' argument of X509_NAME_add_entry(3).
tested in a bulk build by sthen, ok jsing
|
#
1.19 |
|
18-May-2018 |
tb |
Add const to the argument of X509_NAME_ENTRY_get_data(3).
Tested in a bulk build by sthen ok jsing
|
#
1.18 |
|
18-May-2018 |
tb |
Add const qualifiers to the 'obj' and 'bytes' arguments of X509_NAME_ENTRY_create_by_NID(3), X509_NAME_ENTRY_create_by_OBJ(3), and X509_NAME_ENTRY_set_object(3).
tested in a bulk build by sthen ok jsing
|
#
1.17 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.16 |
|
04-Apr-2018 |
schwarze |
Fix two bugs in X509_NAME_add_entry(3): (1) Evaluate the "set" argument, which says whether to create a new RDN or to prepend or append to an existing one, before reusing it for a different purpose, i.e. for the "set" field of the new X509_NAME_ENTRY structure. (2) When incrementing of some "set" fields is needed, increment the correct ones: All those to the right of the newly inserted entry, but not the one of that entry itself.
These two bugs caused wrong results whenever using loc != -1, i.e. whenever inserting rather than appending entries, even when using set == 0 only, that is, even when using single-values RDNs only.
Both bugs have been continuously present since at least SSLeay-0.8.1 (released July 18, 1997) and the second one since at least SSLeay-0.8.0 (released June 25, 1997), so both are over twenty years old.
I found these bugs by code inspection while trying to document the function X509_NAME_ENTRY_set(3), which is public, but undocumented in OpenSSL.
OK beck@, jsing@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
17-Mar-2018 |
tb |
Provide X509_NAME_ENTRY_set()
ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
29-Sep-2014 |
miod |
X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to memcpy(). ok bcook@
|
#
1.12 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.11 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.10 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.9 |
|
26-Apr-2014 |
beck |
Replace all use of ERR_add_error_data with ERR_asprintf_error_data. This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
|
#
1.8 |
|
20-Apr-2014 |
jsing |
KNF.
|
#
1.7 |
|
18-Apr-2014 |
tedu |
blunt force knf
|
#
1.6 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-Apr-2000 |
beck |
OpenSSL 0.9.5a merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.31 |
|
16-Feb-2023 |
tb |
libressl *_namespace.h: adjust *_ALIAS() to require a semicolon
LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon. This does not conform to style(9), breaks editors and ctags and (most importantly) my workflow. Fix this by neutering them with asm("") so that -Wpedantic doesn't complain. There's precedent in libc's namespace.h
fix suggested by & ok jsing
|
#
1.30 |
|
26-Dec-2022 |
jmc |
spelling fixes; from paul tagliamonte i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct
ok tb
|
#
1.29 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
#
1.28 |
|
14-Nov-2022 |
beck |
Hide public symbols in libcrypto/x509 .c files
ok tb@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.27 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.26 |
|
30-May-2018 |
tb |
Add a const qualifier to the `name' argument of X509_NAME_get_index_by_{OBJ,NID}().
tested in a bulk build by sthen suggested by & ok jsing
|
#
1.25 |
|
19-May-2018 |
tb |
Add const to the obj argument of X509_NAME_add_entry_by_OBJ()
tested in a bulk build by sthen ok jsing
|
#
1.24 |
|
18-May-2018 |
tb |
Add const to the 'obj' argument of X509_NAME_get_text_by_OBJ(3).
tested in a bulk by sthen ok jsing
|
#
1.23 |
|
18-May-2018 |
tb |
Add a const qualififer to the 'name' argument of X509_NAME_get_entry(3) and to the 'obj' argument of X509_NAME_get_index_by_OBJ(3)
tested in a bulk build by sthen ok jsing
|
#
1.22 |
|
18-May-2018 |
tb |
Add const to the argument of X509_NAME_entry_count().
tested in a bulk build by sthen ok jsing
|
#
1.21 |
|
18-May-2018 |
tb |
The 'bytes' arguments of X509_NAME_add_entry_by_NID(3) and X509_NAME_add_entry_by_OBJ(3) are now const.
tested in a bulk build by sthen ok jsing
|
#
1.20 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME_ENTRY *ne' argument of X509_NAME_add_entry(3).
tested in a bulk build by sthen, ok jsing
|
#
1.19 |
|
18-May-2018 |
tb |
Add const to the argument of X509_NAME_ENTRY_get_data(3).
Tested in a bulk build by sthen ok jsing
|
#
1.18 |
|
18-May-2018 |
tb |
Add const qualifiers to the 'obj' and 'bytes' arguments of X509_NAME_ENTRY_create_by_NID(3), X509_NAME_ENTRY_create_by_OBJ(3), and X509_NAME_ENTRY_set_object(3).
tested in a bulk build by sthen ok jsing
|
#
1.17 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.16 |
|
04-Apr-2018 |
schwarze |
Fix two bugs in X509_NAME_add_entry(3): (1) Evaluate the "set" argument, which says whether to create a new RDN or to prepend or append to an existing one, before reusing it for a different purpose, i.e. for the "set" field of the new X509_NAME_ENTRY structure. (2) When incrementing of some "set" fields is needed, increment the correct ones: All those to the right of the newly inserted entry, but not the one of that entry itself.
These two bugs caused wrong results whenever using loc != -1, i.e. whenever inserting rather than appending entries, even when using set == 0 only, that is, even when using single-values RDNs only.
Both bugs have been continuously present since at least SSLeay-0.8.1 (released July 18, 1997) and the second one since at least SSLeay-0.8.0 (released June 25, 1997), so both are over twenty years old.
I found these bugs by code inspection while trying to document the function X509_NAME_ENTRY_set(3), which is public, but undocumented in OpenSSL.
OK beck@, jsing@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
17-Mar-2018 |
tb |
Provide X509_NAME_ENTRY_set()
ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
29-Sep-2014 |
miod |
X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to memcpy(). ok bcook@
|
#
1.12 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.11 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.10 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.9 |
|
26-Apr-2014 |
beck |
Replace all use of ERR_add_error_data with ERR_asprintf_error_data. This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
|
#
1.8 |
|
20-Apr-2014 |
jsing |
KNF.
|
#
1.7 |
|
18-Apr-2014 |
tedu |
blunt force knf
|
#
1.6 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-Apr-2000 |
beck |
OpenSSL 0.9.5a merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.30 |
|
26-Dec-2022 |
jmc |
spelling fixes; from paul tagliamonte i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct
ok tb
|
#
1.29 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
#
1.28 |
|
14-Nov-2022 |
beck |
Hide public symbols in libcrypto/x509 .c files
ok tb@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.27 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.26 |
|
30-May-2018 |
tb |
Add a const qualifier to the `name' argument of X509_NAME_get_index_by_{OBJ,NID}().
tested in a bulk build by sthen suggested by & ok jsing
|
#
1.25 |
|
19-May-2018 |
tb |
Add const to the obj argument of X509_NAME_add_entry_by_OBJ()
tested in a bulk build by sthen ok jsing
|
#
1.24 |
|
18-May-2018 |
tb |
Add const to the 'obj' argument of X509_NAME_get_text_by_OBJ(3).
tested in a bulk by sthen ok jsing
|
#
1.23 |
|
18-May-2018 |
tb |
Add a const qualififer to the 'name' argument of X509_NAME_get_entry(3) and to the 'obj' argument of X509_NAME_get_index_by_OBJ(3)
tested in a bulk build by sthen ok jsing
|
#
1.22 |
|
18-May-2018 |
tb |
Add const to the argument of X509_NAME_entry_count().
tested in a bulk build by sthen ok jsing
|
#
1.21 |
|
18-May-2018 |
tb |
The 'bytes' arguments of X509_NAME_add_entry_by_NID(3) and X509_NAME_add_entry_by_OBJ(3) are now const.
tested in a bulk build by sthen ok jsing
|
#
1.20 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME_ENTRY *ne' argument of X509_NAME_add_entry(3).
tested in a bulk build by sthen, ok jsing
|
#
1.19 |
|
18-May-2018 |
tb |
Add const to the argument of X509_NAME_ENTRY_get_data(3).
Tested in a bulk build by sthen ok jsing
|
#
1.18 |
|
18-May-2018 |
tb |
Add const qualifiers to the 'obj' and 'bytes' arguments of X509_NAME_ENTRY_create_by_NID(3), X509_NAME_ENTRY_create_by_OBJ(3), and X509_NAME_ENTRY_set_object(3).
tested in a bulk build by sthen ok jsing
|
#
1.17 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.16 |
|
04-Apr-2018 |
schwarze |
Fix two bugs in X509_NAME_add_entry(3): (1) Evaluate the "set" argument, which says whether to create a new RDN or to prepend or append to an existing one, before reusing it for a different purpose, i.e. for the "set" field of the new X509_NAME_ENTRY structure. (2) When incrementing of some "set" fields is needed, increment the correct ones: All those to the right of the newly inserted entry, but not the one of that entry itself.
These two bugs caused wrong results whenever using loc != -1, i.e. whenever inserting rather than appending entries, even when using set == 0 only, that is, even when using single-values RDNs only.
Both bugs have been continuously present since at least SSLeay-0.8.1 (released July 18, 1997) and the second one since at least SSLeay-0.8.0 (released June 25, 1997), so both are over twenty years old.
I found these bugs by code inspection while trying to document the function X509_NAME_ENTRY_set(3), which is public, but undocumented in OpenSSL.
OK beck@, jsing@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
17-Mar-2018 |
tb |
Provide X509_NAME_ENTRY_set()
ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
29-Sep-2014 |
miod |
X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to memcpy(). ok bcook@
|
#
1.12 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.11 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.10 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.9 |
|
26-Apr-2014 |
beck |
Replace all use of ERR_add_error_data with ERR_asprintf_error_data. This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
|
#
1.8 |
|
20-Apr-2014 |
jsing |
KNF.
|
#
1.7 |
|
18-Apr-2014 |
tedu |
blunt force knf
|
#
1.6 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-Apr-2000 |
beck |
OpenSSL 0.9.5a merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.29 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
#
1.28 |
|
14-Nov-2022 |
beck |
Hide public symbols in libcrypto/x509 .c files
ok tb@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.27 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.26 |
|
30-May-2018 |
tb |
Add a const qualifier to the `name' argument of X509_NAME_get_index_by_{OBJ,NID}().
tested in a bulk build by sthen suggested by & ok jsing
|
#
1.25 |
|
19-May-2018 |
tb |
Add const to the obj argument of X509_NAME_add_entry_by_OBJ()
tested in a bulk build by sthen ok jsing
|
#
1.24 |
|
18-May-2018 |
tb |
Add const to the 'obj' argument of X509_NAME_get_text_by_OBJ(3).
tested in a bulk by sthen ok jsing
|
#
1.23 |
|
18-May-2018 |
tb |
Add a const qualififer to the 'name' argument of X509_NAME_get_entry(3) and to the 'obj' argument of X509_NAME_get_index_by_OBJ(3)
tested in a bulk build by sthen ok jsing
|
#
1.22 |
|
18-May-2018 |
tb |
Add const to the argument of X509_NAME_entry_count().
tested in a bulk build by sthen ok jsing
|
#
1.21 |
|
18-May-2018 |
tb |
The 'bytes' arguments of X509_NAME_add_entry_by_NID(3) and X509_NAME_add_entry_by_OBJ(3) are now const.
tested in a bulk build by sthen ok jsing
|
#
1.20 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME_ENTRY *ne' argument of X509_NAME_add_entry(3).
tested in a bulk build by sthen, ok jsing
|
#
1.19 |
|
18-May-2018 |
tb |
Add const to the argument of X509_NAME_ENTRY_get_data(3).
Tested in a bulk build by sthen ok jsing
|
#
1.18 |
|
18-May-2018 |
tb |
Add const qualifiers to the 'obj' and 'bytes' arguments of X509_NAME_ENTRY_create_by_NID(3), X509_NAME_ENTRY_create_by_OBJ(3), and X509_NAME_ENTRY_set_object(3).
tested in a bulk build by sthen ok jsing
|
#
1.17 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.16 |
|
04-Apr-2018 |
schwarze |
Fix two bugs in X509_NAME_add_entry(3): (1) Evaluate the "set" argument, which says whether to create a new RDN or to prepend or append to an existing one, before reusing it for a different purpose, i.e. for the "set" field of the new X509_NAME_ENTRY structure. (2) When incrementing of some "set" fields is needed, increment the correct ones: All those to the right of the newly inserted entry, but not the one of that entry itself.
These two bugs caused wrong results whenever using loc != -1, i.e. whenever inserting rather than appending entries, even when using set == 0 only, that is, even when using single-values RDNs only.
Both bugs have been continuously present since at least SSLeay-0.8.1 (released July 18, 1997) and the second one since at least SSLeay-0.8.0 (released June 25, 1997), so both are over twenty years old.
I found these bugs by code inspection while trying to document the function X509_NAME_ENTRY_set(3), which is public, but undocumented in OpenSSL.
OK beck@, jsing@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
17-Mar-2018 |
tb |
Provide X509_NAME_ENTRY_set()
ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
29-Sep-2014 |
miod |
X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to memcpy(). ok bcook@
|
#
1.12 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.11 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.10 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.9 |
|
26-Apr-2014 |
beck |
Replace all use of ERR_add_error_data with ERR_asprintf_error_data. This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
|
#
1.8 |
|
20-Apr-2014 |
jsing |
KNF.
|
#
1.7 |
|
18-Apr-2014 |
tedu |
blunt force knf
|
#
1.6 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-Apr-2000 |
beck |
OpenSSL 0.9.5a merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.28 |
|
14-Nov-2022 |
beck |
Hide public symbols in libcrypto/x509 .c files
ok tb@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.27 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.26 |
|
30-May-2018 |
tb |
Add a const qualifier to the `name' argument of X509_NAME_get_index_by_{OBJ,NID}().
tested in a bulk build by sthen suggested by & ok jsing
|
#
1.25 |
|
19-May-2018 |
tb |
Add const to the obj argument of X509_NAME_add_entry_by_OBJ()
tested in a bulk build by sthen ok jsing
|
#
1.24 |
|
18-May-2018 |
tb |
Add const to the 'obj' argument of X509_NAME_get_text_by_OBJ(3).
tested in a bulk by sthen ok jsing
|
#
1.23 |
|
18-May-2018 |
tb |
Add a const qualififer to the 'name' argument of X509_NAME_get_entry(3) and to the 'obj' argument of X509_NAME_get_index_by_OBJ(3)
tested in a bulk build by sthen ok jsing
|
#
1.22 |
|
18-May-2018 |
tb |
Add const to the argument of X509_NAME_entry_count().
tested in a bulk build by sthen ok jsing
|
#
1.21 |
|
18-May-2018 |
tb |
The 'bytes' arguments of X509_NAME_add_entry_by_NID(3) and X509_NAME_add_entry_by_OBJ(3) are now const.
tested in a bulk build by sthen ok jsing
|
#
1.20 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME_ENTRY *ne' argument of X509_NAME_add_entry(3).
tested in a bulk build by sthen, ok jsing
|
#
1.19 |
|
18-May-2018 |
tb |
Add const to the argument of X509_NAME_ENTRY_get_data(3).
Tested in a bulk build by sthen ok jsing
|
#
1.18 |
|
18-May-2018 |
tb |
Add const qualifiers to the 'obj' and 'bytes' arguments of X509_NAME_ENTRY_create_by_NID(3), X509_NAME_ENTRY_create_by_OBJ(3), and X509_NAME_ENTRY_set_object(3).
tested in a bulk build by sthen ok jsing
|
#
1.17 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.16 |
|
04-Apr-2018 |
schwarze |
Fix two bugs in X509_NAME_add_entry(3): (1) Evaluate the "set" argument, which says whether to create a new RDN or to prepend or append to an existing one, before reusing it for a different purpose, i.e. for the "set" field of the new X509_NAME_ENTRY structure. (2) When incrementing of some "set" fields is needed, increment the correct ones: All those to the right of the newly inserted entry, but not the one of that entry itself.
These two bugs caused wrong results whenever using loc != -1, i.e. whenever inserting rather than appending entries, even when using set == 0 only, that is, even when using single-values RDNs only.
Both bugs have been continuously present since at least SSLeay-0.8.1 (released July 18, 1997) and the second one since at least SSLeay-0.8.0 (released June 25, 1997), so both are over twenty years old.
I found these bugs by code inspection while trying to document the function X509_NAME_ENTRY_set(3), which is public, but undocumented in OpenSSL.
OK beck@, jsing@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
17-Mar-2018 |
tb |
Provide X509_NAME_ENTRY_set()
ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
29-Sep-2014 |
miod |
X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to memcpy(). ok bcook@
|
#
1.12 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.11 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.10 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.9 |
|
26-Apr-2014 |
beck |
Replace all use of ERR_add_error_data with ERR_asprintf_error_data. This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
|
#
1.8 |
|
20-Apr-2014 |
jsing |
KNF.
|
#
1.7 |
|
18-Apr-2014 |
tedu |
blunt force knf
|
#
1.6 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-Apr-2000 |
beck |
OpenSSL 0.9.5a merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.27 |
|
01-Nov-2021 |
tb |
Move the now internal X.509-related structs into x509_lcl.h. Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds.
ok jsing
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.26 |
|
30-May-2018 |
tb |
Add a const qualifier to the `name' argument of X509_NAME_get_index_by_{OBJ,NID}().
tested in a bulk build by sthen suggested by & ok jsing
|
#
1.25 |
|
19-May-2018 |
tb |
Add const to the obj argument of X509_NAME_add_entry_by_OBJ()
tested in a bulk build by sthen ok jsing
|
#
1.24 |
|
18-May-2018 |
tb |
Add const to the 'obj' argument of X509_NAME_get_text_by_OBJ(3).
tested in a bulk by sthen ok jsing
|
#
1.23 |
|
18-May-2018 |
tb |
Add a const qualififer to the 'name' argument of X509_NAME_get_entry(3) and to the 'obj' argument of X509_NAME_get_index_by_OBJ(3)
tested in a bulk build by sthen ok jsing
|
#
1.22 |
|
18-May-2018 |
tb |
Add const to the argument of X509_NAME_entry_count().
tested in a bulk build by sthen ok jsing
|
#
1.21 |
|
18-May-2018 |
tb |
The 'bytes' arguments of X509_NAME_add_entry_by_NID(3) and X509_NAME_add_entry_by_OBJ(3) are now const.
tested in a bulk build by sthen ok jsing
|
#
1.20 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME_ENTRY *ne' argument of X509_NAME_add_entry(3).
tested in a bulk build by sthen, ok jsing
|
#
1.19 |
|
18-May-2018 |
tb |
Add const to the argument of X509_NAME_ENTRY_get_data(3).
Tested in a bulk build by sthen ok jsing
|
#
1.18 |
|
18-May-2018 |
tb |
Add const qualifiers to the 'obj' and 'bytes' arguments of X509_NAME_ENTRY_create_by_NID(3), X509_NAME_ENTRY_create_by_OBJ(3), and X509_NAME_ENTRY_set_object(3).
tested in a bulk build by sthen ok jsing
|
#
1.17 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.16 |
|
04-Apr-2018 |
schwarze |
Fix two bugs in X509_NAME_add_entry(3): (1) Evaluate the "set" argument, which says whether to create a new RDN or to prepend or append to an existing one, before reusing it for a different purpose, i.e. for the "set" field of the new X509_NAME_ENTRY structure. (2) When incrementing of some "set" fields is needed, increment the correct ones: All those to the right of the newly inserted entry, but not the one of that entry itself.
These two bugs caused wrong results whenever using loc != -1, i.e. whenever inserting rather than appending entries, even when using set == 0 only, that is, even when using single-values RDNs only.
Both bugs have been continuously present since at least SSLeay-0.8.1 (released July 18, 1997) and the second one since at least SSLeay-0.8.0 (released June 25, 1997), so both are over twenty years old.
I found these bugs by code inspection while trying to document the function X509_NAME_ENTRY_set(3), which is public, but undocumented in OpenSSL.
OK beck@, jsing@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
17-Mar-2018 |
tb |
Provide X509_NAME_ENTRY_set()
ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
29-Sep-2014 |
miod |
X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to memcpy(). ok bcook@
|
#
1.12 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.11 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.10 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.9 |
|
26-Apr-2014 |
beck |
Replace all use of ERR_add_error_data with ERR_asprintf_error_data. This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
|
#
1.8 |
|
20-Apr-2014 |
jsing |
KNF.
|
#
1.7 |
|
18-Apr-2014 |
tedu |
blunt force knf
|
#
1.6 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-Apr-2000 |
beck |
OpenSSL 0.9.5a merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.26 |
|
30-May-2018 |
tb |
Add a const qualifier to the `name' argument of X509_NAME_get_index_by_{OBJ,NID}().
tested in a bulk build by sthen suggested by & ok jsing
|
#
1.25 |
|
19-May-2018 |
tb |
Add const to the obj argument of X509_NAME_add_entry_by_OBJ()
tested in a bulk build by sthen ok jsing
|
#
1.24 |
|
18-May-2018 |
tb |
Add const to the 'obj' argument of X509_NAME_get_text_by_OBJ(3).
tested in a bulk by sthen ok jsing
|
#
1.23 |
|
18-May-2018 |
tb |
Add a const qualififer to the 'name' argument of X509_NAME_get_entry(3) and to the 'obj' argument of X509_NAME_get_index_by_OBJ(3)
tested in a bulk build by sthen ok jsing
|
#
1.22 |
|
18-May-2018 |
tb |
Add const to the argument of X509_NAME_entry_count().
tested in a bulk build by sthen ok jsing
|
#
1.21 |
|
18-May-2018 |
tb |
The 'bytes' arguments of X509_NAME_add_entry_by_NID(3) and X509_NAME_add_entry_by_OBJ(3) are now const.
tested in a bulk build by sthen ok jsing
|
#
1.20 |
|
18-May-2018 |
tb |
Add a const qualifier to the 'X509_NAME_ENTRY *ne' argument of X509_NAME_add_entry(3).
tested in a bulk build by sthen, ok jsing
|
#
1.19 |
|
18-May-2018 |
tb |
Add const to the argument of X509_NAME_ENTRY_get_data(3).
Tested in a bulk build by sthen ok jsing
|
#
1.18 |
|
18-May-2018 |
tb |
Add const qualifiers to the 'obj' and 'bytes' arguments of X509_NAME_ENTRY_create_by_NID(3), X509_NAME_ENTRY_create_by_OBJ(3), and X509_NAME_ENTRY_set_object(3).
tested in a bulk build by sthen ok jsing
|
#
1.17 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.16 |
|
04-Apr-2018 |
schwarze |
Fix two bugs in X509_NAME_add_entry(3): (1) Evaluate the "set" argument, which says whether to create a new RDN or to prepend or append to an existing one, before reusing it for a different purpose, i.e. for the "set" field of the new X509_NAME_ENTRY structure. (2) When incrementing of some "set" fields is needed, increment the correct ones: All those to the right of the newly inserted entry, but not the one of that entry itself.
These two bugs caused wrong results whenever using loc != -1, i.e. whenever inserting rather than appending entries, even when using set == 0 only, that is, even when using single-values RDNs only.
Both bugs have been continuously present since at least SSLeay-0.8.1 (released July 18, 1997) and the second one since at least SSLeay-0.8.0 (released June 25, 1997), so both are over twenty years old.
I found these bugs by code inspection while trying to document the function X509_NAME_ENTRY_set(3), which is public, but undocumented in OpenSSL.
OK beck@, jsing@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
17-Mar-2018 |
tb |
Provide X509_NAME_ENTRY_set()
ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
29-Sep-2014 |
miod |
X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to memcpy(). ok bcook@
|
#
1.12 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.11 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.10 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.9 |
|
26-Apr-2014 |
beck |
Replace all use of ERR_add_error_data with ERR_asprintf_error_data. This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
|
#
1.8 |
|
20-Apr-2014 |
jsing |
KNF.
|
#
1.7 |
|
18-Apr-2014 |
tedu |
blunt force knf
|
#
1.6 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-Apr-2000 |
beck |
OpenSSL 0.9.5a merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.17 |
|
01-May-2018 |
tb |
Convert a handful of X509_*() functions to take const as in OpenSSL.
tested in a bulk by sthen ok jsing
|
#
1.16 |
|
04-Apr-2018 |
schwarze |
Fix two bugs in X509_NAME_add_entry(3): (1) Evaluate the "set" argument, which says whether to create a new RDN or to prepend or append to an existing one, before reusing it for a different purpose, i.e. for the "set" field of the new X509_NAME_ENTRY structure. (2) When incrementing of some "set" fields is needed, increment the correct ones: All those to the right of the newly inserted entry, but not the one of that entry itself.
These two bugs caused wrong results whenever using loc != -1, i.e. whenever inserting rather than appending entries, even when using set == 0 only, that is, even when using single-values RDNs only.
Both bugs have been continuously present since at least SSLeay-0.8.1 (released July 18, 1997) and the second one since at least SSLeay-0.8.0 (released June 25, 1997), so both are over twenty years old.
I found these bugs by code inspection while trying to document the function X509_NAME_ENTRY_set(3), which is public, but undocumented in OpenSSL.
OK beck@, jsing@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
17-Mar-2018 |
tb |
Provide X509_NAME_ENTRY_set()
ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
29-Sep-2014 |
miod |
X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to memcpy(). ok bcook@
|
#
1.12 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.11 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.10 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.9 |
|
26-Apr-2014 |
beck |
Replace all use of ERR_add_error_data with ERR_asprintf_error_data. This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
|
#
1.8 |
|
20-Apr-2014 |
jsing |
KNF.
|
#
1.7 |
|
18-Apr-2014 |
tedu |
blunt force knf
|
#
1.6 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-Apr-2000 |
beck |
OpenSSL 0.9.5a merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.16 |
|
04-Apr-2018 |
schwarze |
Fix two bugs in X509_NAME_add_entry(3): (1) Evaluate the "set" argument, which says whether to create a new RDN or to prepend or append to an existing one, before reusing it for a different purpose, i.e. for the "set" field of the new X509_NAME_ENTRY structure. (2) When incrementing of some "set" fields is needed, increment the correct ones: All those to the right of the newly inserted entry, but not the one of that entry itself.
These two bugs caused wrong results whenever using loc != -1, i.e. whenever inserting rather than appending entries, even when using set == 0 only, that is, even when using single-values RDNs only.
Both bugs have been continuously present since at least SSLeay-0.8.1 (released July 18, 1997) and the second one since at least SSLeay-0.8.0 (released June 25, 1997), so both are over twenty years old.
I found these bugs by code inspection while trying to document the function X509_NAME_ENTRY_set(3), which is public, but undocumented in OpenSSL.
OK beck@, jsing@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
17-Mar-2018 |
tb |
Provide X509_NAME_ENTRY_set()
ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
29-Sep-2014 |
miod |
X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to memcpy(). ok bcook@
|
#
1.12 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.11 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.10 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.9 |
|
26-Apr-2014 |
beck |
Replace all use of ERR_add_error_data with ERR_asprintf_error_data. This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
|
#
1.8 |
|
20-Apr-2014 |
jsing |
KNF.
|
#
1.7 |
|
18-Apr-2014 |
tedu |
blunt force knf
|
#
1.6 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-Apr-2000 |
beck |
OpenSSL 0.9.5a merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
17-Mar-2018 |
tb |
Provide X509_NAME_ENTRY_set()
ok jsing
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
29-Sep-2014 |
miod |
X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to memcpy(). ok bcook@
|
#
1.12 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.11 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.10 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.9 |
|
26-Apr-2014 |
beck |
Replace all use of ERR_add_error_data with ERR_asprintf_error_data. This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
|
#
1.8 |
|
20-Apr-2014 |
jsing |
KNF.
|
#
1.7 |
|
18-Apr-2014 |
tedu |
blunt force knf
|
#
1.6 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-Apr-2000 |
beck |
OpenSSL 0.9.5a merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.14 |
|
29-Jan-2017 |
beck |
Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
|
#
1.13 |
|
29-Sep-2014 |
miod |
X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to memcpy(). ok bcook@
|
#
1.12 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.11 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.10 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.9 |
|
26-Apr-2014 |
beck |
Replace all use of ERR_add_error_data with ERR_asprintf_error_data. This avoids a lot of ugly gymnastics to do snprintfs before sending the bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c where it was being called with the incorrect number of arguments and using random things off the stack as addresses of strings. ok krw@, jsing@
|
#
1.8 |
|
20-Apr-2014 |
jsing |
KNF.
|
#
1.7 |
|
18-Apr-2014 |
tedu |
blunt force knf
|
#
1.6 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-Apr-2000 |
beck |
OpenSSL 0.9.5a merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|