openbsd/src/lib/libcrypto/asn1, branch libressl-v4.1.2

openbsd/src/lib/libcrypto/asn1, branch libressl-v4.1.2 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v4.1.2 2025-03-20T09:41:47+00:00 Plug a memory leak in x509_name_encode() 2025-03-20T09:41:47+00:00 tb 2025-03-20T09:41:47+00:00 urn:sha1:c909f83f696a43dda85d0bb327b00808387784cd This is nearly identical to a leak fixed by miod 10 years ago in x509_name_canon() but was missed in r1.30. This entire file needs a metric ton of bleach, but my head currently spins too much for tackling this, so go with the cheap one-liner. From Niels Dossche Fix traditional SSLeay X509_NAME printing 2025-03-19T11:18:38+00:00 tb 2025-03-19T11:18:38+00:00 urn:sha1:9ea48444ff6d36fe5e5a3700cf7c13b12f56d097 The gibberish that was there before the rewrite didn't actually skip names whose SN representation was different start with /O= or /OU= (with one or two capital letters between '/' and '='), it simply failed to separate them, resulting in nonsense such as CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu So ditch the code doing that, simplifying this now internal function quite a bit. ok jsing Unexport X509_NAME_print() 2025-03-09T15:17:22+00:00 tb 2025-03-09T15:17:22+00:00 urn:sha1:dc9ea81af9ab231982376f6521683f8df998da3d Nothing uses this anymore. M2Crypto has been patched and a fix for opensc has been upstreamed. ok jsing This is the start of a major bump. Don't build the tree until I have synced sets in about 20 commits. asn1_multi: remove a pointless cast 2025-03-06T07:25:01+00:00 tb 2025-03-06T07:25:01+00:00 urn:sha1:94fbdbc7f4acc2c7b3d939bc564a24b170bab909 There's no need to cast away const from a const char * if you're going to pass it to a const char * argument of a function. Rename X509V3_get_section() to X509V3_get0_section() 2025-03-06T07:20:01+00:00 tb 2025-03-06T07:20:01+00:00 urn:sha1:315ffee67ea70af91d110f99262dcbdd4e2e74c8 This makes it clear for those fluent in OpenSSL API gibberish that nothing needs to be freed here. This is because it returns something hanging off a hash entry owned by cnf. ok jsing Garbage collect X509V3_section_free() 2025-03-06T07:17:45+00:00 tb 2025-03-06T07:17:45+00:00 urn:sha1:9423b9127ecc6c95ba3eedf566689039ecb0d64a Historically, X509V3_section_free() could be customized by the conf db method to release memory allocated by X509V3_get_section(). This is no longer supported, so it is always a noop and can be removed. ok jsing Rename the crl_inf_cb() to crl_info_cb() 2025-02-27T20:13:41+00:00 tb 2025-02-27T20:13:41+00:00 urn:sha1:a50fd17a939d1c58c8781d7177f0cffcbe9c0c9f Hoist X509_REVOKED_cmp() above its only caller 2025-02-27T20:12:25+00:00 tb 2025-02-27T20:12:25+00:00 urn:sha1:fa39fb5e78dc1a759b69fd3790acfe9da365545b This way we don't need a prototype and things that belong together are together. Slight KNF tweak while there x_crl.c: remove two NULL checks before *_free() 2025-02-24T20:07:14+00:00 tb 2025-02-24T20:07:14+00:00 urn:sha1:3406b4082c3b0bf77c78d6baf3b2dbc13a7cbdfc Remove unused name member from x509_st 2025-02-21T05:44:28+00:00 tb 2025-02-21T05:44:28+00:00 urn:sha1:3bd8139a3a95e6e4bb3a9601cf9f75e9d0d20f59 As far as I can tell this has never been used since the beginning of git history with SSLeay 0.8.1b, so we can simplify the x509_cb() a little. ok jsing miod