openbsd/src/lib/libcrypto/engine, branch libressl-v2.4.0

openbsd/src/lib/libcrypto/engine, branch libressl-v2.4.0 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.4.0 2015-12-07T03:30:09+00:00 Remove SHA0 check, as we did in v1.21 of sha.h. 2015-12-07T03:30:09+00:00 bcook 2015-12-07T03:30:09+00:00 urn:sha1:08dd703b6936f9d0ce2247d4d0b74a9ad398474d This enables ENGINE_get_digest to work again with SHA1. noted by NARUSE, Yui, @nurse from github Kill coverity 128475 2015-08-28T01:06:09+00:00 beck 2015-08-28T01:06:09+00:00 urn:sha1:3afc5208a3a2aff4b6e13f31fcbe99c2ca94151c ok doug@ Remove OpenSSL engine RSAX. 2015-07-19T22:34:27+00:00 doug 2015-07-19T22:34:27+00:00 urn:sha1:25841ddc7e1d255a907b71bc100b10c363287a75 OpenSSL stopped building it last year and removed it this year. Based on OpenSSL commit c436e05bdc7f49985a750df64122c960240b3ae1. Also cranked major version in libcrypto, libssl and libtls. "fine with me" bcook@ miod@ abort when ENGINE_remove fails, fix Coverity 21656 2015-07-19T00:56:48+00:00 bcook 2015-07-19T00:56:48+00:00 urn:sha1:3b99f7506c1fd9c2348f2fc6cdfc60a2d8e602af ok doug@, beck@ Return the failing engine ID in the error stack. 2015-06-19T06:32:43+00:00 bcook 2015-06-19T06:32:43+00:00 urn:sha1:433691f86112f1eea8eb1872e9c9b8b423437151 Noted by doug@ in an earlier revision of the dynamic engine removal patch, but I had forgotten to include it in the latest version. Disable ENGINE_load_dynamic (dynamic engine support). 2015-06-19T06:05:11+00:00 bcook 2015-06-19T06:05:11+00:00 urn:sha1:1ef7c35782edea8e65610a2d9d6d6d08ea90983c We do not build, test or ship any dynamic engines, so we can remove the dynamic engine loader as well. This leaves a stub initialization function in its place. ok beck@, reyk@, miod@ Remove all getenv() calls, especially those wrapped by issetugid(). 2015-04-11T16:03:21+00:00 deraadt 2015-04-11T16:03:21+00:00 urn:sha1:b6e092d1e41107edc3265fcda97c497aa21950e1 getenv()'s wrapped by issetugid() are safe, but issetugid() is correct difficult to impliment on many operating systems. By accident, a grand experiment was run over the last year, where issetugid() returned 1 (the safe value) on a few operating systems. Noone noticed & complained that certain environment variables were not working....... ok doug beck jsing, discussion with others Enable building with -DOPENSSL_NO_DEPRECATED. 2015-02-11T03:19:37+00:00 doug 2015-02-11T03:19:37+00:00 urn:sha1:e816a1ec1d4411707051912b945e8eab7a5a94e8 If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@ Remove assert() or OPENSSL_assert() of pointers being non-NULL. The policy 2015-02-10T09:46:30+00:00 miod 2015-02-10T09:46:30+00:00 urn:sha1:03858c0228d8ccda7d170fe43e0be79cd0dc6e5b for libraries in OpenBSD is to deliberately let NULL pointers cause a SIGSEGV. ok doug@ jsing@ BN_CTX_get() can fail - consistently check its return value. 2015-02-09T15:49:22+00:00 jsing 2015-02-09T15:49:22+00:00 urn:sha1:15dc63f9715f4f10924a705d6a4cc564afe2129e There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine). Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify. Note there are still a handful of cases that do not follow the idiom - these will be handled separately. ok beck@ doug@