A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_4 2023-07-29T03:13:38+00:00 2023-07-29T03:13:38+00:00 tb 2023-07-29T03:13:38+00:00 urn:sha1:d55fe8388bee7e6f23b5f58d5cfd37a6b3939049 Some *_options() prototypes were left behind in headers. I will remove them after my amd64 ports bulk completes. 2023-07-28T10:38:51+00:00 tb 2023-07-28T10:38:51+00:00 urn:sha1:cbb4ff06a62700b3c77007fc826d12e1b51b3687 2023-07-28T10:33:13+00:00 tb 2023-07-28T10:33:13+00:00 urn:sha1:b8d30e719ace66cc62ab262ddf8f89df4046d5e8 This removes ASN1_BIT_STRING_name_print(), ASN1_BIT_STRING_{num,set}_asc(). Before trust was properly handled using OIDs, there was a period where it used bit strings. The actual interfaces used in openssl x509 were removed, but the functions they wrapped remained unused for the next 24 years. ok jsing 2023-07-28T10:30:16+00:00 tb 2023-07-28T10:30:16+00:00 urn:sha1:e2147417de87aad6ba65ecc032ecbc394ba9b139 This was added with the TS code for no discernible reason. I could not find a single consumer. In the unlikely event that you need this, it is easy enough to write a better version of it yourself. ok jsing 2023-07-28T10:28:02+00:00 tb 2023-07-28T10:28:02+00:00 urn:sha1:3c8d1e1cf9bb15a3ea986b0fa3f53d33663d6c55 Add accessors for the syntax versions of ContentInfo and SignerInfo. These will be used soon in rpki-client for some more compliance checks. ok job jsing 2023-07-28T10:25:05+00:00 tb 2023-07-28T10:25:05+00:00 urn:sha1:ff3b404e5cda0d0876bf6dccdcc293d75dd12c57 Another bit of unused extensibility that was responsible for a lot of complexity until recently. This removes the remaining stubs from the public API. ok jsing 2023-07-28T10:23:19+00:00 tb 2023-07-28T10:23:19+00:00 urn:sha1:2a8a0e16fff5736c54d6005280b83c07587cb5d8 Ever wondered how many entries populate the various err hashes? Me neither. Remove this garbage. ok jsing 2023-07-28T10:21:01+00:00 tb 2023-07-28T10:21:01+00:00 urn:sha1:6f0a25f56e69a07f9a33663b857ea58bc32efba0 Much like ex_data, applications can make the library use their own error stack implementation. Well, except as of right now they no longer can. ok jsing 2023-07-28T10:19:20+00:00 tb 2023-07-28T10:19:20+00:00 urn:sha1:df077cec5ce229b03845385f6f75dbe7cd5f7080 To state the obvious: library suffers from way too much extensibility. In theory, applications can implement their own ex_data implementation. In practice, none did. A glance at ex_data.c might give an idea as to why. Make this internal so this particular turd can be replaced with something slightly saner. Also sync up the CRYPTO_EX_INDEX_* defines with OpenSSL - at least the parts we support. ok jsing 2023-07-28T10:13:50+00:00 tb 2023-07-28T10:13:50+00:00 urn:sha1:43dacb06bd0d2779c2a59be0c69a4defc6fcb419 This is one of those strange things that should never have made it into a security-oriented libraries. From BIO_s_bio.3: .\" The following non-copying I/O functions are intentionally undocumented .\" because they seem fragile and unused by anything: It was used in a single place: the gorgeous ssltest. I'm not smart enough to follow. Also: /* WARNING: The non-copying interface is largely untested as of yet * and may contain bugs. */ Oh, really? Into the great bitbucket in the sky you go. ok jsing