openbsd/src/lib/libcrypto/hidden, branch OPENBSD_7_3

openbsd/src/lib/libcrypto/hidden, branch OPENBSD_7_3_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_3_BASE 2023-02-23T18:12:32+00:00 Introduce X509_get0_uids() accessor function 2023-02-23T18:12:32+00:00 job 2023-02-23T18:12:32+00:00 urn:sha1:45e10d130dd01f514cf8227acec3008ab3fa9b98 By introducing X509_get0_uids(), one can add RPKI profile compliance checks to conform the absence of the issuerUID and subjectUID. OK tb@ jsing@ libressl *_namespace.h: adjust *_ALIAS() to require a semicolon 2023-02-16T08:38:17+00:00 tb 2023-02-16T08:38:17+00:00 urn:sha1:24a27fd0d17d515b00097199de60fa85a76a95df LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon. This does not conform to style(9), breaks editors and ctags and (most importantly) my workflow. Fix this by neutering them with asm("") so that -Wpedantic doesn't complain. There's precedent in libc's namespace.h fix suggested by & ok jsing Prepare to provide UI_null() 2022-12-17T21:59:39+00:00 tb 2022-12-17T21:59:39+00:00 urn:sha1:4b4b2e861fa5803efe93b65c639a868dee5d6325 xmlsec needs this, nothing else. Our linkers link libxmlsec1-openssl, only warns and since nothing uses this library in ports, this wasn't noticed for a long time. Reported by Thomas Mitterfellner ok jsing Getters and setters for the check_issued() callback 2022-12-01T05:16:08+00:00 tb 2022-12-01T05:16:08+00:00 urn:sha1:a903cae4f3dd069a89381c4d29495971d39b0401 Open62541 uses X509_STORE_CTX_get_check_issued(), so provide it along with X509_STORE_{get,set}_check_issued(). As you would expect, they all return or take an X509_STORE_CTX_check_issued_fn. The getters aren't const in OpenSSL 1.1, but they now are in OpenSSL 3... These will be made available in the next minor bump and will ship in the stable release of LibreSSL 3.7 Part of OpenSSL commit 1060a50b See also https://github.com/libressl-portable/portable/issues/748 ok beck jsing Hide public symbols in libcrypto/x509 .c files 2022-11-14T17:48:50+00:00 beck 2022-11-14T17:48:50+00:00 urn:sha1:86ef9af254717a5620d93d1ebe06ab2ad9597496 ok tb@ Hide symbols in libcrypto/ui 2022-11-12T13:16:10+00:00 beck 2022-11-12T13:16:10+00:00 urn:sha1:72c3dd25803856565ae56c4caf3a753322deba65 ok jsing@ Hide symbols in libcrypto/pkcs12 2022-11-12T13:03:28+00:00 beck 2022-11-12T13:03:28+00:00 urn:sha1:f67e8816eac76498282b2708acce886d1f7e6f1a ok jsing@ Hide symbols in libcrypto/pkcs7 2022-11-12T12:11:14+00:00 beck 2022-11-12T12:11:14+00:00 urn:sha1:b36647beb9eb198e8bc1c6e20dbd475845bf6612 This applies the guentherizer 9000(tm) to pkcs7, after moving several pkcs7 funcitions back to pkcs7 that were in x509/x_all.c for reasons known only to the miasma. ok jsing@ Hide symbols in libcrypto/stack 2022-11-11T19:18:55+00:00 beck 2022-11-11T19:18:55+00:00 urn:sha1:c3d107e555c9047b056fca78ad9fc85579e401cb Automated change from the first attempts at the semi automated Guentherizer 2000. ok jsing@ tb@ joshua@ Add support for symbol hiding disabled by default. 2022-11-11T11:25:18+00:00 beck 2022-11-11T11:25:18+00:00 urn:sha1:0ba6b15619d4e4feafccdbd0226ee99b70553a11 Fully explained in libcrypto/README. TL;DR make sure libcrypto and libssl's function calls internally and to each other are via symbol names that won't get overridden by linking other libraries. Mostly work by guenther@, which will currently be gated behind a build setting NAMESPACE=yes. once we convert all the symbols to this method we will do a major bump and pick up the changes. ok tb@ jsing@