openbsd/src/lib/libcrypto/hidden, branch libressl-v3.8.0

openbsd/src/lib/libcrypto/hidden, branch libressl-v3.8.0 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.8.0 2023-04-30T19:31:05+00:00 Remove proxy cert api remmnants 2023-04-30T19:31:05+00:00 tb 2023-04-30T19:31:05+00:00 urn:sha1:2a2a7d4b316cdbad0427b0d1215ca206d125c9a9 Take X509_POLICY_NODE_print() behind the barn 2023-04-26T20:43:32+00:00 tb 2023-04-26T20:43:32+00:00 urn:sha1:5bac80042181a39c9557a0b3ee6249f3ef99a6a9 This used to be public API but is now only used for debug code that has certainly never been used since it was released to the public. It drags that debug nonsense with it. ok beck Remove SXNET 2023-04-25T18:48:32+00:00 tb 2023-04-25T18:48:32+00:00 urn:sha1:fbf2ba949e9a8593bfac40125b23645ec041759f Unused and no authorative information was found online in 2016 X509_STORE_get1_{certs,crls} become X509_STORE_CTX_* 2023-04-25T18:32:42+00:00 tb 2023-04-25T18:32:42+00:00 urn:sha1:c3f612e9a9823c6f40b80192fe4c5aa4ba5a2aef This matches the OpenSSL 1.1 API a bit better. Move the policy tree code to internal-only 2023-04-25T18:28:05+00:00 tb 2023-04-25T18:28:05+00:00 urn:sha1:f93e2515680ec934d84f432f85c41fbc3d28e5bc A few hooks remain in the legacy validator, which will soon be replaced with something better. The rest of the tentacles are now largely contained. Remove i2d_PKCS7_NDEF from the hidden version as well 2023-04-25T18:13:25+00:00 tb 2023-04-25T18:13:25+00:00 urn:sha1:cd5bdbca3ae5af8f90531b86da04780bda9c9b0a Introduce X509_get0_uids() accessor function 2023-02-23T18:12:32+00:00 job 2023-02-23T18:12:32+00:00 urn:sha1:45e10d130dd01f514cf8227acec3008ab3fa9b98 By introducing X509_get0_uids(), one can add RPKI profile compliance checks to conform the absence of the issuerUID and subjectUID. OK tb@ jsing@ libressl *_namespace.h: adjust *_ALIAS() to require a semicolon 2023-02-16T08:38:17+00:00 tb 2023-02-16T08:38:17+00:00 urn:sha1:24a27fd0d17d515b00097199de60fa85a76a95df LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon. This does not conform to style(9), breaks editors and ctags and (most importantly) my workflow. Fix this by neutering them with asm("") so that -Wpedantic doesn't complain. There's precedent in libc's namespace.h fix suggested by & ok jsing Prepare to provide UI_null() 2022-12-17T21:59:39+00:00 tb 2022-12-17T21:59:39+00:00 urn:sha1:4b4b2e861fa5803efe93b65c639a868dee5d6325 xmlsec needs this, nothing else. Our linkers link libxmlsec1-openssl, only warns and since nothing uses this library in ports, this wasn't noticed for a long time. Reported by Thomas Mitterfellner ok jsing Getters and setters for the check_issued() callback 2022-12-01T05:16:08+00:00 tb 2022-12-01T05:16:08+00:00 urn:sha1:a903cae4f3dd069a89381c4d29495971d39b0401 Open62541 uses X509_STORE_CTX_get_check_issued(), so provide it along with X509_STORE_{get,set}_check_issued(). As you would expect, they all return or take an X509_STORE_CTX_check_issued_fn. The getters aren't const in OpenSSL 1.1, but they now are in OpenSSL 3... These will be made available in the next minor bump and will ship in the stable release of LibreSSL 3.7 Part of OpenSSL commit 1060a50b See also https://github.com/libressl-portable/portable/issues/748 ok beck jsing