A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_6 2024-08-26T22:01:28+00:00 2024-08-26T22:01:28+00:00 op 2024-08-26T22:01:28+00:00 urn:sha1:07d3f305ea24da68aec66c7e4be39317f6ea7dae 2024-06-24T06:43:23+00:00 tb 2024-06-24T06:43:23+00:00 urn:sha1:c9802a5afe29675d69b605ce906d34fd89c024ac These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing 2024-04-15T15:52:46+00:00 tb 2024-04-15T15:52:46+00:00 urn:sha1:0131401e0b9d7c3536cf6e5e16d17bc82cfda939 ok jsing 2024-03-26T00:39:22+00:00 beck 2024-03-26T00:39:22+00:00 urn:sha1:3604a06d3b1412f3b3b3959a358b2c8e2a07836a RFC 3631 allows for sub second ASN1 GENERALIZED times, if you choose to support sub second time precison. It does not indicate that an implementation must support them. Supporting sub second timestamps is just silly and unrealistic, so set our maximum to one second of precision. We then simplify this code by removing some nasty eye-bleed that made artisinally hand crafted strings and jammed them into an ASN1_GENERALIZEDTIME. ok tb@, jsing@, with one second precision tested by kn@ 2024-03-25T07:02:22+00:00 beck 2024-03-25T07:02:22+00:00 urn:sha1:d8847ca61ace2c9c6c3adf2a3ef9505e4eb1fb8a ok tb@ 2024-03-24T11:30:12+00:00 beck 2024-03-24T11:30:12+00:00 urn:sha1:0f167a53fa3e19b7e6bb0620e16c6d11f07f10ca This gets rid of our last uses of timegm and gmtime in the library and things that ship with it. It includes a bit of refactoring in ocsp_cl.c to remove some obvious ugly. ok tb@ 2023-11-19T15:46:10+00:00 tb 2023-11-19T15:46:10+00:00 urn:sha1:593d97e74cc873d99aced677883cf55625efe62d This is mechanical apart from a few manual edits to avoid doubled empty lines. ok jsing 2023-08-22T08:09:36+00:00 tb 2023-08-22T08:09:36+00:00 urn:sha1:caa16bb11b76934f4f61ca179bfd08640d84d957 ok jsing 2023-07-28T09:53:55+00:00 tb 2023-07-28T09:53:55+00:00 urn:sha1:b5382a6334a2ec0fe73ab6c49ebefb47af93329c ENGINE was special. It's horrible code even by the low standards of this library. Some ports may now try to use the stubs which will fail, but the fallout from this should be minimal. Of course there are various language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE by default will likely help fixing this at some point. ok jsing 2023-07-07T19:37:54+00:00 beck 2023-07-07T19:37:54+00:00 urn:sha1:1ca8095297adf80b48019b5a2d18010ff9e3427f me aliasing symbols not in the headers I was procesing. This unbreaks the namespace build so it will pass again ok tb@