openbsd/src/lib/libcrypto/x509, branch OPENBSD_7

openbsd/src/lib/libcrypto/x509, branch OPENBSD_7_6 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_6 2024-08-31T18:38:46+00:00 Rewrite X509V3_add_value() to a single exit idiom 2024-08-31T18:38:46+00:00 tb 2024-08-31T18:38:46+00:00 urn:sha1:8da74b639c99ef7f7df5bdef18fffa5f7528918d ok jsing Expose X509_get_signature_info 2024-08-31T10:49:35+00:00 tb 2024-08-31T10:49:35+00:00 urn:sha1:51fae0b4f2de93ea17a71eca58f1d20435d1af0d To compensate for all the removals, a single, small, constructive piece of this bump: expose X509_get_signature_info() so that libssl's security level API can handle RSA-PSS certificates correctly. ok beck jsing Make X509at_* API internal 2024-08-31T10:46:40+00:00 tb 2024-08-31T10:46:40+00:00 urn:sha1:6e18dec83a409158e5e06e9980d445c2a14a5fbe The only consumer, yara, has been adjusted. It will be some more work to remove this idiocy internally, but at least we will no longer have to care about external consumers. ok beck jsing Remove EVP_PKEY.*attr* API 2024-08-31T10:25:38+00:00 tb 2024-08-31T10:25:38+00:00 urn:sha1:1879b1c335b79500e4608d064e6a67c172898224 I ranted enough about this recently. PKCS#12. Microsoft. 'nuff said. ok beck jsing Move BIT_STRING_BITNAME tables to const 2024-08-31T10:23:13+00:00 tb 2024-08-31T10:23:13+00:00 urn:sha1:990e38b510e53ec892676a4b297d968927b99082 Another bunch of const correctness fixes for global tables. These are used to map ns cert types, key usage types and CRL reasons to strings and vice versa. By the looks of it, nobody ever figured out how to use this (need I mention that it's convoluted?). ok beck jsing const correct X509_LOOKUP_METHOD 2024-08-31T10:19:17+00:00 tb 2024-08-31T10:19:17+00:00 urn:sha1:d64314baed3e30b9cf75f58caf085b356a3f6d2f With this another family of global tables becomes const as it should always have been. ok beck jsing Remove X509_REQ_{set,get}_extension_nids() 2024-08-31T10:16:52+00:00 tb 2024-08-31T10:16:52+00:00 urn:sha1:6b73d9352a214f801122b7ee10c167492ca9e38e LibreSSL no longer supports non-standard OIDs for use in the extensions attribute of CSRs. The API that enabled that (and nobody used of course) can now go. ok beck jsing Make X509_VAL opaque 2024-08-31T10:14:17+00:00 tb 2024-08-31T10:14:17+00:00 urn:sha1:1c4f8dcbf981963a1c4cfd7ded382d18aaa8fa8a Nothing needs to reach into this structure, which is part of certificates. So hide its innards. ok beck jsing Remove X509_check_trust() and some related defines 2024-08-31T10:12:23+00:00 tb 2024-08-31T10:12:23+00:00 urn:sha1:98cde9e87c7eeb1ad50a82b9052b86dd675bd285 Someone thought it would be a good idea to append non-standard trust information to the certs in the trust store. This API is used to inspect that depending on the intended purpose of the cert. Only M2Crypto thought it necessary to expose this. It was adjusted. ok beck jsing The X509V3_CONF_METHOD goes away 2024-08-31T10:06:39+00:00 tb 2024-08-31T10:06:39+00:00 urn:sha1:442662f85537dc5ae9dcdc9b8d2b0130ef605e0c No longer used, never really needed. ok beck jsing