openbsd/src/lib/libcrypto/x509, branch libressl-v2.1.4

openbsd/src/lib/libcrypto/x509, branch libressl-v2.1.4 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.1.4 2015-02-12T03:54:07+00:00 If you do not support POSIX I/O then you're not tall enough to ride... 2015-02-12T03:54:07+00:00 jsing 2015-02-12T03:54:07+00:00 urn:sha1:1c7b61ccfe1cdbe10dcf7459d3bc363f5c3c6b4d ok tedu@ More unifdef OPENSSL_NO_RFC3779 that got missed last time around. 2015-02-11T02:17:59+00:00 jsing 2015-02-11T02:17:59+00:00 urn:sha1:5a58ebc930587e6e3925e0e6a0fec0d76ccfbff9 Spotted by beck@ Remove more IMPLEMENT_STACK_OF noops that have been hiding for the last 2015-02-10T11:22:22+00:00 jsing 2015-02-10T11:22:22+00:00 urn:sha1:f615895acf9eb579a4183eb9a32ea5ab0e2d7cb6 15 years. The IMPLEMENT_STACK_OF and IMPLEMENT_ASN1_SET_OF macros were turned into 2015-02-10T08:33:10+00:00 jsing 2015-02-10T08:33:10+00:00 urn:sha1:398669e54cc64c0b7d0a009b29cd2f2ff9063ca9 noops around 15 years ago. Remove multiple occurances of both that still exist in the code today. Delete a lot of #if 0 code in libressl. 2015-02-07T13:19:15+00:00 doug 2015-02-07T13:19:15+00:00 urn:sha1:a58e958ffece1b48f50bc090357dee2cd5b1bc20 There are a few instances where #if 1 is removed but the code remains. Based on the following OpenSSL commits. Some of the commits weren't strictly deletions so they are going to be split up into separate commits. 6f91b017bbb7140f816721141ac156d1b828a6b3 3d47c1d331fdc7574d2275cda1a630ccdb624b08 dfb56425b68314b2b57e17c82c1df42e7a015132 c8fa2356a00cbaada8963f739e5570298311a060 f16a64d11f55c01f56baa62ebf1dec7f8fe718cb 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb 02a938c953b3e1ced71d9a832de1618f907eb96d 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 d6fbb194095312f4722c81c9362dbd0de66cb656 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 1a5adcfb5edfe23908b350f8757df405b0f5f71f 8de24b792743d11e1d5a0dcd336a49368750c577 a2b18e657ea1a932d125154f4e13ab2258796d90 8e964419603d2478dfb391c66e7ccb2dcc9776b4 32dfde107636ac9bc62a5b3233fe2a54dbc27008 input + ok jsing@, miod@, tedu@ Declare the x509_(mem|file|dir)_lookup symbols as static because they 2015-02-05T01:33:22+00:00 reyk 2015-02-05T01:33:22+00:00 urn:sha1:a1c0159c37615070d2b9a91e3ed4cfc4f80a06b1 shouldn't be used directly. They aren't part of the API; each module (file, dir, mem) provides an actual function to export the now-static object. OK miod@ Fix a number of issues relating to algorithms in signatures, Mostly 2015-01-28T04:14:31+00:00 beck 2015-01-28T04:14:31+00:00 urn:sha1:7a956248ef874c38eeabdfa3912c758dbe16c625 from OpenSSL with a hint of boring and some things done here. Addresses CVE-2014-8275 for OpenSSL fully ok miod@ doug@ Use field names in struct initialisers. 2015-01-22T11:16:56+00:00 jsing 2015-01-22T11:16:56+00:00 urn:sha1:559d7136e35fb0b3cc5d43240d5102630410c202 No change to generated assembly. Add X509_STORE_load_mem() to load certificates from a memory buffer 2015-01-22T09:06:39+00:00 reyk 2015-01-22T09:06:39+00:00 urn:sha1:862d0b8723d1dd780e301615518a21818f474a9c instead of disk. OpenSSL didn't provide a built-in API from loading certificates in a chroot'ed process that doesn't have direct access to the files. X509_STORE_load_mem() provides a new backend that will be used by libssl and libtls to implement such privsep-friendly functionality. Adopted for LibreSSL based on older code from relayd (by pyr@ and myself) With feedback and OK bluhm@ Avoid modifying input on failure in X509_(TRUST|PURPOSE)_add. 2014-12-06T19:26:37+00:00 doug 2014-12-06T19:26:37+00:00 urn:sha1:c0f239a5bb562e1815cb2ae500592f95db239eda If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the object in an inconsistent state since the name is already freed. This commit avoids changing the original name unless the *_add() call will succeed. Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0 ok miod@