openbsd/src/lib/libcrypto/x509, branch libressl-v2.3.0

openbsd/src/lib/libcrypto/x509, branch libressl-v2.3.0 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.3.0 2015-09-14T16:13:39+00:00 Add support for disabling certificate and CRL validity checking. 2015-09-14T16:13:39+00:00 jsing 2015-09-14T16:13:39+00:00 urn:sha1:33cb993a8d2c13b5765b3a3f9538892658ae6665 Loosely based on changes in OpenSSL. ok beck@ Reorder functions for readability/consistency. 2015-09-13T15:59:30+00:00 jsing 2015-09-13T15:59:30+00:00 urn:sha1:e1e5c9f78b74257912dbabd424ccb6d6cf346746 Expand obsolete M_ASN1.*(cmp|dup|print|set) macros - no change in generated 2015-07-29T14:58:34+00:00 jsing 2015-07-29T14:58:34+00:00 urn:sha1:2186614b2e5af6bbfcc1a9f8898ac11ea9c93faf assembly. ok bcook@ Now that it is safe to invoke X509_STORE_CTX_cleanup() if X509_STORE_CTX_init() 2015-07-19T05:42:55+00:00 miod 2015-07-19T05:42:55+00:00 urn:sha1:6b0eb980d3e214f7207eac97cd4b726560f55c02 fails, check its return value and correctly mop up after ourselves. ok beck@ doug@ Simplify X509_STORE_CTX_init and make it safe with stack variables. 2015-07-19T01:44:16+00:00 doug 2015-07-19T01:44:16+00:00 urn:sha1:2389220f593f7efc734a6f4f86935806b2c4f8eb The current version is not safe with stack variables because it may return prematurely with a partially constructed object on error. ok miod@ a while back Fix bad indenting in LibreSSL. 2015-06-13T08:38:10+00:00 doug 2015-06-13T08:38:10+00:00 urn:sha1:ffdde82e8fceeaaea8ca893d8bffc0dcc53daf40 jsg@ noticed that some of the lines in libssl and libcrypto are not indented properly. At a quick glance, it looks like it has a different control flow than it really does. I checked the history in our tree and in OpenSSL to make sure these were simple mistakes. ok miod@ jsing@ Avoid a potential out-of-bounds read in X509_cmp_time(), due to missing 2015-06-11T15:58:53+00:00 jsing 2015-06-11T15:58:53+00:00 urn:sha1:652913e0fc47c01c7ce25e6f73435f2bf88f6a2e length checks. Diff based on changes in OpenSSL. Fixes CVE-2015-1789. ok doug@ Don't ignore the reference count in X509_STORE_free. 2015-04-25T16:02:55+00:00 doug 2015-04-25T16:02:55+00:00 urn:sha1:db89ec62c9654a4fdabda5759955699428c4fbf2 Based on this upstream commit: bff9ce4db38b297c72a6d84617d71ae2934450f7 which didn't make it into a release until 1.0.2. Thanks to william at 25thandclement dot com for reporting this! ok deraadt@ jsing@ beck@ Remove d2i_X509_PKEY and i2d_X509_PKEY from the SSLeay days. 2015-04-12T15:15:51+00:00 doug 2015-04-12T15:15:51+00:00 urn:sha1:1796e4db97a7850cbac4fdb65b8ec74e85549050 i2d_X509_PKEY is a "needs to implement" and d2i_X509_PKEY is broken. Removed upstream in commit b1f3442857c1fd76e91941141bf671d19e90a79d. ok deraadt@, jsing@ Remove all getenv() calls, especially those wrapped by issetugid(). 2015-04-11T16:03:21+00:00 deraadt 2015-04-11T16:03:21+00:00 urn:sha1:b6e092d1e41107edc3265fcda97c497aa21950e1 getenv()'s wrapped by issetugid() are safe, but issetugid() is correct difficult to impliment on many operating systems. By accident, a grand experiment was run over the last year, where issetugid() returned 1 (the safe value) on a few operating systems. Noone noticed & complained that certain environment variables were not working....... ok doug beck jsing, discussion with others