openbsd/src/lib/libcrypto/x509, branch libressl-v2.9.2

openbsd/src/lib/libcrypto/x509, branch libressl-v2.9.2 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.9.2 2019-03-13T20:34:00+00:00 Fix a number of ASN1_INTEGER vs ASN1_STRING mixups coming from the 2019-03-13T20:34:00+00:00 tb 2019-03-13T20:34:00+00:00 urn:sha1:5ac8b80c66d7d9f6dab1bfdf23f0578eb05dffa0 mechanical M_ASN1 macro expansion. The ASN1_INTEGER_cmp function takes signs into account while ASN1_STRING_cmp doesn't. The mixups mostly involve serialNumbers, which, in principle, should be positive. However, it is unclear whether that is checked or enforced anywhere in the code, so these are probably bugs. Patch from Holger Mikolon ok jsing Typo in comment. 2019-03-06T05:06:58+00:00 tb 2019-03-06T05:06:58+00:00 urn:sha1:f70292937cfa185badac27a7244dfeb186e42744 From Holger Mikolon Add const to EVP_PKCS82PKEY(). 2018-08-24T20:26:03+00:00 tb 2018-08-24T20:26:03+00:00 urn:sha1:2e9cc12db341d66727099e500ca968482802fde1 tested in a bulk by sthen ok jsing After removing support for broken PKCS#8 formats (it was high time), 2018-08-24T20:17:33+00:00 tb 2018-08-24T20:17:33+00:00 urn:sha1:4cdbdc5207fa48804d8ed3a7929a97ae5f9f466d we can add const to PKCS8_pkey_get0(). In order for this to work, we need to sprinkle a few consts here and there. tested in a bulk by sthen ok jsing Remove EVP_PKEY2PKCS8_broken() and PKCS8_set_broken() 2018-08-24T20:07:42+00:00 tb 2018-08-24T20:07:42+00:00 urn:sha1:e4cf8ac5385c963bee0eb8d0e642abe1bb82ac78 Provide PKCS8_pkey_add1_attr_by_NID() and PKCS8_pkey_get0_attrs(). Remove the whole broken code and simplify pkcs8_priv_key_info_st accordingly. Based on OpenSSL commit 54dbf42398e23349b59f258a3dd60387bbc5ba13 plus some const that was added later. tested in a bulk build by sthen ok jsing Provide X509_get0_serialNumber() 2018-08-24T19:59:32+00:00 tb 2018-08-24T19:59:32+00:00 urn:sha1:b2896b6759d33e259f8f56f743ec2d54f5002a50 tested in a bulk by sthen ok jsing Turn a number of #defines into proper functions with prototypes matching 2018-08-24T19:55:58+00:00 tb 2018-08-24T19:55:58+00:00 urn:sha1:d005d0528a66f69dbf8fb1a50b86c1bf40e135bc those that OpenSSL has had for ages. ok jsing Make X509_OBJECT_up_ref_count return an int. 2018-08-24T19:21:09+00:00 tb 2018-08-24T19:21:09+00:00 urn:sha1:74eedf34845483dbab4527b97ece0c1697ff88ff Based on OpenSSL commit c5ebfcab713a82a1d46a51c8c2668c419425b387 tested in a bulk by sthen ok jsing Don't leak sktmp in X509_verify_cert(). 2018-08-19T20:19:31+00:00 tb 2018-08-19T20:19:31+00:00 urn:sha1:72e746eda16b1fcb8e54b3a9bd99c0fa48f51c22 CID #118791 ok jsing mestre Remove unnecessary NULL check from get_cert_by_subject since 2018-08-05T14:17:12+00:00 bcook 2018-08-05T14:17:12+00:00 urn:sha1:6b472be450b41d2399d1fd32bf31177c8c24f895 sk_BY_DIR_HASH_find already does it, removing ambiguity later in the function. ok tb@