openbsd/src/lib/libssl/hidden/openssl, branch OPENBSD_7_8

openbsd/src/lib/libssl/hidden/openssl, branch OPENBSD_7_8_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_8_BASE 2024-08-31T10:51:48+00:00 Remove SSL_add_compression_method 2024-08-31T10:51:48+00:00 tb 2024-08-31T10:51:48+00:00 urn:sha1:a0ced14fec228fa0dfd2fa5d87c942b0af9326d8 Prepare to provide SSL_CTX_set1_cert_store() 2024-08-03T04:50:27+00:00 tb 2024-08-03T04:50:27+00:00 urn:sha1:7ffee9d08a91191b5a4fb21336efef092b583c3e SSL_CTX_set_cert_store() should have been called SSL_CTX_set0_cert_store() since it takes ownership of the store argument. Apparently a few people ran into the issue of not bumping the refcount themselves, leading to use after frees about 10 years ago. This is a quite rarely used API and there are no misuses in the ports tree, but since someone did the work of writing a diff, we can still add it. Needless to say that SSL_CTX_get_cert_store() obviously has the exact same issue and nobody seems to have thought of adding a get0 or get1 version to match... Fixes https://github.com/libressl/openbsd/issues/71 From Kenjiro Nakayama Prepare to provide SSL_CIPHER_get_handshake_digest() 2024-07-14T15:39:36+00:00 tb 2024-07-14T15:39:36+00:00 urn:sha1:e4ca538cbd7bb43768a6ebdf1fa7c4cd248be01b Needed by newer freeradius. This is a straightforward implementation that essentially duplicates tls13_cipher_hash(). ok jsing Remove SSL_debug 2024-03-02T11:48:55+00:00 tb 2024-03-02T11:48:55+00:00 urn:sha1:e9b5926a9507a5e2d6e5e20e64dba87cb811c1e0 The garbage truck is quite full by now. Collect the last symbol straggler for this bump. ok jsing Remove SSL_CIPHER_get_by_{id,value}() 2024-03-02T11:45:51+00:00 tb 2024-03-02T11:45:51+00:00 urn:sha1:8e85295d10fd4886e1ba7260f0b7bc17674ccacc While this undocumented API would have been much nicer and saner than SSL_CIPHER_find(), nothing used this except for the exporter test. Let's get rid of it again. libssl uses ssl3_get_cipher_by_{id,value}() directly. ok jsing Export SSL_get_{peer_,}signature_type_nid() 2024-03-02T11:44:47+00:00 tb 2024-03-02T11:44:47+00:00 urn:sha1:e6ba1ba77c418a957100a7562bf08d1ab8eb012e Also move the prototypes to the correct header. Oversight reported by Frank Lichtenheld, thanks! Fixes https://github.com/libressl/openbsd/issues/147 ok jsing Set OPENSSL_NO_ENGINE, remove engine code 2023-07-28T09:53:55+00:00 tb 2023-07-28T09:53:55+00:00 urn:sha1:b5382a6334a2ec0fe73ab6c49ebefb47af93329c ENGINE was special. It's horrible code even by the low standards of this library. Some ports may now try to use the stubs which will fail, but the fallout from this should be minimal. Of course there are various language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE by default will likely help fixing this at some point. ok jsing Hide all public symbols in libssl 2023-07-08T16:40:14+00:00 beck 2023-07-08T16:40:14+00:00 urn:sha1:fce75ad52c1586db1ba9f44c6be85668e7d4a110 With the guentherizer 9000 ok tb@ upstream hidden file #include_next workaround for MS C compilers 2023-07-05T21:14:54+00:00 bcook 2023-07-05T21:14:54+00:00 urn:sha1:78a308af2f74ee5b41c0815ab21ef9d01c1fcdd9 ok beck@, tb@ Add support for symbol hiding disabled by default. 2022-11-11T11:25:18+00:00 beck 2022-11-11T11:25:18+00:00 urn:sha1:0ba6b15619d4e4feafccdbd0226ee99b70553a11 Fully explained in libcrypto/README. TL;DR make sure libcrypto and libssl's function calls internally and to each other are via symbol names that won't get overridden by linking other libraries. Mostly work by guenther@, which will currently be gated behind a build setting NAMESPACE=yes. once we convert all the symbols to this method we will do a major bump and pick up the changes. ok tb@ jsing@