openbsd/src/usr.bin/openssl, branch OPENBSD_7_5

openbsd/src/usr.bin/openssl, branch OPENBSD_7_5_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_5_BASE 2024-02-28T17:04:38+00:00 Expand only ever user of PBEPARAM_free() outside of libcrypto 2024-02-28T17:04:38+00:00 tb 2024-02-28T17:04:38+00:00 urn:sha1:053b93fb0b7bcd14494f84247e51bcaa2ec45a1a Zap a useless comment followed by a stray semicolon 2024-02-04T13:08:29+00:00 tb 2024-02-04T13:08:29+00:00 urn:sha1:0e3ffc21b85538d145bb3e56108f842f7735e886 Noticed by Christian Andersen Remove GOST and STREEBOG support from libssl. 2024-02-03T15:58:34+00:00 beck 2024-02-03T15:58:34+00:00 urn:sha1:20afa90e552d2efed2187dbafc92170a3895e921 This version of GOST is old and not anywhere close to compliant with modern GOST standards. It is also very intrusive in libssl and makes a mess everywhere. Efforts to entice a suitably minded anyone to care about it have been unsuccessful. At this point it is probably best to remove this, and if someone ever showed up who truly needed a working version, it should be a clean implementation from scratch, and have it use something closer to the typical API in libcrypto so it would integrate less painfully here. This removes it from libssl in preparation for it's removal from libcrypto with a future major bump ok tb@ Add 'openssl x509 -new' functionality to the libcrypto CLI utility 2024-01-26T11:58:37+00:00 job 2024-01-26T11:58:37+00:00 urn:sha1:c6ef56532943eb3b0c27899a1d3ce888b8aacece The ability to generate a new certificate is useful for testing and experimentation with rechaining PKIs. While there, alias '-key' to '-signkey' for compatibility. with and OK tb@ Add -force_pubkey -multivalue-rdn -set_issuer -set_subject -utf8 to x509 app 2024-01-12T11:24:03+00:00 job 2024-01-12T11:24:03+00:00 urn:sha1:fd3a458c3776b8f3ff79dd8ee79fafe9c6782c8a The -set_issuer, -set_subject, and -force_pubkey features can be used to 'rechain' PKIs, for more information see https://labs.apnic.net/nro-ta/ and https://blog.apnic.net/2023/12/14/models-of-trust-for-the-rpki/ OK tb@ Garbage collect the last users of SSL_set_debug(3) 2023-12-29T12:15:49+00:00 tb 2023-12-29T12:15:49+00:00 urn:sha1:47579f77bfbf210abc8b63d1bf6acfd9926ff7f7 This undocumented, incomplete public function has never done anything useful. It will be removed from libssl. Removing it from openssl(1) clears the way for this. ok jsing s_client: pause hasn't worked in ages. Just ignore it 2023-12-29T12:06:48+00:00 tb 2023-12-29T12:06:48+00:00 urn:sha1:a68c10d8436f4ded6e324101b5d1420e622533f0 ok jsing Make a few purpose things const 2023-11-21T17:56:19+00:00 tb 2023-11-21T17:56:19+00:00 urn:sha1:cf8443276e8273969971b03dcddc0d59bc6eb1c9 This should allow us to constify a sizable table in libcrypto in an upcoming bump. openssl pkcs12: rewrite without reaching into X509_ALGOR 2023-11-19T09:29:11+00:00 tb 2023-11-19T09:29:11+00:00 urn:sha1:6e435e2554505c1ea973526a30fea9135b019f4f We can call ASN1_item_unpack() which will end up stuffing the same arguments into ASN1_item_d2i() as d2i_PBEPARAM(). This eliminates the last struct access into X509_ALGOR outside libcrypto in the base tree. ok jsing openssl ts: convert to X509_ALGOR_set0() 2023-11-19T09:19:54+00:00 tb 2023-11-19T09:19:54+00:00 urn:sha1:ba58055b32218a61b06555001b167cf4c1571412 ok jsing