| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
and remove the LIBRESSL_INTERNAL guards around them
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This API was needed since OpenSSL didn't have one. We now have variants
of OpenSSL's API and will also expose BoringSSL's complementary API. The
users of this API were ported to the OpenSSL variants and some may switch
to BoringSSL's in the future. Part of it is still used internally.
ASN1_time_tm_clamp_notafter() is still used by libtls (and only libtls).
This will be fixed in a future bump.
ok jsing
|
| |
|
|
|
|
|
|
| |
This is only used by the fuzzing code. Another bit of poorly thought
out extensibility that makes people pass NULL pointers to a bunch
of APIs.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
The last comsumer, telephony/asterisk, was adjusted a few months back.
pointed out by brad
ok jsing
|
| |
|
|
|
|
|
| |
The only consumer, a_strnid.c, has its own, slightly more complete, up
to date, and less incorrect, version of these.
ok jsing
|
| |
|
|
|
|
| |
Another remnant of the unused ASN1_STRING_TABLE extensibility goes away.
ok jsing
|
| |
|
|
|
|
|
| |
This was API for the ASN1_STRING_TABLE extensibility which has been
neutered for months and was completely unused in the ecosystem.
ok jsing
|
| |
|
|
|
|
|
|
| |
The ability of modifying the ASN1_STRING_TABLE was removed and the table
is now static. Stop casting away const. The only consumer, security/xca,
is already fixed.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is prepares to expose some internal API as OPENSSL_tm_to_posix() and
OPENSSL_posix_to_tm(). They will be used in libtls and ocspcheck(8) to get
rid of the portability nightmare that is timegm().
Also fix the location of OPENSSL_gmtime() and OPENSSL_timegm() (this API
is not yet exposed). The former is from OpenSSL and surprisingly lives in
crypto.h, not asn1.h, and the latter is BoringSSL API and lives in the new
posix_time.h.
Initial diff from beck, this pulls in further upstream work after review
feedback.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
This matches when BoringSSL has done, and allows for getting
rid of the dependency on system timegm() and gmtime() in libtls.
which will make life easier for portable, and remove our
dependency on the potentially very slow system versions.
ok tb@ - tb will handle the minor bump bits and expose
on the next minor bump
CVS :----------------------------------------------------------------------
|
| |
|
|
|
|
|
|
|
| |
This removes ASN1_BIT_STRING_name_print(), ASN1_BIT_STRING_{num,set}_asc().
Before trust was properly handled using OIDs, there was a period where it
used bit strings. The actual interfaces used in openssl x509 were removed,
but the functions they wrapped remained unused for the next 24 years.
ok jsing
|
| |
|
|
|
|
|
|
| |
This was added with the TS code for no discernible reason. I could not
find a single consumer. In the unlikely event that you need this, it is
easy enough to write a better version of it yourself.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
ASN1_bn_print() is a hilariously bad API that was replaced with a saner
interface internally. ASN1_buf_print() isn't terrible, but it is too
specialized to be of real use. It was only exposed because ASN1_bn_print()
was already there. Its only use had been in the EdDSA printing code before
it was replaced with an internal helper.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
With every bump we can remove a bit more of the ASN.1 BIO and the
streaming interface. At some point enough will be internal so that
we can rewrite it and bring it in a shape where mere mortals can
follow all the twists and turns. This is the next step: BIO_f_asn1(3)
goes away and takes BIO_asn1_{get,set}_{prefix,suffix}() with it,
a bunch of functions helping along in a write-after-free recently.
The getters go away, the setters stay for now.
ok jsing
|
| | |
|
| |
|
|
| |
Discussed with jsing and beck
|
| |
|
|
| |
Requested by jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes
that eventually the mess of everything includes everything will magically
resolve itself. Of course everyone would end up building openssl with
OPENSSL_NO_DEPRECATED over time... Right.
Surprisingly, the ecosystem has come to rely on these implicit inclusions,
so about two dozen ports would fail to build because of this. Patching this
would be easy but really not worth the effort.
ok jsing
|
| |
|
|
|
| |
This is needed to print the 32-byte Ed25519 keys which aren't handled
as BNs.
|
| |
|
|
|
|
| |
This is needed to print byte array based keys, such as Ed25519 and X25519.
ok beck@ tb@
|
| |
|
|
|
|
|
|
| |
This removes c2i_ASN1_OBJECT(), {c2i,i2c}_ASN1_BIT_STRING() and
{c2i,i2c}_ASN1_INTEGER(). These are not part of the OpenSSL 1.1
API and should never have been exposed in the first place.
ok jsing
|
| |
|
|
|
|
| |
Needed for an upcoming change.
ok tb@
|
| |
|
|
|
|
|
| |
This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
| |
|
|
|
|
|
| |
These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
the world seems to be using.
Symbols.list changes and exposure to wait for minor bump
ok jsing@ jca@
|
| |
|
|
|
|
|
| |
Instead of having a separate get/set implementation, reuse the ASN1_INTEGER
code. Also prepare to provide ASN1_ENUMERATED_{get,set}_int64().
ok beck@ tb@
|
| |
|
|
|
|
| |
In the process, prepare to provide ASN1_INTEGER_{get,set}_{u,}int64().
ok beck@ tb@
|
| |
|
|
|
|
|
| |
This moves {d2i,i2d}_ASN1_BOOLEAN() to internal only. They are unused,
but help us testing the encoding.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET,
Netscape_RSA things. Some of the nasty tentacles that could go in
principle are used in some test suites, so we need to keep them...
All this was removed as part of OpenSSL commit 0bc2f365.
ok inoguchi jsing
|
| |
|
|
|
|
|
|
| |
Move the struct declaration to asn1_locl.h and add a forward
declaration to ossl_typ.h. This makes struct visibility in the
asn1 headers match OpenSSL.
ok inoguchi jsing
|
| |
|
|
|
|
| |
Suggested by schwarze
ok inoguchi jsing
|
| |
|
|
|
|
|
| |
These are leftovers of the old ASN.1 stuff. Nothing uses this.
OpenSSL removed them in a469a677.
ok inoguchi jsing
|
| |
|
|
|
|
| |
them inside #ifndef LIBRESSL_INTERNAL.
suggested by jsing
|
| |
|
|
|
|
| |
no longer needed.
ok jsing
|
| |
|
|
|
|
| |
The symbol is not yet exposed and will show up with tb@'s forthcoming bump
ok tb@ jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead
to a crash. This enables a denial of service attack for an attacker who can
control both sides of the comparison.
Issue reported to OpenSSL on Nov 9 by David Benjamin.
OpenSSL shared the information with us on Dec 1st.
Fix from Matt Caswell (OpenSSL) with a few small tweaks.
ok jsing
|
| |
|
|
|
|
| |
This prototype was removed inadvertantly in r1.50.
OK jsing@
|
| |
|
|
|
|
| |
From Ben L bobsayshilol () live ! co ! uk
ok jsing
|
| |
|
|
|
|
| |
previous clean up.
Spotted by bcook@
|
| |
|
|
|
|
| |
libcrypto (the "new" stuff replaced this back around 2000 or so...).
ok tb@
|
| |
|
|
|
| |
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
| |
functions.
ok beck, jsing
|
| | |
|
| |
|
|
|
|
|
| |
BIO_f_asn1() will be taken care of later.
Tested in a bulk by sthen
ok bcook jca jsing
|
| |
|
|
|
|
|
|
| |
Fixes for CVE-2018-0739.
Copied from commit below, and modified for adaption to our code.
https://github.com/openssl/openssl/commit/9310d45087ae546e27e61ddf8f6367f29848220d
ok bcook@ beck@ jsing@
|
| | |
|
| |
|
|
| |
ok jsing@
|
