CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/09/04 11:00:08 Modified files: sys/ufs/ufs: ufs_ihash.c Log message: Work around vnode reuse bug resulting in a panic: vop_generic_badop Joel hit this frequently on the go builder, and this was also found by szykiller https://syzkaller.appspot.com/bug?extid=58bdde9f7a1a407514a7 https://syzkaller.appspot.com/bug?extid=5779bc64fc4fdd0a5140 This is based on a workaround originally done by visa@ and mbuhl@ but not committed or widely distributed. Realistically this should be fixed more like the previous attempt with vdoom, but my attempts to do this at the moment are colliding with finding all sources of similar races, now that kernel unlocking is exposing these previously existing bugs for now, let's put in this ugly workaround ok deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/13 08:37:56 Modified files: sys/kern : vfs_subr.c sys/sys: vnode.h sys/ufs/ext2fs : ext2fs_inode.c sys/ufs/ufs: ufs_inode.c Log message: Revert the vdoom change, while it prevents the crashes on joel's go builder and avoids the ufs_inactive problems, bluhm hits panics on shutdown and filesystem unmount on the regress testers. We'll have to try the other approach of detecting the corrupted vnode perhaps.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/12 12:15:10 Modified files: lib/libcrypto/ocsp: ocsp_vfy.c lib/libcrypto/x509: x509_local.h x509_purp.c x509_trs.c Log message: Fix the horrible and undocumented behaviour of X509_check_trust Of allowing you to pass in a NID directly, instead of a trust_id, and have it work, as long as the trust_id's and the NID's did not overlap. This screwball behaviour was depended upon by the OCSP code that called X509_check_trust with the NID, instead of the trust id, so let's fix that. We also rename the confusingly named X509_TRUST_DEFAULT to X509_TRUST_ACCEPT_ALL which makes a lot more sense, and rototill this to remove the confusingly named static functions. This will shortly be follwed up by making this function private, so we have not bothered to fix the amazingly obtuse man page as it will be taken behind the barn at that time. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/12 09:53:51 Modified files: lib/libcrypto/x509: x509_trs.c Log message: Clean up in X509_check_trust. The XXX comment in here is now outdated. Our behaviour matches boringssl in that passing in a 0 trust gets the default behavior, which is to trust the certificate only if it has EKU any, or is self signed. Remove the goofy unused nid argument to "trust_compat" and rename it to what it really does, instead of some bizzare abstraction to something simple so the code need not change if we ever change our mind on what "compat" is for X.509, which will probably only happen when we are back to identifying things by something more sensible like recognizable grunts and smells. ok jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/12 02:15:19 Modified files: sys/kern : vfs_subr.c sys/sys: vnode.h sys/ufs/ext2fs : ext2fs_inode.c sys/ufs/ufs: ufs_inode.c Log message: Add vdoom() to fix ufs/ext2fs re-use of invalid vnode. This was noticed by syzkiller and analyzed in isolaiton by mbuhl@ and visa@ two years ago. As the kernel has become more unlocked it has started to appear more and was being hit regularly by jsing@ on the Go builder. The problem was during reclaim of a inode the corresponding vnode could be picked up by a vget() by another thread while the inode was being cleared out in the ufs_inactive routine and the thread running ufs_inactive slept for i/o. When raced the vnode would then not have zero use count and would not be cleared out on exit from ufs_inactive with a dead/invalid vnode being used. While this could get "fixed" by checking for the race happening and trying again in the inactive routine, or by adding "yet another visible vnode locking flag" we choose to add a vdoom() api for the moment that allows the caller to block future attempts to grab this vnode until it is cleared out fully with vclean. Teste by jsing@ on the Go builder and seems to solve the issue. ok kettenis@, claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/10 07:30:14 Modified files: lib/libcrypto : Makefile Removed files: lib/libcrypto : Symbols.namespace Log message: Remove the static symbols.namespace, and just generate the _libre_ symbols from symbols.list now that we have everything hidden ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/09 07:43:57 Modified files: lib/libssl : ssl_sigalgs.c Log message: Don't push the error stack in ssl_sigalg_select() Doing so breaks certificate selection if a TLS 1.3 client does not support EC certs, and needs to fall back to RSA. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/09 06:27:27 Modified files: lib/libssl : ssl_tlsext.c Log message: Fix TLS key share check to not fire when using < TLS 1.3 The check was being too aggressive and was catching us when the extension was being sent by a client which supports tls 1.3 but the server was capped at TLS 1.2. This moves the check after the max version check, so we won't error out if we do not support TLS 1.3 Reported by o...@bartula.de ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/09 03:39:14 Modified files: lib/libcrypto : Makefile lib/libssl : Makefile Log message: Actually enable namespaced builds in both libcrypto and libssl (instead of commiting only one part)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/09 01:39:21 Modified files: lib/libcrypto : Makefile Log message: Enable namespaced builds by default for libssl and libcrypto. Some further refinements will happen to the build process to automatically generate the Symbols.namespace file, and to remove our last public unhidden symbol (which was a mistake, but waits for a major bump to get removed) But for now everything should be using this. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/09 01:17:13 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/err: err.c err.h lib/libcrypto/hidden/openssl: err.h Log message: Hide remaining unused ERR functions in err.h ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/09 01:16:44 Modified files: lib/libcrypto : Symbols.namespace cryptlib.c lib/libcrypto/hidden/openssl: crypto.h Log message: Hide CRYPTO_get_dynlock_create_callback ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/09 01:16:13 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/des: enc_read.c set_key.c lib/libcrypto/hidden/openssl: des.h Log message: Hide DES global variables ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/09 01:15:39 Modified files: lib/libcrypto : Symbols.namespace Log message: Add missing symbols to Symbols.namespace ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/09 01:14:26 Modified files: lib/libcrypto : Symbols.namespace Log message: Remove duplicates from Symbols.namespace ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/09 00:14:59 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/bio: bio_lib.c bss_bio.c lib/libcrypto/hidden/openssl: bio.h Log message: Hide symbols for two missed public functions in bio.h ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/09 00:13:22 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/hidden/openssl: pkcs12.h lib/libcrypto/pkcs12: p12_asn.c Log message: Hide global _it symbols in pkcs12.h ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/09 00:12:45 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/cms: cms_asn1.c lib/libcrypto/hidden/openssl: cms.h Log message: Hide global _it symbola in cms.h ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/08 11:11:05 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/dsa: dsa_asn1.c lib/libcrypto/hidden/openssl: dsa.h Log message: Hide global _it symbols in dsa.h ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/08 11:10:18 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/hidden/openssl: rsa.h lib/libcrypto/rsa: rsa_asn1.c Log message: Hide global _it symbols in rsa.h ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/08 11:01:54 Modified files: lib/libcrypto/hidden/openssl: asn1.h asn1t.h ocsp.h pkcs7.h x509.h x509v3.h Log message: Guard variable declarations to unbreak non-namespaced builds. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/08 10:24:22 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/asn1: asn1t.h tasn_typ.c x_bignum.c x_long.c lib/libcrypto/hidden/openssl: asn1t.h Log message: Hide global _it symbols in asn1t.h ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/08 10:23:27 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/hidden/openssl: pkcs7.h lib/libcrypto/pkcs7: pk7_asn1.c Log message: Hide global _it symbols in pkcs7.h ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/08 08:53:11 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/hidden/openssl: ocsp.h lib/libcrypto/ocsp: ocsp_asn.c Log message: Hide global _it variables in ocsp.h ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/08 08:52:31 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/asn1: a_bitstr.c a_enum.c a_int.c a_object.c a_octet.c a_time.c tasn_typ.c lib/libcrypto/hidden/openssl: asn1.h Log message: Hide global _it variables in asn1.h ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/08 08:48:49 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/asn1: p5_pbe.c p8_pkey.c x_algor.c x_attrib.c x_crl.c x_exten.c x_name.c x_pubkey.c x_req.c x_sig.c x_spki.c x_val.c x_x509.c lib/libcrypto/hidden/openssl: x509.h Log message: Hide global _it variables in x509.h ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/07/08 08:47:44 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/hidden/openssl: x509v3.h lib/libcrypto/x509: x509_addr.c x509_akeya.c x509_asid.c x509_bcons.c x509_cpols.c x509_crld.c x509_extku.c x509_genn.c x509_info.c x509_ncons.c x509_pcons.c x509_pku.c x509_pmaps.c Log message: Hide global _it variables in x509v3.h ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/04/10 09:13:23 Modified files: lib/libcrypto : crypto.h Log message: Re-guard the crypto_malloc macros. accidentally not included in crypto.h commit requested and ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/04/10 09:01:31 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/ec: ec.h ec_lib.c ec_oct.c lib/libcrypto/hidden/openssl: ec.h Log message: Hide deprecated functions in ec.h use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/04/10 09:00:38 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/evp: evp.h evp_cipher.c evp_digest.c lib/libcrypto/hidden/openssl: evp.h Log message: Hide deprecated functions in evp.h use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard around them. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/04/10 08:59:39 Modified files: lib/libcrypto : Symbols.namespace Log message: Add HMAC_init and HMAC_CTX_reset to Symbols.namespace. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/04/10 08:58:06 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/bn: bn.h bn_div.c bn_exp.c bn_gcd.c lib/libcrypto/hidden/openssl: bn.h Log message: Hide symbols in bn.h Mark them LCRYPTO_UNUSED appropriately and remove the LIBRESSL_INTERNAL guards around them ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/04/10 08:55:12 Modified files: lib/libcrypto/asn1: a_time_tm.c asn1.h asn1_old.c lib/libcrypto/hidden/openssl: asn1.h Log message: Hide a couple of LCRYPTO_UNUSED in asn1.h and remove the LIBRESSL_INTERNAL guards around them ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/04/10 08:54:13 Modified files: lib/libcrypto : Symbols.namespace Log message: Add RC2 symbols to Symbols.namespace. These got missed when they were hidden ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/04/10 08:53:01 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/hidden/openssl: rand.h lib/libcrypto/rand: rand.h rand_lib.c randfile.c Log message: Finish hiding symbols in rand.h This removes the LIBRESSL_INTERNAL guards and marks the functions within as LCRYPTO_UNUSED
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/04/10 08:51:02 Modified files: lib/libcrypto : Symbols.namespace cryptlib.c crypto.h crypto_init.c malloc-wrapper.c mem_clr.c mem_dbg.c o_fips.c lib/libcrypto/hidden/openssl: crypto.h Log message: Finish Hiding symbols in crypto.h crypto.h already had the symbols not hidden behind LIBRESSL_INTERNAL hidden - This now picks up the reset of them marking them as LCRYPTO_UNUSED, and removes the LIBRESSL_INTERNAL guard. These symbols will now be hidden, but if we use them inside the library in a namespaced build we will get a deprecation warning. use outside the library will be as with any other hidden symbol, so fine. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/04/09 07:56:30 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/conf: conf_def.c conf_err.c conf_lib.c conf_mall.c conf_mod.c conf_sap.c Log message: Hide symbols in conf.h This guentherizes the public symbols from conf.h ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/04/09 07:55:02 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/asn1: a_strex.c asn1_item.c p8_pkey.c t_crl.c t_req.c t_spki.c t_x509.c x_algor.c x_attrib.c x_crl.c x_exten.c x_info.c x_name.c x_pkey.c x_pubkey.c x_req.c x_sig.c x_spki.c x_val.c x_x509.c x_x509a.c lib/libcrypto/evp: evp_pkey.c lib/libcrypto/hidden/openssl: x509.h Log message: Hide public symbols in x509.h This picks up most of the remaining public symbols in x509.h ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/04/09 07:52:42 Modified files: lib/libcrypto : Symbols.namespace crypto_init.c lib/libcrypto/asn1: a_pkey.c a_pubkey.c lib/libcrypto/evp: bio_b64.c bio_enc.c bio_md.c e_aes.c e_bf.c e_camellia.c e_cast.c e_chacha.c e_chacha20poly1305.c e_des.c e_des3.c e_idea.c e_null.c e_rc2.c e_rc4.c e_sm4.c e_xcbc_d.c evp_aead.c evp_cipher.c evp_digest.c evp_encode.c evp_err.c evp_key.c evp_names.c evp_pbe.c m_md4.c m_md5.c m_md5_sha1.c m_null.c m_ripemd.c m_sha1.c m_sha3.c m_sigver.c m_sm3.c m_wp.c p_legacy.c p_lib.c p_sign.c p_verify.c pmeth_fn.c pmeth_gn.c pmeth_lib.c Added files: lib/libcrypto/hidden/openssl: evp.h Log message: Hide public symbols in evp.h largely mechanically done by the guentherizer 9000 ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/04/09 07:48:51 Modified files: lib/libcrypto/evp: e_aes.c Log message: Rename EVP_aes_XXX_cfb to EVP_aes_XXX_cfb128. For consitency with everything else. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/04/08 19:39:27 Modified files: lib/libcrypto : Symbols.namespace Log message: Clean up Symbols.namespace These did not get removed from here when they got removed from Symbols.list after a major bump. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/04/08 17:46:21 Modified files: lib/libcrypto/x509: x509_local.h x509_purp.c x509_verify.c x509_vfy.c Log message: Remove notBefore and notAfter cacheing. This cache was added because our time conversion used timegm() and gmtime() which aren't very cheap. These calls were noticably expensive when profiling things like rpki-client which do many X.509 validations. Now that we convert times using julien seconds from the unix epoch, BoringSSL style, instead of a julien days from a Byzantine date, we no longer use timegm() and gmtime(). Since the julien seconds calculaitons are cheap for conversion, we don't need to bother caching this, it doesn't have a noticable performance impact. While we are at this correct a bug where x509_verify_asn1_time_to_time_t was not NULL safe. Tested for performance regressions by tb@ and job@ ok tb@ job@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/04/08 13:57:40 Modified files: lib/libcrypto/asn1: a_time_tm.c regress/lib/libcrypto/asn1: asn1time.c rfc5280time.c Log message: Make ASN1_TIME_set_string_X509 and ASN1_TIME_set_string match the man page This makes it where people can't put dumb values in certs without trying harder, and changes the regress to test this. GENERALIZED times outside of the RFC5280 spec are required for OCSP but these should be constructed with the GENERALIZED time string setters. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/03/28 00:48:25 Removed files: regress/lib/libcrypto/gost: Makefile gost2814789t.c Log message: Nuke more gost
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/03/28 00:45:36 Modified files: lib/libcrypto : Makefile regress/lib/libcrypto: Makefile regress/lib/libcrypto/gost: Makefile gost2814789t.c Log message: Nuke more leftover GOST tendrils. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/03/27 19:45:18 Modified files: regress/lib/libssl/tlsext: tlsexttest.c Log message: Fix coverity complaints.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/03/27 18:22:35 Modified files: lib/libssl : ssl_tlsext.c Log message: Stop pandering to the loadbalancer industrial complex. So we initially kept this hack around for f5 boxes that should have been patched in 2014, and were not as of 2017. The f5 article for the bug archived on their web site, and any of these devices on the public internet will have since been upgraded to deal with a host of record layer, TLS, and other bugs, or they likely won't be talking to modern stacks, since as of this point the software with the bug would not have been updated in 10 years. So just make this spec compliant and reject a supported groups extension that should not have been sent by a server. ok tb@ jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/03/27 17:56:34 Modified files: regress/lib/libssl/tlsext: tlsexttest.c Log message: fix leaks in the horrible ssl whackery necessary for this test. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/03/27 16:27:09 Modified files: lib/libssl : ssl_tlsext.c regress/lib/libssl/tlsext: tlsexttest.c Log message: Fix up server processing of key shares. Ensure that the client can not provide a duplicate key share for any group, or send more key shares than groups they support. Ensure that the key shares must be provided in the same order as the client preference order specified in supported_groups. Ensure we only will choose to use a key share that is for the most preferred group by the client that we also support, to avoid the client being downgraded by sending a less preferred key share. If we do not end up with a key share for the most preferred mutually supported group, will then do a hello retry request selecting that group. Add regress for this to regress/tlsext/tlsexttest.c ok jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/03/27 04:44:17 Modified files: lib/libssl : ssl_tlsext.c Log message: Do not allow duplicate groups in supported groups. While we are here refactor this to single return. ok jsing@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/03/25 21:44:11 Modified files: lib/libssl : ssl_local.h ssl_tlsext.c ssl_tlsext.h Log message: Add an indicator that an extension has been processed. ok jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/03/25 20:43:56 Modified files: regress/lib/libssl/tlsext: tlsexttest.c Log message: Fix expected client hello value to allow for supported_groups change. ok jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/03/25 19:21:34 Modified files: lib/libssl : ssl_tlsext.c Log message: Process supported groups before key share. This will allow us to know the client preferences for an upcoming change to key share processing. ok jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/03/25 19:18:16 Modified files: regress/lib/libssl: Makefile Log message: Disable client handshake test for now for pending changes. ok jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/03/25 18:39:22 Modified files: lib/libcrypto/ts: ts.h ts_conf.c ts_rsp_sign.c Log message: Change ts to only support one second precision. RFC 3631 allows for sub second ASN1 GENERALIZED times, if you choose to support sub second time precison. It does not indicate that an implementation must support them. Supporting sub second timestamps is just silly and unrealistic, so set our maximum to one second of precision. We then simplify this code by removing some nasty eye-bleed that made artisinally hand crafted strings and jammed them into an ASN1_GENERALIZEDTIME. ok tb@, jsing@, with one second precision tested by kn@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/03/25 01:02:22 Modified files: lib/libcrypto/ts: ts_rsp_sign.c Log message: Fix time conversion that broke regress. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/03/24 18:05:49 Modified files: lib/libcrypto/x509: by_dir.c Log message: Remove unnecessary stat() calls from by_dir When searching for a CA or CRL file in by_dir, this stat() was used to short circuit attempting to open the file with X509_load_cert_file(). This was a deliberate TOCTOU introduced to avoid setting an error on the error stack, when what you really want to say is "we couldn't find a CA" and continue merrily on your way. As it so happens you really do not care why the load_file failed in any of these cases, it all boils down to "I can't find the CA or CRL". Instead we just omit the stat call, and clear the error stack if the load_file fails. The fact that you don't have a CA or CRL is caught later in the callers and is what you want, mimicing the non by_dir behaviour instead of possibly some bizzaro file system error. Based on a similar change in Boring. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/03/24 05:30:12 Modified files: lib/libcrypto/ocsp: ocsp_cl.c lib/libcrypto/ts: ts_rsp_sign.c lib/libtls : tls_conninfo.c tls_ocsp.c usr.sbin/ocspcheck: ocspcheck.c Log message: Convert libressl to use the BoringSSL style time conversions This gets rid of our last uses of timegm and gmtime in the library and things that ship with it. It includes a bit of refactoring in ocsp_cl.c to remove some obvious ugly. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/02/03 11:51:59 Modified files: bin/ps : ps.1 sbin/dump : traverse.c sbin/dumpfs: dumpfs.c sbin/fsck_ffs : dir.c fsck.h main.c pass1.c pass2.c pass5.c setup.c sbin/growfs: growfs.c sbin/quotacheck: quotacheck.c share/man/man5 : fs.5 sys/conf : files sys/ddb: db_interface.h sys/dev: softraid.c sys/kern : kern_physio.c spec_vnops.c vfs_bio.c vfs_subr.c vfs_sync.c vfs_syscalls.c sys/sys: buf.h mount.h proc.h vnode.h sys/ufs/ffs: ffs_alloc.c ffs_balloc.c ffs_extern.h ffs_inode.c ffs_softdep.c ffs_softdep_stub.c ffs_vfsops.c ffs_vnops.c fs.h softdep.h sys/ufs/ufs: inode.h ufs_extern.h ufs_inode.c ufs_lookup.c ufs_vnops.c sys/uvm: uvm_swap.c Log message: Remove Softdep. Softdep has been a no-op for some time now, this removes it to get it out of the way. Flensing mostly done in Talinn, with some help from krw@ ok deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/02/03 08:58:34 Modified files: lib/libssl : s3_lib.c ssl.h ssl3.h ssl_both.c ssl_cert.c ssl_ciph.c ssl_clnt.c ssl_err.c ssl_lib.c ssl_local.h ssl_sigalgs.c ssl_sigalgs.h ssl_srvr.c tls1.h tls12_key_schedule.c tls12_record_layer.c regress/lib/libssl/client: clienttest.c regress/lib/libssl/interop: Makefile.inc regress/lib/libssl/interop/cipher: Makefile regress/lib/libssl/unit: tls_prf.c usr.bin/openssl: openssl.c Log message: Remove GOST and STREEBOG support from libssl. This version of GOST is old and not anywhere close to compliant with modern GOST standards. It is also very intrusive in libssl and makes a mess everywhere. Efforts to entice a suitably minded anyone to care about it have been unsuccessful. At this point it is probably best to remove this, and if someone ever showed up who truly needed a working version, it should be a clean implementation from scratch, and have it use something closer to the typical API in libcrypto so it would integrate less painfully here. This removes it from libssl in preparation for it's removal from libcrypto with a future major bump ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2024/02/01 16:16:38 Modified files: lib/libcrypto/x509: x509_verify.c Log message: Fix the verifier to use the trust store the trust store is yet another obscure way to add a trust anchor
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/11/30 10:01:04 Modified files: lib/libcrypto/x509: by_file.c Log message: Clean up and de-spaghettize by_file_callback I had to read this for other purposes and it exceeded my muppetry tolerance. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/11/13 05:46:07 Modified files: lib/libcrypto/asn1: a_time_posix.c asn1.h lib/libcrypto/hidden/openssl: asn1.h lib/libcrypto/man: ASN1_TIME_set.3 Log message: Prepare to expose OPENSSL_gmtime and OPENSSL_timegm as public This matches when BoringSSL has done, and allows for getting rid of the dependency on system timegm() and gmtime() in libtls. which will make life easier for portable, and remove our dependency on the potentially very slow system versions. ok tb@ - tb will handle the minor bump bits and expose on the next minor bump CVS :--
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/09/29 09:53:59 Modified files: lib/libcrypto/x509: x509_constraints.c x509_internal.h regress/lib/libcrypto/x509: constraints.c Log message: Allow IP addresses to be specified in a URI. Our checking here was a bit too aggressive, and did not permit an IP address in a URI. IP's in a URI are allowed for things like CRLdp's AIA, SAN URI's etc.). The check for this was also slightly flawed as we would permit an IP if memory allocation failed while checking for an IP. Correct both issues. ok tb@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: b...@cvs.openbsd.org2023/07/12 11:59:30 Modified files: . : anoncvs.html build : mirrors.dat Log message: Remove old U of A anoncvs mirror, it has not been maintained in ages ok tj@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 14:38:23 Modified files: lib/libssl : tls12_record_layer.c Log message: fix comment to unbreak things that care about warnings ok tb@ krw@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 10:40:14 Modified files: lib/libssl : bio_ssl.c d1_srtp.c s3_lib.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c ssl_clnt.c ssl_err.c ssl_init.c ssl_lib.c ssl_methods.c ssl_rsa.c ssl_sess.c ssl_srvr.c ssl_stat.c ssl_txt.c tls12_record_layer.c lib/libssl/hidden/openssl: ssl.h Added files: lib/libssl/hidden/openssl: srtp.h tls1.h Log message: Hide all public symbols in libssl With the guentherizer 9000 ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 09:29:04 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/dh: dh_ameth.c dh_asn1.c dh_check.c dh_err.c dh_gen.c dh_key.c dh_lib.c Added files: lib/libcrypto/hidden/openssl: dh.h Log message: Hide symbols in dh ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 09:12:49 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/curve25519: curve25519.c Added files: lib/libcrypto/hidden/openssl: curve25519.h Log message: Hide symbols in curve22519 ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 08:56:54 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/modes: cbc128.c ccm128.c cfb128.c ctr128.c gcm128.c ofb128.c xts128.c Added files: lib/libcrypto/hidden/openssl: modes.h Log message: Hide symbols in modes.h ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 08:55:36 Modified files: lib/libcrypto/modes: cbc128.c ccm128.c cfb128.c ctr128.c gcm128.c modes.h modes_local.h ofb128.c xts128.c Log message: Hit modes with the loving mallet of knfmt ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 08:30:44 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/gost: gost2814789.c gost89_params.c gost_asn1.c gost_err.c gostr341001_key.c gostr341194.c streebog.c Added files: lib/libcrypto/hidden/openssl: gost.h Log message: Hide symbols in gost. ok tb@ after some puking in his mouth.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 08:28:15 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/dsa: dsa_asn1.c dsa_err.c dsa_gen.c dsa_key.c dsa_lib.c dsa_meth.c dsa_ossl.c dsa_prn.c Added files: lib/libcrypto/hidden/openssl: dsa.h Log message: hide symbols in dsa ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 08:27:14 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/cmac: cmac.c Added files: lib/libcrypto/hidden/openssl: cmac.h Log message: Hide symbols in cmac ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 06:27:52 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/objects: o_names.c obj_dat.c obj_err.c obj_lib.c obj_xref.c Added files: lib/libcrypto/hidden/openssl: objects.h Log message: Hide symbols in objects ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 06:26:45 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/rsa: rsa_asn1.c rsa_chk.c rsa_crpt.c rsa_eay.c rsa_err.c rsa_gen.c rsa_lib.c rsa_meth.c rsa_none.c rsa_oaep.c rsa_pk1.c rsa_pmeth.c rsa_prn.c rsa_pss.c rsa_saos.c rsa_sign.c Added files: lib/libcrypto/hidden/openssl: rsa.h Log message: Hide symbols in rsa ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 06:24:10 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/sha: sha1.c sha256.c sha512.c Added files: lib/libcrypto/hidden/openssl: sha.h Log message: Hide symbols in sha ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 06:21:58 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/bn: bn_add.c bn_blind.c bn_const.c bn_convert.c bn_ctx.c bn_err.c bn_exp.c bn_kron.c bn_lib.c bn_mod.c bn_mod_sqrt.c bn_mont.c bn_mul.c bn_prime.c bn_rand.c bn_shift.c bn_sqr.c bn_word.c Added files: lib/libcrypto/hidden/openssl: bn.h Log message: Hide symbols in bn ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 05:28:04 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/txt_db: txt_db.c Added files: lib/libcrypto/hidden/openssl: txt_db.h Log message: Hide symbols in txt_db ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 04:45:57 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/md4: md4_dgst.c md4_one.c lib/libcrypto/md5: md5_dgst.c md5_one.c Added files: lib/libcrypto/hidden/openssl: md4.h md5.h Log message: Hide symbols in md4 and md5 ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 04:44:00 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/cast: c_cfb64.c c_ecb.c c_enc.c c_ofb64.c c_skey.c lib/libcrypto/idea: i_cbc.c i_cfb64.c i_ecb.c i_ofb64.c i_skey.c lib/libcrypto/ocsp: ocsp_asn.c ocsp_cl.c ocsp_err.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_prn.c ocsp_srv.c ocsp_vfy.c Added files: lib/libcrypto/hidden/openssl: cast.h idea.h ocsp.h Log message: Hide symbols in cast, idea, and ocsp ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 02:28:23 Modified files: lib/libcrypto : Symbols.namespace cpt_err.c cryptlib.c crypto_init.c crypto_lock.c cversion.c ex_data.c malloc-wrapper.c mem_dbg.c Added files: lib/libcrypto/hidden/openssl: crypto.h Log message: Hide symbols in crypto.h ok jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 02:26:26 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/buffer: buf_err.c buffer.c lib/libcrypto/cms: cms_asn1.c cms_att.c cms_enc.c cms_env.c cms_err.c cms_ess.c cms_io.c cms_kari.c cms_lib.c cms_pwri.c cms_sd.c cms_smime.c lib/libcrypto/comp: c_rle.c c_zlib.c comp_err.c comp_lib.c lib/libcrypto/conf: conf_api.c Added files: lib/libcrypto/hidden/openssl: buffer.h cms.h comp.h conf_api.h Log message: Hide symbols in cms, comp, conf, and buffer ok jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 01:22:58 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/ct: ct_b64.c ct_log.c ct_oct.c ct_policy.c ct_prn.c ct_sct.c lib/libcrypto/dso: dso_dlfcn.c dso_err.c dso_lib.c dso_null.c dso_openssl.c Added files: lib/libcrypto/hidden/openssl: ct.h dso.h Log message: Hide symbols in dso and ct ok jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 01:11:07 Modified files: lib/libcrypto/des: cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c des.h des_enc.c des_local.h ecb3_enc.c ecb_enc.c ede_cbcm_enc.c enc_read.c enc_writ.c fcrypt.c fcrypt_b.c ncbc_enc.c ofb64ede.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c set_key.c spr.h str2key.c xcbc_enc.c Log message: Hit the des directory with the loving mallet of knfmt ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 00:13:08 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/sm3: sm3.c Added files: lib/libcrypto/hidden/openssl: sm3.h Log message: Hide symbols in sm3 ok tb@ jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/08 00:04:33 Added files: lib/libcrypto/hidden/openssl: ecdh.h Log message: unbreak build when namespaced, file was here in my tree but didn't manage to cvs add
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/07 13:37:54 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/asn1: a_pkey.c a_pubkey.c a_strex.c a_time_tm.c ameth_lib.c asn1_item.c asn1_old.c p5_pbe.c p5_pbev2.c p8_pkey.c t_crl.c t_req.c t_spki.c t_x509.c t_x509a.c x_algor.c x_attrib.c x_crl.c x_exten.c x_info.c x_name.c x_pkey.c x_pubkey.c x_req.c x_sig.c x_spki.c x_val.c x_x509.c x_x509a.c lib/libcrypto/bio: b_dump.c bio_lib.c bss_bio.c bss_conn.c lib/libcrypto/chacha: chacha-merged.c lib/libcrypto/ec: ec_asn1.c ec_lib.c ec_oct.c lib/libcrypto/err: err.c lib/libcrypto/evp: bio_b64.c bio_enc.c bio_md.c c_all.c cipher_method_lib.c digest.c e_aes.c e_aes_cbc_hmac_sha1.c e_bf.c e_camellia.c e_cast.c e_chacha.c e_chacha20poly1305.c e_des.c e_des3.c e_gost2814789.c e_idea.c e_null.c e_rc2.c e_rc4.c e_rc4_hmac_md5.c e_sm4.c e_xcbc_d.c encode.c evp_aead.c evp_enc.c evp_err.c evp_key.c evp_lib.c evp_pbe.c evp_pkey.c m_gost2814789.c m_gostr341194.c m_md4.c m_md5.c m_md5_sha1.c m_null.c m_ripemd.c m_sha1.c m_sha3.c m_sigver.c m_sm3.c m_streebog.c m_wp.c names.c p5_crpt.c p5_crpt2.c p_dec.c p_enc.c p_lib.c p_open.c p_seal.c p_sign.c p_verify.c pmeth_fn.c pmeth_gn.c pmeth_lib.c lib/libcrypto/hidden/openssl: asn1.h asn1t.h bio.h chacha.h ec.h ecdsa.h err.h hkdf.h lhash.h pem.h poly1305.h rand.h sm4.h ts.h lib/libcrypto/rand: rand_lib.c randfile.c lib/libcrypto/sm3: sm3.c lib/libcrypto/ts: ts_req_utils.c ts_rsp_utils.c Removed files: lib/libcrypto/hidden/openssl: evp.h sm3.h Log message: Unbreak the namespace build after a broken mk.conf and tool misfire had me aliasing symbols not in the headers I was procesing. This unbreaks the namespace build so it will pass again ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/07 07:54:46 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/ec: ec_asn1.c ec_check.c ec_curve.c ec_cvt.c ec_err.c ec_key.c ec_kmeth.c ec_lib.c ec_oct.c ec_print.c eck_prn.c ecp_mont.c ecp_smpl.c lib/libcrypto/ecdh: ecdh.c ech_err.c ech_lib.c lib/libcrypto/ecdsa: ecdsa.c ecs_err.c ecs_lib.c lib/libcrypto/err: err.c err_all.c err_prn.c lib/libcrypto/evp: bio_b64.c bio_enc.c bio_md.c c_all.c cipher_method_lib.c digest.c e_aes.c e_aes_cbc_hmac_sha1.c e_bf.c e_camellia.c e_cast.c e_chacha.c e_chacha20poly1305.c e_des.c e_des3.c e_gost2814789.c e_idea.c e_null.c e_rc2.c e_rc4.c e_rc4_hmac_md5.c e_sm4.c e_xcbc_d.c encode.c evp_aead.c evp_enc.c evp_err.c evp_key.c evp_lib.c evp_pbe.c evp_pkey.c m_gost2814789.c m_gostr341194.c m_md4.c m_md5.c m_md5_sha1.c m_null.c m_ripemd.c m_sha1.c m_sha3.c m_sigver.c m_sm3.c m_streebog.c m_wp.c names.c p5_crpt.c p5_crpt2.c p_dec.c p_enc.c p_lib.c p_open.c p_seal.c p_sign.c p_verify.c pmeth_fn.c pmeth_gn.c pmeth_lib.c lib/libcrypto/hkdf: hkdf.c Log message: Hide symbols in hkdf, evp, err, ecdsa, and ec (part 2 of commit) ok jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/07 07:53:52 Added files: lib/libcrypto/hidden/openssl: ec.h ecdsa.h err.h evp.h hkdf.h Log message: Hide symbols in hkdf, evp, err, ecdsa and ec ok jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/07 07:40:44 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/lhash: lh_stats.c lhash.c lib/libcrypto/pem: pem_all.c pem_err.c pem_info.c pem_lib.c pem_oth.c pem_pk8.c pem_pkey.c pem_sign.c pem_x509.c pem_xaux.c pvkfmt.c lib/libcrypto/rc2: rc2_cbc.c rc2_ecb.c rc2_skey.c rc2cfb64.c rc2ofb64.c Added files: lib/libcrypto/hidden/openssl: lhash.h pem.h rc2.h Log message: Hide symbols in lhash, pem, and rc2 ok jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/07 06:51:58 Modified files: lib/libcrypto/idea: i_cbc.c i_cfb64.c i_ecb.c i_ofb64.c i_skey.c idea.h idea_local.h Log message: Hit idea with the loving mallet of knfmt ok knfmt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/07 06:01:32 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/poly1305: poly1305.c lib/libcrypto/rand: rand_err.c rand_lib.c randfile.c lib/libcrypto/sm3: sm3.c lib/libcrypto/sm4: sm4.c Added files: lib/libcrypto/hidden/openssl: poly1305.h rand.h sm3.h sm4.h Log message: hide symbols in sm, rand, and poly1305 ok jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/07 02:29:37 Modified files: lib/libcrypto/rc2: rc2.h rc2_cbc.c rc2_ecb.c rc2_local.h rc2_skey.c rc2cfb64.c rc2ofb64.c Log message: Hit rc2 with the loving mallet of knfmt. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/07 01:25:21 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/ts: ts_asn1.c ts_conf.c ts_err.c ts_lib.c ts_req_print.c ts_req_utils.c ts_rsp_print.c ts_rsp_sign.c ts_rsp_utils.c ts_rsp_verify.c ts_verify_ctx.c Added files: lib/libcrypto/hidden/openssl: ts.h Log message: Hide symbols in ts ok jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/06 01:56:32 Modified files: lib/libssl : Makefile ssl_local.h ssl_methods.c Log message: unifdef the LIBRESSL_HAS_TLS1_3_[CLIENT|SERVER] goo And remove the tendrils. This was useful for transition but we are now well past this.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/06 00:38:01 Modified files: lib/libcrypto : opensslfeatures.h Log message: define OPENSSL_NO_DTLS1_1 since we no longer have that either. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/06 00:15:36 Modified files: lib/libcrypto : opensslfeatures.h Log message: Define the 'standard' OPENSSL_NO_BLAHBLAH's for no tls 1.0 or 1.1 We have no tls 1.0 or 1.1 or methods for them. These "in theory" will make things that check the openssl #ifdef soup for all the floating eyeballs make the correct decisions, or if they do not they at least can not blame us. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/05 15:23:37 Modified files: lib/libcrypto : Symbols.namespace lib/libcrypto/asn1: a_bitstr.c a_enum.c a_int.c a_mbstr.c a_object.c a_octet.c a_pkey.c a_print.c a_pubkey.c a_strex.c a_string.c a_strnid.c a_time.c a_time_tm.c a_type.c ameth_lib.c asn1_err.c asn1_gen.c asn1_item.c asn1_old.c asn1_old_lib.c asn1_par.c asn1_types.c asn_mime.c asn_moid.c bio_asn1.c p5_pbe.c p5_pbev2.c p8_pkey.c t_crl.c t_pkey.c t_req.c t_spki.c t_x509.c t_x509a.c tasn_dec.c tasn_enc.c tasn_fre.c tasn_new.c tasn_prn.c tasn_typ.c x_algor.c x_attrib.c x_crl.c x_exten.c x_info.c x_name.c x_pkey.c x_pubkey.c x_req.c x_sig.c x_spki.c x_val.c x_x509.c x_x509a.c lib/libcrypto/bio: b_dump.c b_posix.c b_print.c b_sock.c bf_buff.c bf_nbio.c bf_null.c bio_cb.c bio_err.c bio_lib.c bio_meth.c bss_acpt.c bss_bio.c bss_conn.c bss_dgram.c bss_fd.c bss_file.c bss_log.c bss_mem.c bss_null.c bss_sock.c Added files: lib/libcrypto/hidden/openssl: asn1.h asn1t.h bio.h Log message: Hide symbols in asn1 and bio ok jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/07/05 11:32:51 Modified files: lib/libcrypto/bio: bio.h Log message: Correct formatting ok jsing@