CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/09/04 11:00:08

Modified files:
sys/ufs/ufs: ufs_ihash.c 

Log message:
Work around vnode reuse bug resulting in a panic: vop_generic_badop

Joel hit this frequently on the go builder, and this was
also found by szykiller

https://syzkaller.appspot.com/bug?extid=58bdde9f7a1a407514a7
https://syzkaller.appspot.com/bug?extid=5779bc64fc4fdd0a5140

This is based on a workaround originally done by visa@ and mbuhl@
but not committed or widely distributed.

Realistically this should be fixed more like the previous attempt
with vdoom, but my attempts to do this at the moment are colliding
with finding all sources of similar races, now that kernel unlocking
is exposing these previously existing bugs

for now, let's put in this ugly workaround

ok deraadt@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/13 08:37:56

Modified files:
sys/kern   : vfs_subr.c 
sys/sys: vnode.h 
sys/ufs/ext2fs : ext2fs_inode.c 
sys/ufs/ufs: ufs_inode.c 

Log message:
Revert the vdoom change, while it prevents the crashes on joel's go
builder and avoids the ufs_inactive problems, bluhm hits panics on
shutdown and filesystem unmount on the regress testers.

We'll have to try the other approach of detecting the corrupted
vnode perhaps.

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/12 12:15:10

Modified files:
lib/libcrypto/ocsp: ocsp_vfy.c 
lib/libcrypto/x509: x509_local.h x509_purp.c x509_trs.c 

Log message:
Fix the horrible and undocumented behaviour of X509_check_trust

Of allowing you to pass in a NID directly, instead of a trust_id,
and have it work, as long as the trust_id's and the NID's did not
overlap.

This screwball behaviour was depended upon by the OCSP code that
called X509_check_trust with the NID, instead of the trust id, so
let's fix that.

We also rename the confusingly named X509_TRUST_DEFAULT to
X509_TRUST_ACCEPT_ALL which makes a lot more sense, and rototill
this to remove the confusingly named static functions.

This will shortly be follwed up by making this function private,
so we have not bothered to fix the amazingly obtuse man page
as it will be taken behind the barn at that time.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/12 09:53:51

Modified files:
lib/libcrypto/x509: x509_trs.c 

Log message:
Clean up in X509_check_trust.

The XXX comment in here is now outdated. Our behaviour matches boringssl
in that passing in a 0 trust gets the default behavior, which is to
trust the certificate only if it has EKU any, or is self signed.

Remove the goofy unused nid argument to "trust_compat" and rename it to
what it really does, instead of some bizzare abstraction to something
simple so the code need not change if we ever change our mind on what
"compat" is for X.509, which will probably only happen when we are back
to identifying things by something more sensible like recognizable grunts
and smells.

ok jsing@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/12 02:15:19

Modified files:
sys/kern   : vfs_subr.c 
sys/sys: vnode.h 
sys/ufs/ext2fs : ext2fs_inode.c 
sys/ufs/ufs: ufs_inode.c 

Log message:
Add vdoom() to fix ufs/ext2fs re-use of invalid vnode.

This was noticed by syzkiller and analyzed in isolaiton by mbuhl@
and visa@ two years ago. As the kernel has become more unlocked it
has started to appear more and was being hit regularly by jsing@
on the Go builder.

The problem was during reclaim of a inode the corresponding vnode
could be picked up by a vget() by another thread while the inode
was being cleared out in the ufs_inactive routine and the thread running
ufs_inactive slept for i/o. When raced the vnode would then not have
zero use count and would not be cleared out on exit from ufs_inactive
with a dead/invalid vnode being used.

While this could get "fixed" by checking for the race happening
and trying again in the inactive routine, or by adding "yet another
visible vnode locking flag" we choose to add a vdoom() api for the
moment that allows the caller to block future attempts to grab this
vnode until it is cleared out fully with vclean.

Teste by jsing@ on the Go builder and seems to solve the issue.

ok kettenis@, claudio@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/10 07:30:14

Modified files:
lib/libcrypto  : Makefile 
Removed files:
lib/libcrypto  : Symbols.namespace 

Log message:
Remove the static symbols.namespace, and just generate the _libre_
symbols from symbols.list now that we have everything hidden

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/09 07:43:57

Modified files:
lib/libssl : ssl_sigalgs.c 

Log message:
Don't push the error stack in ssl_sigalg_select()

Doing so breaks certificate selection if a TLS 1.3 client does not support
EC certs, and needs to fall back to RSA.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/09 06:27:27

Modified files:
lib/libssl : ssl_tlsext.c 

Log message:
Fix TLS key share check to not fire when using < TLS 1.3

The check was being too aggressive and was catching us when the
extension was being sent by a client which supports tls 1.3 but
the server was capped at TLS 1.2. This moves the check after the
max version check, so we won't error out if we do not support
TLS 1.3

Reported by o...@bartula.de

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/09 03:39:14

Modified files:
lib/libcrypto  : Makefile 
lib/libssl : Makefile 

Log message:
Actually enable namespaced builds in both libcrypto and libssl

(instead of commiting only one part)

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/09 01:39:21

Modified files:
lib/libcrypto  : Makefile 

Log message:
Enable namespaced builds by default for libssl and libcrypto.

Some further refinements will happen to the build process to
automatically generate the Symbols.namespace file, and to remove
our last public unhidden symbol (which was a mistake, but waits for
a major bump to get removed)

But for now everything should be using this.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/09 01:17:13

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/err: err.c err.h 
lib/libcrypto/hidden/openssl: err.h 

Log message:
Hide remaining unused ERR functions in err.h

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/09 01:16:44

Modified files:
lib/libcrypto  : Symbols.namespace cryptlib.c 
lib/libcrypto/hidden/openssl: crypto.h 

Log message:
Hide CRYPTO_get_dynlock_create_callback

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/09 01:16:13

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/des: enc_read.c set_key.c 
lib/libcrypto/hidden/openssl: des.h 

Log message:
Hide DES global variables

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/09 01:15:39

Modified files:
lib/libcrypto  : Symbols.namespace 

Log message:
Add missing symbols to Symbols.namespace

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/09 01:14:26

Modified files:
lib/libcrypto  : Symbols.namespace 

Log message:
Remove duplicates from Symbols.namespace

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/09 00:14:59

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/bio: bio_lib.c bss_bio.c 
lib/libcrypto/hidden/openssl: bio.h 

Log message:
Hide symbols for two missed public functions in bio.h

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/09 00:13:22

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/hidden/openssl: pkcs12.h 
lib/libcrypto/pkcs12: p12_asn.c 

Log message:
Hide global _it symbols in pkcs12.h

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/09 00:12:45

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/cms: cms_asn1.c 
lib/libcrypto/hidden/openssl: cms.h 

Log message:
Hide global _it symbola in cms.h

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/08 11:11:05

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/dsa: dsa_asn1.c 
lib/libcrypto/hidden/openssl: dsa.h 

Log message:
Hide global _it symbols in dsa.h

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/08 11:10:18

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/hidden/openssl: rsa.h 
lib/libcrypto/rsa: rsa_asn1.c 

Log message:
Hide global _it symbols in rsa.h

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/08 11:01:54

Modified files:
lib/libcrypto/hidden/openssl: asn1.h asn1t.h ocsp.h pkcs7.h 
  x509.h x509v3.h 

Log message:
Guard variable declarations to unbreak non-namespaced builds.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/08 10:24:22

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/asn1: asn1t.h tasn_typ.c x_bignum.c x_long.c 
lib/libcrypto/hidden/openssl: asn1t.h 

Log message:
Hide global _it symbols in asn1t.h

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/08 10:23:27

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/hidden/openssl: pkcs7.h 
lib/libcrypto/pkcs7: pk7_asn1.c 

Log message:
Hide global _it symbols in pkcs7.h

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/08 08:53:11

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/hidden/openssl: ocsp.h 
lib/libcrypto/ocsp: ocsp_asn.c 

Log message:
Hide global _it variables in ocsp.h

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/08 08:52:31

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/asn1: a_bitstr.c a_enum.c a_int.c a_object.c 
a_octet.c a_time.c tasn_typ.c 
lib/libcrypto/hidden/openssl: asn1.h 

Log message:
Hide global _it variables in asn1.h

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/08 08:48:49

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/asn1: p5_pbe.c p8_pkey.c x_algor.c x_attrib.c 
x_crl.c x_exten.c x_name.c x_pubkey.c 
x_req.c x_sig.c x_spki.c x_val.c x_x509.c 
lib/libcrypto/hidden/openssl: x509.h 

Log message:
Hide global _it variables in x509.h

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/07/08 08:47:44

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/hidden/openssl: x509v3.h 
lib/libcrypto/x509: x509_addr.c x509_akeya.c x509_asid.c 
x509_bcons.c x509_cpols.c x509_crld.c 
x509_extku.c x509_genn.c x509_info.c 
x509_ncons.c x509_pcons.c x509_pku.c 
x509_pmaps.c 

Log message:
Hide global _it variables in x509v3.h

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/04/10 09:13:23

Modified files:
lib/libcrypto  : crypto.h 

Log message:
Re-guard the crypto_malloc macros.

accidentally not included in crypto.h commit

requested and ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/04/10 09:01:31

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/ec: ec.h ec_lib.c ec_oct.c 
lib/libcrypto/hidden/openssl: ec.h 

Log message:
Hide deprecated functions in ec.h

use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/04/10 09:00:38

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/evp: evp.h evp_cipher.c evp_digest.c 
lib/libcrypto/hidden/openssl: evp.h 

Log message:
Hide deprecated functions in evp.h

use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard around them.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/04/10 08:59:39

Modified files:
lib/libcrypto  : Symbols.namespace 

Log message:
Add HMAC_init and HMAC_CTX_reset to Symbols.namespace.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/04/10 08:58:06

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/bn: bn.h bn_div.c bn_exp.c bn_gcd.c 
lib/libcrypto/hidden/openssl: bn.h 

Log message:
Hide symbols in bn.h

Mark them LCRYPTO_UNUSED appropriately and remove the LIBRESSL_INTERNAL
guards around them

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/04/10 08:55:12

Modified files:
lib/libcrypto/asn1: a_time_tm.c asn1.h asn1_old.c 
lib/libcrypto/hidden/openssl: asn1.h 

Log message:
Hide a couple of LCRYPTO_UNUSED in asn1.h

and remove the LIBRESSL_INTERNAL guards around them

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/04/10 08:54:13

Modified files:
lib/libcrypto  : Symbols.namespace 

Log message:
Add RC2 symbols to Symbols.namespace.

These got missed when they were hidden

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/04/10 08:53:01

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/hidden/openssl: rand.h 
lib/libcrypto/rand: rand.h rand_lib.c randfile.c 

Log message:
Finish hiding symbols in rand.h

This removes the LIBRESSL_INTERNAL guards and marks
the functions within as LCRYPTO_UNUSED

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/04/10 08:51:02

Modified files:
lib/libcrypto  : Symbols.namespace cryptlib.c crypto.h 
 crypto_init.c malloc-wrapper.c mem_clr.c 
 mem_dbg.c o_fips.c 
lib/libcrypto/hidden/openssl: crypto.h 

Log message:
Finish Hiding symbols in crypto.h

crypto.h already had the symbols not hidden behind LIBRESSL_INTERNAL
hidden - This now picks up the reset of them marking them as
LCRYPTO_UNUSED, and removes the LIBRESSL_INTERNAL guard.

These symbols will now be hidden, but if we use them inside
the library in a namespaced build we will get a deprecation
warning. use outside the library will be as with any other hidden
symbol, so fine.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/04/09 07:56:30

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/conf: conf_def.c conf_err.c conf_lib.c conf_mall.c 
conf_mod.c conf_sap.c 

Log message:
Hide symbols in conf.h

This guentherizes the public symbols from conf.h

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/04/09 07:55:02

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/asn1: a_strex.c asn1_item.c p8_pkey.c t_crl.c 
t_req.c t_spki.c t_x509.c x_algor.c 
x_attrib.c x_crl.c x_exten.c x_info.c 
x_name.c x_pkey.c x_pubkey.c x_req.c x_sig.c 
x_spki.c x_val.c x_x509.c x_x509a.c 
lib/libcrypto/evp: evp_pkey.c 
lib/libcrypto/hidden/openssl: x509.h 

Log message:
Hide public symbols in x509.h

This picks up most of the remaining public symbols in
x509.h

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/04/09 07:52:42

Modified files:
lib/libcrypto  : Symbols.namespace crypto_init.c 
lib/libcrypto/asn1: a_pkey.c a_pubkey.c 
lib/libcrypto/evp: bio_b64.c bio_enc.c bio_md.c e_aes.c e_bf.c 
   e_camellia.c e_cast.c e_chacha.c 
   e_chacha20poly1305.c e_des.c e_des3.c 
   e_idea.c e_null.c e_rc2.c e_rc4.c e_sm4.c 
   e_xcbc_d.c evp_aead.c evp_cipher.c 
   evp_digest.c evp_encode.c evp_err.c evp_key.c 
   evp_names.c evp_pbe.c m_md4.c m_md5.c 
   m_md5_sha1.c m_null.c m_ripemd.c m_sha1.c 
   m_sha3.c m_sigver.c m_sm3.c m_wp.c p_legacy.c 
   p_lib.c p_sign.c p_verify.c pmeth_fn.c 
   pmeth_gn.c pmeth_lib.c 
Added files:
lib/libcrypto/hidden/openssl: evp.h 

Log message:
Hide public symbols in evp.h

largely mechanically done by the guentherizer 9000

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/04/09 07:48:51

Modified files:
lib/libcrypto/evp: e_aes.c 

Log message:
Rename EVP_aes_XXX_cfb to EVP_aes_XXX_cfb128.

For consitency with everything else.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/04/08 19:39:27

Modified files:
lib/libcrypto  : Symbols.namespace 

Log message:
Clean up Symbols.namespace

These did not get removed from here when they got removed
from Symbols.list after a major bump.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/04/08 17:46:21

Modified files:
lib/libcrypto/x509: x509_local.h x509_purp.c x509_verify.c 
x509_vfy.c 

Log message:
Remove notBefore and notAfter cacheing.

This cache was added because our time conversion used timegm()
and gmtime() which aren't very cheap. These calls were noticably
expensive when profiling things like rpki-client which do many
X.509 validations.

Now that we convert times using julien seconds from the unix
epoch, BoringSSL style, instead of a julien days from a
Byzantine date, we no longer use timegm() and gmtime().

Since the julien seconds calculaitons are cheap for conversion,
we don't need to bother caching this, it doesn't have a noticable
performance impact.

While we are at this correct a bug where
x509_verify_asn1_time_to_time_t was not NULL safe.

Tested for performance regressions by tb@ and job@

ok tb@ job@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/04/08 13:57:40

Modified files:
lib/libcrypto/asn1: a_time_tm.c 
regress/lib/libcrypto/asn1: asn1time.c rfc5280time.c 

Log message:
Make ASN1_TIME_set_string_X509 and ASN1_TIME_set_string match the man page

This makes it where people can't put dumb values in certs without
trying harder, and changes the regress to test this.

GENERALIZED times outside of the RFC5280 spec are required for OCSP
but these should be constructed with the GENERALIZED time string
setters.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/03/28 00:48:25

Removed files:
regress/lib/libcrypto/gost: Makefile gost2814789t.c 

Log message:
Nuke more gost

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/03/28 00:45:36

Modified files:
lib/libcrypto  : Makefile 
regress/lib/libcrypto: Makefile 
regress/lib/libcrypto/gost: Makefile gost2814789t.c 

Log message:
Nuke more leftover GOST tendrils.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/03/27 19:45:18

Modified files:
regress/lib/libssl/tlsext: tlsexttest.c 

Log message:
Fix coverity complaints.

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/03/27 18:22:35

Modified files:
lib/libssl : ssl_tlsext.c 

Log message:
Stop pandering to the loadbalancer industrial complex.

So we initially kept this hack around for f5 boxes that
should have been patched in 2014, and were not as of 2017.

The f5 article for the bug archived on their web site,
and any of these devices on the public internet will have
since been upgraded to deal with a host of record layer, TLS,
and other bugs, or they likely won't be talking to modern
stacks, since as of this point the software with the bug
would not have been updated in 10 years.

So just make this spec compliant and reject a supported groups
extension that should not have been sent by a server.

ok tb@ jsing@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/03/27 17:56:34

Modified files:
regress/lib/libssl/tlsext: tlsexttest.c 

Log message:
fix leaks in the horrible ssl whackery necessary for this test.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/03/27 16:27:09

Modified files:
lib/libssl : ssl_tlsext.c 
regress/lib/libssl/tlsext: tlsexttest.c 

Log message:
Fix up server processing of key shares.

Ensure that the client can not provide a duplicate key share
for any group, or send more key shares than groups they support.

Ensure that the key shares must be provided in the same order
as the client preference order specified in supported_groups.

Ensure we only will choose to use a key share that is for the
most preferred group by the client that we also support,
to avoid the client being downgraded by sending a less preferred
key share. If we do not end up with a key share for the most preferred
mutually supported group, will then do a hello retry request
selecting that group.

Add regress for this to regress/tlsext/tlsexttest.c

ok jsing@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/03/27 04:44:17

Modified files:
lib/libssl : ssl_tlsext.c 

Log message:
Do not allow duplicate groups in supported groups.

While we are here refactor this to single return.

ok jsing@ tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/03/25 21:44:11

Modified files:
lib/libssl : ssl_local.h ssl_tlsext.c ssl_tlsext.h 

Log message:
Add an indicator that an extension has been processed.

ok jsing@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/03/25 20:43:56

Modified files:
regress/lib/libssl/tlsext: tlsexttest.c 

Log message:
Fix expected client hello value to allow for supported_groups change.

ok jsing@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/03/25 19:21:34

Modified files:
lib/libssl : ssl_tlsext.c 

Log message:
Process supported groups before key share.

This will allow us to know the client preferences for an upcoming
change to key share processing.

ok jsing@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/03/25 19:18:16

Modified files:
regress/lib/libssl: Makefile 

Log message:
Disable client handshake test for now for pending changes.

ok jsing@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/03/25 18:39:22

Modified files:
lib/libcrypto/ts: ts.h ts_conf.c ts_rsp_sign.c 

Log message:
Change ts to only support one second precision.

RFC 3631 allows for sub second ASN1 GENERALIZED times, if you
choose to support sub second time precison. It does not
indicate that an implementation must support them.

Supporting sub second timestamps is just silly and unrealistic,
so set our maximum to one second of precision. We then simplify
this code by removing some nasty eye-bleed that made artisinally
hand crafted strings and jammed them into an ASN1_GENERALIZEDTIME.

ok tb@, jsing@, with one second precision tested by kn@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/03/25 01:02:22

Modified files:
lib/libcrypto/ts: ts_rsp_sign.c 

Log message:
Fix time conversion that broke regress.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/03/24 18:05:49

Modified files:
lib/libcrypto/x509: by_dir.c 

Log message:
Remove unnecessary stat() calls from by_dir

When searching for a CA or CRL file in by_dir, this stat()
was used to short circuit attempting to open the file with
X509_load_cert_file(). This was a deliberate TOCTOU introduced
to avoid setting an error on the error stack, when what you
really want to say is "we couldn't find a CA" and continue
merrily on your way.

As it so happens you really do not care why the load_file failed
in any of these cases, it all boils down to "I can't find the CA
or CRL". Instead we just omit the stat call, and clear the error
stack if the load_file fails. The fact that you don't have a CA or
CRL is caught later in the callers and is what you want, mimicing
the non by_dir behaviour instead of possibly some bizzaro file
system error.

Based on a similar change in Boring.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/03/24 05:30:12

Modified files:
lib/libcrypto/ocsp: ocsp_cl.c 
lib/libcrypto/ts: ts_rsp_sign.c 
lib/libtls : tls_conninfo.c tls_ocsp.c 
usr.sbin/ocspcheck: ocspcheck.c 

Log message:
Convert libressl to use the BoringSSL style time conversions

This gets rid of our last uses of timegm and gmtime in the
library and things that ship with it. It includes a bit
of refactoring in ocsp_cl.c to remove some obvious ugly.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/02/03 11:51:59

Modified files:
bin/ps : ps.1 
sbin/dump  : traverse.c 
sbin/dumpfs: dumpfs.c 
sbin/fsck_ffs  : dir.c fsck.h main.c pass1.c pass2.c pass5.c 
 setup.c 
sbin/growfs: growfs.c 
sbin/quotacheck: quotacheck.c 
share/man/man5 : fs.5 
sys/conf   : files 
sys/ddb: db_interface.h 
sys/dev: softraid.c 
sys/kern   : kern_physio.c spec_vnops.c vfs_bio.c vfs_subr.c 
 vfs_sync.c vfs_syscalls.c 
sys/sys: buf.h mount.h proc.h vnode.h 
sys/ufs/ffs: ffs_alloc.c ffs_balloc.c ffs_extern.h 
 ffs_inode.c ffs_softdep.c ffs_softdep_stub.c 
 ffs_vfsops.c ffs_vnops.c fs.h softdep.h 
sys/ufs/ufs: inode.h ufs_extern.h ufs_inode.c ufs_lookup.c 
 ufs_vnops.c 
sys/uvm: uvm_swap.c 

Log message:
Remove Softdep.

Softdep has been a no-op for some time now, this removes it to get
it out of the way.

Flensing mostly done in Talinn, with some help from krw@

ok deraadt@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/02/03 08:58:34

Modified files:
lib/libssl : s3_lib.c ssl.h ssl3.h ssl_both.c ssl_cert.c 
 ssl_ciph.c ssl_clnt.c ssl_err.c ssl_lib.c 
 ssl_local.h ssl_sigalgs.c ssl_sigalgs.h 
 ssl_srvr.c tls1.h tls12_key_schedule.c 
 tls12_record_layer.c 
regress/lib/libssl/client: clienttest.c 
regress/lib/libssl/interop: Makefile.inc 
regress/lib/libssl/interop/cipher: Makefile 
regress/lib/libssl/unit: tls_prf.c 
usr.bin/openssl: openssl.c 

Log message:
Remove GOST and STREEBOG support from libssl.

This version of GOST is old and not anywhere close to compliant with
modern GOST standards. It is also very intrusive in libssl and
makes a mess everywhere.  Efforts to entice a suitably minded anyone
to care about it have been unsuccessful.

At this point it is probably best to remove this, and if someone
ever showed up who truly needed a working version, it should be
a clean implementation from scratch, and have it use something
closer to the typical API in libcrypto so it would integrate less
painfully here.

This removes it from libssl in preparation for it's removal from
libcrypto with a future major bump

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2024/02/01 16:16:38

Modified files:
lib/libcrypto/x509: x509_verify.c 

Log message:
Fix the verifier to use the trust store

the trust store is yet another obscure way to add a trust anchor

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/11/30 10:01:04

Modified files:
lib/libcrypto/x509: by_file.c 

Log message:
Clean up and de-spaghettize by_file_callback

I had to read this for other purposes and it exceeded my muppetry
tolerance.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/11/13 05:46:07

Modified files:
lib/libcrypto/asn1: a_time_posix.c asn1.h 
lib/libcrypto/hidden/openssl: asn1.h 
lib/libcrypto/man: ASN1_TIME_set.3 

Log message:
Prepare to expose OPENSSL_gmtime and OPENSSL_timegm as public

This matches when BoringSSL has done, and allows for getting
rid of the dependency on system timegm() and gmtime() in libtls.
which will make life easier for portable, and remove our
dependency on the potentially very slow system versions.

ok tb@ - tb will handle the minor bump bits and expose
on the next minor bump
CVS :--

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/09/29 09:53:59

Modified files:
lib/libcrypto/x509: x509_constraints.c x509_internal.h 
regress/lib/libcrypto/x509: constraints.c 

Log message:
Allow IP addresses to be specified in a URI.

Our checking here was a bit too aggressive, and did not permit an
IP address in a URI. IP's in a URI are allowed for things like CRLdp's
AIA, SAN URI's etc.). The check for this was also slightly flawed as
we would permit an IP if memory allocation failed while checking for
an IP.

Correct both issues.

ok tb@

CVS: cvs.openbsd.org: www

[Bob Beck]

CVSROOT:/cvs
Module name:www
Changes by: b...@cvs.openbsd.org2023/07/12 11:59:30

Modified files:
.  : anoncvs.html 
build  : mirrors.dat 

Log message:
Remove old U of A anoncvs mirror, it has not been maintained in ages

ok tj@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 14:38:23

Modified files:
lib/libssl : tls12_record_layer.c 

Log message:
fix comment to unbreak things that care about warnings
ok tb@ krw@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 10:40:14

Modified files:
lib/libssl : bio_ssl.c d1_srtp.c s3_lib.c ssl_algs.c 
 ssl_asn1.c ssl_cert.c ssl_ciph.c ssl_clnt.c 
 ssl_err.c ssl_init.c ssl_lib.c ssl_methods.c 
 ssl_rsa.c ssl_sess.c ssl_srvr.c ssl_stat.c 
 ssl_txt.c tls12_record_layer.c 
lib/libssl/hidden/openssl: ssl.h 
Added files:
lib/libssl/hidden/openssl: srtp.h tls1.h 

Log message:
Hide all public symbols in libssl

With the guentherizer 9000

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 09:29:04

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/dh: dh_ameth.c dh_asn1.c dh_check.c dh_err.c 
  dh_gen.c dh_key.c dh_lib.c 
Added files:
lib/libcrypto/hidden/openssl: dh.h 

Log message:
Hide symbols in dh

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 09:12:49

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/curve25519: curve25519.c 
Added files:
lib/libcrypto/hidden/openssl: curve25519.h 

Log message:
Hide symbols in curve22519

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 08:56:54

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/modes: cbc128.c ccm128.c cfb128.c ctr128.c 
 gcm128.c ofb128.c xts128.c 
Added files:
lib/libcrypto/hidden/openssl: modes.h 

Log message:
Hide symbols in modes.h

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 08:55:36

Modified files:
lib/libcrypto/modes: cbc128.c ccm128.c cfb128.c ctr128.c 
 gcm128.c modes.h modes_local.h ofb128.c 
 xts128.c 

Log message:
Hit modes with the loving mallet of knfmt

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 08:30:44

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/gost: gost2814789.c gost89_params.c gost_asn1.c 
gost_err.c gostr341001_key.c gostr341194.c 
streebog.c 
Added files:
lib/libcrypto/hidden/openssl: gost.h 

Log message:
Hide symbols in gost.

ok tb@ after some puking in his mouth.

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 08:28:15

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/dsa: dsa_asn1.c dsa_err.c dsa_gen.c dsa_key.c 
   dsa_lib.c dsa_meth.c dsa_ossl.c dsa_prn.c 
Added files:
lib/libcrypto/hidden/openssl: dsa.h 

Log message:
hide symbols in dsa

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 08:27:14

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/cmac: cmac.c 
Added files:
lib/libcrypto/hidden/openssl: cmac.h 

Log message:
Hide symbols in cmac

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 06:27:52

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/objects: o_names.c obj_dat.c obj_err.c obj_lib.c 
   obj_xref.c 
Added files:
lib/libcrypto/hidden/openssl: objects.h 

Log message:
Hide symbols in objects

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 06:26:45

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/rsa: rsa_asn1.c rsa_chk.c rsa_crpt.c rsa_eay.c 
   rsa_err.c rsa_gen.c rsa_lib.c rsa_meth.c 
   rsa_none.c rsa_oaep.c rsa_pk1.c rsa_pmeth.c 
   rsa_prn.c rsa_pss.c rsa_saos.c rsa_sign.c 
Added files:
lib/libcrypto/hidden/openssl: rsa.h 

Log message:
Hide symbols in rsa

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 06:24:10

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/sha: sha1.c sha256.c sha512.c 
Added files:
lib/libcrypto/hidden/openssl: sha.h 

Log message:
Hide symbols in sha

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 06:21:58

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/bn: bn_add.c bn_blind.c bn_const.c bn_convert.c 
  bn_ctx.c bn_err.c bn_exp.c bn_kron.c bn_lib.c 
  bn_mod.c bn_mod_sqrt.c bn_mont.c bn_mul.c 
  bn_prime.c bn_rand.c bn_shift.c bn_sqr.c 
  bn_word.c 
Added files:
lib/libcrypto/hidden/openssl: bn.h 

Log message:
Hide symbols in bn

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 05:28:04

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/txt_db: txt_db.c 
Added files:
lib/libcrypto/hidden/openssl: txt_db.h 

Log message:
Hide symbols in txt_db

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 04:45:57

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/md4: md4_dgst.c md4_one.c 
lib/libcrypto/md5: md5_dgst.c md5_one.c 
Added files:
lib/libcrypto/hidden/openssl: md4.h md5.h 

Log message:
Hide symbols in md4 and md5

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 04:44:00

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/cast: c_cfb64.c c_ecb.c c_enc.c c_ofb64.c c_skey.c 
lib/libcrypto/idea: i_cbc.c i_cfb64.c i_ecb.c i_ofb64.c i_skey.c 
lib/libcrypto/ocsp: ocsp_asn.c ocsp_cl.c ocsp_err.c ocsp_ext.c 
ocsp_ht.c ocsp_lib.c ocsp_prn.c ocsp_srv.c 
ocsp_vfy.c 
Added files:
lib/libcrypto/hidden/openssl: cast.h idea.h ocsp.h 

Log message:
Hide symbols in cast, idea, and ocsp

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 02:28:23

Modified files:
lib/libcrypto  : Symbols.namespace cpt_err.c cryptlib.c 
 crypto_init.c crypto_lock.c cversion.c 
 ex_data.c malloc-wrapper.c mem_dbg.c 
Added files:
lib/libcrypto/hidden/openssl: crypto.h 

Log message:
Hide symbols in crypto.h

ok jsing@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 02:26:26

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/buffer: buf_err.c buffer.c 
lib/libcrypto/cms: cms_asn1.c cms_att.c cms_enc.c cms_env.c 
   cms_err.c cms_ess.c cms_io.c cms_kari.c 
   cms_lib.c cms_pwri.c cms_sd.c cms_smime.c 
lib/libcrypto/comp: c_rle.c c_zlib.c comp_err.c comp_lib.c 
lib/libcrypto/conf: conf_api.c 
Added files:
lib/libcrypto/hidden/openssl: buffer.h cms.h comp.h conf_api.h 

Log message:
Hide symbols in cms, comp, conf, and buffer

ok jsing@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 01:22:58

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/ct: ct_b64.c ct_log.c ct_oct.c ct_policy.c 
  ct_prn.c ct_sct.c 
lib/libcrypto/dso: dso_dlfcn.c dso_err.c dso_lib.c dso_null.c 
   dso_openssl.c 
Added files:
lib/libcrypto/hidden/openssl: ct.h dso.h 

Log message:
Hide symbols in dso and ct

ok jsing@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 01:11:07

Modified files:
lib/libcrypto/des: cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c 
   cfb_enc.c des.h des_enc.c des_local.h 
   ecb3_enc.c ecb_enc.c ede_cbcm_enc.c 
   enc_read.c enc_writ.c fcrypt.c fcrypt_b.c 
   ncbc_enc.c ofb64ede.c ofb64enc.c ofb_enc.c 
   pcbc_enc.c qud_cksm.c rand_key.c set_key.c 
   spr.h str2key.c xcbc_enc.c 

Log message:
Hit the des directory with the loving mallet of knfmt

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 00:13:08

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/sm3: sm3.c 
Added files:
lib/libcrypto/hidden/openssl: sm3.h 

Log message:
Hide symbols in sm3

ok tb@ jsing@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/08 00:04:33

Added files:
lib/libcrypto/hidden/openssl: ecdh.h 

Log message:
unbreak build when namespaced, file was here in my tree but didn't manage
to cvs add

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/07 13:37:54

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/asn1: a_pkey.c a_pubkey.c a_strex.c a_time_tm.c 
ameth_lib.c asn1_item.c asn1_old.c p5_pbe.c 
p5_pbev2.c p8_pkey.c t_crl.c t_req.c 
t_spki.c t_x509.c t_x509a.c x_algor.c 
x_attrib.c x_crl.c x_exten.c x_info.c 
x_name.c x_pkey.c x_pubkey.c x_req.c x_sig.c 
x_spki.c x_val.c x_x509.c x_x509a.c 
lib/libcrypto/bio: b_dump.c bio_lib.c bss_bio.c bss_conn.c 
lib/libcrypto/chacha: chacha-merged.c 
lib/libcrypto/ec: ec_asn1.c ec_lib.c ec_oct.c 
lib/libcrypto/err: err.c 
lib/libcrypto/evp: bio_b64.c bio_enc.c bio_md.c c_all.c 
   cipher_method_lib.c digest.c e_aes.c 
   e_aes_cbc_hmac_sha1.c e_bf.c e_camellia.c 
   e_cast.c e_chacha.c e_chacha20poly1305.c 
   e_des.c e_des3.c e_gost2814789.c e_idea.c 
   e_null.c e_rc2.c e_rc4.c e_rc4_hmac_md5.c 
   e_sm4.c e_xcbc_d.c encode.c evp_aead.c 
   evp_enc.c evp_err.c evp_key.c evp_lib.c 
   evp_pbe.c evp_pkey.c m_gost2814789.c 
   m_gostr341194.c m_md4.c m_md5.c m_md5_sha1.c 
   m_null.c m_ripemd.c m_sha1.c m_sha3.c 
   m_sigver.c m_sm3.c m_streebog.c m_wp.c 
   names.c p5_crpt.c p5_crpt2.c p_dec.c p_enc.c 
   p_lib.c p_open.c p_seal.c p_sign.c p_verify.c 
   pmeth_fn.c pmeth_gn.c pmeth_lib.c 
lib/libcrypto/hidden/openssl: asn1.h asn1t.h bio.h chacha.h ec.h 
  ecdsa.h err.h hkdf.h lhash.h pem.h 
  poly1305.h rand.h sm4.h ts.h 
lib/libcrypto/rand: rand_lib.c randfile.c 
lib/libcrypto/sm3: sm3.c 
lib/libcrypto/ts: ts_req_utils.c ts_rsp_utils.c 
Removed files:
lib/libcrypto/hidden/openssl: evp.h sm3.h 

Log message:
Unbreak the namespace build after a broken mk.conf and tool misfire had
me aliasing symbols not in the headers I was procesing.

This unbreaks the namespace build so it will pass again

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/07 07:54:46

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/ec: ec_asn1.c ec_check.c ec_curve.c ec_cvt.c 
  ec_err.c ec_key.c ec_kmeth.c ec_lib.c ec_oct.c 
  ec_print.c eck_prn.c ecp_mont.c ecp_smpl.c 
lib/libcrypto/ecdh: ecdh.c ech_err.c ech_lib.c 
lib/libcrypto/ecdsa: ecdsa.c ecs_err.c ecs_lib.c 
lib/libcrypto/err: err.c err_all.c err_prn.c 
lib/libcrypto/evp: bio_b64.c bio_enc.c bio_md.c c_all.c 
   cipher_method_lib.c digest.c e_aes.c 
   e_aes_cbc_hmac_sha1.c e_bf.c e_camellia.c 
   e_cast.c e_chacha.c e_chacha20poly1305.c 
   e_des.c e_des3.c e_gost2814789.c e_idea.c 
   e_null.c e_rc2.c e_rc4.c e_rc4_hmac_md5.c 
   e_sm4.c e_xcbc_d.c encode.c evp_aead.c 
   evp_enc.c evp_err.c evp_key.c evp_lib.c 
   evp_pbe.c evp_pkey.c m_gost2814789.c 
   m_gostr341194.c m_md4.c m_md5.c m_md5_sha1.c 
   m_null.c m_ripemd.c m_sha1.c m_sha3.c 
   m_sigver.c m_sm3.c m_streebog.c m_wp.c 
   names.c p5_crpt.c p5_crpt2.c p_dec.c p_enc.c 
   p_lib.c p_open.c p_seal.c p_sign.c p_verify.c 
   pmeth_fn.c pmeth_gn.c pmeth_lib.c 
lib/libcrypto/hkdf: hkdf.c 

Log message:
Hide symbols in hkdf, evp, err, ecdsa, and ec

(part 2 of commit)

ok jsing@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/07 07:53:52

Added files:
lib/libcrypto/hidden/openssl: ec.h ecdsa.h err.h evp.h hkdf.h 

Log message:
Hide symbols in hkdf, evp, err, ecdsa and ec

ok jsing@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/07 07:40:44

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/lhash: lh_stats.c lhash.c 
lib/libcrypto/pem: pem_all.c pem_err.c pem_info.c pem_lib.c 
   pem_oth.c pem_pk8.c pem_pkey.c pem_sign.c 
   pem_x509.c pem_xaux.c pvkfmt.c 
lib/libcrypto/rc2: rc2_cbc.c rc2_ecb.c rc2_skey.c rc2cfb64.c 
   rc2ofb64.c 
Added files:
lib/libcrypto/hidden/openssl: lhash.h pem.h rc2.h 

Log message:
Hide symbols in lhash, pem, and rc2

ok jsing@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/07 06:51:58

Modified files:
lib/libcrypto/idea: i_cbc.c i_cfb64.c i_ecb.c i_ofb64.c i_skey.c 
idea.h idea_local.h 

Log message:
Hit idea with the loving mallet of knfmt

ok knfmt

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/07 06:01:32

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/poly1305: poly1305.c 
lib/libcrypto/rand: rand_err.c rand_lib.c randfile.c 
lib/libcrypto/sm3: sm3.c 
lib/libcrypto/sm4: sm4.c 
Added files:
lib/libcrypto/hidden/openssl: poly1305.h rand.h sm3.h sm4.h 

Log message:
hide symbols in sm, rand, and poly1305

ok jsing@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/07 02:29:37

Modified files:
lib/libcrypto/rc2: rc2.h rc2_cbc.c rc2_ecb.c rc2_local.h 
   rc2_skey.c rc2cfb64.c rc2ofb64.c 

Log message:
Hit rc2 with the loving mallet of knfmt.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/07 01:25:21

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/ts: ts_asn1.c ts_conf.c ts_err.c ts_lib.c 
  ts_req_print.c ts_req_utils.c ts_rsp_print.c 
  ts_rsp_sign.c ts_rsp_utils.c ts_rsp_verify.c 
  ts_verify_ctx.c 
Added files:
lib/libcrypto/hidden/openssl: ts.h 

Log message:
Hide symbols in ts

ok jsing@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/06 01:56:32

Modified files:
lib/libssl : Makefile ssl_local.h ssl_methods.c 

Log message:
unifdef the LIBRESSL_HAS_TLS1_3_[CLIENT|SERVER] goo

And remove the tendrils. This was useful for transition but we are now
well past this.

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/06 00:38:01

Modified files:
lib/libcrypto  : opensslfeatures.h 

Log message:
define OPENSSL_NO_DTLS1_1 since we no longer have that either.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/06 00:15:36

Modified files:
lib/libcrypto  : opensslfeatures.h 

Log message:
Define the 'standard' OPENSSL_NO_BLAHBLAH's for no tls 1.0 or 1.1

We have no tls 1.0 or 1.1 or methods for them.

These "in theory" will make things that check the openssl #ifdef
soup for all the floating eyeballs make the correct decisions, or
if they do not they at least can not blame us.

ok tb@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/05 15:23:37

Modified files:
lib/libcrypto  : Symbols.namespace 
lib/libcrypto/asn1: a_bitstr.c a_enum.c a_int.c a_mbstr.c 
a_object.c a_octet.c a_pkey.c a_print.c 
a_pubkey.c a_strex.c a_string.c a_strnid.c 
a_time.c a_time_tm.c a_type.c ameth_lib.c 
asn1_err.c asn1_gen.c asn1_item.c asn1_old.c 
asn1_old_lib.c asn1_par.c asn1_types.c 
asn_mime.c asn_moid.c bio_asn1.c p5_pbe.c 
p5_pbev2.c p8_pkey.c t_crl.c t_pkey.c 
t_req.c t_spki.c t_x509.c t_x509a.c 
tasn_dec.c tasn_enc.c tasn_fre.c tasn_new.c 
tasn_prn.c tasn_typ.c x_algor.c x_attrib.c 
x_crl.c x_exten.c x_info.c x_name.c x_pkey.c 
x_pubkey.c x_req.c x_sig.c x_spki.c x_val.c 
x_x509.c x_x509a.c 
lib/libcrypto/bio: b_dump.c b_posix.c b_print.c b_sock.c 
   bf_buff.c bf_nbio.c bf_null.c bio_cb.c 
   bio_err.c bio_lib.c bio_meth.c bss_acpt.c 
   bss_bio.c bss_conn.c bss_dgram.c bss_fd.c 
   bss_file.c bss_log.c bss_mem.c bss_null.c 
   bss_sock.c 
Added files:
lib/libcrypto/hidden/openssl: asn1.h asn1t.h bio.h 

Log message:
Hide symbols in asn1 and bio

ok jsing@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/07/05 11:32:51

Modified files:
lib/libcrypto/bio: bio.h 

Log message:
Correct formatting

ok jsing@