Hide global _it variables in x509.h

ok tb@

Hide public symbols in x509.h

This picks up most of the remaining public symbols in
x509.h

ok tb@

Remove X509_CRL_METHOD API

I would keep repeating myself... In the bit bucket you go.

ok jsing

Remove X509_CRL_METHOD internals

Another complication of dubious value that nobody's ever used. crl_init(),
crl_free() and the meth_data are dead weight, as are their accessors.

Inline def_crl_veri

Remove X509_CRL_METHOD internals

Another complication of dubious value that nobody's ever used. crl_init(),
crl_free() and the meth_data are dead weight, as are their accessors.

Inline def_crl_verify() in X509_CRL_verify() so that the latter becomes
the trivial wrapper of ASN1_item_verify() that one would expect it to be.
It is quite unclear what kind of customization would make sense here...

def_crl_lookup() is renamed into crl_lookup() and its two callers,
X509_CRL_lookup_by_{serial,cert}(), are moved below it so that we
don't need a prototype.

ok jsing

show more ...

Unbreak the namespace build after a broken mk.conf and tool misfire had
me aliasing symbols not in the headers I was procesing.

This unbreaks the namespace build so it will pass again

ok tb@

Hide symbols in asn1 and bio

ok jsing@

Prepare to provide X509_CRL_get0_sigalg()

This is an obvious omission from the OpenSSL 1.1 and OpenSSL 3 API which
does not provide a way to access the tbs sigalg of a CRL. This is needed
in securit

Prepare to provide X509_CRL_get0_sigalg()

This is an obvious omission from the OpenSSL 1.1 and OpenSSL 3 API which
does not provide a way to access the tbs sigalg of a CRL. This is needed
in security/pivy.

From Alex Wilson
ok jsing

show more ...

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_l

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

show more ...

Get rid of SHA1 for comparing CRL's - use SHA512 just like we do for certs.
ok tb@

Use calloc() for X509_CRL_METHOD_new() instead of malloc().

This ensures that if any members are added to this struct, they will be
initialised.

ok schwarze@ tb@

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of un

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

show more ...

Fix a number of ASN1_INTEGER vs ASN1_STRING mixups coming from the
mechanical M_ASN1 macro expansion. The ASN1_INTEGER_cmp function
takes signs into account while ASN1_STRING_cmp doesn't. The mixups

Fix a number of ASN1_INTEGER vs ASN1_STRING mixups coming from the
mechanical M_ASN1 macro expansion. The ASN1_INTEGER_cmp function
takes signs into account while ASN1_STRING_cmp doesn't. The mixups
mostly involve serialNumbers, which, in principle, should be positive.
However, it is unclear whether that is checked or enforced anywhere
in the code, so these are probably bugs.

Patch from Holger Mikolon
ok jsing

show more ...

Turn a number of #defines into proper functions with prototypes matching
those that OpenSSL has had for ages.

ok jsing

Make the NULL check a separate if statement for readability and
grepability.

Req. by jsing

Make X509_CRL_METHOD_free() NULL-safe.

ok bcook

Provide X509_REVOKED_dup().

Provide X509_CRL_get0_extensions() and X509_CRL_get_signature_nid().

Provide X509_CRL_get0_{last,next}Update() and X509_CRL_get0_signature().

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Expand ASN1_ITEM_rptr and ASN1_ITEM_ptr macros - no change in generated
assembly.

When freeing an X509_CRL, if freeing the user-maintained meth_data fails,
do not forgot to nevertheless keep freeing the other fields.
ok doug@ guenther@

Remove initialisers with default values from the ASN1 data structures.

Minor changes in generated assembly due to the compiler swapping from
.quad 0/.long 0 to .zero, along with changes due to line

Remove initialisers with default values from the ASN1 data structures.

Minor changes in generated assembly due to the compiler swapping from
.quad 0/.long 0 to .zero, along with changes due to line numbering.

show more ...

Expand most of the ASN1_SEQUENCE* and associated macros, making the data
structures visible and easier to review, without having to wade through
layers and layers of asn1t.h macros.

Change has been

Expand most of the ASN1_SEQUENCE* and associated macros, making the data
structures visible and easier to review, without having to wade through
layers and layers of asn1t.h macros.

Change has been scripted and the generated assembly only differs by changes
to line numbers.

Discussed with beck@ miod@ tedu@

show more ...

The IMPLEMENT_STACK_OF and IMPLEMENT_ASN1_SET_OF macros were turned into
noops around 15 years ago. Remove multiple occurances of both that still
exist in the code today.

Manually expand ASN1_ITEM_rptr macros that should have been expanded with
the IMPLEMENT_ASN1_DUP_FUNCTION macro.