Make X509_certificate_type() less bad

This converts to proper single exit and undoes a number of unnecessarily
silly muppet antics.

ok beck

Garbage collect an incoherent export crypto check

Contrast "#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */" with the diff:

- /* /8 because it's 1024 bits we look for, not bytes */
- i

Garbage collect an incoherent export crypto check

Contrast "#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */" with the diff:

- /* /8 because it's 1024 bits we look for, not bytes */
- if (EVP_PKEY_size(pk) <= 1024 / 8)
- ret |= EVP_PKT_EXP;

EVP_PKT_EXP will be nuked at the next opportunity.

discussed with jsing

show more ...

Use a sensible variable name (i.e. nid) instead of i for a NID

Use X509_get_signature_nid() instead of inlining it

ok beck jsing

X509_certificate_type() needs to know about RSA-PSS

This doesn't do much right now, but is part of the tangle that is adding
RSA-PSS support.

ok beck jsing

Teach the grotty X509_certificate_type() about Ed25519 certs

ok jsing

libressl *_namespace.h: adjust *_ALIAS() to require a semicolon

LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most

libressl *_namespace.h: adjust *_ALIAS() to require a semicolon

LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h

fix suggested by & ok jsing

show more ...

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_l

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

show more ...

Hide public symbols in libcrypto/x509 .c files

ok tb@

Include evp_locl.h where it will be needed once most structs from
evp.h will be moved to evp_locl.h in an upcoming bump.

ok inoguchi

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of un

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

show more ...

Add const to both arguments of X509_certificate_type() and clean up
a little:

Use X509_get0_pubkey() in place of X509_get_pubkey() and EVP_PKEY_free().
Check return value of the former in the approp

Add const to both arguments of X509_certificate_type() and clean up
a little:

Use X509_get0_pubkey() in place of X509_get_pubkey() and EVP_PKEY_free().
Check return value of the former in the appropriate place and simplify the
logic for dealing with the potentially NULL pkey argument (includes a neat
tweak from jsing). Finally, kill an ugly comment that has been rotting for
twenty years and merge the lines around it.

tested in a bulk build by sthen
ok jsing

show more ...

Fix bad indenting in LibreSSL.

jsg@ noticed that some of the lines in libssl and libcrypto are not
indented properly. At a quick glance, it looks like it has a different
control flow than it really

Fix bad indenting in LibreSSL.

jsg@ noticed that some of the lines in libssl and libcrypto are not
indented properly. At a quick glance, it looks like it has a different
control flow than it really does. I checked the history in our tree and
in OpenSSL to make sure these were simple mistakes.

ok miod@ jsing@

show more ...

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need t

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

show more ...

tags as requested by miod and tedu

KNF.

blunt force knf

resolve conflicts

resolve conflicts, fix local changes

resolve conflicts

merge 0.9.7d

merge 0.9.7c; minor bugsfixes;
API addition: ERR_release_err_state_table
[make includes before you build libssl/libcrypto]

OpenSSL 0.9.4 merge

Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build
functionality for shared libs.

Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in th

Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build
functionality for shared libs.

Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in this library.

Needs documentation and help from ports for easy upgrade to full
functionality where legally possible.

show more ...