Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| 09eb601a | 2023-01-08 04:54:50 | Add getthrname(2) manpage ok jmc@ schwarze@ | ||
| a11cae13 | 2023-01-07 16:17:29 | Rewrite/simplify BN_free(). ok tb@ | ||
| f949966c | 2023-01-07 16:13:46 | Flip BN_clear_free() and BN_free() All of our BIGNUMs are cleared when we free them - move the code to BN_free() and have BN_clear_free() call BN_free(), rather than the other way around. ok tb@ | ||
| 0d1c5e62 | 2023-01-07 16:09:18 | Use calloc() in BN_new(), rather than malloc() and then manually zeroing. ok tb@ | ||
| cef5a146 | 2023-01-07 05:24:58 | Add {get,set}thrname(2) for putting thread names in the kernel and exposed in a new field returned by sysctl(KERN_PROC). Update pthread_{get,set}_name_np(3) to use the syscalls. Show them, when set, in ps -H and top -H output. libc and libpthread minor bumps ok mpi@, mvs@, deraadt@ | ||
| 14a120fb | 2023-01-05 04:51:13 | Rewrite BN_rshift() This improves readability and eliminates special handling for various cases, making the code cleaner and closer to constant time. Basic benchmarking shows a performance gain on modern 64 bit architectures, while there is a decrease on legacy 32 bit architectures (i386), particularly for the zero bit shift case (which is now handled in the same code path). ok tb@ | ||
| 893695ce | 2023-01-04 13:00:11 | Christos Zoulas agreed to rescind clause 3 and 4 in NetBSD fsck.8 rev 1.35 fsutil.h rev 1.14 pathnames.h rev 1.2 netgroup_mkdb.8 rev 1.9 netgroup_mkdb.c rev 1.18 str.c rev 1.7 str.h rev 1.4 rdate.8 rev 1.11 rdate.c rev 1.19 extern.h rev 1.14 getnetgrent.c rev 1.41 netgroup.h rev 1.10 fparseln.3 rev 1.4 fparseln.c rev 1.10 our stringlist.c/stringlist.h are derived from getnetgrent.c rfc868time.c from rdate.c newfs/pathnames.h from fsck/pathnames.h https://mail-index.netbsd.org/source-changes/2009/10/21/msg002182.html Not all files are covered as some had copyright assigned to TNF in 1998. | ||
| 108b671b | 2023-01-04 10:59:34 | Leo Weppelman agreed to rescind clause 3 and 4 in NetBSD kvm_dump.3 rev 1.15 kcore.h rev 1.3 https://mail-index.netbsd.org/source-changes/2009/10/20/msg002169.html | ||
| 033eadae | 2023-01-01 16:58:23 | Add explicit LL suffixes to large constants to appease some compilers on 32-bit platforms; NFCI ok tb@ | ||
| 63820b0f | 2022-12-31 03:36:12 | crank libfido2 major version, it depends on libcbor and it just cranked. ok tb@ | ||
| 4dcc46c4 | 2022-12-31 03:35:21 | update to upstream libcbor v.0.10.0 and crank major. Also includes e308674c5d to fix PR259. This release includes a number of memory leak fixes. Disable the upsteam custom allocators feature. Feedback/ok tb@ Thanks also to Pedro Martelletto for pointing out the new release as well as PR259. | ||
| 4970e247 | 2022-12-30 23:12:12 | add history for getpid(2) and getppid(2) getpid() appeared (undocumented) in v5. Between v6 and v7 there is an extra return value for the parent process ID. getppid() did not appear in v7, it appeared in 32v libc. But getppid() predates 32v. It seems to have been in earlier USG releases such as Generic 3 (PG-1C300 Issue 3) as the MERT Release 0 manual references it. getppid() didn't become a system call until 4.3BSD-Reno omit most of these details and just mention v5 and 32v with and ok schwarze@ | ||
| 6c9d614b | 2022-12-30 21:21:25 | pause.3: miscellaneous rewrites, cleanup Eliminate some redundant or extraneous pieces from the pause.3 page. Say the "thread" "blocks", don't say the "process" "pauses". No need to enumerate the ways a signal can be delivered. Add a few relevant cross-references. With input from millert@ and schwarze@. Link: https://marc.info/?l=openbsd-tech&m=166801212316670&w=2 ok millert@ schwarze@ | ||
| c6206b64 | 2022-12-29 14:56:48 | HISTORY: clarify that unmount(2) used to be called umount(2) from v1 to Tahoe; joint work with and OK jsg@ | ||
| cc650db0 | 2022-12-29 05:00:12 | profil(2) first appeared in fifth edition tuhs/Distributions/Research/Dennis_v4/v4man.tar.gz has manx/profil.2 but no man2/profil.2 the nsys sysent.c has '&nullsys, /* 44 = prof */' https://minnie.tuhs.org/cgi-bin/utree.pl?file=V4/nsys/ken/sysent.c profil(2) is first listed as v5 in the Combined Tables of Contents from McIlroy's A Research UNIX Reader. https://marc.info/?l=tuhs&m=158099986005023&w=2 and is present in tuhs/Distributions/Research/Dennis_v5/v5man.pdf ok schwarze@ | ||
| 7f063f20 | 2022-12-29 02:12:41 | fcntl(2) first appeared in System III ok schwarze@ | ||
| 388ee0bd | 2022-12-28 07:59:13 | succcess -> success | ||
| 949b353c | 2022-12-27 23:05:55 | spelling fixes; from paul tagliamonte ok nicm | ||
| e70a8168 | 2022-12-27 17:31:09 | Change the way malloc_init() works so that the main data structures can be made immutable to provide extra protection. Also init pools on-demand: only pools that are actually used are initialized. Tested by many | ||
| 87ef6183 | 2022-12-27 17:13:04 | Revert spelling fixes. Please report them upstream. | ||
| 2c53affb | 2022-12-27 17:10:05 | spelling fixes; from paul tagliamonte any changes not taken noted on tech, but chiefly here i did not take the cancelation - cancellation changes; | ||
| 53971c37 | 2022-12-26 16:00:36 | Prepare to provide X509_CRL_get0_sigalg() This is an obvious omission from the OpenSSL 1.1 and OpenSSL 3 API which does not provide a way to access the tbs sigalg of a CRL. This is needed in security/pivy. From Alex Wilson ok jsing | ||
| d00d8798 | 2022-12-26 10:54:47 | fix another typo in comment in a line touched by the last commit (this one wouldn't have triggered a spell checker though) | ||
| 40ca958b | 2022-12-26 07:31:44 | spelling fixes; from paul tagliamonte ok tb | ||
| 71743258 | 2022-12-26 07:18:50 | spelling fixes; from paul tagliamonte i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb | ||
| f06b843a | 2022-12-24 10:50:40 | Build libc with executable-only .text on arm64. ok deraadt@ | ||
| 025eba8f | 2022-12-24 10:49:19 | Don't use a literal pool in .text to load the setjmp magic value as this is incompatible with executable-only code. ok deraadt@, guenther@ | ||
| ff25319c | 2022-12-24 10:47:22 | Use the correct instruction to clear the frame pointer. ok guenther@, deraadt@ | ||
| ae3e02d6 | 2022-12-24 07:12:09 | Zap trailing whitespace in license and add some empty lines | ||
| c3b5c70f | 2022-12-23 23:23:02 | Add the missing Copyright and license headers in the libcrypto/comp directory. Requested some time ago by tb@. According to OpenSSL git history, the original version of this code appeared in SSLeay 0.9.1b (July 6, 1998). The LICENSE file in that release states that the Copyright of SSLeay belongs to Eric Young, and we believe that Eric still maintained SSLeay himself at that time. We have seen a small number of examples where Eric credited outside contributors for code that he included in his distribution, including citing Copyright notices and license headers as appropriate. We found no such hints regarding this code, so it is reasonable to assume that he wrote this code himself. Regarding subsequent changes and additions, i inspected the OpenSSL git repository. No code change; only Copyright and license comments are added. | ||
| b76794fb | 2022-12-23 17:52:32 | Document the deprecated wrappers BIO_set_app_data(3) and BIO_get_app_data(3). Some code roams the wild still calling them. | ||
| 62cec4ff | 2022-12-23 17:27:53 | Mark BIO_buffer_get_num_lines(3) as intentionally undocumented. Contrary to what bio.h says, it does not *not* retrieve some "IO type", whatever that is supposed to be, but it is a NOOP, and nothing uses it. Despite its name, it is unrelated to BIO_f_buffer(3), and please be careful to not confuse it with BIO_get_buffer_num_lines(3). | ||
| 9f71e853 | 2022-12-23 16:59:39 | Mark BIO_f_nbio_test(3) as intentionally undocumented. It exposes absurd functionality, and according to codesearch.debian.net, it is unused except in openssl(1) s_client/s_server -nbio_test. | ||
| 33dd5991 | 2022-12-23 15:59:34 | new manual page BIO_s_datagram(3); feedback and OK tb@ | ||
| b0242bda | 2022-12-23 03:15:35 | Simplify BN_cmp() and BN_ucmp(). The only real difference between BN_cmp() and BN_ucmp() is that one has to respect the sign of the BN (although BN_cmp() also gets to deal with some insanity from accepting NULLs). Rewrite/cleanup BN_ucmp() and turn BN_cmp() into code that handles differences in sign, before calling BN_ucmp(). ok tb@ | ||
| bcc93ea7 | 2022-12-23 02:31:56 | Consistently check for NULL early. Also be more consistent with variable naming. ok tb@ | ||
| 7218a23d | 2022-12-23 02:27:47 | Fix an unchecked strdup() in UI_create_method(). ok tb@ | ||
| d533e99e | 2022-12-23 02:26:16 | Make UI_destroy_method() NULL safe. ok tb@ | ||
| 50779922 | 2022-12-23 02:22:58 | Remove unhelpful comment. Remove a comment that tells you not to call a function that internally calls free, with a stack allocated pointer... ok tb@ | ||
| fdc4606f | 2022-12-23 02:20:28 | Remove compatibility "glue" for des_read_pw{_string}() Nothing can be actually using these as the symbols are not exported from libcrypto... hopefully ui_compat.h can also go away entirely. ok tb@ | ||
| 7ee7571b | 2022-12-22 21:05:48 | new manual page BIO_accept(3) | ||
| 4941afce | 2022-12-22 20:13:45 | in case of failure, always report the error with BIOerror(); OK tb@ | ||
| 1678ab6a | 2022-12-22 16:38:45 | Mark BIO_s_log(3) as intentionally undocumented. Ben Laurie invented the system logging BIO in 1999 and yet, nothing whatsoever uses it according to codesearch.debian.net. Besides, it is poorly designed and a crypto library is absolutely not the place for putting a clumsy system logging facility. Not everything needs to be a BIO! | ||
| 1004d7a7 | 2022-12-21 15:08:37 | Mark BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), and BIO_nwrite(3) as intentionally undocumented. Bodo Moeller invented this "non-copying I/O" API in 1999, but according to codesearch.debian.net, it is still completely unused by anything. On top of that, it appears to be inflexible in so far as it only supports BIO pairs and no other BIO types and fragile in so far as it exposes pointers to internal storage and runs contrary to expectations of how BIO objects are supposed to work. | ||
| a8920b3a | 2022-12-20 17:59:29 | add a missing .Vt macro; from Josiah Frentsos <jfrent at tilde dot team> | ||
| ca55e5ba | 2022-12-20 15:34:03 | Mark BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented. It appears Richard Levitte succumbed to everything-needs-a-callback-paranoia in 2004, but nobody is going to be surprised that nothing whatsoever wants to use this particular callback, according to codesearch.debian.net. | ||
| bbae9136 | 2022-12-20 14:55:45 | document BIO_fd_non_fatal_error(3) and BIO_fd_should_retry(3) | ||
| 36de0c91 | 2022-12-20 09:01:05 | - some small tweaks for the text - on guenther's advice, remove NOTES: the text is either not relevant or already described correctly elsewhere ok guenther | ||
| 538ecf39 | 2022-12-19 18:13:50 | Add waitid(2) manpage, based on a first pass by espie@ and bits from FreeBSD and NetBSD. ok kettenis@ jmc@ espie@ | ||
| 375dfd33 | 2022-12-19 14:40:14 | document BIO_copy_next_retry(3) | ||
| 0e2f34bb | 2022-12-19 03:54:17 | Revert previous: unintentionally included in commit | ||
| 98b84055 | 2022-12-19 03:49:42 | Add pselect(2), recvmmsg(2), sendmmsg(2), and waitid(2) to the lists of built-in cancelation points. | ||
| 54569cf1 | 2022-12-19 03:40:20 | waitid(2) returns 0 on success; do post-call cancelation only if it either failed, or succeeded but didn't put a status into infop. ok millert@ | ||
| e582de33 | 2022-12-18 22:27:10 | document BIO_FLAGS_MEM_RDONLY | ||
| 57ad7d3b | 2022-12-18 21:45:47 | document BIO_set_retry_read(3), BIO_set_retry_write(3), BIO_set_retry_special(3), BIO_clear_retry_flags(3), BIO_get_retry_flags(3), and the BIO_FLAGS_* constants | ||
| 5fc43f0d | 2022-12-18 20:24:52 | document the interaction with BIO_dup_chain(3) | ||
| 53d779ef | 2022-12-18 19:35:36 | new manual page BIO_dup_chain(3) | ||
| d2abd44c | 2022-12-18 19:15:38 | correct the prototypes of BIO_get_conn_ip(3) and BIO_get_conn_int_port(3); from Richard Levitte via OpenSSL commit 0e474b8b in the 1.1.1 branch, which is still under a freee license | ||
| d6a42141 | 2022-12-18 17:40:55 | document BIO_number_read(3) and BIO_number_written(3) | ||
| 74a4f7c0 | 2022-12-17 22:23:31 | Merge documentation of UI_null() from OpenSSL 1.1 jsing doesn't like it, but it's better than nothing. ok jsing | ||
| a7534870 | 2022-12-17 22:21:24 | Document BIO_set_flags(3), BIO_clear_flags(3), BIO_test_flags(3), and BIO_get_flags(3). | ||
| 0ce8a7ba | 2022-12-17 22:01:29 | Link ui_null.c to build | ||
| a79c076a | 2022-12-17 21:59:39 | Prepare to provide UI_null() xmlsec needs this, nothing else. Our linkers link libxmlsec1-openssl, only warns and since nothing uses this library in ports, this wasn't noticed for a long time. Reported by Thomas Mitterfellner ok jsing | ||
| ce6fd31b | 2022-12-17 15:56:25 | Provide BN_zero()/BN_one() as functions and make BN_zero() always succeed. BN_zero() is currently implemented using BN_set_word(), which means it can fail, however almost nothing ever checks the return value. A long time ago OpenSSL changed BN_zero() to always succeed and return void, however kept BN_zero as a macro that calls a new BN_zero_ex() function, so that it can be switched back to the "can fail" version. Take a simpler approach - change BN_zero()/BN_one() to functions and make BN_zero() always succeed. This will be exposed in the next bump, at which point we can hopefully also remove the BN_zero_ex() function. ok tb@ | ||
| fd234164 | 2022-12-17 12:48:53 | X509_check_purpose.3: incorporate feedback from jsing | ||
| 8c14bd7a | 2022-12-16 23:56:57 | In bio.h rev. 1.54, jsing@ and tb@ provided BIO_callback_fn_ex(3), BIO_set_callback_ex(3), BIO_get_callback_ex(3), and BIO_callback_fn(3). Document them, in part by merging from the OpenSSL 1.1.1 branch, which is still under a free license, but heavily tweaked by me, in particular: * mention that BIO_set_callback_arg(3) is misnamed; * keep our more detailed explanation of the "ret" argument; * make the list of callback invocations more readable; * and update the HISTORY section. | ||
| d5ec6605 | 2022-12-16 18:02:28 | Document extension caching of X509_check_purpose() The overwhelming majority of callers of X509_check_purpose() in our tree pass a purpose of -1. In this case X509_check_purpose() acts as a wrapper of x509v3_cache_extensions() which makes sanity checks like non-negativity of ASN.1 integers or canonicity of RFC 3779 extensions as well as checking uniqueness of extensions. from schwarze who beat an initial diff of mine into shape | ||
| f341e97e | 2022-12-16 16:02:17 | add a CAVEATS section warning the user to not create cycles; OK tb@ | ||
| 39105ab6 | 2022-12-16 13:41:55 | Revert BIO_push(3) cycle prevention (bio_lib.c rev. 1.42). jsing@ worries that cycle prevention might increase risk because software that is not checking return values (and indeed, not checking is likely common in practice) might silently behave incorrectly with cycle prevention whereas without, it will likely either crash right away through infinite recursion or at least hang in an infinite loop when trying to use the cyclic chain, in both cases making it likely that the bug will be found and fixed. Besides, tb@ points out that BIO_set_next(3) ought to behave as similarly as possible to BIO_push(3), but adding cycle prevention to BIO_set_next(3) would be even less convincing because that function does not provide a return value, encouraging users to expect that it will always succeed. While a safe idiom for checking the success of BIO_set_next(3) could easily be designed, let's be realistic: application software would be highly unlikely to pick up such an idiom. | ||
| beb45aa6 | 2022-12-15 17:20:48 | In curve25519.h rev. 1.4 to 1.7, tb@ and jsing@ provided ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3). Document them. | ||
| 7ad999aa | 2022-12-14 22:37:07 | In evp.h rev. 1.109 and 1.112, jsing@ and tb@ provided EVP_PKEY_new_raw_private_key(3), EVP_PKEY_new_raw_public_key(3), EVP_PKEY_get_raw_private_key(3), and EVP_PKEY_get_raw_public_key(3). Merge the documentation from the OpenSSL 1.1.1 branch, which is still under a free license. I tweaked the text somewhat for conciseness, and argument names for uniformity. | ||
| b03cfb73 | 2022-12-14 20:27:28 | In asn1.h rev. 1.71 and 1.72, jsing@ and tb@ provided ASN1_buf_print(3). Document it. | ||
| 6a10513e | 2022-12-13 06:56:06 | consistently put the Xr in "made obsolete by" in symbolic, as sigvec already does; remove the one inconsistent colon from creat(3) in this same text original diff from josiah frentsos | ||
| ff193b36 | 2022-12-12 14:16:58 | Bump to LibreSSL 3.7.1 | ||
| 3847dadb | 2022-12-11 20:53:27 | Add a small blurb on @SECLEVEL=n | ||
| fada0977 | 2022-12-08 11:33:58 | Fix copy-paste error that left a paragraph ending in a comma | ||
| 0ee2ce67 | 2022-12-08 02:11:27 | _C_LABEL() and _ASM_LABEL() are no longer useful in the "everything is ELF" world. Eliminate use of them in landisk code. ok deraadt@ | ||
| 81621933 | 2022-12-08 01:25:43 | _C_LABEL() and _ASM_LABEL() are no longer useful in the "everything is ELF" world. Eliminate use of them in amd64, arm64, armv7, i386, macppc, mips64, and sparc64 code. ok deraadt@ jca@ krw@ | ||
| 6a684a04 | 2022-12-07 23:25:59 | _C_LABEL() and _ASM_LABEL() are no longer useful in the "everything is ELF" world. Eliminate use of them in powerpc64 code. ok gkoehler@ | ||
| 2181dbec | 2022-12-07 23:08:47 | Improve the implementation of BIO_push(3) such that it changes nothing and reports failure if a call would result in a cycle. The algorithm used was originally suggested by jsing@. Feedback and OK tb@. | ||
| ded1d43d | 2022-12-07 22:30:15 | Add references to the BIO_{push,pop}(3) example The reader may not know what digest BIOs, Base64 BIOs and file BIOs are and the relevant function names are non-obvious, hence it's not entirely trivial to find the manuals where they are explained. With these references a reader should be able to turn the example into actual code. ok schwarze | ||
| e501d6ba | 2022-12-07 17:17:29 | Fix example string If you want to Base64-encode "Hello World\n" using a BIO, you had better pass "Hello World\n" into it, not something slightly different... While we're touching this, we might as well write it the way K&R did... | ||
| 52d44085 | 2022-12-06 22:22:42 | Zap extra space | ||
| cb8c034d | 2022-12-06 21:13:01 | Major rewrite for accuracy and clarity, and document BIO_set_next(3). Feedback and OK tb@. | ||
| 5746cf29 | 2022-12-06 18:50:59 | _C_LABEL() and _ASM_LABEL() are no longer useful in the "everything is ELF" world. Eliminate use of them in m88k code. ok aoyama@ | ||
| 46665642 | 2022-12-06 17:59:21 | Make sure BIO_push(3) always preserves all invariants of the prev_bio and next_bio fields of all BIO objects in all affected chains, no matter what the arguments are. In particular, if the second argument (the one to be appended) is not at the beginning of its chain, properly detach the beginning of its chain before appending. We have weak indications that this bug might affect real-world code. For example, in FreeRDP, file libfreerdp/crypto/tls.c, function bio_rdp_tls_ctrl(), case BIO_C_SET_SSL, BIO_push(3) is definitely called with a second argument that is *not* at the beginning of its chain. Admittedly, that code is hard to fathom, but it does appear to result in a bogus prev_bio pointer without this patch. The practical impact of this bug in this and other software remains unknown; the consequences might possibly escalate up to use-after-free issues if BIO_pop(3) is afterwards called on corrupted BIO objects. OK tb@ | ||
| 0dc4ae82 | 2022-12-06 16:10:55 | Improve the poorly designed BIO_set_next(3) API to always preserve all invariants of the prev_bio and next_bio fields of all BIO objects in all involved chains, no matter which arguments this function is called with. Both real-world uses of this function (in libssl and freerdp) have been audited to make sure this makes nothing worse. We believe libssl behaves correctly before and after the patch (mostly because the second argument is NULL there), and we believe the code in freerdp behaves incorrectly before and after the patch, leaving a prev_bio pointer in place that is becoming bogus, only in a different object before and after the patch. But after the patch, that bogus pointer is due to a separate bug in BIO_push(3), which we are planning to fix afterwards. Joint work with and OK tb@. | ||
| 6ae54a3b | 2022-12-06 02:12:05 | arithmethic -> arithmetic | ||
| 447c6881 | 2022-12-04 08:22:13 | Fix warnings about binding changed to STB_WEAK on i386 Compiling libc on i386 results in compiler warnings for bcmp, bzero, bcopy, brk, and sbrk. Use ENTRY_NB instead of ENTRY to avoid this. ok jca millert | ||
| abb018e1 | 2022-12-03 15:02:30 | Add ENTRY_NB() and use it for brk.S and sbrk.S on riscv64 NB for "No Binding". This gets us rid of clang-13 warnings about a global symbol redefined as weak. Mostly a copy of what guenther@ already implemented on other archs. ok guenther@ tb@ | ||
| f63f57b6 | 2022-12-02 22:58:56 | Drop 'perhaps a little', plus grammar and spelling nits BIO_push() and BIO_pop() are misnamed. No need to gently and politely suggest that their 'names [...] are perhaps a little misleading'. | ||
| 66c15192 | 2022-12-02 19:44:04 | Revert bio_prev removal As schwarze points out, you can pop any BIO in a chain, not just the first one (bonus points for a great name for this API). The internal doubly linked was used to fix up the BIO chain bio was part of when you BIO_pop() a bio that wasn't in the first position, which is explicitly allowed in our documentation and implied by OpenSSL's. | ||
| 96b95d32 | 2022-12-02 12:27:08 | Drop _C_LABEL() uses in riscv64-specific code _C_LABEL() was useful in the a.out->ELF transition days, way before RISC-V was a thing. Also drop uses of _ASM_LABEL() while here, suggested by guenther@ ok guenther@ | ||
| af021b53 | 2022-12-02 10:57:12 | When checking if we're implied we must also check if we're working on a string or an oid, else we can generate invalid OIDs. Found by bluhm@ on powerpc64 OK bluhm@ | ||
| 3422461a | 2022-12-01 21:59:54 | Update reference to table generation | ||
| 8a0b2fe2 | 2022-12-01 05:33:55 | Mark the X509_V_FLAG_CB_ISSUER_CHECK flag as deprecated | ||
| 79abbea6 | 2022-12-01 05:27:04 | Annotate X509_V_FLAG_CB_ISSUER_CHECK as deprecated and unused | ||
| 89e62afd | 2022-12-01 05:20:30 | Retire X509_V_FLAG_CB_ISSUER_CHECK This flag has been deprecated in OpenSSL 1.1 and has not had an effect since. This way we can simplify the default check_issued() callback, which helpfully has its arguments reversed compared to the public API X509_check_issued(). ok jsing | ||
| 43f73684 | 2022-12-01 05:16:08 | Getters and setters for the check_issued() callback Open62541 uses X509_STORE_CTX_get_check_issued(), so provide it along with X509_STORE_{get,set}_check_issued(). As you would expect, they all return or take an X509_STORE_CTX_check_issued_fn. The getters aren't const in OpenSSL 1.1, but they now are in OpenSSL 3... These will be made available in the next minor bump and will ship in the stable release of LibreSSL 3.7 Part of OpenSSL commit 1060a50b See also https://github.com/libressl-portable/portable/issues/748 ok beck jsing | ||
| dd1a6ee8 | 2022-12-01 02:58:31 | BN_one() can fail, check its return value. ok tb@ |