openbsd
3 years agoflesh out veb(4)/vport description a bit, spell out in more words what
sthen [Thu, 28 Oct 2021 15:06:36 +0000 (15:06 +0000)]
flesh out veb(4)/vport description a bit, spell out in more words what
is meant by "independently of the host network stack"

feedback jmc dlg

3 years agounwrap a line
tb [Thu, 28 Oct 2021 14:24:08 +0000 (14:24 +0000)]
unwrap a line

3 years agoLimit how many FileAndHash entries a single manifest may contain
job [Thu, 28 Oct 2021 13:51:42 +0000 (13:51 +0000)]
Limit how many FileAndHash entries a single manifest may contain

OK claudio@

3 years agoDon't fetch files larger than 2MB
job [Thu, 28 Oct 2021 13:50:29 +0000 (13:50 +0000)]
Don't fetch files larger than 2MB

OK claudio@

3 years agodocument X509_to_X509_REQ(3)
schwarze [Thu, 28 Oct 2021 13:23:19 +0000 (13:23 +0000)]
document X509_to_X509_REQ(3)

3 years agosort
tb [Thu, 28 Oct 2021 13:13:03 +0000 (13:13 +0000)]
sort

3 years agoProvide --max-size and --min-size arguments. Currently ignored but
claudio [Thu, 28 Oct 2021 13:07:43 +0000 (13:07 +0000)]
Provide --max-size and --min-size arguments. Currently ignored but
rpki-client wants --max-size and this will unblock that work.
With job@

3 years agosync
sthen [Thu, 28 Oct 2021 12:01:56 +0000 (12:01 +0000)]
sync

3 years agoLimit the size of the base64 blob inside the RRDP XML to be less than
claudio [Thu, 28 Oct 2021 11:57:00 +0000 (11:57 +0000)]
Limit the size of the base64 blob inside the RRDP XML to be less than
MAX_FILE_SIZE after base64 decoding it. This way hostile RRDP servers
do less damage.
OK beck@ tb@

3 years agoMechanical KNF in preparation for changing
beck [Thu, 28 Oct 2021 11:55:43 +0000 (11:55 +0000)]
Mechanical KNF in preparation for changing

3 years agoAdd headers normally contained in include/openssl, verbatim from 1.1.1
beck [Thu, 28 Oct 2021 11:23:07 +0000 (11:23 +0000)]
Add headers normally contained in include/openssl, verbatim from 1.1.1

3 years agoImport Certificate Transparency verbatim from OpenSSL 1.1.1
beck [Thu, 28 Oct 2021 11:21:03 +0000 (11:21 +0000)]
Import Certificate Transparency verbatim from OpenSSL 1.1.1

This is not yet hooked up and will not compile. Follow on commits
will KNF and then make it build.

ok jsing@ tb@

3 years agoopenssl-ruby tests: rework for x509_alt.c r1.3 and r1.5.
tb [Thu, 28 Oct 2021 11:01:19 +0000 (11:01 +0000)]
openssl-ruby tests: rework for x509_alt.c r1.3 and r1.5.

ruby can no longer generate certs with bogus wildcards in it to check
that they will fail to verify when creating TLS connections. It will
throw an error. This change needs openssl-ruby-tests-20211024p0 or later
to work.

3 years agoBring back r1.3, ok beck
tb [Thu, 28 Oct 2021 10:58:23 +0000 (10:58 +0000)]
Bring back r1.3, ok beck

Original commit message from beck:

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

3 years agoAccept server replies from any server port
kn [Thu, 28 Oct 2021 09:44:49 +0000 (09:44 +0000)]
Accept server replies from any server port

There is no requirement other than replying to client port 68/udp
as per RFC 2131, so drop the 67/udp check.

Same conclusion from florian
Reported and tested by Roc Vallès < vallesroc AT gmail DOT com>, thanks!

3 years agoDon't exit in certain cases on failures to parse x509 objects.
beck [Thu, 28 Oct 2021 09:02:19 +0000 (09:02 +0000)]
Don't exit in certain cases on failures to parse x509 objects.

In most cases we already warn and continue if someone sends us malformed
x509 objects. This makes this consistent behaviour in all places
so that if someone passes in bogus X509, We end up failing their entry
and continuing rather than exiting.

We still exit on memory/system failures so that a future run of rpki
client can simply do better when the machine is perhaps less hammered
on

ok job@ claudio@

3 years agoadd proper declaration for addr in dt_prov_kprobe_hook
jasper [Thu, 28 Oct 2021 08:47:40 +0000 (08:47 +0000)]
add proper declaration for addr in dt_prov_kprobe_hook

3 years agoincrement SSH_SK_VERSION_MAJOR to match last change
djm [Thu, 28 Oct 2021 02:55:30 +0000 (02:55 +0000)]
increment SSH_SK_VERSION_MAJOR to match last change

3 years agoWhen downloading resident keys from a FIDO token, pass back the
djm [Thu, 28 Oct 2021 02:54:18 +0000 (02:54 +0000)]
When downloading resident keys from a FIDO token, pass back the
user ID that was used when the key was created and append it to
the filename the key is written to (if it is not the default).

Avoids keys being clobbered if the user created multiple
resident keys with the same application string but different
user IDs.

feedback Pedro Martelletto; ok markus

NB. increments SSH_SK_VERSION_MAJOR

3 years agoFix HISTORY section: 6.9 -> 7.0
tb [Wed, 27 Oct 2021 22:11:21 +0000 (22:11 +0000)]
Fix HISTORY section: 6.9 -> 7.0

3 years agoAdd limits on size of certain untrusted inputs
beck [Wed, 27 Oct 2021 21:56:58 +0000 (21:56 +0000)]
Add limits on size of certain untrusted inputs

ok job@

3 years agocreate directory for libxcvt headers
matthieu [Wed, 27 Oct 2021 21:31:31 +0000 (21:31 +0000)]
create directory for libxcvt headers

3 years agoextend checks of ensuring there's valid CTF data before attempting to use it.
jasper [Wed, 27 Oct 2021 21:21:35 +0000 (21:21 +0000)]
extend checks of ensuring there's valid CTF data before attempting to use it.

3 years agoLimit length on URIs
job [Wed, 27 Oct 2021 18:09:08 +0000 (18:09 +0000)]
Limit length on URIs

OK beck@

3 years agoThe crypto layer needs the kernel lock. ah_zeroize() takes it when
bluhm [Wed, 27 Oct 2021 16:58:44 +0000 (16:58 +0000)]
The crypto layer needs the kernel lock.  ah_zeroize() takes it when
called from tdb_walk().  tdb_walk() needs mutex tdb_sadb_mtx to
protect the loop traversal.  First take the kernel lock in tdb_walk()
to preserve lock order.
found by witness
OK tobhe@ mvs@

3 years agouse db_get_probe_addr() instead of handrolling the expression wrapped in ifdef
jasper [Wed, 27 Oct 2021 15:18:12 +0000 (15:18 +0000)]
use db_get_probe_addr() instead of handrolling the expression wrapped in ifdef

ok mpi@

3 years agonew manual page X509_REQ_add_extensions(3)
schwarze [Wed, 27 Oct 2021 14:54:07 +0000 (14:54 +0000)]
new manual page X509_REQ_add_extensions(3)
documenting six functions for extensions in certification requests

3 years agoReplace 'DIAGNOSTIC' block within soqinsque() by KASSERT(9).
mvs [Wed, 27 Oct 2021 13:41:09 +0000 (13:41 +0000)]
Replace 'DIAGNOSTIC' block within soqinsque() by KASSERT(9).

ok sashan@

3 years agoadd some .Xrs involving recently added pages
schwarze [Wed, 27 Oct 2021 11:24:47 +0000 (11:24 +0000)]
add some .Xrs involving recently added pages

3 years agominor tweaks to wording and punctuation,
schwarze [Wed, 27 Oct 2021 11:22:57 +0000 (11:22 +0000)]
minor tweaks to wording and punctuation,
and add .Xrs to relevant objects

3 years agoMinor tweaks:
schwarze [Wed, 27 Oct 2021 10:35:43 +0000 (10:35 +0000)]
Minor tweaks:
* Say "number of bytes" instead of "length of bytes".
* Remove mention of a BUGS section that exists neither here nor in OpenSSL.
* List all authors who contributed Copyright-worthy amounts of text.
* Remove years from the Copyright line that saw no non-trivial changes.
* Add the year 2014: that's when Emilia wrote the i2d_re_X509_tbs() text.
* Improve merge comments.

3 years agoRevert version 1.3 - not allowing the creation of bogus certificates
beck [Wed, 27 Oct 2021 10:22:08 +0000 (10:22 +0000)]
Revert version 1.3 - not allowing the creation of bogus certificates
breaks the ruby regression tests that expect to make bogus certificates
and see that they are rejected :(

I am reverting this for now to make the regress tests pass, and will
bring it back if we decide to patch the regress tests to remove the
problem cases

3 years agoFix to correctly parse the 'to' time into the to_tm
beck [Wed, 27 Oct 2021 09:56:43 +0000 (09:56 +0000)]
Fix to correctly parse the 'to' time into the to_tm

3 years agoAdd ASN1_TIME_diff from OpenSSL.
beck [Wed, 27 Oct 2021 09:50:56 +0000 (09:50 +0000)]
Add ASN1_TIME_diff from OpenSSL.

The symbol is not yet exposed and will show up with tb@'s forthcoming bump

ok tb@ jsing@

3 years agofix spello in comment
jasper [Wed, 27 Oct 2021 09:09:55 +0000 (09:09 +0000)]
fix spello in comment

3 years agoMention vether(4) and mpip(4) interfaces in the create list
solene [Wed, 27 Oct 2021 06:36:51 +0000 (06:36 +0000)]
Mention vether(4) and mpip(4) interfaces in the create list

ok benno@ dlg@

3 years agoregen
visa [Wed, 27 Oct 2021 03:25:11 +0000 (03:25 +0000)]
regen

3 years agoUnlock the kevent(2) system call.
visa [Wed, 27 Oct 2021 03:24:44 +0000 (03:24 +0000)]
Unlock the kevent(2) system call.

Tested by mpi@ and tb@

OK mpi@

3 years agobackport a perl patch to avoid excessive warnings with llvm 13 clang
jsg [Wed, 27 Oct 2021 02:27:34 +0000 (02:27 +0000)]
backport a perl patch to avoid excessive warnings with llvm 13 clang

originally from Tony Cook in
skip using gcc brace groups for STMT_START/END
7169efc77525df70484a824bff4ceebd1fafc760

looks fine millert@ ok afresh1@

3 years agoMerge documentation for i2d_re_X509*_tbs(3) from OpenSSL 1.1
tb [Tue, 26 Oct 2021 23:37:56 +0000 (23:37 +0000)]
Merge documentation for i2d_re_X509*_tbs(3) from OpenSSL 1.1

3 years agoupdate to libfido2 1.8.0; ok sthen@ "timing is fine" deraadt@
djm [Tue, 26 Oct 2021 21:36:23 +0000 (21:36 +0000)]
update to libfido2 1.8.0; ok sthen@ "timing is fine" deraadt@

3 years agospelling fixes;
jmc [Tue, 26 Oct 2021 18:50:38 +0000 (18:50 +0000)]
spelling fixes;

3 years agosync
tb [Tue, 26 Oct 2021 18:17:09 +0000 (18:17 +0000)]
sync

3 years agoinstall X509_get_extension_flags.3 and X509_SIG_get0.3
tb [Tue, 26 Oct 2021 18:11:04 +0000 (18:11 +0000)]
install X509_get_extension_flags.3 and X509_SIG_get0.3

3 years agoRemove a line documenting that X509_get_X509_PUBKEY(3) is missing
tb [Tue, 26 Oct 2021 18:05:07 +0000 (18:05 +0000)]
Remove a line documenting that X509_get_X509_PUBKEY(3) is missing

discussed with schwarze

3 years agoDocument X509_get0_pubkey.3
tb [Tue, 26 Oct 2021 18:04:24 +0000 (18:04 +0000)]
Document X509_get0_pubkey.3

3 years agoDocument new signature of X509_get_X509_PUBKEY() and remove claim
tb [Tue, 26 Oct 2021 18:01:00 +0000 (18:01 +0000)]
Document new signature of X509_get_X509_PUBKEY() and remove claim
that the API is implemented as a macro. This will change in an
upcoming bump.

3 years agoAdd tlsfeature NID
job [Tue, 26 Oct 2021 17:35:38 +0000 (17:35 +0000)]
Add tlsfeature NID

OK beck@ tb@

3 years agoMake proto config option accept a list to allow specifying multiple
tobhe [Tue, 26 Oct 2021 17:31:22 +0000 (17:31 +0000)]
Make proto config option accept a list to allow specifying multiple
protocols for a single policy, e.g. "proto { ipencap, ipv6 }".

feedback and ok benno@
ok patrick@

3 years agoAdjust regress to the new BIO-free world order.
claudio [Tue, 26 Oct 2021 16:59:54 +0000 (16:59 +0000)]
Adjust regress to the new BIO-free world order.

3 years agoMove load_file() to encoding.c so that regress can use the function.
claudio [Tue, 26 Oct 2021 16:59:19 +0000 (16:59 +0000)]
Move load_file() to encoding.c so that regress can use the function.

3 years agoAdd a new TEMPerHUM device id. style tweak deraadt@, ok mlarkin@
matthieu [Tue, 26 Oct 2021 16:49:12 +0000 (16:49 +0000)]
Add a new TEMPerHUM device id. style tweak deraadt@, ok mlarkin@

3 years agoImprove unhibernate performance (30% on some machines, another upcoming diff
deraadt [Tue, 26 Oct 2021 16:29:49 +0000 (16:29 +0000)]
Improve unhibernate performance (30% on some machines, another upcoming diff
shows gains up to 50%) by skipping attach of irrelevant devices, which are
tagged CD_SKIPHIBERNATE in the per-driver cfdriver.  In particular, usb devices
are not attached, so they don't need to detach during the suspend-unpack-resume.
New bootblocks are required (which tell the kernel it's job is unhibernate
before configure runs)
tested by various

3 years agoRefactor the tal parsing code to use the same load_file() and buffer
claudio [Tue, 26 Oct 2021 16:12:54 +0000 (16:12 +0000)]
Refactor the tal parsing code to use the same load_file() and buffer
passing as done for the other parsers.
OK job@ tb@

3 years agoGeneralise "nameserver" workings
kn [Tue, 26 Oct 2021 15:48:25 +0000 (15:48 +0000)]
Generalise "nameserver" workings

The generated route message is not at all resolvd(8) specific.
Mention how unwind(8) reacts to proposals as well.

"Broadcast" wording deraadt jmc
OK millert

3 years agoAdd RFC 3779 checks to both legacy and new verifier
job [Tue, 26 Oct 2021 15:14:18 +0000 (15:14 +0000)]
Add RFC 3779 checks to both legacy and new verifier

OK beck@

3 years agoFree memory on text exit to make asan quieter
beck [Tue, 26 Oct 2021 14:34:02 +0000 (14:34 +0000)]
Free memory on text exit to make asan quieter

ok tb@

3 years agoEnable vmx(4) on arm64. Tested using VMware Fusion on the Apple M1.
patrick [Tue, 26 Oct 2021 14:20:47 +0000 (14:20 +0000)]
Enable vmx(4) on arm64.  Tested using VMware Fusion on the Apple M1.

ok kettenis@

3 years agosync
deraadt [Tue, 26 Oct 2021 14:15:02 +0000 (14:15 +0000)]
sync

3 years agoOnly flush freshly mapped uncached/device mappings if we have a vm_page for it,
patrick [Tue, 26 Oct 2021 14:13:57 +0000 (14:13 +0000)]
Only flush freshly mapped uncached/device mappings if we have a vm_page for it,
meaning we make sure it is indeed managed memory/RAM and not some MMIO.  Fixes
booting on VMware Fusion (and an older QEMU diff for HVF acceleration).

ok kettenis@

3 years agoAllocate fresh memory to put our device tree into, to make sure we have least
patrick [Tue, 26 Oct 2021 14:10:02 +0000 (14:10 +0000)]
Allocate fresh memory to put our device tree into, to make sure we have least
one page of free space for us to extend into.  Fixes booting on VMware Fusion.

ok kettenis@

3 years agoAlso move the cert parser code away from using BIO.
claudio [Tue, 26 Oct 2021 13:31:05 +0000 (13:31 +0000)]
Also move the cert parser code away from using BIO.
OK beck@

3 years agorpki-client supports RFC8630 TAL files.
claudio [Tue, 26 Oct 2021 13:26:53 +0000 (13:26 +0000)]
rpki-client supports RFC8630 TAL files.

3 years agonew manual page X509_REQ_add1_attr(3) documenting nine functions
schwarze [Tue, 26 Oct 2021 12:56:48 +0000 (12:56 +0000)]
new manual page X509_REQ_add1_attr(3) documenting nine functions
for X.501 Attributes in PKCS#10 certification requests

3 years agocorrect a wrong function name below RETURN VALUES
schwarze [Tue, 26 Oct 2021 12:45:31 +0000 (12:45 +0000)]
correct a wrong function name below RETURN VALUES

3 years agoAccept some emacs control keys in vi normal mode, from Alexis
nicm [Tue, 26 Oct 2021 12:29:41 +0000 (12:29 +0000)]
Accept some emacs control keys in vi normal mode, from Alexis
Hildebrandt in GitHub issue 2922.

3 years agoDo not allow inline styles to replace mode-style for the selected item,
nicm [Tue, 26 Oct 2021 12:22:23 +0000 (12:22 +0000)]
Do not allow inline styles to replace mode-style for the selected item,
from Alexis Hildebrandt in GitHub issue 2946.

3 years agoChange CMS and CRL d2i functions from their BIO version to passing the
claudio [Tue, 26 Oct 2021 10:52:49 +0000 (10:52 +0000)]
Change CMS and CRL d2i functions from their BIO version to passing the
der buffer instead. The file are loaded early in the entity processing
loop.
OK tb@

3 years agodocument X509_REQ_dup(3)
schwarze [Tue, 26 Oct 2021 10:50:08 +0000 (10:50 +0000)]
document X509_REQ_dup(3)

3 years agoRemove more occurences of O_RDONLY in our bootloaders.
patrick [Tue, 26 Oct 2021 10:45:55 +0000 (10:45 +0000)]
Remove more occurences of O_RDONLY in our bootloaders.

"just do it" deraadt@

3 years agodocument d2i_X509_PUBKEY(3) and i2d_X509_PUBKEY(3);
schwarze [Tue, 26 Oct 2021 10:01:23 +0000 (10:01 +0000)]
document d2i_X509_PUBKEY(3) and i2d_X509_PUBKEY(3);
while here, apply the usual conventions for naming d2i and i2d arguments

3 years agoValidate Subject Alternate Names when they are being added to certificates.
beck [Tue, 26 Oct 2021 09:09:53 +0000 (09:09 +0000)]
Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

3 years agoRevise regress for removal of SSL_SESSION_INTERNAL.
jsing [Tue, 26 Oct 2021 06:24:47 +0000 (06:24 +0000)]
Revise regress for removal of SSL_SESSION_INTERNAL.

3 years agoThe implementation of ipsp_spd_inp() is side effect free. It may
bluhm [Mon, 25 Oct 2021 22:20:47 +0000 (22:20 +0000)]
The implementation of ipsp_spd_inp() is side effect free.  It may
set the error output parameter or return a tdb.  Both are ignored
in in_pcbconnect().  Remove the code that does nothing.
OK tobhe@ jca@ mvs@

3 years agoAdd a way to force a colour to RGB and a format to display it.
nicm [Mon, 25 Oct 2021 21:21:16 +0000 (21:21 +0000)]
Add a way to force a colour to RGB and a format to display it.

3 years agoMissing Pp, from Alexis Hildebrandt.
nicm [Mon, 25 Oct 2021 20:32:42 +0000 (20:32 +0000)]
Missing Pp, from Alexis Hildebrandt.

3 years agoZap unused variables/functions under /usr/src/*bin/
kn [Mon, 25 Oct 2021 19:54:29 +0000 (19:54 +0000)]
Zap unused variables/functions under /usr/src/*bin/

OK deraadt

3 years agoremove dtp_mtx which protected dtp_ref; the code is always called with KERNEL_LOCK...
millert [Mon, 25 Oct 2021 19:51:12 +0000 (19:51 +0000)]
remove dtp_mtx which protected dtp_ref; the code is always called with KERNEL_LOCK() held

3 years agoRefactor the proc_parser code, move the processing of enities into its
claudio [Mon, 25 Oct 2021 18:25:22 +0000 (18:25 +0000)]
Refactor the proc_parser code, move the processing of enities into its
own function and make a few vars global to simplify the code.
OK tb@

3 years agoCall a locked variant of tdb_unlink() from tdb_walk(). Fixes a
bluhm [Mon, 25 Oct 2021 18:25:01 +0000 (18:25 +0000)]
Call a locked variant of tdb_unlink() from tdb_walk().  Fixes a
mutex locking against myself panic introduced by my previous commit.
OK beck@ patrick@

3 years agoremove dtp_mtx which protected dtp_ref; the code is always called with KERNEL_LOCK...
jasper [Mon, 25 Oct 2021 17:15:29 +0000 (17:15 +0000)]
remove dtp_mtx which protected dtp_ref; the code is always called with KERNEL_LOCK() held

discussed with and OK mpi@

3 years agoProtect the tdb hashes with a mutex. Move initialization out of
bluhm [Mon, 25 Oct 2021 16:00:12 +0000 (16:00 +0000)]
Protect the tdb hashes with a mutex.  Move initialization out of
the processing path.  If rehashing fails due to low memory, just
keep the old hash buckets.
OK tobhe@

3 years agoRemove unused variables to silence clang.
patrick [Mon, 25 Oct 2021 15:59:46 +0000 (15:59 +0000)]
Remove unused variables to silence clang.

ok kettenis@

3 years agosort
tb [Mon, 25 Oct 2021 15:23:50 +0000 (15:23 +0000)]
sort

3 years agosync
tb [Mon, 25 Oct 2021 15:19:12 +0000 (15:19 +0000)]
sync

3 years agosort. alphanumerics have lower ASCII values than '_'
tb [Mon, 25 Oct 2021 15:16:35 +0000 (15:16 +0000)]
sort. alphanumerics have lower ASCII values than '_'

3 years agoInstall SSL_read_early_data.3. I should have done this during the last
tb [Mon, 25 Oct 2021 15:13:52 +0000 (15:13 +0000)]
Install SSL_read_early_data.3. I should have done this during the last
libssl bump.

3 years ago- add regression tests for pfctl '$rn' macro expansion
sashan [Mon, 25 Oct 2021 14:56:47 +0000 (14:56 +0000)]
- add regression tests for pfctl '$rn' macro expansion

OK @bluhm

3 years agotypos in comments, from jj, reported by Elyes Haouas on irc
sthen [Mon, 25 Oct 2021 14:53:15 +0000 (14:53 +0000)]
typos in comments, from jj, reported by Elyes Haouas on irc

3 years ago- pfctl $nr incorrect macro expansion
sashan [Mon, 25 Oct 2021 14:50:29 +0000 (14:50 +0000)]
- pfctl $nr incorrect macro expansion

Issue reported by Kristof Provost from FreeBSD.
[ https://reviews.freebsd.org/D32488 ]

In order to fix the issue we must delay '$nr' macro
expansion after optimizer collapses ruleset.

OK kn@

3 years agoRevert accidental change.
jca [Mon, 25 Oct 2021 14:41:09 +0000 (14:41 +0000)]
Revert accidental change.

Dunno why this ended up here, cvs is always full of surprises.

3 years agoMake brk() and sbrk() weak again as intended.
jca [Mon, 25 Oct 2021 14:38:10 +0000 (14:38 +0000)]
Make brk() and sbrk() weak again as intended.

Apparently spotted by mortimer@ while working on clang 13 and amd64.
No actual change on sparc64 as this architecture still uses ld.bfd.
ok kettenis@

3 years agoMake brk() and sbrk() weak again as intended.
kettenis [Mon, 25 Oct 2021 14:19:51 +0000 (14:19 +0000)]
Make brk() and sbrk() weak again as intended.

ok jca@

3 years agovi(1): fix use after free with unsaved buffer
dv [Mon, 25 Oct 2021 14:17:24 +0000 (14:17 +0000)]
vi(1): fix use after free with unsaved buffer

Issuing a zero-arg ex_edit command (:e) while using a named buffer
with no backing file caused vi(1)/ex(1) to free the strings
representing the buffer name and the name of the temporary file.
This change detects the situation and only frees the newly allocated
EXF structure (ep).

Reported on bugs@ by kn@.

OK millert@

3 years agoHook up the print.c functions in rpki-client
claudio [Mon, 25 Oct 2021 14:08:34 +0000 (14:08 +0000)]
Hook up the print.c functions in rpki-client

3 years agoRemove unused variables
claudio [Mon, 25 Oct 2021 14:07:56 +0000 (14:07 +0000)]
Remove unused variables

3 years agoNuke a bunch of pointless #ifndef _<.h file>/#endif guards.
krw [Mon, 25 Oct 2021 13:51:25 +0000 (13:51 +0000)]
Nuke a bunch of pointless #ifndef _<.h file>/#endif guards.

3 years agonew manual page EVP_PKCS82PKEY(3), also documenting EVP_PKEY2PKCS8(3)
schwarze [Mon, 25 Oct 2021 13:48:12 +0000 (13:48 +0000)]
new manual page EVP_PKCS82PKEY(3), also documenting EVP_PKEY2PKCS8(3)

3 years agonew manual page PKCS8_pkey_set0(3)
schwarze [Mon, 25 Oct 2021 12:25:14 +0000 (12:25 +0000)]
new manual page PKCS8_pkey_set0(3)
documenting four PKCS#8 PrivateKeyInfo accessors

3 years agoAdd missing RCS markers
tb [Mon, 25 Oct 2021 11:55:27 +0000 (11:55 +0000)]
Add missing RCS markers