openbsd/src, branch libressl-v3.5.1A mirror of https://github.com/libressl/openbsd.git
https://git.lua4.win/openbsd/atom?h=libressl-v3.5.12022-03-13T17:23:02+00:00Relax the check of x509_constraints_dirname()2022-03-13T17:23:02+00:00tb2022-03-13T17:23:02+00:00urn:sha1:80a47514c89065d34f61afd4698b0f8182c45d60
The dirname constraint must be a prefix in DER format, so relax the
check from requiring equal-length strings to allow shorter names also.
From Alex Wilson
ok jsing
Add x509_constraints_validate() to x509_internal.h2022-03-13T17:08:04+00:00tb2022-03-13T17:08:04+00:00urn:sha1:cd66e82e3090c8e0b602600f92762eec03e1f998
From Alex Wilson
ok jsing
Check name constraints using the proper API2022-03-13T16:48:49+00:00tb2022-03-13T16:48:49+00:00urn:sha1:7bdf8508440bb6ad889ebb6210b36e2e45db8c79
The previous versions were too strict and disallowed leading dots.
From Alex Wilson
ok jsing
style tweak2022-03-13T16:30:31+00:00tb2022-03-13T16:30:31+00:00urn:sha1:6a05251669a841118ef2afb995c9fdf4ec6f7abfAdd missing error check after strdup()2022-03-13T16:25:58+00:00tb2022-03-13T16:25:58+00:00urn:sha1:eb5306b751b98d33dc4833a353cd77e6e3a9d3ad
From Alex Wilson
ok jsing
Remove free_cont from asn1_d2i_ex_primitive()/asn1_ex_c2i().2022-03-13T14:58:14+00:00jsing2022-03-13T14:58:14+00:00urn:sha1:fa2518a98adbc41d019ee1af4e3eb7fd994861b2
The constructed ASN.1 handling in asn1_d2i_ex_primitive() and asn1_ex_c2i()
currently has code to potentially avoid a malloc/memcpy - this is a less
common code path and it introduces a bunch of complexity for minimal gain.
In particular, we're manually adding a trailing NUL when ASN1_STRING_set()
would already do that for us, plus we currently manually free() the data on
an ASN1_STRING, rather than using freezero().
ok inoguchi@ tb@
Factor out change cipher spec handing code in the legacy stack.2022-03-12T12:53:03+00:00jsing2022-03-12T12:53:03+00:00urn:sha1:8eb1efc13e25a74ea09b172249b5103c0855f2ee
Factor out the code that handles the processing of a change cipher spec
message that has been read in the legacy stack, deduplicating code in the
DTLS stack.
ok inoguchi@ tb@
Simple regress for NULL deref reported by Guido Vranken and fixed in2022-03-10T04:39:49+00:00tb2022-03-10T04:39:49+00:00urn:sha1:3e1c152af61679fc5c529fbc336288c13b53eb61
bn_exp2.c r1.13.
unsusual -> unusual2022-03-10T00:55:50+00:00jsg2022-03-10T00:55:50+00:00urn:sha1:fb5a8fa7eb25d37be97f96c08a86d2eef631572cSome more c99 initializers for consistency and readability2022-03-08T16:59:25+00:00tb2022-03-08T16:59:25+00:00urn:sha1:f93947eafd149c34ec78cdf5d25d1f34229a33bb