summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Hook up the the x509 policy regression tests to x509 regress.beck2023-04-282-3/+4
| | | | | | | | | These were adapted from BoringSSL's regress tests for x509 policy. They are currently marked as expected to fail as we have not enabled LIBRESSL_HAS_POLICY_DAG by default yet, and the old tree based policy code from OpenSSL is special. These tests pass when we build with LIBRESSL_HAS_POLICY_DAG.
* Fix copyright, convert boringssl comments to C stylebeck2023-04-281-30/+51
|
* KNFbeck2023-04-281-17/+15
| | | | ok knfmt
* remove unused code.beck2023-04-281-82/+7
|
* remove debugging printfbeck2023-04-281-2/+1
|
* This test should not have V_EXPLICIT_POLICY set. with thisbeck2023-04-281-3/+1
| | | | corrected we pass
* Add the rest of the boringssl policy unit tests.beck2023-04-281-4/+223
| | | | | We currently still fail two of these, looks like one more bug in extracting the depth for require policy from the certificate..
* Convert size_t's used in conjuction with sk_X509_num back to int.beck2023-04-271-12/+12
| | | | | | | | | | | The lets the regress in x509/policy pass instead of infinite looping. The changes are necessry because our sk_num() returns an int with 0 for empty and -1 for NULL, wheras BoringSSL's returns a size_t with 0 for both an empty stack and a NULL stack. pair work with tb@ ok tb@ jsing@
* Also list the command constants not associated with any macros,schwarze2023-04-271-3/+29
| | | | and point to their documentation.
* correct test cases to add expected errors.beck2023-04-271-2/+30
|
* Start of an x509 policy regress test. test cases from BoringSSL.beck2023-04-2729-0/+801
| | | | | | Still a work in progress adapting tests from boringssl x509_test.cc but dropping in here for tb to be able to look at and run as well since the new stuff still has bugs.
* tlsexttest: check additional logic in tlsext randomizationtb2023-04-271-1/+103
| | | | | | | This verifies that we put PSK always last and that the Apache 2 special does what it is supposed to do. There is also some weak validation of the Fisher-Yates shuffle that will likely catch errors introduced in tlsext_randomize_build_order()
* ssl_tlsext.c: Add an accessor for the tls extension type.tb2023-04-271-1/+7
| | | | | | Needed for the tlsexttest.c ok jsing
* Somehow I managed not to bump LIBRESSL_VERSION_NUMBERtb2023-04-271-2/+2
| | | | reported by aja
* EC_KEY_{get,insert}_key_method_data() are no longer availabletb2023-04-271-41/+2
|
* One more reciprocal thing hid in here (yay for consistent naming)tb2023-04-271-2/+1
|
* Remove stale references to BN reciprocal stufftb2023-04-272-8/+5
|
* Remove documentation of reciprocal BN which is now internal onlytb2023-04-272-276/+1
|
* Remove documentation of GF2m point stufftb2023-04-271-47/+7
|
* EC_GROUP_new() Strip out complications due to binary curves.tb2023-04-271-79/+11
|
* Remove stale reference to BN_GF2m_add()tb2023-04-271-2/+1
|
* Remove BN_GF2m_add.3tb2023-04-272-516/+1
|
* Remove mention of EC_GFp_nist_method and add back a .Pp that wastb2023-04-271-6/+2
| | | | accidentally dropped
* Remove braces around single lines statements using knfmt -stb2023-04-271-84/+49
| | | | Pointed out by anton
* Rework simple allocation and free functions in x509_policy.ctb2023-04-271-32/+36
| | | | | | | Use calloc() instead of malloc/memset and make free functions look the same as elsewhere in the tree. ok beck jsing
* Remove dangling references to BN_get0_nist_prime_521(3)tb2023-04-272-9/+6
|
* Move EC_POINT_{get,set}_Jprojective_coordinates to ec_local.htb2023-04-272-10/+12
|
* Nuke doxygen noisetb2023-04-271-421/+37
|
* Remove documentation of no longer supported EC methodstb2023-04-271-46/+5
|
* Remove NIST prime documentationtb2023-04-272-202/+0
|
* Stop installing NIST prime documentationtb2023-04-271-3/+1
|
* Remove a useless doxygen commenttb2023-04-271-5/+1
|
* Make x509_policy.c compile with gcc 4.tb2023-04-261-17/+26
| | | | ok beck
* Add test for invalidation of DER cache for X509_CRL_* setter functionsjob2023-04-261-15/+171
| | | | | The program won't exit with a non-zero exit code if X509_CRL_set_* tests fail, as the relevant bits haven't been committed to libcrypto yet.
* Allow compiling with -DHAS_DAG to enable the policy check with a DAG.tb2023-04-261-1/+4
| | | | ok beck
* Turn C++ comments into C comments and minor KNF fixupstb2023-04-261-170/+264
|
* Clean up X509 memory before exitjob2023-04-261-1/+4
|
* KNF according to knfmt(1)tb2023-04-261-515/+600
|
* Zap trailing whitespacetb2023-04-261-3/+1
|
* Add RCS tagtb2023-04-261-0/+1
|
* Take X509_POLICY_NODE_print() behind the barntb2023-04-264-100/+3
| | | | | | | | This used to be public API but is now only used for debug code that has certainly never been used since it was released to the public. It drags that debug nonsense with it. ok beck
* Add the new policy code to the build.beck2023-04-261-1/+2
| | | | ok tb@ jsing@
* Make the new policy code in x509_policy.c to be selectable at compile time.beck2023-04-2612-15/+106
| | | | | | | The old policy codes remains the default, with the new policy code selectable by defining LIBRESSL_HAS_POLICY_DAG. ok tb@ jsing@
* Add a shim to mimic the BoringSSL sk_delete_if function.beck2023-04-261-0/+23
| | | | | | | We add this locally as a function to avoid delving into the unholy macro madness of STACK_OF(3). ok tb@ jsing@
* Add lookup name+function pointer table for improved diagnosticsjob2023-04-261-4/+29
| | | | OK tb@
* Adapt the sk_find calls from BoringSSL's api to ours.beck2023-04-261-6/+5
| | | | ok tb@ jsing@
* Add the STACK_OF declarations we require.beck2023-04-261-2/+46
| | | | ok tb@ jsing@
* Change OPENSSL_malloc|free|memset and friends to the normal versions.beck2023-04-261-6/+6
| | | | ok tb@ jsing@
* Fix error code goopbeck2023-04-261-5/+8
| | | | ok tb@ jsing@
* Use the correct headers to compile with libresslbeck2023-04-261-5/+4
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-26 03:49:25 +0000