summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Deassert delete_if() callbackstb2023-04-281-5/+7
| | | | | | | | Add sk_is_sorted() checks to the callers of sk_X509_POLICY_NODE_delete_if() and add a comment that this is necessary. with beck ok jsing
* Deassert x509_policy_level_find()tb2023-04-281-18/+27
| | | | | | | | Move the check that level->nodes is sorted to the call site and make sure that the logic is preserved and erroring does the right thing. with beck ok jsing
* Deassert X509_policy_check()tb2023-04-281-2/+3
| | | | | | | | Instead of asserting that i == num_certs - 2, simply make that an error check. with beck ok jsing
* Deassert x509_policy_level_add_nodes()tb2023-04-281-10/+1
| | | | | | | | | This assert is in debugging code that ensures that there are no duplicate nodes on this level. This is an expensive and unnecessary check. Duplicates already cause failures as ensured by regress. with beck ok jsing
* Deassert x509_policy_new()tb2023-04-281-3/+4
| | | | | | | Turn the check into an error which will make all callers error. with beck ok jsing
* Rearrange freeing of memory in the regress testjob2023-04-281-13/+9
|
* Reorder the text such that every function is discussed only onceschwarze2023-04-281-46/+41
| | | | | | | | | | | instead of discussing some of them at two different places. Also follow a more logical order: initialization first, then reading and writing, then retrieving the digest and reinitialization. Leave context handling and chain duplication at the end because both are rarely needed. While here, also tweak the wording of the shuffled text and add some precision in a few places.
* make the policy test compile on sparc64tb2023-04-281-5/+6
|
* Add X509_REQ_add_extensions and to X509_REQ_add1_attr to DER cache testjob2023-04-281-1/+139
| | | | | These new tests won't bubble up a non-zero error exit code because other libcrypto bits still need to land first.
* Cleanup pass over x509_check_policy.ctb2023-04-281-73/+72
| | | | | | This hoists variable declarations to the top and compiles with -Wshadow. ok beck
* Hook up the the x509 policy regression tests to x509 regress.beck2023-04-282-3/+4
| | | | | | | | | These were adapted from BoringSSL's regress tests for x509 policy. They are currently marked as expected to fail as we have not enabled LIBRESSL_HAS_POLICY_DAG by default yet, and the old tree based policy code from OpenSSL is special. These tests pass when we build with LIBRESSL_HAS_POLICY_DAG.
* Fix copyright, convert boringssl comments to C stylebeck2023-04-281-30/+51
|
* KNFbeck2023-04-281-17/+15
| | | | ok knfmt
* remove unused code.beck2023-04-281-82/+7
|
* remove debugging printfbeck2023-04-281-2/+1
|
* This test should not have V_EXPLICIT_POLICY set. with thisbeck2023-04-281-3/+1
| | | | corrected we pass
* Add the rest of the boringssl policy unit tests.beck2023-04-281-4/+223
| | | | | We currently still fail two of these, looks like one more bug in extracting the depth for require policy from the certificate..
* Convert size_t's used in conjuction with sk_X509_num back to int.beck2023-04-271-12/+12
| | | | | | | | | | | The lets the regress in x509/policy pass instead of infinite looping. The changes are necessry because our sk_num() returns an int with 0 for empty and -1 for NULL, wheras BoringSSL's returns a size_t with 0 for both an empty stack and a NULL stack. pair work with tb@ ok tb@ jsing@
* Also list the command constants not associated with any macros,schwarze2023-04-271-3/+29
| | | | and point to their documentation.
* correct test cases to add expected errors.beck2023-04-271-2/+30
|
* Start of an x509 policy regress test. test cases from BoringSSL.beck2023-04-2729-0/+801
| | | | | | Still a work in progress adapting tests from boringssl x509_test.cc but dropping in here for tb to be able to look at and run as well since the new stuff still has bugs.
* tlsexttest: check additional logic in tlsext randomizationtb2023-04-271-1/+103
| | | | | | | This verifies that we put PSK always last and that the Apache 2 special does what it is supposed to do. There is also some weak validation of the Fisher-Yates shuffle that will likely catch errors introduced in tlsext_randomize_build_order()
* ssl_tlsext.c: Add an accessor for the tls extension type.tb2023-04-271-1/+7
| | | | | | Needed for the tlsexttest.c ok jsing
* Somehow I managed not to bump LIBRESSL_VERSION_NUMBERtb2023-04-271-2/+2
| | | | reported by aja
* EC_KEY_{get,insert}_key_method_data() are no longer availabletb2023-04-271-41/+2
|
* One more reciprocal thing hid in here (yay for consistent naming)tb2023-04-271-2/+1
|
* Remove stale references to BN reciprocal stufftb2023-04-272-8/+5
|
* Remove documentation of reciprocal BN which is now internal onlytb2023-04-272-276/+1
|
* Remove documentation of GF2m point stufftb2023-04-271-47/+7
|
* EC_GROUP_new() Strip out complications due to binary curves.tb2023-04-271-79/+11
|
* Remove stale reference to BN_GF2m_add()tb2023-04-271-2/+1
|
* Remove BN_GF2m_add.3tb2023-04-272-516/+1
|
* Remove mention of EC_GFp_nist_method and add back a .Pp that wastb2023-04-271-6/+2
| | | | accidentally dropped
* Remove braces around single lines statements using knfmt -stb2023-04-271-84/+49
| | | | Pointed out by anton
* Rework simple allocation and free functions in x509_policy.ctb2023-04-271-32/+36
| | | | | | | Use calloc() instead of malloc/memset and make free functions look the same as elsewhere in the tree. ok beck jsing
* Remove dangling references to BN_get0_nist_prime_521(3)tb2023-04-272-9/+6
|
* Move EC_POINT_{get,set}_Jprojective_coordinates to ec_local.htb2023-04-272-10/+12
|
* Nuke doxygen noisetb2023-04-271-421/+37
|
* Remove documentation of no longer supported EC methodstb2023-04-271-46/+5
|
* Remove NIST prime documentationtb2023-04-272-202/+0
|
* Stop installing NIST prime documentationtb2023-04-271-3/+1
|
* Remove a useless doxygen commenttb2023-04-271-5/+1
|
* Make x509_policy.c compile with gcc 4.tb2023-04-261-17/+26
| | | | ok beck
* Add test for invalidation of DER cache for X509_CRL_* setter functionsjob2023-04-261-15/+171
| | | | | The program won't exit with a non-zero exit code if X509_CRL_set_* tests fail, as the relevant bits haven't been committed to libcrypto yet.
* Allow compiling with -DHAS_DAG to enable the policy check with a DAG.tb2023-04-261-1/+4
| | | | ok beck
* Turn C++ comments into C comments and minor KNF fixupstb2023-04-261-170/+264
|
* Clean up X509 memory before exitjob2023-04-261-1/+4
|
* KNF according to knfmt(1)tb2023-04-261-515/+600
|
* Zap trailing whitespacetb2023-04-261-3/+1
|
* Add RCS tagtb2023-04-261-0/+1
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 23:07:36 +0000