summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* x509_asn1: make this test pass again after reinstating DER preservationtb2023-04-301-5/+5
|
* check_complete.pl: update for recent changes in bntb2023-04-301-4/+3
|
* mandoc -Tlint tells me I forgot to zap a commatb2023-04-301-2/+2
|
* Remove most documentation pertaining to proxy certificates.tb2023-04-306-205/+10
| | | | | Update EXFLAG_PROXY and X509_V_FLAG_ALLOW_PROXY_CERTS documentation since we need to keep them for the time being.
* Remove proxy cert api remmnantstb2023-04-301-9/+1
|
* Remove documentation of BN_generate_prime(), BN_is_prime{,_fasttest}()tb2023-04-301-85/+4
|
* Remove documentation of BN_zero_ex() and update BN_one() and BN_zero()tb2023-04-301-22/+3
| | | | | which are no longer macros (and the latter is no longer deprecated and no longer attempts to allocate memory).
* Garbage collect BN_zero_ex()tb2023-04-301-7/+1
|
* Remove __dead again. Apparently this causes issues for some upstreams.tb2023-04-301-2/+2
| | | | Thanks to orbea for the report
* Revert disablement of the encoding cachejob2023-04-302-4/+17
| | | | | | | | | | | | Without the cache, we verify CRL signatures on bytes that have been pulled through d2i_ -> i2d_, this can cause reordering, which in turn invalidates the signature. for example if in the original CRL revocation entries were sorted by date instead of ascending serial number order. There are probably multiple things we can do here, but they will need careful consideration and planning. OK jsing@
* Send x509_subject_cmp() to the attictb2023-04-301-9/+1
| | | | | | This helper has been inside #if 0 for nearly 25 years. Let it go. If we should ever need it, I'm quite confident that we will be able to come up with its one line body on our own.
* The policy tree is no moretb2023-04-309-527/+11
| | | | | Mop up documentation mentioning it or any of its numerous accessors that almost nothing ever used.
* Zap extra blank linetb2023-04-301-2/+1
|
* Make the descriptions of BIO_get_retry_BIO(3) and BIO_get_retry_reason(3)schwarze2023-04-301-11/+60
| | | | | more precise. Among other improvements, describe the three BIO_RR_* constants serving as reason codes.
* Slightly improve the documentation of the "oper" parameter byschwarze2023-04-301-3/+10
| | | | explicitly listing the valid arguments, i.e. the BIO_CB_* constants.
* Document the eight BIO_CONN_S_* constants that are passed to BIO_info_cb(3)schwarze2023-04-301-2/+36
| | | | | as the "state" argument. Document them here because connect BIOs are the only built-in BIO type using these constants.
* Mark the five BIO_GHBN_* constants as intentionally undocumented.schwarze2023-04-301-2/+7
| | | | | | They are intended to be used by BIO_gethostbyname(), which is deprecated in OpenSSL and already marked as intentionally undocumented in LibreSSL. Besides, these constants are completely unused by anything.
* whitespacetb2023-04-301-2/+2
|
* Sort alphabeticallytb2023-04-301-2/+2
|
* Remove unnecessary targettb2023-04-301-4/+1
|
* policy test: simplify Makefiletb2023-04-301-9/+2
|
* Mention a few standard BIO_ctrl(3) command constantsschwarze2023-04-293-13/+30
| | | | | that provide type-specific functionality here. While here, fix some wrong return types in the SYNOPSIS.
* Mention a few standard BIO_ctrl(3) command constantsschwarze2023-04-291-2/+7
| | | | | that provide type-specific functionality here, and add the missing return type to one function prototype.
* Mention the type-specific BIO_ctrl(3) command constantsschwarze2023-04-292-8/+34
| | | | in the manual pages of the respective BIO types.
* Mention the type-specific BIO_ctrl(3) command constantsschwarze2023-04-292-16/+40
| | | | | in the manual pages of the respective BIO type. While here, fix some wrong return types in the SYNOPSIS.
* Mark OpenSSLDie() as __deadtb2023-04-281-2/+2
| | | | | | | This tells gcc that OPENSSL_assert() will not return and thus avoids a silly warning that triggers scary gentoo QA warnings. From claudio
* Free all libcrypto global state memory before returningjob2023-04-281-1/+3
| | | | Found with the help of Otto's malloc memory leak detector!
* Return a non-zero error exit code on any DER cache discrepanciesjob2023-04-281-3/+3
|
* Fix leaks reported by ASANtb2023-04-281-5/+1
| | | | debugged with job
* Too many stupid things whine about these being used uninitializedtb2023-04-281-2/+2
| | | | (which they aren't), so appease them.
* Remove preservation and use of cached DER/BER encodings in the d2i/i2d pathsjob2023-04-282-17/+4
| | | | | | | | | | | | | | | | | A long time ago a workflow was envisioned for X509, X509_CRL, and X509_REQ structures in which only fields modified after deserialization would need to be re-encoded upon serialization. Unfortunately, over the years, authors would sometimes forget to add code in setter functions to trigger invalidation of previously cached DER encodings. The presence of stale versions of structures can lead to very hard-to-debug issues and cause immense sorrow. Fully removing the concept of caching DER encodings ensures stale versions of structures can never rear their ugly heads again. OK tb@ jsing@
* Mark the obsolete PROXY_PARAM and SOCKS BIO_ctrl(3) command constantsschwarze2023-04-281-0/+2
| | | | | as intentionally undocumented. Do that here because no related manual pages exist.
* Enable policy checking by default now that we are DAG implementation based.beck2023-04-285-13/+23
| | | | | | | This ensures that we will no longer silently ignore a certificate with a critical policy extention by default. ok tb@
* Mark a number of BIO_ctrl(3) command constants as intentionallyschwarze2023-04-285-15/+23
| | | | undocumented because they are NOOPs or deprecated.
* kill the .Xr to BN_nist_mod_521(3) which no longer existsschwarze2023-04-281-3/+2
|
* Unifdef LIBRESSL_HAS_POLICY_DAG and remove it from the Makefiletb2023-04-285-98/+5
| | | | with beck
* Add BIO_C_SET_MD_CTX to the list of command constants.schwarze2023-04-281-2/+3
|
* Take the old policy code behind the barntb2023-04-288-1907/+1
| | | | | | | | It can go play in the fields with all the other exponential time policy "code". discussed with jsing ok & commit message beck
* Document BIO_set_md_ctx(3) and BIO_C_SET_MD_CTX.schwarze2023-04-281-10/+84
| | | | | Correct the return types of some macros. Improve the RETURN VALUES section.
* The policy test is no longer expected to failtb2023-04-281-2/+1
|
* Enable the new policy checking code in x509_policy.ctb2023-04-281-4/+2
| | | | ok beck jsing
* Silence gcc-4 warnings about sk_sort()tb2023-04-281-5/+6
| | | | | Tell it we deliberately ignore the return value, (we really don't care what the old comparison function was).
* Remove misinformation, reason had nothing to do with efficiencyjob2023-04-282-17/+4
| | | | | | "Failure to re-encode on modification is a bug not a feature." OK jsing@
* Remove now no longer needed <assert.h>; sort headerstb2023-04-281-4/+2
| | | | ok jsing
* Deassert has_explicit_policy()tb2023-04-281-3/+4
| | | | | | | The only caller is X509_policy_check() which goes straight to error. with beck ok jsing
* Deassert delete_if() callbackstb2023-04-281-5/+7
| | | | | | | | Add sk_is_sorted() checks to the callers of sk_X509_POLICY_NODE_delete_if() and add a comment that this is necessary. with beck ok jsing
* Deassert x509_policy_level_find()tb2023-04-281-18/+27
| | | | | | | | Move the check that level->nodes is sorted to the call site and make sure that the logic is preserved and erroring does the right thing. with beck ok jsing
* Deassert X509_policy_check()tb2023-04-281-2/+3
| | | | | | | | Instead of asserting that i == num_certs - 2, simply make that an error check. with beck ok jsing
* Deassert x509_policy_level_add_nodes()tb2023-04-281-10/+1
| | | | | | | | | This assert is in debugging code that ensures that there are no duplicate nodes on this level. This is an expensive and unnecessary check. Duplicates already cause failures as ensured by regress. with beck ok jsing
* Deassert x509_policy_new()tb2023-04-281-3/+4
| | | | | | | Turn the check into an error which will make all callers error. with beck ok jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-12 09:40:12 +0000