summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Add a new, mostly empty, bio_local.h and include it in the filestb2022-01-0723-22/+128
| | | | | | that will need it in the upcoming bump. discussed with jsing
* refer to longindex as an argument, not a field;jmc2022-01-061-3/+3
| | | | | | from uwe@netbsd -r1.22 ok millert
* Revise for change to tls_key_share_peer_public()jsing2022-01-061-3/+2
|
* Convert legacy TLS client to tls_key_share.jsing2022-01-067-256/+181
| | | | | | | | | This requires adding DHE support to tls_key_share. In doing so, tls_key_share_peer_public() has to lose the group argument and gains an invalid_key argument. The one place that actually needs the group check is tlsext_keyshare_client_parse(), so add code to do this. ok inoguchi@ tb@
* Allocate and free the EVP_AEAD_CTX struct in tls13_record_protection.jsing2022-01-061-7/+13
| | | | | | | This brings the code more in line with the tls12_record_layer and reduces the effort needed to make EVP_AEAD_CTX opaque. Prompted by and ok tb@
* Add regress tests for ASN1_BIT_STRING.jsing2022-01-061-2/+113
|
* Add a comment that explains why build_addr_block_tests isn't consttb2022-01-062-3/+8
|
* Convert SCT verification to CBB.jsing2022-01-061-56/+57
| | | | ok inoguchi@ tb@
* Sync from libssl.jsing2022-01-062-2/+21
|
* Test CBB_add_u64()jsing2022-01-061-2/+6
|
* Provide CBB_add_u64()jsing2022-01-062-2/+21
| | | | Prompted by and ok tb@
* minor tweaks, no code changetb2022-01-061-4/+3
| | | | | Adjust a comment to reality, zap a stray empty line and fix whitespace before comment after #endif
* With openssl-ruby-tests 20220105, test_post_connection_check_wildcard_santb2022-01-061-2/+2
| | | | is now an unexpected pass, so remove it from the expected failures.
* Free memory before assign to avoid leakinoguchi2022-01-061-1/+7
| | | | CID 313263 313301 313322
* Free memory if error occurredinoguchi2022-01-061-2/+4
|
* Remove NULL check before freeinoguchi2022-01-061-3/+2
|
* Fix a copy-paste error that led to an out-of-bounds access.tb2022-01-061-2/+2
| | | | Found via a crash on bluhm's i386 regress test box
* Add test coverage for SCT validation.jsing2022-01-064-7/+116
| | | | | | Of note, the public APIs for this mean that the only way you can add a CTLOG is by reading a configuration file from disk - there is no programmatic way to do this.
* t_syscall was a test for the gcc 1.x off_t syscall padding,guenther2022-01-062-125/+2
| | | | | which was an implementation detail and has been deleted, so delete the test
* Prepare to provide DSA_bits()tb2022-01-052-2/+11
| | | | | | Used by Qt5 and Qt6 and slightly reduces the patching in there. ok inoguchi jsing
* Prepare to provide BIO_set_retry_reason()tb2022-01-052-2/+11
| | | | | | Needed by freerdp. ok inoguchi jsing
* Prepare to provide a number of RSA accessorstb2022-01-052-2/+67
| | | | | | | This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will be exposed in the upcoming bump. ok inoguchi jsing
* Prepare to provide ECDSA_SIG_get0_{r,s}()tb2022-01-052-2/+19
| | | | ok inoguchi jsing
* Prepare to provide DH_get_length()tb2022-01-052-2/+11
| | | | | | Will be needed by openssl(1) dhparam. ok inoguchi jsing
* Prepare to provide DSA_get0_{p,q,g,{priv,pub}_key}()tb2022-01-052-2/+39
| | | | ok inoguchi jsing
* Prepare to provide DH_get0_{p,q,g,{priv,pub}_key}()tb2022-01-052-2/+39
| | | | | | | | | | | These are accessors that allow getting one specific DH member. They are less error prone than the current getters DH_get0_{pqg,key}(). They are used by many ports and will also be used in base for this reason. Who can remember whether the pub_key or the priv_key goes first in DH_get0_key()? ok inoguchi jsing
* Prepare to provide BIO_set_next().tb2022-01-052-2/+11
| | | | | | This will be needed in libssl and freerdp after the next bump. ok inoguchi jsing
* Prepare to provide X509_{set,get}_verify() and X509_STORE_get_verify_cb()tb2022-01-052-7/+37
| | | | | | | | | as well as the X509_STORE_CTX_verify_cb and X509_STORE_CTX_verify_fn types This will fix the X509_STORE_set_verify_func macro which is currently broken, as pointed out by schwarze. ok inoguchi jsing
* Unindent a few lines of code and avoid shadowed variables.tb2022-01-051-12/+7
|
* Rename {c,p}_{min,max} into {child,parent}_{min,max}tb2022-01-051-7/+8
|
* Two minor KNF tweakstb2022-01-051-5/+5
|
* Use child_aor and parent_aor instead of aorc and aorptb2022-01-051-15/+15
| | | | suggested by jsing
* Rename fp and fc into parent_af and child_af for readability.tb2022-01-051-24/+29
| | | | suggested by jsing
* Globally rename all IPAddressFamily *f into af since this is slightlytb2022-01-051-64/+65
| | | | | | more readable. Repeated complaints by jsing
* Add a helper function to turn unchecked (but sound) use oftb2022-01-051-13/+18
| | | | | | sk_find + sk_value into something easier to follow and swallow. ok inoguchi jsing
* Hoist IPAddressFamily_cmp() to the other IPAddressFamily functions.tb2022-01-051-29/+29
| | | | ok inoguchi jsing
* Call x a cert for readability.tb2022-01-051-13/+13
|
* Now that i is free, rename j to i for use as loop variable intb2022-01-051-10/+10
| | | | various loops in addr_validate_path_internal().
* In addr_validate_path_internal() rename i to depth because that'stb2022-01-051-17/+15
| | | | what it is.
* Turn the validation_err() macro into a functiontb2022-01-051-31/+44
| | | | | | | | | | | | validation_err() is an ugly macro with side effects and a goto in it. At the cost of a few lines of code we can turn this into a function where the side effects are explicit and ret is now explicitly set in the main body of addr_validate_path_internal(). We get to a point where it is halfway possible to reason about the convoluted control flow in this function. ok inoguchi jsing
* Move variable declarations in X509v3_addr_canonize() to the top oftb2022-01-051-17/+19
| | | | | | the function and unindent some code. ok inoguchi jsing
* Revise for tls13_key_share rename.jsing2022-01-051-11/+11
|
* Rename tls13_key_share to tls_key_share.jsing2022-01-059-91/+97
| | | | | | | | | In preparation to use the key share code in both the TLSv1.3 and legacy stacks, rename tls13_key_share to tls_key_share, moving it into the shared handshake struct. Further changes will then allow the legacy stack to make use of the same code for ephemeral key exchange. ok inoguchi@ tb@
* Wrap long lines and add some bracesinoguchi2022-01-051-74/+129
|
* Check function return valueinoguchi2022-01-051-8/+18
|
* Checking pointer variable with NULLinoguchi2022-01-051-74/+75
|
* Use calloc instead of mallocinoguchi2022-01-051-2/+2
| | | | suggested by tb@
* Check NULL first and unindent the rest of the codeinoguchi2022-01-051-41/+45
| | | | suggested by tb@
* Convert openssl(1) cms option handlinginoguchi2022-01-051-620/+1240
| | | | | | | Just applying new option handling and no functional changes. Referred to verify.c and using 'verify_shared_options'. ok and comments from jsing@ and tb@
* Provide regress for SSL public APIs.jsing2022-01-053-1/+387
| | | | | | This will largely test curly and inconsistent APIs that are not covered by other regress tests. Currently, this tests the wonder that is SSL_get_peer_cert_chain().
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-19 11:59:18 +0000