summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix indentation of comments and labelsjob2021-09-082-165/+167
| | | | OK tb@
* Replace (&(x)) pattern with &xjob2021-09-072-32/+32
| | | | | | No functional changes. OK tb@
* KNFjob2021-09-072-1478/+1548
| | | | OK tb@ jsing@ beck@
* The default Ruby has switched to 3.0tb2021-09-061-2/+2
|
* new sentence, new line, and tweak wording of previous;jmc2021-09-051-2/+3
|
* Remove unused variable tmptm in do_body of openssl(1) cainoguchi2021-09-051-8/+2
|
* Using serial number instead as subject if it is empty in openssl(1) cainoguchi2021-09-052-3/+36
| | | | | | | This allows multiple entries without a subject even if unique_subject == yes. Referred to OpenSSL commit 5af88441 and arranged for our codebase. ok tb@
* Check extensions before setting version to v3inoguchi2021-09-051-5/+10
| | | | | | Referred to OpenSSL commit 4881d849 and arranged for our codebase. comment and ok from tb@
* Use accessor method rather than direct X509 structure accessinoguchi2021-09-051-20/+10
| | | | | | Referred to OpenSSL commit a8d8e06b and arranged for our codebase. comment and ok from tb@
* Factor out the TLSv1.3 code that handles content from TLS records.jsing2021-09-046-80/+238
| | | | | | | | | | | | Currently, the plaintext content from opened TLS records is handled via the rbuf code in the TLSv1.3 record layer. Factor this out and provide a separate struct tls_content, which knows how to track and manipulate the content. This makes the TLSv1.3 code cleaner, however it will also soon also be used to untangle parts of the legacy record layer. ok beck@ tb@
* Refactor ssl_update_cache. This now matches the logic used for TLS 1.3beck2021-09-041-22/+106
| | | | | | | in Openssl 1.1.1 for when to call the session callbacks. I believe it to also generates a lot less eye bleed, confirmed by tb@ ok jsing@ tb@
* Improve DTLS hello request handling code.jsing2021-09-041-2/+8
| | | | | | | Rather than manually checking multiple bytes, actually parse the DTLS handshake message header, then check the values against what we parsed. ok inoguchi@ tb@
* Change dtls1_get_message_header() to take a CBS.jsing2021-09-043-22/+21
| | | | | | The callers know the actual length and can initialise a CBS correctly. ok inoguchi@ tb@
* Improve DTLS record header parsing.jsing2021-09-041-7/+7
| | | | | | | | Rather than pulling out the epoch and then six bytes of sequence number, pull out SSL3_SEQUENCE_SIZE for the sequence number, then pull the epoch off the start of the sequence number. ok inoguchi@ tb@
* Disable tests that don't work in bluhms regress framework.mbuhl2021-09-041-1/+7
|
* Add X509 Extensions for IP Addresses and AS Identifiersjob2021-09-031-1/+2
| | | | | | (subordinate code paths are include guarded) OK tb@
* * add the missing STANDARDS section as noticed by tb@schwarze2021-09-031-3/+20
| | | | | | * mention that the *optionp input string will be modified * clarify that the array of tokens is expected to be NULL-terminated OK millert@ tb@, and the first half of STANDARDS also OK jmc@
* Implement a -h option that allows specifying a target host thattb2021-09-031-9/+13
| | | | will be passed to the test scripts.
* Now that the issue is fixed, enable test-extensions.pytb2021-09-031-6/+2
|
* Use SSL3_HM_HEADER_LENGTH instead of the magic number 4.jsing2021-09-031-13/+14
| | | | ok beck@
* Ensure that a server hello does not have trailing data.jsing2021-09-031-1/+4
| | | | | | Found by tlsfuzzer. ok beck@
* Ensure that a client hello does not have trailing data.jsing2021-09-031-1/+4
| | | | | | Found by tlsfuzzer. ok beck@
* Set message_size correctly when switching to the legacy stack.jsing2021-09-031-2/+2
| | | | | | | | The message_size variable is not actually the handshake message size, rather the number of bytes contained within the handshake message, hence we have to subtract the length of the handshake message header. ok beck@
* Make Bob happy.bluhm2021-09-031-1/+5
|
* Call the callback on success in new verifier in a compatible waybeck2021-09-034-19/+56
| | | | | | | | | | | | | when we succeed with a chain, and ensure we do not call the callback twice when the caller doesn't expect it. A refactor of the end of the legacy verify code in x509_vfy is probably overdue, but this should be done based on a piece that works. the important bit here is this allows the perl regression tests in tree to pass. Changes the previously committed regress tests to test the success case callbacks to be known to pass. ok bluhm@ tb@
* Unroll ASN1_ITEM_ref()job2021-09-021-1/+1
| | | | OK @tb
* Change OPENSSL_strdup() to strdup()job2021-09-021-1/+1
| | | | OK tb@
* Change OPENSSL_malloc to calloc()job2021-09-021-1/+2
| | | | OK tb@
* Repair unrolling of static ASN1_ITEM IPAddrBlocks_itjob2021-09-021-0/+11
| | | | | | The conversion tool didn't handle 'static_ASN1_ITEM_TEMPLATE_END' OK tb@
* Make v3_addr and v3_asid extern constjob2021-09-021-2/+2
| | | | OK tb@
* Add err.h for X509error() and friendsjob2021-09-022-0/+2
| | | | OK tb@
* Fix OPENSSL_assert() and assert()job2021-09-022-35/+17
| | | | OK tb@
* Unroll ASN1_EX_TEMPLATE_TYPE IPAddrBlocksjob2021-09-021-4/+7
| | | | OK tb@
* Change the OPENSSL_strdup() to strdup()job2021-09-021-3/+4
| | | | OK beck@ tb@
* Fix header file includesjob2021-09-022-8/+9
| | | | OK tb@
* Move the error put functions from X509V3err() to X509V3error()job2021-09-022-52/+32
| | | | OK tb@
* Unroll ASN1_SEQUENCE() ASN1_CHOICE() ASN1_ITEM_TEMPLATE()job2021-09-022-46/+218
| | | | OK jsing@
* Add -f to usagetb2021-09-021-2/+2
|
* OPENSSL_assert() is not appropriate in this contextjob2021-09-021-2/+3
| | | | | | Feedback from tb@ OK tb@
* Replace ossl_assert()/assert() with OPENSSL_assert()job2021-09-022-14/+14
| | | | OK tb@
* Enable vfork syscall test. Disable SIGSTOP test as it is masked untilmbuhl2021-09-025-6/+45
| | | | | exec/exit with vfork. OK bluhm@
* We need to allow for either a CERTIFICATE or CERTIFICATE_STATUS messagebeck2021-09-021-2/+3
| | | | | | here or we break the handshake with BAD_MESSAGE ok tb@
* Replace OPENSSL_free() with free()job2021-09-022-7/+7
| | | | OK tb@
* Unroll IMPLEMENT_ASN1_FUNCTIONS()job2021-09-022-8/+197
| | | | OK jsing@
* Unroll DECLARE_ASN1_FUNCTIONS()job2021-09-021-9/+56
| | | | OK jsing@
* Rename DEFINE_STACK_OF() to DECLARE_STACK_OF()job2021-09-021-4/+4
| | | | OK tb@ jsing@
* Lay groundwork to support X.509 v3 extensions for IP Addresses and AS ↵job2021-09-027-5/+2386
| | | | | | | | | | | Identifiers These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360). Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf) This changeset is a no-op, as there are 10+ issues and at least 2 security issues. Work will continue in-tree. OK tb@, discussed with beck@
* Import more NetBSD system call regression tests.mbuhl2021-09-0217-50/+2350
| | | | OK bluhm@
* Call the ocsp callback if present and we get no response, instead ofbeck2021-09-021-3/+2
| | | | | | succeeding unconditionally. Makes muststaple work with tls1.3 in nc ok tb@
* Use defined constantsinoguchi2021-09-021-16/+16
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-02 07:44:43 +0000