summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/labs.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-01-06Revise for change to tls_key_share_peer_public()jsing1-3/+2
2022-01-06Convert legacy TLS client to tls_key_share.jsing7-256/+181
This requires adding DHE support to tls_key_share. In doing so, tls_key_share_peer_public() has to lose the group argument and gains an invalid_key argument. The one place that actually needs the group check is tlsext_keyshare_client_parse(), so add code to do this. ok inoguchi@ tb@
2022-01-06Allocate and free the EVP_AEAD_CTX struct in tls13_record_protection.jsing1-7/+13
This brings the code more in line with the tls12_record_layer and reduces the effort needed to make EVP_AEAD_CTX opaque. Prompted by and ok tb@
2022-01-06Add regress tests for ASN1_BIT_STRING.jsing1-2/+113
2022-01-06Add a comment that explains why build_addr_block_tests isn't consttb2-3/+8
2022-01-06Convert SCT verification to CBB.jsing1-56/+57
ok inoguchi@ tb@
2022-01-06Sync from libssl.jsing2-2/+21
2022-01-06Test CBB_add_u64()jsing1-2/+6
2022-01-06Provide CBB_add_u64()jsing2-2/+21
Prompted by and ok tb@
2022-01-06minor tweaks, no code changetb1-4/+3
Adjust a comment to reality, zap a stray empty line and fix whitespace before comment after #endif
2022-01-06With openssl-ruby-tests 20220105, test_post_connection_check_wildcard_santb1-2/+2
is now an unexpected pass, so remove it from the expected failures.
2022-01-06Free memory before assign to avoid leakinoguchi1-1/+7
CID 313263 313301 313322
2022-01-06Free memory if error occurredinoguchi1-2/+4
2022-01-06Remove NULL check before freeinoguchi1-3/+2
2022-01-06Fix a copy-paste error that led to an out-of-bounds access.tb1-2/+2
Found via a crash on bluhm's i386 regress test box
2022-01-06Add test coverage for SCT validation.jsing4-7/+116
Of note, the public APIs for this mean that the only way you can add a CTLOG is by reading a configuration file from disk - there is no programmatic way to do this.
2022-01-06t_syscall was a test for the gcc 1.x off_t syscall padding,guenther2-125/+2
which was an implementation detail and has been deleted, so delete the test
2022-01-05Prepare to provide DSA_bits()tb2-2/+11
Used by Qt5 and Qt6 and slightly reduces the patching in there. ok inoguchi jsing
2022-01-05Prepare to provide BIO_set_retry_reason()tb2-2/+11
Needed by freerdp. ok inoguchi jsing
2022-01-05Prepare to provide a number of RSA accessorstb2-2/+67
This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will be exposed in the upcoming bump. ok inoguchi jsing
2022-01-05Prepare to provide ECDSA_SIG_get0_{r,s}()tb2-2/+19
ok inoguchi jsing
2022-01-05Prepare to provide DH_get_length()tb2-2/+11
Will be needed by openssl(1) dhparam. ok inoguchi jsing
2022-01-05Prepare to provide DSA_get0_{p,q,g,{priv,pub}_key}()tb2-2/+39
ok inoguchi jsing
2022-01-05Prepare to provide DH_get0_{p,q,g,{priv,pub}_key}()tb2-2/+39
These are accessors that allow getting one specific DH member. They are less error prone than the current getters DH_get0_{pqg,key}(). They are used by many ports and will also be used in base for this reason. Who can remember whether the pub_key or the priv_key goes first in DH_get0_key()? ok inoguchi jsing
2022-01-05Prepare to provide BIO_set_next().tb2-2/+11
This will be needed in libssl and freerdp after the next bump. ok inoguchi jsing
2022-01-05Prepare to provide X509_{set,get}_verify() and X509_STORE_get_verify_cb()tb2-7/+37
as well as the X509_STORE_CTX_verify_cb and X509_STORE_CTX_verify_fn types This will fix the X509_STORE_set_verify_func macro which is currently broken, as pointed out by schwarze. ok inoguchi jsing
2022-01-05Unindent a few lines of code and avoid shadowed variables.tb1-12/+7
2022-01-05Rename {c,p}_{min,max} into {child,parent}_{min,max}tb1-7/+8
2022-01-05Two minor KNF tweakstb1-5/+5
2022-01-05Use child_aor and parent_aor instead of aorc and aorptb1-15/+15
suggested by jsing
2022-01-05Rename fp and fc into parent_af and child_af for readability.tb1-24/+29
suggested by jsing
2022-01-05Globally rename all IPAddressFamily *f into af since this is slightlytb1-64/+65
more readable. Repeated complaints by jsing
2022-01-05Add a helper function to turn unchecked (but sound) use oftb1-13/+18
sk_find + sk_value into something easier to follow and swallow. ok inoguchi jsing
2022-01-05Hoist IPAddressFamily_cmp() to the other IPAddressFamily functions.tb1-29/+29
ok inoguchi jsing
2022-01-05Call x a cert for readability.tb1-13/+13
2022-01-05Now that i is free, rename j to i for use as loop variable intb1-10/+10
various loops in addr_validate_path_internal().
2022-01-05In addr_validate_path_internal() rename i to depth because that'stb1-17/+15
what it is.
2022-01-05Turn the validation_err() macro into a functiontb1-31/+44
validation_err() is an ugly macro with side effects and a goto in it. At the cost of a few lines of code we can turn this into a function where the side effects are explicit and ret is now explicitly set in the main body of addr_validate_path_internal(). We get to a point where it is halfway possible to reason about the convoluted control flow in this function. ok inoguchi jsing
2022-01-05Move variable declarations in X509v3_addr_canonize() to the top oftb1-17/+19
the function and unindent some code. ok inoguchi jsing
2022-01-05Revise for tls13_key_share rename.jsing1-11/+11
2022-01-05Rename tls13_key_share to tls_key_share.jsing9-91/+97
In preparation to use the key share code in both the TLSv1.3 and legacy stacks, rename tls13_key_share to tls_key_share, moving it into the shared handshake struct. Further changes will then allow the legacy stack to make use of the same code for ephemeral key exchange. ok inoguchi@ tb@
2022-01-05Wrap long lines and add some bracesinoguchi1-74/+129
2022-01-05Check function return valueinoguchi1-8/+18
2022-01-05Checking pointer variable with NULLinoguchi1-74/+75
2022-01-05Use calloc instead of mallocinoguchi1-2/+2
suggested by tb@
2022-01-05Check NULL first and unindent the rest of the codeinoguchi1-41/+45
suggested by tb@
2022-01-05Convert openssl(1) cms option handlinginoguchi1-620/+1240
Just applying new option handling and no functional changes. Referred to verify.c and using 'verify_shared_options'. ok and comments from jsing@ and tb@
2022-01-05Provide regress for SSL public APIs.jsing3-1/+387
This will largely test curly and inconsistent APIs that are not covered by other regress tests. Currently, this tests the wonder that is SSL_get_peer_cert_chain().
2022-01-05Remove bandaid to work around expected range_should_be_prefix() problem.tb1-6/+2
2022-01-05Remove a bogus memcmp in range_should_be_prefix()tb1-3/+6
range_should_be_prefix() currently always fails. The reason for this is that OpenSSL commit 42d7d7dd incorrectly moved a memcmp() out of an assertion. As a consequence, the library emits and accepts incorrectly encoded ipAddrBlock extensions since it will never detect ranges that MUST be encoded as a prefix according to RFC 3779, 2.2.3.7. The return -1 from this memcmp() indicates to the callers that the range should be expressed as a range, so callers must check beforehand that min <= max to be able to fail. Thus, remove this memcmp() and add a check to make_addressRange(), the only caller that didn't already ensure that min <= max. This fixes the noisy output in regress/lib/libcrypto/x509/rfc3779. ok inoguchi jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-21 03:34:56 +0000