summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/random.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2023-04-28Remove preservation and use of cached DER/BER encodings in the d2i/i2d pathsjob2-17/+4
A long time ago a workflow was envisioned for X509, X509_CRL, and X509_REQ structures in which only fields modified after deserialization would need to be re-encoded upon serialization. Unfortunately, over the years, authors would sometimes forget to add code in setter functions to trigger invalidation of previously cached DER encodings. The presence of stale versions of structures can lead to very hard-to-debug issues and cause immense sorrow. Fully removing the concept of caching DER encodings ensures stale versions of structures can never rear their ugly heads again. OK tb@ jsing@
2023-04-28Mark the obsolete PROXY_PARAM and SOCKS BIO_ctrl(3) command constantsschwarze1-0/+2
as intentionally undocumented. Do that here because no related manual pages exist.
2023-04-28Enable policy checking by default now that we are DAG implementation based.beck5-13/+23
This ensures that we will no longer silently ignore a certificate with a critical policy extention by default. ok tb@
2023-04-28Mark a number of BIO_ctrl(3) command constants as intentionallyschwarze5-15/+23
undocumented because they are NOOPs or deprecated.
2023-04-28kill the .Xr to BN_nist_mod_521(3) which no longer existsschwarze1-3/+2
2023-04-28Unifdef LIBRESSL_HAS_POLICY_DAG and remove it from the Makefiletb5-98/+5
with beck
2023-04-28Add BIO_C_SET_MD_CTX to the list of command constants.schwarze1-2/+3
2023-04-28Take the old policy code behind the barntb8-1907/+1
It can go play in the fields with all the other exponential time policy "code". discussed with jsing ok & commit message beck
2023-04-28Document BIO_set_md_ctx(3) and BIO_C_SET_MD_CTX.schwarze1-10/+84
Correct the return types of some macros. Improve the RETURN VALUES section.
2023-04-28The policy test is no longer expected to failtb1-2/+1
2023-04-28Enable the new policy checking code in x509_policy.ctb1-4/+2
ok beck jsing
2023-04-28Silence gcc-4 warnings about sk_sort()tb1-5/+6
Tell it we deliberately ignore the return value, (we really don't care what the old comparison function was).
2023-04-28Remove misinformation, reason had nothing to do with efficiencyjob2-17/+4
"Failure to re-encode on modification is a bug not a feature." OK jsing@
2023-04-28Remove now no longer needed <assert.h>; sort headerstb1-4/+2
ok jsing
2023-04-28Deassert has_explicit_policy()tb1-3/+4
The only caller is X509_policy_check() which goes straight to error. with beck ok jsing
2023-04-28Deassert delete_if() callbackstb1-5/+7
Add sk_is_sorted() checks to the callers of sk_X509_POLICY_NODE_delete_if() and add a comment that this is necessary. with beck ok jsing
2023-04-28Deassert x509_policy_level_find()tb1-18/+27
Move the check that level->nodes is sorted to the call site and make sure that the logic is preserved and erroring does the right thing. with beck ok jsing
2023-04-28Deassert X509_policy_check()tb1-2/+3
Instead of asserting that i == num_certs - 2, simply make that an error check. with beck ok jsing
2023-04-28Deassert x509_policy_level_add_nodes()tb1-10/+1
This assert is in debugging code that ensures that there are no duplicate nodes on this level. This is an expensive and unnecessary check. Duplicates already cause failures as ensured by regress. with beck ok jsing
2023-04-28Deassert x509_policy_new()tb1-3/+4
Turn the check into an error which will make all callers error. with beck ok jsing
2023-04-28Rearrange freeing of memory in the regress testjob1-13/+9
2023-04-28Reorder the text such that every function is discussed only onceschwarze1-46/+41
instead of discussing some of them at two different places. Also follow a more logical order: initialization first, then reading and writing, then retrieving the digest and reinitialization. Leave context handling and chain duplication at the end because both are rarely needed. While here, also tweak the wording of the shuffled text and add some precision in a few places.
2023-04-28make the policy test compile on sparc64tb1-5/+6
2023-04-28Add X509_REQ_add_extensions and to X509_REQ_add1_attr to DER cache testjob1-1/+139
These new tests won't bubble up a non-zero error exit code because other libcrypto bits still need to land first.
2023-04-28Cleanup pass over x509_check_policy.ctb1-73/+72
This hoists variable declarations to the top and compiles with -Wshadow. ok beck
2023-04-28Hook up the the x509 policy regression tests to x509 regress.beck2-3/+4
These were adapted from BoringSSL's regress tests for x509 policy. They are currently marked as expected to fail as we have not enabled LIBRESSL_HAS_POLICY_DAG by default yet, and the old tree based policy code from OpenSSL is special. These tests pass when we build with LIBRESSL_HAS_POLICY_DAG.
2023-04-28Fix copyright, convert boringssl comments to C stylebeck1-30/+51
2023-04-28KNFbeck1-17/+15
ok knfmt
2023-04-28remove unused code.beck1-82/+7
2023-04-28remove debugging printfbeck1-2/+1
2023-04-28This test should not have V_EXPLICIT_POLICY set. with thisbeck1-3/+1
corrected we pass
2023-04-28Add the rest of the boringssl policy unit tests.beck1-4/+223
We currently still fail two of these, looks like one more bug in extracting the depth for require policy from the certificate..
2023-04-27Convert size_t's used in conjuction with sk_X509_num back to int.beck1-12/+12
The lets the regress in x509/policy pass instead of infinite looping. The changes are necessry because our sk_num() returns an int with 0 for empty and -1 for NULL, wheras BoringSSL's returns a size_t with 0 for both an empty stack and a NULL stack. pair work with tb@ ok tb@ jsing@
2023-04-27Also list the command constants not associated with any macros,schwarze1-3/+29
and point to their documentation.
2023-04-27correct test cases to add expected errors.beck1-2/+30
2023-04-27Start of an x509 policy regress test. test cases from BoringSSL.beck29-0/+801
Still a work in progress adapting tests from boringssl x509_test.cc but dropping in here for tb to be able to look at and run as well since the new stuff still has bugs.
2023-04-27tlsexttest: check additional logic in tlsext randomizationtb1-1/+103
This verifies that we put PSK always last and that the Apache 2 special does what it is supposed to do. There is also some weak validation of the Fisher-Yates shuffle that will likely catch errors introduced in tlsext_randomize_build_order()
2023-04-27ssl_tlsext.c: Add an accessor for the tls extension type.tb1-1/+7
Needed for the tlsexttest.c ok jsing
2023-04-27Somehow I managed not to bump LIBRESSL_VERSION_NUMBERtb1-2/+2
reported by aja
2023-04-27EC_KEY_{get,insert}_key_method_data() are no longer availabletb1-41/+2
2023-04-27One more reciprocal thing hid in here (yay for consistent naming)tb1-2/+1
2023-04-27Remove stale references to BN reciprocal stufftb2-8/+5
2023-04-27Remove documentation of reciprocal BN which is now internal onlytb2-276/+1
2023-04-27Remove documentation of GF2m point stufftb1-47/+7
2023-04-27EC_GROUP_new() Strip out complications due to binary curves.tb1-79/+11
2023-04-27Remove stale reference to BN_GF2m_add()tb1-2/+1
2023-04-27Remove BN_GF2m_add.3tb2-516/+1
2023-04-27Remove mention of EC_GFp_nist_method and add back a .Pp that wastb1-6/+2
accidentally dropped
2023-04-27Remove braces around single lines statements using knfmt -stb1-84/+49
Pointed out by anton
2023-04-27Rework simple allocation and free functions in x509_policy.ctb1-32/+36
Use calloc() instead of malloc/memset and make free functions look the same as elsewhere in the tree. ok beck jsing