summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/reallocarray.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2021-09-03Now that the issue is fixed, enable test-extensions.pytb1-6/+2
2021-09-03Use SSL3_HM_HEADER_LENGTH instead of the magic number 4.jsing1-13/+14
ok beck@
2021-09-03Ensure that a server hello does not have trailing data.jsing1-1/+4
Found by tlsfuzzer. ok beck@
2021-09-03Ensure that a client hello does not have trailing data.jsing1-1/+4
Found by tlsfuzzer. ok beck@
2021-09-03Set message_size correctly when switching to the legacy stack.jsing1-2/+2
The message_size variable is not actually the handshake message size, rather the number of bytes contained within the handshake message, hence we have to subtract the length of the handshake message header. ok beck@
2021-09-03Make Bob happy.bluhm1-1/+5
2021-09-03Call the callback on success in new verifier in a compatible waybeck4-19/+56
when we succeed with a chain, and ensure we do not call the callback twice when the caller doesn't expect it. A refactor of the end of the legacy verify code in x509_vfy is probably overdue, but this should be done based on a piece that works. the important bit here is this allows the perl regression tests in tree to pass. Changes the previously committed regress tests to test the success case callbacks to be known to pass. ok bluhm@ tb@
2021-09-02Unroll ASN1_ITEM_ref()job1-1/+1
OK @tb
2021-09-02Change OPENSSL_strdup() to strdup()job1-1/+1
OK tb@
2021-09-02Change OPENSSL_malloc to calloc()job1-1/+2
OK tb@
2021-09-02Repair unrolling of static ASN1_ITEM IPAddrBlocks_itjob1-0/+11
The conversion tool didn't handle 'static_ASN1_ITEM_TEMPLATE_END' OK tb@
2021-09-02Make v3_addr and v3_asid extern constjob1-2/+2
OK tb@
2021-09-02Add err.h for X509error() and friendsjob2-0/+2
OK tb@
2021-09-02Fix OPENSSL_assert() and assert()job2-35/+17
OK tb@
2021-09-02Unroll ASN1_EX_TEMPLATE_TYPE IPAddrBlocksjob1-4/+7
OK tb@
2021-09-02Change the OPENSSL_strdup() to strdup()job1-3/+4
OK beck@ tb@
2021-09-02Fix header file includesjob2-8/+9
OK tb@
2021-09-02Move the error put functions from X509V3err() to X509V3error()job2-52/+32
OK tb@
2021-09-02Unroll ASN1_SEQUENCE() ASN1_CHOICE() ASN1_ITEM_TEMPLATE()job2-46/+218
OK jsing@
2021-09-02Add -f to usagetb1-2/+2
2021-09-02OPENSSL_assert() is not appropriate in this contextjob1-2/+3
Feedback from tb@ OK tb@
2021-09-02Replace ossl_assert()/assert() with OPENSSL_assert()job2-14/+14
OK tb@
2021-09-02Enable vfork syscall test. Disable SIGSTOP test as it is masked untilmbuhl5-6/+45
exec/exit with vfork. OK bluhm@
2021-09-02We need to allow for either a CERTIFICATE or CERTIFICATE_STATUS messagebeck1-2/+3
here or we break the handshake with BAD_MESSAGE ok tb@
2021-09-02Replace OPENSSL_free() with free()job2-7/+7
OK tb@
2021-09-02Unroll IMPLEMENT_ASN1_FUNCTIONS()job2-8/+197
OK jsing@
2021-09-02Unroll DECLARE_ASN1_FUNCTIONS()job1-9/+56
OK jsing@
2021-09-02Rename DEFINE_STACK_OF() to DECLARE_STACK_OF()job1-4/+4
OK tb@ jsing@
2021-09-02Lay groundwork to support X.509 v3 extensions for IP Addresses and AS ↵job7-5/+2386
Identifiers These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360). Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf) This changeset is a no-op, as there are 10+ issues and at least 2 security issues. Work will continue in-tree. OK tb@, discussed with beck@
2021-09-02Import more NetBSD system call regression tests.mbuhl17-50/+2350
OK bluhm@
2021-09-02Call the ocsp callback if present and we get no response, instead ofbeck1-3/+2
succeeding unconditionally. Makes muststaple work with tls1.3 in nc ok tb@
2021-09-02Use defined constantsinoguchi1-16/+16
2021-09-02Add DB_TYPE_SUSPinoguchi1-1/+2
2021-09-02Correct the is_server flag in the call to the debug callback to be correct.beck1-2/+2
ok tb@
2021-09-02Move subject check process after the subject edit processinoguchi1-105/+106
Referred to OpenSSL commit 2cedf794 and arranged for our codebase. ok tb@
2021-09-02delete %n using test cases, which now intentionally faultderaadt1-13/+1
spotted by anton
2021-09-02RFC 6066 section 8 allows the server MAY choose not send the CertificateStatusbeck1-3/+37
message, even if it has received a "status_request" extension in the client hello message and has sent a "status_request" extention in the server hello message. Genua found a site that is this broken. This makes it work. ok jsing@
2021-09-01inet_ntop(3) needs sys/socket.h for AF_INET / AF_INET6 so add the headerclaudio2-6/+5
to the list. While here remove some of the headers from inet_net_ntop(3) for balance.
2021-09-01comment out the detailed description of SSL_get_servername(3),schwarze1-7/+9
leaving only the basic description in the RETURN VALUES section; tb@ pointed out LibreSSL does not currently provide all those guarantees, and he also OK'ed this diff
2021-09-01Remove assignment of value that is never read.beck1-2/+1
ok tb@
2021-09-01remove manual fiddling with MALLOC_OPTIONS from libc regress testsjasper5-20/+5
these options should be set globally (sysctl) when running regress as opposed to having individual tests set it, barring a few specific exceptions. ok bluhm@
2021-09-01Add a regression test to verify that we call the callback in the samebeck3-4/+551
order on success for both the legacy and the new verifier, This avoids problems as seen in perl's regression tests for some of the crazy things net:ssleay does. This is currently marked as expected to fail, it will be expected to succeed after a forthcoming commit from me.
2021-08-31Remove some dead code that was missed in an earlier cleanup andtb1-4/+3
fix a stale comment. Found by mortimer with clang 13's -Wunused-but-set-variable. ok beck
2021-08-31Defragment DTLS.jsing2-123/+48
In normal TLS, it is possible for record fragments to be sent that contain one byte of alert or handshake message payload. In this case we have to read and collate multiple message fragments before we can decide what to do with the record. However, in the case of DTLS, one record is effectively one packet and while it is possible to send handshake messages across multiple records/packets, the minimum payload is the DTLS handshake message header (plus one byte of data if the handshake message has a payload) - without this, there is insufficient information available to be able to reassemble the handshake message. Likewise, splitting an alert across multiple DTLS records simply does not work, as we have no way of knowing if we're collating the same alert or two different alerts that we lost half of each from (unfortunately, these details are not really specified in the DTLS RFC). This means that for DTLS we can expect to receive a full alert message (a whole two bytes) or a handshake record with at least the handshake message header (12 bytes). If we receive messages with less than these lengths we discard them and carry on (which is what the DTLS code already does). Remove all of the pointless fragment handling code from DTLS, while also fixing an issue where one case used rr->data instead of the handshake fragment. ok inoguchi@ tb@
2021-08-31Remove a nonsensical s->version == TLS1_VERSION from DTLS code.jsing1-6/+1
ok inoguchi@ tb@ (as part of a larger diff)
2021-08-31whitespacetb2-7/+7
2021-08-31enter uuid/jasper1-1/+2
2021-08-31add initial tests for uuid_from_string, uuid_to_string, uuid_create_niljasper2-0/+134
prompted by the bug krw@ fixed yesterday in uuid_from_string()
2021-08-30Clean up and simplify info and msg callbacks.jsing8-127/+88
The info and msg callbacks result in duplication - both for code that refers to the function pointers and for the call sites. Avoid this by providing typedefs for the function pointers and pulling the calling sequences into their own functions. ok inoguchi@ tb@
2021-08-30Replace DTLS r_epoch with the read epoch from the TLSv1.2 record layer.jsing5-27/+26
ok inoguchi@ tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 05:34:37 +0000