summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_policy.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* typo: slighty -> slightlytb2025-01-061-2/+2
|
* x509_policy.c: point at RFC 9618tb2024-11-141-3/+3
|
* Remove sk_find_ex()tb2024-03-021-3/+1
| | | | | | | This API intends to find the closest match to the needle. M2Crypto exposes it because it can. This will be fixed by patching the port. ok jsing
* Make LHASH_OF() and STACK_OF() use opaque structstb2024-03-021-1/+2
| | | | | | | | | | | | | This removes internals of these two special snowflakes and will allow further simplifications. Unfortunately, there are some pieces of software that actually use LHASH_OF() (looking at you, pound, Ruby, and openssl(1)), so we get to keep exposing this garbage, at least for now. Expose lh_error() as a symbol to replace a macro reaching into _LHASH. lh_down_load() is no longer available. _LHASH and _STACK are now opaque, LHASH_NODE becomes internal-only. from jsing
* Unifdef LIBRESSL_HAS_POLICY_DAG and remove it from the Makefiletb2023-04-281-5/+1
| | | | with beck
* Silence gcc-4 warnings about sk_sort()tb2023-04-281-5/+6
| | | | | Tell it we deliberately ignore the return value, (we really don't care what the old comparison function was).
* Remove now no longer needed <assert.h>; sort headerstb2023-04-281-4/+2
| | | | ok jsing
* Deassert has_explicit_policy()tb2023-04-281-3/+4
| | | | | | | The only caller is X509_policy_check() which goes straight to error. with beck ok jsing
* Deassert delete_if() callbackstb2023-04-281-5/+7
| | | | | | | | Add sk_is_sorted() checks to the callers of sk_X509_POLICY_NODE_delete_if() and add a comment that this is necessary. with beck ok jsing
* Deassert x509_policy_level_find()tb2023-04-281-18/+27
| | | | | | | | Move the check that level->nodes is sorted to the call site and make sure that the logic is preserved and erroring does the right thing. with beck ok jsing
* Deassert X509_policy_check()tb2023-04-281-2/+3
| | | | | | | | Instead of asserting that i == num_certs - 2, simply make that an error check. with beck ok jsing
* Deassert x509_policy_level_add_nodes()tb2023-04-281-10/+1
| | | | | | | | | This assert is in debugging code that ensures that there are no duplicate nodes on this level. This is an expensive and unnecessary check. Duplicates already cause failures as ensured by regress. with beck ok jsing
* Deassert x509_policy_new()tb2023-04-281-3/+4
| | | | | | | Turn the check into an error which will make all callers error. with beck ok jsing
* Cleanup pass over x509_check_policy.ctb2023-04-281-73/+72
| | | | | | This hoists variable declarations to the top and compiles with -Wshadow. ok beck
* Convert size_t's used in conjuction with sk_X509_num back to int.beck2023-04-271-12/+12
| | | | | | | | | | | The lets the regress in x509/policy pass instead of infinite looping. The changes are necessry because our sk_num() returns an int with 0 for empty and -1 for NULL, wheras BoringSSL's returns a size_t with 0 for both an empty stack and a NULL stack. pair work with tb@ ok tb@ jsing@
* Remove braces around single lines statements using knfmt -stb2023-04-271-84/+49
| | | | Pointed out by anton
* Rework simple allocation and free functions in x509_policy.ctb2023-04-271-32/+36
| | | | | | | Use calloc() instead of malloc/memset and make free functions look the same as elsewhere in the tree. ok beck jsing
* Make x509_policy.c compile with gcc 4.tb2023-04-261-17/+26
| | | | ok beck
* Turn C++ comments into C comments and minor KNF fixupstb2023-04-261-170/+264
|
* KNF according to knfmt(1)tb2023-04-261-515/+600
|
* Add RCS tagtb2023-04-261-0/+1
|
* Make the new policy code in x509_policy.c to be selectable at compile time.beck2023-04-261-0/+4
| | | | | | | The old policy codes remains the default, with the new policy code selectable by defining LIBRESSL_HAS_POLICY_DAG. ok tb@ jsing@
* Add a shim to mimic the BoringSSL sk_delete_if function.beck2023-04-261-0/+23
| | | | | | | We add this locally as a function to avoid delving into the unholy macro madness of STACK_OF(3). ok tb@ jsing@
* Adapt the sk_find calls from BoringSSL's api to ours.beck2023-04-261-6/+5
| | | | ok tb@ jsing@
* Add the STACK_OF declarations we require.beck2023-04-261-2/+46
| | | | ok tb@ jsing@
* Change OPENSSL_malloc|free|memset and friends to the normal versions.beck2023-04-261-6/+6
| | | | ok tb@ jsing@
* Fix error code goopbeck2023-04-261-5/+8
| | | | ok tb@ jsing@
* Use the correct headers to compile with libresslbeck2023-04-261-5/+4
|
* Import policy.c from BoringSSL as x509_policy.cbeck2023-04-261-0/+790
This is an implementation of the X509 policy processing using a DAG instead of a tree to avoid the problem of exponential expansion of the policy tree as specified in RFC 5280 For details see: https://boringssl-review.googlesource.com/c/boringssl/+/55762 ok tb@ jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 11:22:42 +0000