| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
Provide prototype that is hidden behind LIBRESSL_INTERNAL for portable
and or in result for future extensibility.
|
| |
|
|
|
| |
This would detect the aliasing issue reported by Guido Vranken fixed
in bn_gcd.c r1.28. Most testcases are from BoringSSL's regress test.
|
| | |
|
| |
|
|
| |
This now tests what the comment says it does
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an un-revert with nits of the previously landed change
to do this which broke libtls. libtls has now been changed to
not use this function.
This change ensures that if something is returned it is "text"
(UTF-8) and a C string not containing a NUL byte. Historically
callers to this function assume the result is text and a C string
however the OpenSSL version simply hands them the bytes from an
ASN1_STRING and expects them to know bad things can happen which
they almost universally do not check for. Partly inspired by
goings on in boringssl.
ok jsing@ tb@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
From Ilya Chipitsine
|
| |
|
|
| |
Should make coverity happier
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
With e_old.c gone, we no longer need this.
|
| | |
|
| |
|
|
| |
This currently leaks, which will fixed in a follow-on commit.
|
| |
|
|
|
|
| |
This test depends on RAND_set_rand_method() allowing stupid things like
making ECDSA signatures deterministic. This was gutted a long time ago
and the function should have followed its wrappers into the attic.
|
| |
|
|
|
|
|
| |
regress for the moment. this will come back after we rethink
the failure versus not there case.
ok tb@ jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently these functions return raw ASN1_STRING bytes as
a C string and ignore the encoding in a "hold my beer I am
a toolkit not a functioning API surely it's just for testing
and you'd never send nasty bytes" kind of way.
Sadly some callers seem to use them to fetch things liks
subject name components for comparisons, and often just
use the result as a C string.
Instead, encode the resulting bytes as UTF-8 so it is
something like "text",
Add a failure case if the length provided is inadequate
or if the resulting text would contain an nul byte.
based on boringssl.
nits by dlg@
ok tb@
|
| |
|
|
|
|
| |
and for now, skip the the BIO_R_* reason codes.
It looks like all public symbols in the BIO library
are now documented or marked as intentionally undocumented.
|
| |
|
|
|
| |
This is a wrapper of i2d_ASN1_bio_stream() that doesn't require us to
pass in PKCS7_it.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Found with the help of Otto's malloc memory leak detector!
|
| | |
|
| |
|
|
| |
debugged with job
|
| |
|
|
|
| |
as intentionally undocumented. Do that here because no related
manual pages exist.
|
| |
|
|
|
|
|
| |
This ensures that we will no longer silently ignore a certificate with
a critical policy extention by default.
ok tb@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
These new tests won't bubble up a non-zero error exit code because
other libcrypto bits still need to land first.
|
| |
|
|
|
|
|
|
|
| |
These were adapted from BoringSSL's regress tests for x509
policy. They are currently marked as expected to fail as
we have not enabled LIBRESSL_HAS_POLICY_DAG by default yet, and
the old tree based policy code from OpenSSL is special.
These tests pass when we build with LIBRESSL_HAS_POLICY_DAG.
|
| | |
|
| |
|
|
| |
ok knfmt
|
| | |
|
| | |
|
| |
|
|
| |
corrected we pass
|
| |
|
|
|
| |
We currently still fail two of these, looks like one more bug in
extracting the depth for require policy from the certificate..
|
| | |
|
| |
|
|
|
|
| |
Still a work in progress adapting tests from boringssl x509_test.cc
but dropping in here for tb to be able to look at and run as well
since the new stuff still has bugs.
|
| |
|
|
|
| |
The program won't exit with a non-zero exit code if X509_CRL_set_*
tests fail, as the relevant bits haven't been committed to libcrypto yet.
|
| | |
|
