Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | add missing include path; ok tb@ | anton | 2021-12-26 | 1 | -1/+2 |
| | |||||
* | The RFC 3779 test needs LIBRESSL_CRYPTO_INTERNAL as lon as the API | tb | 2021-12-24 | 1 | -2/+2 |
| | | | | isn't public. | ||||
* | Print the name of the test before we run it. | jsing | 2021-12-24 | 1 | -1/+2 |
| | |||||
* | Style tweak in {d2i,i2d}_IPAddrBlocks() | tb | 2021-12-24 | 1 | -5/+5 |
| | |||||
* | Drop -g -O0 from CFLAGS | tb | 2021-12-24 | 1 | -2/+2 |
| | |||||
* | link rfc3779 test to build | tb | 2021-12-24 | 1 | -2/+2 |
| | |||||
* | Add initial test coverage for RFC 3779 code. | tb | 2021-12-24 | 2 | -0/+1804 |
| | | | | | | | | | | | | | | This exercises the code paths that are reached from the validator and also tests that the public API behaves as expected. There is a lot more that could be done here, but this test is already big enough. Missing are tests for X509v3_{addr,asid}_validate_{path,resource_set}() themselves. One test failure is ignored and will be fixed in the near future when a bad logic error in range_should_be_prefix() is fixed. A consequence of this bug is that we will currently accept and generate DER that doesn't conform to RFC 3779. | ||||
* | fix typo: boolean true should decode to 1, not 0 | tb | 2021-12-23 | 1 | -2/+2 |
| | |||||
* | Add regress coverage for the crazy SCT_new_from_base64() API. | jsing | 2021-12-20 | 1 | -1/+57 |
| | |||||
* | support processing <openssl/bn.h> | schwarze | 2021-12-18 | 1 | -3/+24 |
| | |||||
* | To ease maintenance, structure the lists of intentionally undocumented | schwarze | 2021-12-16 | 1 | -55/+109 |
| | | | | | | symbols according to the reason (internal, obsolete, postponed) and according to the header file (asn1, objects, x509, ...). Also, add some minor tweaks needed for <openssl/objects.h>. | ||||
* | Add coverage for CBS additions. | jsing | 2021-12-15 | 1 | -2/+50 |
| | |||||
* | Some more ASN.1 struct types that are postponed (because they are | schwarze | 2021-12-15 | 1 | -2/+5 |
| | | | | | | related to templating macros) or intentionally undocumented. Apart from NETSCAPE, PCTX, and low-level templating stuff, all ASN.1 functions, types, and macros are now documented. | ||||
* | tweak for the generated source | tb | 2021-12-14 | 1 | -2/+2 |
| | |||||
* | more symbols that are postponed or intentionally undocumented and | schwarze | 2021-12-14 | 1 | -6/+55 |
| | | | | some regexp tweaks; the relevant parts of asn1.h are nearing completion | ||||
* | Add regress coverage for ASN1_get_object() | jsing | 2021-12-14 | 1 | -1/+262 |
| | |||||
* | Add regress for ASN1_tag2bit() and ASN1_tag2str() | jsing | 2021-12-14 | 2 | -1/+135 |
| | |||||
* | remove a couple hundred sys/param.h includes in userland code, and | deraadt | 2021-12-13 | 50 | -227/+77 |
| | | | | | | also whack some sys/cdefs.h early includes which is such a brutally bad pattern ok bluhm mbuhl | ||||
* | Merge two bugfixes in ASN1_STRING_TABLE_add(3) and ASN1_STRING_TABLE_get(3) | schwarze | 2021-12-11 | 2 | -2/+131 |
| | | | | | | | | | | | | | | | | | | | | | | from the OpenSSL 1.1.1 branch, which is still under a free license, mostly this commit: commit d35c0ff30b31be9fd5dcf3d552a16feb8de464bc Author: Dr. Stephen Henson <steve@openssl.org> Date: Fri Oct 19 15:06:31 2012 +0000 fix ASN1_STRING_TABLE_add so it can override existing string table values This fixes a segfault in ASN1_STRING_TABLE_add(3), which tried to change a static const entry when called with an nid already in the default table, and it switches the precedence of the two tables in ASN1_STRING_TABLE_get(3). In addition, it changes behaviour in the following minor ways: * Ignore negative minsize and maxsize arguments, not just -1. * Ignore a zero mask and zero flags. It's unclear whether these additional changes make the API absolutely better, but we want compatibility with OpenSSL in these functions. Tweaks & OK tb@. | ||||
* | Fix missing return in asn1_compare_bytes() | jsing | 2021-12-09 | 1 | -1/+2 |
| | |||||
* | Add initial tests for coverage of ASN.1 complex/constructed types. | jsing | 2021-12-09 | 2 | -1/+228 |
| | |||||
* | Add initial tests for coverage of ASN.1 basic/primitive types. | jsing | 2021-12-09 | 2 | -1/+135 |
| | |||||
* | be more specific which NETSCAPE stuff to ignore, and why | schwarze | 2021-12-07 | 1 | -10/+7 |
| | |||||
* | Some improvements allowing to handle asn1.h and x509v3.h: | schwarze | 2021-12-07 | 1 | -10/+47 |
| | | | | | | | | | | | | | * handle multiple qualifiers on the function return type * handle function pointer type declarations * handle unions inside structs * handle forward struct declarations * handle "typedef const" * handle ASN1_F_, ASN1_R_, and X509V3_R_ error constants * handle "#if defined" in the same way as "#ifdef" * skip whitespace between "#" and "define" * skip whitespace before C comments * ignore TYPEDEF_D2I2D_OF | ||||
* | Add initial regress for CT. | jsing | 2021-12-05 | 4 | -1/+415 |
| | | | | This provides test coverage for SCT encoding/decoding. | ||||
* | gross trailing whitespace | tb | 2021-12-04 | 1 | -16/+16 |
| | |||||
* | Free cert, key and ocsp_staple on exit of do_keypair_test(). | tb | 2021-12-04 | 1 | -1/+4 |
| | | | | Reported by Ilya Shipitsine, discussed with jsing | ||||
* | Convert main into single exit to appease asan. | tb | 2021-12-04 | 1 | -22/+33 |
| | |||||
* | Explicitly free EVP_MD_CTX to appease asan. Reported by Ilya Shipitsin. | tb | 2021-12-04 | 1 | -10/+16 |
| | |||||
* | Add regress for ECPKParameters ASN.1 encoding/decoding. | jsing | 2021-12-04 | 2 | -2/+210 |
| | |||||
* | Tell testers which packages to install right away (and why) | kn | 2021-12-02 | 3 | -3/+7 |
| | | | | | | | Other regress tests do it differently; just fix/thouch those that did not mention any package name at all. This helps grepping logs for SKIPPED to find instructions for the next run. | ||||
* | Add regress for {d2i,i2d}_{,DSA_,EC_,RSA_}PUBKEY{,_bio}(). | jsing | 2021-11-30 | 2 | -1/+570 |
| | |||||
* | make the bn/mont test compile with opaque DH. | tb | 2021-11-26 | 1 | -4/+12 |
| | |||||
* | Rework this test to compile with opaque RSA | tb | 2021-11-25 | 1 | -282/+427 |
| | |||||
* | Resolve last issue with opaque BIGNUM in this test. | tb | 2021-11-25 | 1 | -3/+3 |
| | |||||
* | Prepare ssltest for opaque DH | tb | 2021-11-21 | 1 | -18/+39 |
| | |||||
* | wycheproof: modify RSA tests to work with opaque RSA struct | tb | 2021-11-21 | 1 | -11/+57 |
| | |||||
* | wycheproof.go: modify some DSA and ECDSA code to work with opaque structs | tb | 2021-11-21 | 1 | -5/+23 |
| | |||||
* | Switch to BIO_up_ref() instead of adjusting references manually. | tb | 2021-11-20 | 2 | -16/+6 |
| | |||||
* | Use BIO_up_ref() instead of adjusting refcounts manually | tb | 2021-11-20 | 1 | -9/+3 |
| | |||||
* | Mark the X509_VERIFY_PARAM_ID variable type as intentionally | schwarze | 2021-11-19 | 1 | -3/+16 |
| | | | | | | | undocumented. It is an opaque struct used only internally, as a sub-object of the public X509_VERIFY_PARAM type. All related API functions take X509_VERIFY_PARAM arguments, so X509_VERIFY_PARAM_ID is of no interest to the user. | ||||
* | Make function prototype parsing a bit stricter, | schwarze | 2021-11-19 | 1 | -1/+1 |
| | | | | | | | | | | reducing the risk of accidental misparsing: Require whitespace after the function return type (before the asterisk indicating that the function returns a pointer, if any) and do not accept whitespace between the function name and the opening parenthesis of the parameter list. These changes are not a problem because we want that style for KNF reasons anyway. | ||||
* | Very quick and dirty script to help me check that the symbols | schwarze | 2021-11-19 | 1 | -0/+266 |
| | | | | | | | | | | | | | | in one of the public openssl/ header files are all documented. Before attempting to read this code, make sure that you are fully vaccinated against leaning toothpick syndrome. Example usage: ./check_complete.pl x509_vfy ./check_complete.pl -v x509 | less Intentionally not linked to the build. jsing@ agrees with the general direction. | ||||
* | sha512test: replace EVP_MD_CTX_{cleanup,init} pair with EVP_MD_CTX_reset | tb | 2021-11-18 | 1 | -3/+2 |
| | |||||
* | gost: missed one cleanup | tb | 2021-11-18 | 1 | -2/+2 |
| | |||||
* | sha256test: EVP_MD_CTX_cleanup -> EVP_MD_CTX_reset | tb | 2021-11-18 | 1 | -4/+3 |
| | |||||
* | gost2814789t: EVP_MD_CTX_cleanup -> EVP_MD_CTX_reset | tb | 2021-11-18 | 1 | -2/+2 |
| | |||||
* | evptest: no need to call EVP_MD_CTX_cleanup() before EVP_MD_CTX_free() | tb | 2021-11-18 | 1 | -4/+3 |
| | |||||
* | Use HMAC_CTX_reset() instead of HMAC_CTX_cleanup() + HMAC_CTX_init() | tb | 2021-11-18 | 1 | -5/+3 |
| | |||||
* | Fix ssltest to work with opaque EVP_PKEY. | tb | 2021-11-18 | 1 | -22/+33 |
| |