boringssl

Commit graph

Autor	SHA1	Nachricht	Datum
Steven Valdez	e412bbd9a1	Fix wildcard match on punycode/IDNA DNS names - bugfix: should not treat '--' as invalid domain substring. - '-' should not be the first letter of a domain (Imported from upstream's `15debc128a`) Change-Id: Ifd8ff7cef1aab69da5cade8ff8c76c3a723f3838 Reviewed-on: https://boringssl-review.googlesource.com/7205 Reviewed-by: David Benjamin <davidben@google.com>	vor 8 Jahren
Adam Langley	57707c70dc	OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>	vor 8 Jahren
Adam Langley	d9e817309a	Fix several warnings that arise in Android. Android is now using Ninja so it doesn't spew so much to the terminal and thus any warnings in BoringSSL (which builds really early in the process) and much more obvious. Thus this change fixes a few warnings that appear in the Android build. Change-Id: Id255ace90fece772a1c3a718c877559ce920b960 Reviewed-on: https://boringssl-review.googlesource.com/6400 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>	vor 9 Jahren
Adam Langley	a89fac585f	Rename tabtest.c and v3nametest.c The binaries for these already have underscores in, best to have the source files match. Change-Id: I32a419f32ec7786fe2537d061eb0706a7bc73f4a Reviewed-on: https://boringssl-review.googlesource.com/5101 Reviewed-by: Adam Langley <agl@google.com>	vor 9 Jahren
Brian Smith	054e682675	Eliminate unnecessary includes from low-level crypto modules. Beyond generally eliminating unnecessary includes, eliminate as many includes of headers that declare/define particularly error-prone functionality like strlen, malloc, and free. crypto/err/internal.h was added to remove the dependency on openssl/thread.h from the public openssl/err.h header. The include of <stdlib.h> in openssl/mem.h was retained since it defines OPENSSL_malloc and friends as macros around the stdlib.h functions. The public x509.h, x509v3.h, and ssl.h headers were not changed in order to minimize breakage of source compatibility with external code. Change-Id: I0d264b73ad0a720587774430b2ab8f8275960329 Reviewed-on: https://boringssl-review.googlesource.com/4220 Reviewed-by: Adam Langley <agl@google.com>	vor 9 Jahren
Adam Langley	6899b19464	Update API to use (char ) for email addresses and hostnames. Reduces number of silly casts in OpenSSL code and likely most applications. Consistent with (char ) for "peername" value from X509_check_host() and X509_VERIFY_PARAM_get0_peername(). (Imported from upstream's e83c913723fac7432a7706812f12394aaa00e8ce.) Change-Id: Id0fc11773a0cee8933978cd4bdbd8251fd7cfb5f	vor 9 Jahren
Adam Langley	6f8c366989	Set optional peername when X509_check_host() succeeds. Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host(). (Imported from upstream's 55fe56837a65ff505b492aa6aee748bf5fa91fec.) Change-Id: Ic21bfb361b8eb25677c4c2175882fa95ea44fc31	vor 9 Jahren
David Benjamin	2a0f3420f7	Fix standalone bio_test and v3name_test on Win64. Win32 still has assembly issues and bssl wants to select() on both sockets and stdin (doesn't work on Windows). But this is a start. Change-Id: Iafc5215be281aed836c5ac2dc8b379399848a2c2 Reviewed-on: https://boringssl-review.googlesource.com/2090 Reviewed-by: Adam Langley <agl@google.com>	vor 10 Jahren
David Benjamin	a70c75cfc0	Add a CRYPTO_library_init and static-initializer-less build option. Chromium does not like static initializers, and the CPU logic uses one to initialize CPU bits. However, the crypto library lacks an explicit initialization function, which could complicate (no compile-time errors) porting existing code which uses crypto/, but not ssl/. Add an explicit CRYPTO_library_init function, but make it a no-op by default. It only does anything (and is required) if building with BORINGSSL_NO_STATIC_INITIALIZER. Change-Id: I6933bdc3447fb382b1f87c788e5b8142d6f3fe39 Reviewed-on: https://boringssl-review.googlesource.com/1770 Reviewed-by: Adam Langley <agl@google.com>	vor 10 Jahren
David Benjamin	c44d2f4cb8	Convert all zero-argument functions to '(void)' Otherwise, in C, it becomes a K&R function declaration which doesn't actually type-check the number of arguments. Change-Id: I0731a9fefca46fb1c266bfb1c33d464cf451a22e Reviewed-on: https://boringssl-review.googlesource.com/1582 Reviewed-by: Adam Langley <agl@google.com>	vor 10 Jahren
Adam Langley	8241005bfa	Client-side namecheck wildcards. A client reference identity of ".example.com" matches a server certificate presented identity that is any sub-domain of "example.com" (e.g. "www.sub.example.com). With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches only direct child sub-domains (e.g. "www.sub.example.com"). (cherry picked from commit `e52c52f10b`) (Imported from upstream's `3cc8a3f234`)	vor 10 Jahren
Adam Langley	dc160f84f5	Fixes to host checking. Fixes to host checking wild card support and add support for setting host checking flags when verifying a certificate chain. (Imported from upstream's `a2219f6be3`)	vor 10 Jahren
Adam Langley	95c29f3cd1	Inital import. Initial fork from `f2d678e6e8` (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)	vor 10 Jahren

4 Commits (71dd6660e849e8f98129c997e2f52ae8991ec3d3)