summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* english is hard.beck2017-01-261-2/+2
|
* Limit the number of sequential empty records that we will processbeck2017-01-264-7/+30
| | | | | | before yielding, and fail if we exceed a maximum. loosely based on what boring and openssl are doing ok jsing@
* Refactor the code to generate a WANT_READ into a function, as we arebeck2017-01-261-18/+20
| | | | | using it more and more to avoid spins. ok jsing@
* Remove most of SSL3_ENC_METHOD - we can just inline the function callsjsing2017-01-2611-135/+63
| | | | | | and defines since they are the same everywhere. ok beck@
* Move relatively new version range code from ssl_lib.c into a separatejsing2017-01-263-158/+175
| | | | | | ssl_versions.c file. ok beck@
* Rename s3_{both,clnt,pkt_srvr}.c to have an ssl_ prefix since they are nojsing2017-01-265-6/+6
| | | | | | longer SSLv3 code. ok beck@
* Merge the client/server version negotiation into the existing (currentlyjsing2017-01-2616-1229/+395
| | | | | | fixed version) client/server code. ok beck@
* Document ERR_load_BN_strings(3).schwarze2017-01-261-11/+47
| | | | | | | | | | | | | | | | | jsing@ confirmed that this function is public and worth documenting. This page needs much more work, it is outrageously incomplete and unclear. For example, it remains unexplained what error strings are, what "registering" means and what the benefit for the application is, what happens if it is not done, or what happens if an error occurs after calling ERR_free_strings(3). I tried to read the code, but it is so contorted that i postponed that work. For example, it looks like there are hooks for applications to replace the functions used for registering strings by other, application-supplied functions, and, of course, there are many levels of macro and function wrappers. For now, i only documented the most obvious BUGS.
* Use numeric exit codes consistently rather than a mixbeck2017-01-261-11/+11
| | | | ok jsing@
* stylebeck2017-01-261-1/+1
|
* Fix the structure initialzation to compile. bad inioguchi and millert :)beck2017-01-261-1/+1
| | | | ok jsing@ rpe@
* Remove ssl3_undef_enc_method - if we have internal bugs we want to segfaultjsing2017-01-265-36/+8
| | | | | | | so that we can debug it, rather than adding a "should not be called" error to the stack. Discussed with beck@
* Remove a sess_cert reference from a comment in the public header.jsing2017-01-261-5/+2
| | | | Noted by zhuk@
* split the tls_init(3) that had grown fat to allow healthy future growth;schwarze2017-01-2515-888/+1474
| | | | suggested by jsing@; "i would just chuck it in" jmc@
* Fix array initialization syntax for ocspcheck.cinoguchi2017-01-251-1/+1
| | | | | Conformance to C99, and avoiding build break on VisualStudio and HP-UX. OK millert@
* document BN_asc2bn(3);schwarze2017-01-251-3/+27
| | | | jsing@ confirmed that it is a public function worth documenting
* remove __BEGIN_DECLS and __END_DECLS from http.hinoguchi2017-01-251-5/+1
| | | | | sync with ocspcheck and acme-client ok benno@
* bring changes from acme-client over here.benno2017-01-251-56/+54
| | | | ok beck@
* Update ssl versions regress to handle min/max configured versions andjsing2017-01-251-47/+201
| | | | the cover the ssl_supported_version_range() function.
* Limit enabled version range by the versions configured on the SSL_CTX/SSL,jsing2017-01-253-23/+84
| | | | | | | provide an ssl_supported_versions_range() function which also limits the versions to those supported by the current method. ok beck@
* Add start of a regress for cert gen and validation. not clean, won'tbeck2017-01-255-0/+394
| | | | hook it up yet
* link in rsa testbeck2017-01-251-1/+2
|
* Add rsa test from openssl, since it has a license nowbeck2017-01-252-0/+344
|
* Change the SSL_IS_DTLS() macro to check the version, rather than using ajsing2017-01-252-7/+4
| | | | | | | flag in the encryption methods. We can do this since there is currently only one DTLS version. This makes upcoming changes easier. ok beck@
* Construct a BN_gcd_nonct, based on BN_mod_inverse_no_branch, as suggestedbeck2017-01-256-10/+170
| | | | | | | | | | | by Alejandro Cabrera <aldaya@gmail.com> to avoid the possibility of a sidechannel timing attack during RSA private key generation. Modify BN_gcd to become not visible under LIBRESSL_INTERNAL and force the use of the _ct or _nonct versions of the function only within the library. ok jsing@
* Provide ssl3_packet_read() and ssl3_packet_extend() functions that improvejsing2017-01-253-35/+59
| | | | | | | the awkward API provided by ssl3_read_n(). Call these when we need to read or extend a packet. ok beck@
* Provide defines for SSL_CTRL_SET_CURVES/SSL_CTRL_SET_CURVES_LIST for thingsjsing2017-01-251-1/+15
| | | | | | | | that are conditioning on these. From BoringSSL. ok beck@
* fix make clean and warningsotto2017-01-242-1/+3
|
* make sure realloc preserves dataotto2017-01-241-17/+45
|
* use ${.OBJDIR}otto2017-01-241-8/+8
|
* BUF_MEM_free(), X509_STORE_free() and X509_VERIFY_PARAM_free() all checkjsing2017-01-242-18/+10
| | | | for NULL, as does lh_free() - do not do the same from the caller.
* sk_free() checks for NULL so do not bother doing it from the callers.jsing2017-01-244-10/+9
|
* sk_pop_free() checks for NULL so do not bother doing it from the callers.jsing2017-01-247-50/+31
|
* Within libssl a SSL_CTX * is referred to as a ctx - fix this forjsing2017-01-241-29/+29
| | | | SSL_CTX_free().
* correct usage format; ok beck claudio bennoderaadt2017-01-241-2/+3
|
* in resolver(3), document that _EDNS0 and _DNSSEC are no ops;jmc2017-01-241-6/+17
| | | | | | | diff from kirill miazine while here, bump all the no op texts to one standard blurb; help/ok jca
* fix mode on open() and ftruncate(), noticed bybeck2017-01-241-2/+4
| | | | bcook@
* #if 0 the ecformats_list and eccurves_list - these are currently unused butjsing2017-01-241-2/+5
| | | | will be revisited at some point in the near future.
* Remove unused cert variable.jsing2017-01-241-3/+1
| | | | Found by bcook@
* Say no to two line error messages on failurebeck2017-01-241-4/+3
|
* s/returns/exits/beck2017-01-241-2/+2
|
* Break run-on sentence into two.beck2017-01-241-3/+4
|
* string terminator is called a NULderaadt2017-01-242-5/+5
|
* Actually load the cafile when providede, and error message cleanupbeck2017-01-241-4/+4
|
* use warn, I have errno here. noticed by theobeck2017-01-241-1/+1
|
* Yes the "if (const == val" idiom provides some safety, but it grates onderaadt2017-01-241-58/+58
| | | | | us too much. ok beck jsing
* knfbeck2017-01-241-1/+2
|
* revert accidental commit of theo diffbeck2017-01-241-58/+58
|
* Just don't bother with OpenSSL error strings, they are mostlybeck2017-01-242-77/+71
| | | | irrelevant and look gross here anyway.. we don't need them
* various cleanup;jmc2017-01-242-29/+28
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 10:00:56 +0000