summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* Automatically handle library initialisation for libtls.jsing2018-03-196-11/+28
| | | | | | | | | Now that we have tls_init() under pthread_once(), automatically initialise libtls from the entry point functions (tls_config(), tls_client() and tls_server()) - this makes an explicit tls_init() call no longer a requirement. ok bcook@ beck@ inoguchi@
* Add regress test ensuring autoinit stays pledge("stdio") safe.beck2018-03-193-1/+50
|
* correct funciton prototypebeck2018-03-191-3/+3
| | | | spotted by anton@
* I should not be calling ENGINE_load_builtin_engines_internalbeck2018-03-191-4/+2
| | | | | here, just the normal version. ok jsing@
* Add a -q (for quick) mode to apptest.sh, and use it by default.beck2018-03-192-11/+35
| | | | | | | this means that running the regression test doesn't take forever because we run a huge dhparam test and openssl speed tests. ok inoguchi@
* Correct mistake of loading the default openssl.conf by default during autoinit.beck2018-03-193-13/+37
| | | | | | | | This brings in the OPENSSL_INIT_LOAD_CONFIG flag with the same semantics as OpenSSL. As a result, by default the openssl.conf file is not loaded during autoinit, which makes autoinit safe for pledge(stdio). ok jsing@
* In ecdsa.h rev. 1.5 2018/03/17 15:24:44, tb@ providedschwarze2018-03-181-4/+39
| | | | | ECDSA_SIG_get0(3) and ECDSA_SIG_set0(3). Merge the documentation from OpenSSL.
* In rsa.h rev. 1.38 2018/03/17 15:12:56 and dsa.h rev. 1.30 2018/03/17schwarze2018-03-1810-15/+400
| | | | | | 15:19:12, tb@ provided a subset of the DSA_meth_*(3) and RSA_meth_*(3) functions. Merge the relevant parts of the manual pages from OpenSSL, heavily tweaked by me, in particular for conciseness.
* In x509.h rev. 1.43 2018/03/17 14:55:39, jsing@ providedschwarze2018-03-181-5/+16
| | | | X509_PUBKEY_get0(3). Merge the documentation from OpenSSL.
* In ocsp.h rev. 1.12 2018/03/17 14:44:34, jsing@ providedschwarze2018-03-181-4/+14
| | | | | OCSP_SINGLERESP_get0_id(3). OpenSSL fails to document it, so document it from scratch.
* In ssl.h rev. 1.149 2018/03/17 14:40:45, jsing@ providedschwarze2018-03-181-6/+79
| | | | | | SSL_CIPHER_get_cipher_nid(3), SSL_CIPHER_get_digest_nid(3), SSL_CIPHER_get_kx_nid(3), SSL_CIPHER_get_auth_nid(3), and SSL_CIPHER_is_aead(3). Merge the documentation from OpenSSL.
* In x509.h rev. 1.42 2018/03/17 14:33:20, jsing@ providedschwarze2018-03-181-3/+14
| | | | X509_REVOKED_dup(3). Document it.
* In ssl.h rev. 1.148 2018/03/17 14:26:13, jsing@ providedschwarze2018-03-181-4/+30
| | | | | SSL_SESSION_get0_id_context(3). Merge the documentation from OpenSSL, tweaked by me.
* Fix a typo: OPENSSL_INIT_LOAD_CONFIG doesn't have double underbars.tb2018-03-181-2/+2
| | | | | | Found via port build failures reported by sthen. ok jsing
* Clean up now that autoconfiguration is available:schwarze2018-03-171-78/+55
| | | | | | | | | | - deprecation notice - say more precisely what OPENSSL_config(3) does - kill the unfounded rumour that the library might inspect environment variables; in fact, only the openssl(1) program inspects $OPENSSL_CONF - garbage collect long, irrelevant ramblings about engines - garbage collect empty RETURN VALUES section - garbage collect CAVEATS section, duplicate information only
* In crypto.h rev. 1.43 and ssl.h rev. 1.153 2018/03/17 16:20:01, beck@schwarze2018-03-176-7/+148
| | | | | | provided OPENSSL_init_crypto(3) and OPENSSL_init_ssl(3). Write the documentation from scratch because the text OpenSSL provides is full of bloat.
* In ssl.h rev. 1.152 2018/03/17 15:55:52, tb@ providedschwarze2018-03-176-9/+97
| | | | | SSL_SESSION_has_ticket(3) and SSL_SESSION_get_ticket_lifetime_hint(3). Merge the documentation from OpenSSL, tweaked by me.
* In x509_cmp.c rev. 1.30 2018/03/17 14:57:23, jsing@ adjustedschwarze2018-03-171-3/+14
| | | | | X509_get0_pubkey(3) to the same semantics as in OpenSSL. Merge the documentation.
* crank majorstb2018-03-173-6/+6
| | | | req by deraadt
* Bump minors after symbol additiontb2018-03-173-3/+3
|
* Bring in compatibility for OpenSSL 1.1 style init functions.beck2018-03-1720-38/+322
| | | | | | | | | This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL ok jsing@, nits by tb@ and deraadt@
* Provide SSL_SESSION_get_ticket_lifetime_hint() andtb2018-03-173-2/+18
| | | | | | SSL_SESSION_has_ticket() ok jsing
* Provide SSL_CTX_get_default_passwd_cb{,_userdata}()tb2018-03-173-2/+18
| | | | ok jsing
* Provide X509_STORE_get0_param()tb2018-03-173-2/+10
| | | | ok jsing
* Provide X509_OBJECT_get_type(). Instead of the X509_LOOKUP_TYPE enumtb2018-03-173-2/+10
| | | | | | (which we don't have) it returns a plain int. ok jsing
* Provide X509_NAME_ENTRY_set()tb2018-03-173-2/+10
| | | | ok jsing
* Provide ECDSA_SIG_{g,s}et0().tb2018-03-173-2/+40
| | | | ok jsing
* Add DSA_meth_{dup,free,new,set_{finish,sign}}()tb2018-03-174-2/+93
| | | | | | | As in RSA_meth_*, note that these functions return NULL in out-of-memory situations, but they do not set an error explicitly. ok jsing
* Provide RSA_meth_{dup,free,new,set_{finish,priv_{dec,enc}}}()tb2018-03-174-3/+104
| | | | | | | Note that these functions return NULL in out-of-memory situations, but contrary to OpenSSL's versions they do not set an error. ok jsing
* Make BIO_meth_get_write() public. Omission spotted by schwarze.tb2018-03-172-1/+3
| | | | ok jsing
* Fix X509_get0_pubkey() - X509_get_pubkey() is a misnamed "get1" function,jsing2018-03-171-2/+4
| | | | | | so call X509_PUBKEY_get0() instead. Spotted by schwarze@ while documenting.
* Provide X509_PUBKEY_get0() by splitting X509_PUBKEY_get() and turning itjsing2018-03-173-7/+19
| | | | into a wrapper that calls X509_PUBKEY_get0() and up refs.
* SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *.tb2018-03-172-4/+4
| | | | | | Noted by schwarze@ ok jsing@
* Provide OCSP_SINGLERESP_get0_id().jsing2018-03-173-2/+10
|
* Provide SSL_CIPHER_get_auth_nid(), SSL_CIPHER_get_cipher_nid(),jsing2018-03-173-2/+110
| | | | | SSL_CIPHER_get_digest_nid(), SSL_CIPHER_get_kx_nid() and SSL_CIPHER_is_aead().
* Provide object identifier for chacha20-poly1305.jsing2018-03-172-0/+3
|
* Provide object identifiers for TLS cipher suite key exchange andjsing2018-03-172-0/+20
| | | | authentication.
* Provide X509_REVOKED_dup().jsing2018-03-173-2/+10
|
* Provide SSL_SESSION_get0_id_context().jsing2018-03-173-11/+22
|
* Consistently spell "IPsec" in comments and debug outputs.mpi2018-03-161-2/+2
| | | | From Raf Czlonka, ok sthen@
* Fix a format string issue that Go 1.10 complains about.jsing2018-03-151-1/+1
|
* Also bump libtls minor after the addition of SSL_CTX_get_min/max_proto_versionjca2018-03-151-1/+1
| | | | cluebat tb@
* Provide SSL_CTX_get_min_proto_version and SSL_CTX_get_max_proto_versionjca2018-03-157-28/+117
| | | | | | | | | We already provided the setters, so also provide the getters like OpenSSL does. Addition prompted by the use of those functions in recent openvpn releases. manpage diff from schwarze@ (thanks!) with input from jsing@, ok tb@ jsing@
* ensure SYS_getrandom and GRND_NONBLOCK are both defined before using ↵bcook2018-03-131-4/+4
| | | | | | | getrandom(2) Based on discussion here https://github.com/libressl-portable/openbsd/pull/82 Suggested fix from jsing@
* Fix for processing of EC public keyinoguchi2018-03-122-15/+27
| | | | | | | | | | | | | | Prevents segmentation fault while reading EC private key without public key. Generates missing EC public key when reading EC private key. Refer to these OpenSSL commits: 1f2b943254ce590867717375e4f364860a9b7154 2083f7c465d07867dd9867b8742bb71c03d1f203 Reported on GitHub https://github.com/libressl-portable/portable/issues/395 by Anton Bukov (@k06a) . ok beck@
* un-revert tls_init pthread_once change, now that stub is added so that ↵beck2018-03-082-15/+23
| | | | builds work
* backout. diff was not tested comprehensively, resulting in a broken tree.deraadt2018-03-072-22/+14
|
* Make tls_init() concurrently callable using pthread_once().beck2018-03-072-15/+23
| | | | | | | | | | | ok jsing@ This brings pthread_once usage into libressl, which will need to get dealt with correctly in portable. This sets us up to autoinit libtls, and we will also be using pthread_once to deal with autoinit stuff in libssl and libcrypto
* use _ALIGN() which is uhm a bit OpenBSD-specific, but it means wederaadt2018-03-061-3/+2
| | | | | | don't need to use sys/param.h at all, guess which one i believe is greater namespace polution ok otto
* Use _MAX_PAGE_SHIFT, rather than #ifdef mips64deraadt2018-03-051-6/+2
| | | | ok guenther kettenis
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 06:48:35 +0000