summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* In ocsp.h rev. 1.12 2018/03/17 14:44:34, jsing@ providedschwarze2018-03-181-4/+14
| | | | | OCSP_SINGLERESP_get0_id(3). OpenSSL fails to document it, so document it from scratch.
* In ssl.h rev. 1.149 2018/03/17 14:40:45, jsing@ providedschwarze2018-03-181-6/+79
| | | | | | SSL_CIPHER_get_cipher_nid(3), SSL_CIPHER_get_digest_nid(3), SSL_CIPHER_get_kx_nid(3), SSL_CIPHER_get_auth_nid(3), and SSL_CIPHER_is_aead(3). Merge the documentation from OpenSSL.
* In x509.h rev. 1.42 2018/03/17 14:33:20, jsing@ providedschwarze2018-03-181-3/+14
| | | | X509_REVOKED_dup(3). Document it.
* In ssl.h rev. 1.148 2018/03/17 14:26:13, jsing@ providedschwarze2018-03-181-4/+30
| | | | | SSL_SESSION_get0_id_context(3). Merge the documentation from OpenSSL, tweaked by me.
* Fix a typo: OPENSSL_INIT_LOAD_CONFIG doesn't have double underbars.tb2018-03-181-2/+2
| | | | | | Found via port build failures reported by sthen. ok jsing
* Clean up now that autoconfiguration is available:schwarze2018-03-171-78/+55
| | | | | | | | | | - deprecation notice - say more precisely what OPENSSL_config(3) does - kill the unfounded rumour that the library might inspect environment variables; in fact, only the openssl(1) program inspects $OPENSSL_CONF - garbage collect long, irrelevant ramblings about engines - garbage collect empty RETURN VALUES section - garbage collect CAVEATS section, duplicate information only
* In crypto.h rev. 1.43 and ssl.h rev. 1.153 2018/03/17 16:20:01, beck@schwarze2018-03-176-7/+148
| | | | | | provided OPENSSL_init_crypto(3) and OPENSSL_init_ssl(3). Write the documentation from scratch because the text OpenSSL provides is full of bloat.
* In ssl.h rev. 1.152 2018/03/17 15:55:52, tb@ providedschwarze2018-03-176-9/+97
| | | | | SSL_SESSION_has_ticket(3) and SSL_SESSION_get_ticket_lifetime_hint(3). Merge the documentation from OpenSSL, tweaked by me.
* In x509_cmp.c rev. 1.30 2018/03/17 14:57:23, jsing@ adjustedschwarze2018-03-171-3/+14
| | | | | X509_get0_pubkey(3) to the same semantics as in OpenSSL. Merge the documentation.
* crank majorstb2018-03-173-6/+6
| | | | req by deraadt
* Bump minors after symbol additiontb2018-03-173-3/+3
|
* Bring in compatibility for OpenSSL 1.1 style init functions.beck2018-03-1720-38/+322
| | | | | | | | | This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL ok jsing@, nits by tb@ and deraadt@
* Provide SSL_SESSION_get_ticket_lifetime_hint() andtb2018-03-173-2/+18
| | | | | | SSL_SESSION_has_ticket() ok jsing
* Provide SSL_CTX_get_default_passwd_cb{,_userdata}()tb2018-03-173-2/+18
| | | | ok jsing
* Provide X509_STORE_get0_param()tb2018-03-173-2/+10
| | | | ok jsing
* Provide X509_OBJECT_get_type(). Instead of the X509_LOOKUP_TYPE enumtb2018-03-173-2/+10
| | | | | | (which we don't have) it returns a plain int. ok jsing
* Provide X509_NAME_ENTRY_set()tb2018-03-173-2/+10
| | | | ok jsing
* Provide ECDSA_SIG_{g,s}et0().tb2018-03-173-2/+40
| | | | ok jsing
* Add DSA_meth_{dup,free,new,set_{finish,sign}}()tb2018-03-174-2/+93
| | | | | | | As in RSA_meth_*, note that these functions return NULL in out-of-memory situations, but they do not set an error explicitly. ok jsing
* Provide RSA_meth_{dup,free,new,set_{finish,priv_{dec,enc}}}()tb2018-03-174-3/+104
| | | | | | | Note that these functions return NULL in out-of-memory situations, but contrary to OpenSSL's versions they do not set an error. ok jsing
* Make BIO_meth_get_write() public. Omission spotted by schwarze.tb2018-03-172-1/+3
| | | | ok jsing
* Fix X509_get0_pubkey() - X509_get_pubkey() is a misnamed "get1" function,jsing2018-03-171-2/+4
| | | | | | so call X509_PUBKEY_get0() instead. Spotted by schwarze@ while documenting.
* Provide X509_PUBKEY_get0() by splitting X509_PUBKEY_get() and turning itjsing2018-03-173-7/+19
| | | | into a wrapper that calls X509_PUBKEY_get0() and up refs.
* SSL_SESSION_get_protocol_version() takes a const SSL_SESSION *.tb2018-03-172-4/+4
| | | | | | Noted by schwarze@ ok jsing@
* Provide OCSP_SINGLERESP_get0_id().jsing2018-03-173-2/+10
|
* Provide SSL_CIPHER_get_auth_nid(), SSL_CIPHER_get_cipher_nid(),jsing2018-03-173-2/+110
| | | | | SSL_CIPHER_get_digest_nid(), SSL_CIPHER_get_kx_nid() and SSL_CIPHER_is_aead().
* Provide object identifier for chacha20-poly1305.jsing2018-03-172-0/+3
|
* Provide object identifiers for TLS cipher suite key exchange andjsing2018-03-172-0/+20
| | | | authentication.
* Provide X509_REVOKED_dup().jsing2018-03-173-2/+10
|
* Provide SSL_SESSION_get0_id_context().jsing2018-03-173-11/+22
|
* Consistently spell "IPsec" in comments and debug outputs.mpi2018-03-161-2/+2
| | | | From Raf Czlonka, ok sthen@
* Fix a format string issue that Go 1.10 complains about.jsing2018-03-151-1/+1
|
* Also bump libtls minor after the addition of SSL_CTX_get_min/max_proto_versionjca2018-03-151-1/+1
| | | | cluebat tb@
* Provide SSL_CTX_get_min_proto_version and SSL_CTX_get_max_proto_versionjca2018-03-157-28/+117
| | | | | | | | | We already provided the setters, so also provide the getters like OpenSSL does. Addition prompted by the use of those functions in recent openvpn releases. manpage diff from schwarze@ (thanks!) with input from jsing@, ok tb@ jsing@
* ensure SYS_getrandom and GRND_NONBLOCK are both defined before using ↵bcook2018-03-131-4/+4
| | | | | | | getrandom(2) Based on discussion here https://github.com/libressl-portable/openbsd/pull/82 Suggested fix from jsing@
* Fix for processing of EC public keyinoguchi2018-03-122-15/+27
| | | | | | | | | | | | | | Prevents segmentation fault while reading EC private key without public key. Generates missing EC public key when reading EC private key. Refer to these OpenSSL commits: 1f2b943254ce590867717375e4f364860a9b7154 2083f7c465d07867dd9867b8742bb71c03d1f203 Reported on GitHub https://github.com/libressl-portable/portable/issues/395 by Anton Bukov (@k06a) . ok beck@
* un-revert tls_init pthread_once change, now that stub is added so that ↵beck2018-03-082-15/+23
| | | | builds work
* backout. diff was not tested comprehensively, resulting in a broken tree.deraadt2018-03-072-22/+14
|
* Make tls_init() concurrently callable using pthread_once().beck2018-03-072-15/+23
| | | | | | | | | | | ok jsing@ This brings pthread_once usage into libressl, which will need to get dealt with correctly in portable. This sets us up to autoinit libtls, and we will also be using pthread_once to deal with autoinit stuff in libssl and libcrypto
* use _ALIGN() which is uhm a bit OpenBSD-specific, but it means wederaadt2018-03-061-3/+2
| | | | | | don't need to use sys/param.h at all, guess which one i believe is greater namespace polution ok otto
* Use _MAX_PAGE_SHIFT, rather than #ifdef mips64deraadt2018-03-051-6/+2
| | | | ok guenther kettenis
* Provide macro versions of SSL_CTX_set_min/max_proto_version and friendsjca2018-03-031-1/+16
| | | | | Needed at least by openvpn-2.4.5, which detects availability of this interface using #ifdefs... Discussed with & ok jsing@
* Two new manual pages OPENSSL_sk_new(3) and STACK_OF(3), written fromschwarze2018-03-013-1/+749
| | | | scratch, tweaks and OK jsing@ and jmc@.
* ca start/enddates require all 4 yyyy from 2050 on; first twojmc2018-02-281-6/+6
| | | | | | are otherwise optional diff from holger mikolon, tweaked a bit by me
* Garbage collect RC5 documentation.schwarze2018-02-272-25/+6
| | | | | | We have no code implementing it, tedu@ took care of the rc5/ directory in 2014, the related files are commented out in arch/*/Makefile.inc, and opensslfeatures.h contains an explicit #define OPENSSL_NO_RC5.
* Garbage collect MD2 documentation.schwarze2018-02-273-73/+21
| | | | We have no code implementing those functions.
* fix a wrong preposition; from Daniel Bevenius at gmail dot comschwarze2018-02-271-4/+5
| | | | via OpenSSL commit cbade361 Dec 12 13:14:45 2017 +0100
* Add a cross reference to SSL_get_ex_data_X509_STORE_CTX_idx(3);schwarze2018-02-271-3/+9
| | | | | from Rich Salz <rsalz@openssl.org> via OpenSSL commit 9e183d22 Mar 11 08:56:44 2017 -0500.
* Import SSL_CTX_set_tlsext_use_srtp(3) from OpenSSL, slightly tweaked by me.schwarze2018-02-272-1/+190
|
* Add four options that exist in our tree and are documented in OpenSSL.schwarze2018-02-271-1/+9
|