summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* consictently use .Dv NULL and a few other tweaks; ok schwarze@otto2017-04-171-20/+17
|
* whitespace fixesotto2017-04-171-14/+14
|
* Use INT_MAX instead of SIZE_MAX as the maximum file size we can handle.kettenis2017-04-161-2/+2
| | | | | | Fixes this test on 64-bit architectures. ok visa@
* Define DEF_WEAK like we do for ld.so to fix building this with clang.kettenis2017-04-161-1/+2
| | | | ok millert@, deraadt@
* Move comments into a block and uses {} to unconfuse reading.deraadt2017-04-161-12/+13
|
* Use %zu to print a size_t.kettenis2017-04-161-2/+2
|
* Remove unused rnd_seed variable. Upstream made the same change 4 days ago.kettenis2017-04-161-3/+0
| | | | Fixes compiling this test using clang on arm64.
* backout previous, data_len is not always initializedotto2017-04-161-2/+5
|
* Use freezero(3) when cleaning up session tickets - not only does it requirejsing2017-04-141-6/+3
| | | | | less code, but there is also a potential performance gain since they can be larger allocations.
* Use freezero(3) to clean up the X25519 keys - simpler, cleaner code.jsing2017-04-141-6/+3
|
* Use freezero(3) in the CBB clean up path, since this could hold sensitivejsing2017-04-141-3/+2
| | | | information (such as master keys).
* Switch i2d_SSL_SESSION() back to freezero(3) now that the size constraintsjsing2017-04-141-5/+2
| | | | have been relaxed.
* Clean up server key exchange EC point handling. Encode the point directlyjsing2017-04-141-27/+15
| | | | | | | | into the CBB memory, rather than mallocing and memcpying, which also makes makes the code more consistent with the client. Add a missing check for the first EC_POINT_point2oct() call. ok beck@
* allow clearing less than allocated and document freezero(3) betterotto2017-04-132-13/+26
|
* New strstr() implementation from musl libc by Rich Felker. Thismillert2017-04-121-44/+180
| | | | | | | | version uses the two-way string matching algorithm and is faster than the old implementation. With this change, ports that check for strstr having linear complexity time strstr will no longer replace the libc strstr with a private version. OK deraadt@ espie@
* Revert ssl_asn1.c r1.50 - CBB and freezero(3) do not play nicely together.jsing2017-04-111-2/+5
| | | | | | Back this out while we investigate and implement a solution. Found the hard way by sthen@
* new X25519(3) manual page;schwarze2017-04-105-10/+113
| | | | from Dr. Stephen Henson <steve@openssl.org>, OpenSSL commit d218f3c3
* Use freezero() for the internal opaque structures, instead of the currentjsing2017-04-103-18/+9
| | | | explicit_bzero()/free(). Less code and potentially less overhead.
* Use freezero() for X25519 keys - same result with more readable code.jsing2017-04-101-7/+3
|
* document three additional functions;schwarze2017-04-101-7/+60
| | | | from Emilia Kasper <emilia at openssl dot org>, OpenSSL commit 4ac139b4
* Rework and significantly extend TLS name verification tests to matchjsing2017-04-101-99/+377
| | | | changes in libtls.
* Rework name verification code so that a match is indicated via an argument,jsing2017-04-105-47/+76
| | | | | | | | | | rather than return codes. More strictly follow RFC 6125, in particular only check the CN if there are no SAN identifiers present in the certificate (per section 6.4.4). Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>. ok beck@ jca@
* freezero() the key block; simpler code and less of it.jsing2017-04-101-7/+3
|
* Use freezero() for i2d_SSL_SESSION() - one line of code instead of three.jsing2017-04-101-5/+2
| | | | | | In this case the memory allocated can also be significant, in which case freezero() will have less overhead than explicit_bzero() (munmap instead of touching all of the memory to write zeros).
* fix some .Xr errors that jmc@ found with mdoclint(1)schwarze2017-04-103-12/+13
|
* new manual page SSL_get_server_tmp_key(3)schwarze2017-04-103-2/+88
| | | | from Matt Caswell <matt@openssl.org>, OpenSSL commit 508fafd8
* Additional SSL_SESSION documentationschwarze2017-04-1011-16/+349
| | | | | from Matt Caswell <matt at openssl dot org>, OpenSSL commit b31db505. Improve crosslinking while here.
* for pure *_ctrl() wrapper macros, move the reference from ssl(3)schwarze2017-04-1014-49/+54
| | | | to SSL_CTX_ctrl(3) to make ssl(3) slightly more palatable
* new manual page SSL_CTX_set_tlsext_servername_callback(3) for SNI;schwarze2017-04-102-1/+126
| | | | | from <Jon dot Spillett at oracle dot com> via OpenSSL commit 8c55c461
* tweak previous;jmc2017-04-101-4/+4
|
* Convert various client key exchange functions to freezero(3). The memoryjsing2017-04-101-14/+5
| | | | | contents needs to be made inaccessible - this is simpler and less error prone than the current "if not NULL, explicit_bzero(); free()" dance.
* Introducing freezero(3) a version of free that guarantees the processotto2017-04-102-36/+130
| | | | | | no longer has access to the content of a memmory object. It does this by either clearing (if the object memory remains cached) or by calling munmap(2). ok millert@, deraadt@, guenther@
* pasto; from <Jon dot Spillett at oracle dot com> via OpenSSL commit 3aaa1bd0schwarze2017-04-101-3/+3
|
* typo fix; from <Jon dot Spillett at oracle dot com>schwarze2017-04-101-5/+5
| | | | via OpenSSL commit 7bd27895
* Simplify/clean up BUF_MEM_grow_clean().jsing2017-04-091-17/+16
| | | | ok beck@
* With recallocarray() BUF_MEM_grow() is essentially the same asjsing2017-04-091-28/+2
| | | | | | | BUF_MEM_grow_clean() (the only difference is clearing on internal down sizing), so make it a wrapper. ok beck@ deraadt@
* Explicitly test for NULL.jsing2017-04-091-4/+4
| | | | ok beck@
* Improve unknown protocol version handling.jsing2017-04-091-2/+3
|
* In ssl.h TLS 1.0 is called TLSv1. Adapt name in test to make it pass.bluhm2017-04-071-1/+1
| | | | OK jsing@
* Use uint8_t instead of u_int8_t - for consistency and to make things easierjsing2017-04-071-2/+2
| | | | | | for portable. From Raphael Hittich.
* trailing ; on end of macro definition is wrong; ok guentherderaadt2017-04-061-4/+4
|
* Consistentcy between nmembers and size order. From Christopher Hettrick;otto2017-04-061-8/+8
| | | | ok deraadt@
* bump version for new development branchbcook2017-04-061-3/+3
|
* first print size in meta-data then supplied arg size when an inconsistency isotto2017-04-061-3/+3
| | | | detected wrt recallocarray()
* - -Z before -z in options listjmc2017-04-052-7/+9
| | | | - add -Z to help and usage()
* Allow nc to save the peer certificate and chain in a pem file specifiedbeck2017-04-052-4/+39
| | | | | with -Z ok jsing@
* Add tls_peer_cert_chain_pem - To retreive the peer certificate and chainbeck2017-04-057-6/+77
| | | | | | | as PEM format. This allows for it to be used or examined with tools external to libtls bump minor ok jsing@
* Internal changes to allow for relayd engine privsep. sends the hash of thebeck2017-04-055-29/+87
| | | | | | public key as an identifier to RSA, and adds an function for relayd to use to disable private key checking when doing engine privsep. ok jsing@
* Fix silly code that printfs NULL when there are no fractional secondsbeck2017-04-031-2/+2
| | | | | | on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
* rephrase more enumerations of functionsotto2017-03-291-13/+10
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 22:17:29 +0000