summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix tests that got incorrectly inverted with the BN_CTX_get() return checkjsing2015-02-142-10/+10
| | | | | | diff. Spotted by miod@
* Expand ASN1_CHOICE*, ASN1_SEQUENCE* and associated macros, making thejsing2015-02-146-120/+832
| | | | | | | | | data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Expand ASN1_CHOICE*, ASN1_SEQUENCE* and associated macros, making thejsing2015-02-142-18/+106
| | | | | | | | | data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Attempt to correctly free temporary storage upon error. With help frommiod2015-02-142-30/+36
| | | | | doug@ and jsing@, ok doug@ three months ago (sigh... I sometimes suck bigtime at commiting bugfixes)
* second batch of perlpod(1) to mdoc(7) conversionschwarze2015-02-1423-924/+1381
|
* While doing development work on pod2mdoc(1),schwarze2015-02-1411-534/+773
| | | | | | profit of the occasion to start the conversion of LibreSSL libcrypto manuals from perlpod(1) to mdoc(7). miod@ jmc@ bentley@ agreed to the process when shown this patch.
* Spell NULL correctly, be explicit with NULL checks and it is also easier tojsing2015-02-144-20/+12
| | | | | | initialise during declaration and drop the else statement. ok doug@ miod@
* Fix pod markup error.miod2015-02-141-1/+1
|
* Try and fix a bunch of memory leaks upon error;miod2015-02-146-24/+66
| | | | ok tedu@ about 7 months ago and I was sitting upon this diff for no reason
* Consistently check the return value from BN_CTX_get() on assignment.jsing2015-02-148-84/+88
| | | | | | | This is the same as the previous larger commit, however it would seem the GOST part got missed. ok beck@ doug@
* End sentences with dots.miod2015-02-131-3/+3
|
* Don't leak memory on errors - fixes coverity issues 105353 105253beck2015-02-132-8/+18
| | | | ok guenther@ jsg@
* fix leaking of bn, coverity issue 105351beck2015-02-132-2/+4
| | | | ok doug@
* prevent a crash with openssl asn1parse -genstr FORMATjsg2015-02-122-2/+10
| | | | | | aka ASN1_generate_nconf("FORMAT", NULL) ok krw@ beck@ jsing@
* bump minor for TLS_PROTOCOLS_ALL. OK jsing@reyk2015-02-121-1/+1
|
* Add a tls_config_parse_protocols() function that allows a protocols stringjsing2015-02-122-2/+63
| | | | | | | | | to be converted into a libtls protocols value. This allows for things like: "tlsv1.0,tlsv1.1" (TLSv1.0 and TLSv1.1) "all,!tlsv1.0" (all protocols except TLSv1.0) Discussed with tedu@ and reyk@
* Fix handling of "legacy" mode for tls_config_set_dheparams().jsing2015-02-121-2/+2
| | | | Found by reyk@
* qsort() compare functions MUST use memcmp() instead of bcmp() to haveguenther2015-02-121-2/+4
| | | | | | the correct return value. Prefer memcmp() anyway for portability. ok jsing@ tedu@
* Change TLS_PROTOCOLS_DEFAULT to be TLSv1.2 only. Add a TLS_PROTOCOLS_ALLjsing2015-02-121-2/+4
| | | | | | | | that includes all currently supported protocols (TLSv1.0, TLSv1.1 and TLSv1.2). Change all users of libtls to use TLS_PROTOCOLS_ALL so that they maintain existing behaviour. Discussed with tedu@ and reyk@.
* If you do not support POSIX I/O then you're not tall enough to ride...jsing2015-02-128-46/+8
| | | | ok tedu@
* unifdef -m -UOPENSSL_NO_NEXTPROTONEG - NPN is being replaced with ALPN,jsing2015-02-128-48/+8
| | | | | | however it is not likely to be removed any time soon. ok beck@ miod@
* swap limits.h for sys/limits.hbcook2015-02-121-1/+1
| | | | ok jsing@
* use a width specifier for lists, and Sq rather than Dq for single lettersjmc2015-02-111-3/+3
| | | | to avoid swamping it;
* Provide a tls_connect_servername() function that has the same behaviourjsing2015-02-114-6/+27
| | | | | | | | | as tls_connect(), however allows the name to use for verification to be explicitly provided, rather than being inferred from the host value. Requested by reyk@ ok reyk@ tedu@
* Be consistent with naming - only use "host" and "hostname" when referringjsing2015-02-116-60/+61
| | | | | | | | | | to an actual host and use "servername" when referring to the name of the TLS server that we expect to be indentified in the server certificate. Likewise, rename verify_host to verify_name and use the term "name" throughout the verification code (rather than host or hostname). Requested by and ok tedu@
* Do not rely upon malloc(0) not returning NULL. Not all malloc implementationsmiod2015-02-111-6/+10
| | | | | | have this property. Instead, skip the malloc and memcmp if their size is zero. Per bcook@ request in order to run on AIX
* Guenther has plans for OPENSSL_NO_CMS, so revert this for the moment.beck2015-02-1118-24/+246
|
* the possible algos for pref should be documented heretedu2015-02-111-4/+11
|
* Remove initialisers with default values from the ASN1 data structures.jsing2015-02-1134-376/+46
| | | | | Minor changes in generated assembly due to the compiler swapping from .quad 0/.long 0 to .zero, along with changes due to line numbering.
* get rid of OPENSSL_NO_CMS code we do not use.beck2015-02-1118-246/+24
| | | | ok miod@
* get rid of OPENSSL_NO_COMP code we don't use.beck2015-02-114-22/+4
| | | | jajaja miod@
* Expand most of the ASN1_SEQUENCE* and associated macros, making the datajsing2015-02-1134-292/+1900
| | | | | | | | | | structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and the generated assembly only differs by changes to line numbers. Discussed with beck@ miod@ tedu@
* Enable building with -DOPENSSL_NO_DEPRECATED.doug2015-02-1161-61/+142
| | | | | | | | | | | | | | | If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@
* More unifdef OPENSSL_NO_RFC3779 that got missed last time around.jsing2015-02-114-32/+4
| | | | Spotted by beck@
* Introduce an openssl(1) certhash command.jsing2015-02-103-9/+685
| | | | | | | | | | | | | | | | | | This is effectively a reimplementation of the functionality provided by the previously removed c_rehash Perl script. The c_rehash script had a number of known issues, including the fact that it needs to run openssl(1) multiple times and that it starts by removing all symlinks before putting them back, creating atomicity issues/race conditions, even when nothing has changed. certhash is self-contained and is intended to be stable - no changes should be made unless something has actually changed. This means it can be run regularly in a production environment without causing certificate lookup failures. Further testing and improvements will happen in tree. Discussed with tedu@
* unifdef OPENSSL_NO_RFC3779 - this is currently disabled and unlikely tojsing2015-02-1013-5410/+9
| | | | | | be enabled, mostly since people use SANs instead. ok beck@ guenther@
* Remove old interesting but not useful content.jsing2015-02-102-556/+0
| | | | ok miod@
* unifdef OPENSSL_NO_RC5jsing2015-02-106-58/+6
|
* Remove RC5 code - this is not currently enabled and is not likely to everjsing2015-02-1017-2166/+2
| | | | | | | | be enabled. Removes one symbol from libcrypto, however there is no ABI change. ok beck@ miod@ tedu@
* Remove more IMPLEMENT_STACK_OF noops that have been hiding for the lastjsing2015-02-1026-78/+28
| | | | 15 years.
* Remove crypto/store - part of which is "currently highly experimental".jsing2015-02-1015-7016/+1
| | | | | | | This code is not compiled in and OPENSSL_NO_STORE is already defined in opensslfeatures.h. No symbol removal for libcrypto. ok beck@
* EVP_BytesToKey(): return through the error path (which cleans things up)miod2015-02-102-6/+6
| | | | if EVP_DigestInit_ex() fails.
* Replace assert() and OPENSSL_assert() calls with proper error return paths.miod2015-02-1026-102/+282
| | | | Careful review, feedback & ok doug@ jsing@
* Remove default value initialisers for ASN1_ITEM. Minor changes to generatedjsing2015-02-102-186/+22
| | | | assembly due to switches between .quad and .zero for structs.
* Remove unnecessary include of assert.hmiod2015-02-1010-20/+10
|
* Remove assert() or OPENSSL_assert() of pointers being non-NULL. The policymiod2015-02-1032-170/+34
| | | | | for libraries in OpenBSD is to deliberately let NULL pointers cause a SIGSEGV. ok doug@ jsing@
* Expand IMPLEMENT_ASN1_TYPE macros - no change to generated assembly.jsing2015-02-102-46/+442
|
* The IMPLEMENT_STACK_OF and IMPLEMENT_ASN1_SET_OF macros were turned intojsing2015-02-1020-94/+20
| | | | | noops around 15 years ago. Remove multiple occurances of both that still exist in the code today.
* Place the IMPLEMENT_ASN1_.*FUNCTION.* macros under an #ifndefjsing2015-02-102-2/+8
| | | | LIBRESSL_INTERNAL - we do not need them any more.
* Expand IMPLEMENT_ASN1_NDEF_FUNCTION and IMPLEMENT_ASN1_PRINT_FUNCTIONjsing2015-02-102-6/+28
| | | | | | | | macros so that the code is visible and functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-26 03:46:05 +0000