summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* trailing whitespace, and move arg checking before pledgebeck2018-04-271-17/+17
| | | | | in preparation for pledgepath ok deraadt@
* Put function name on a separate line and zap stray whitespace.tb2018-04-251-3/+4
|
* In asn1.h rev. 1.46 2018/04/25 11:48:21, tb@ added const qualifiersschwarze2018-04-257-30/+30
| | | | | to some parameters of some functions. Update the documentation. Add a few additional missing const qualifiers while here.
* Avoid talking about the innternal, undocumented data type "struct lhash_st",schwarze2018-04-251-3/+3
| | | | show the public data type name "LHASH_OF(SSL_SESSION)" instead.
* Document the callbacks as taking "SSL *" and "SSL_CTX *" argumentsschwarze2018-04-251-7/+7
| | | | | and avoid the internal, undocumented names "struct ssl_st *" and "struct ssl_ctx_st *".
* In ssl.h rev. 1.156 2018/04/25 07:10:39, tb@ added const qualifiersschwarze2018-04-255-16/+16
| | | | | to some parameters and return values of some functions. Update the documentation.
* remove whitespace before closing parenstb2018-04-251-5/+5
|
* Add const to functions in asn1/asn1.h as they did in OpenSSL.tb2018-04-2519-92/+96
| | | | | | | BIO_f_asn1() will be taken care of later. Tested in a bulk by sthen ok bcook jca jsing
* Fix capitalization of data. Pointed out by jsing and forgotten intb2018-04-251-2/+2
| | | | previous commit.
* The cookie in the cookie verify callback needs to be const.tb2018-04-252-4/+5
| | | | ok jsing (as part of a larger diff)
* OpenSSL started adding const to functions all over the place. Make alltb2018-04-257-38/+30
| | | | | | | | our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step. this went through a i386 bulk by sthen ok jsing
* Make the NULL check a separate if statement for readability andtb2018-04-231-2/+4
| | | | | | grepability. Req. by jsing
* Make whitespace between functions and structs a bit more consistent.tb2018-04-231-3/+7
|
* Test X509_CRL_METHOD_free(NULL)tb2018-04-231-1/+2
|
* Make X509_CRL_METHOD_free() NULL-safe.tb2018-04-231-2/+2
| | | | ok bcook
* About half of the listed functions are wrappers of ASN1_item_free().tb2018-04-231-113/+113
| | | | Annotate them.
* Add a big pile of *_free() functions which I audited to be NULL-safe.tb2018-04-231-2/+109
|
* Document the "f" callback argument that tb@ asked about.schwarze2018-04-191-2/+16
| | | | | While here, include a patch from tb@ adding the missing return type to ENGINE_ctrl() in the SYNOPSIS.
* tweak previous;jmc2018-04-181-2/+3
|
* SEE ALSO and HISTORYschwarze2018-04-1812-26/+301
|
* delete engine(3); nothing of value left in that pageschwarze2018-04-182-537/+1
|
* link to ENGINE_register_RSA(3) rather than engine(3)schwarze2018-04-181-8/+7
|
* * Document DH_up_ref(3), DSA_up_ref(3), and RSA_up_ref(3).schwarze2018-04-183-16/+73
| | | | | | * Correct documentation of DH_new(3), DH_free(3), DSA_new(3), DSA_free(3), RSA_new(3), and RSA_free(3) with respect to reference counting. * Stop referencing engine(3).
* * Make the description of method selection simpler, more precise,schwarze2018-04-182-128/+67
| | | | | | | and more concise. * Correct the description of the return values of DH_set_method(3) and DSA_set_method(3). * Stop referencing engine(3).
* * Do not document the non-existent function RSA_null_method(3).schwarze2018-04-181-105/+43
| | | | | | | | | | * Add three missing const qualifiers to function prototypes. * Correct the argument type of RSA_new_method(3). * Remove duplicate decsription of RSA_flags(3) and RSA_new_method(3). * Make the description of method selection simpler, more precise, and more concise. * Correct description of the return value of RSA_set_method(3). * Stop referencing engine(3).
* add a few new sentences regarding the big pictureschwarze2018-04-152-2/+15
|
* Rewrite the ENGINE_*(3) documentation from scratch - step 2,schwarze2018-04-158-395/+633
| | | | | | covering the remaining functions that were documented in engine(3), except for seven functions that are completely pointless and that were merely listed but not really documented.
* Rewrite the ENGINE_*(3) documentation from scratch (step 1,schwarze2018-04-1510-530/+1303
| | | | | covering 60% of the documented functions). The old, abominable engine(3) manual page shall die soon.
* In eng_lib.c rev. 1.14 2018/04/14 07:18:37, tb@ allowed ENGINE_free(3)schwarze2018-04-141-53/+46
| | | | | | to accept a NULL argument. Document that. While here, make the related sentences more precise and less verbose. Tweaks and OK tb@.
* Make ENGINE_free() succeed on NULL. Matches OpenSSL's behavior andtb2018-04-148-41/+41
| | | | | | simplifies the caller side. tested by & ok inoguchi; discussed with schwarze
* make ENGINE_finish() succeed on NULL and simplify callers as intb2018-04-1413-100/+58
| | | | | | | | | | | OpenSSL commit 7c96dbcdab9 by Rich Salz. This cleans up the caller side quite a bit and reduces the number of lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net shows that almost nothing checks the return value of ENGINE_finish(). While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'. ok jsing, tested by & ok inoguchi
* In ssl.h rev. 1.155 2018/04/11 17:47:36, jsing@ changedschwarze2018-04-111-13/+3
| | | | | SSL_OP_TLS_ROLLBACK_BUG to no longer have any effect. Update the manual page.
* Nuke SSL_OP_TLS_ROLLBACK_BUG - this is a workaround for buggy clients fromjsing2018-04-112-36/+17
| | | | | | | around the SSLv3/TLSv1.0 period... and buggy clients are buggy. This also helps to clean up the RSA key exchange code. ok "kill it with fire" beck@ tb@
* Delete the description of the argument of the "ciphers" commandschwarze2018-04-101-145/+13
| | | | | | | | | because it was (1) woefully incomplete, (2) partially outdated and wrong, (3) in parts imprecisely worded and hard to understand, (4) excessively technical for a section 1 manual, (5) of excessive size for this particular page, (6) and didn't belong here in the first place because it essentially tried to document a C API - SSL_CTX_set_cipher_list(3), which is now documented, so point to it.
* Write documentation for the control string parameter from scratch,schwarze2018-04-101-30/+273
| | | | collecting the information by inspecting the source code.
* tweak usage()tb2018-04-101-1/+1
|
* Fail early if an X509_VERIFY_PARAM is poisoned - don't allowbeck2018-04-081-8/+10
| | | | | this to be "overridden" by the user supplied callback. ok jsing@
* sort the list of data structures and add the missing ECDH and ECDSA;schwarze2018-04-081-57/+13
| | | | | triggered by OpenSSL commit a73d990e Feb 27 19:02:24 2018 +0100, but with different content
* tweak previous;jmc2018-04-071-4/+4
|
* Correct man page for OpenSSL_no_config() to indicate that itbeck2018-04-071-4/+8
| | | | | suppresses any future config file loading. ok schwarze@ with a nit from jsing@
* Remove function pointers for ssl_{read,write,peek}.jsing2018-04-078-59/+11
| | | | | | | Now that everything goes through the same code path, we can remove a layer of indirection and just call ssl3_{read,write,peek} directly. ok beck@ inoguchi@
* Nuke SSL3_FLAGS_DELAY_CLIENT_FINISHED and SSL3_FLAGS_POP_BUFFER.jsing2018-04-074-70/+8
| | | | | | | These flags enabled experimental behaviour in the write path, which nothing uses. Removing this code greatly simplifies ssl3_write(). ok beck@ inoguchi@ sthen@ tb@
* Revise regress to match tls_keypair_clear() removal.jsing2018-04-071-18/+3
|
* Correct tls_config_clear_keys() behaviour.jsing2018-04-073-30/+18
| | | | | | | | | | | | | Previously this incorrectly called tls_keypair_clear(), which results in the private key being cleared, along with the certificate, OCSP staple and pubkey hash. This breaks OCSP stapling if tls_config_clear_keys() is called following tls_configure(), as is done by httpd. Fix this by calling tls_keypair_clear_key() so that only the private key is cleared, leaving the other public data untouched. While here, remove tls_keypair_clear() and fold the necessary parts into tls_keypair_free(). ok beck@
* Switch to OPENSSL_init_ssl() and prevent an openssl configuration file fromjsing2018-04-071-3/+2
| | | | | | being loaded behind our back, at a later point. ok beck@
* tweak previous;jmc2018-04-071-8/+8
|
* test X509_NAME_add_entry_by_txt(3); feedback and OK jsing@schwarze2018-04-074-2/+81
|
* sys/uio.h is not used anymoreotto2018-04-071-3/+2
|
* Revert revision 1.12 commit. Although *pval looks like a C pointer,bluhm2018-04-061-2/+5
| | | | | | | | it may be something else. For primitive types it is possible that a boolean int has been casted to an ASN1_VALUE pointer. Then the 64 bit read access to *pval may crash due to alignent or 32 bit size. bug report Anton Borowka; OK tedu@ jsing@ miod@
* Avoid leaking str if EVP_Digest() fails.tb2018-04-061-3/+6
| | | | | | | Found and fixed by Bernd Edlinger as part of OpenSSL commit 83b4049ab75e9da1815e9c854a9297bca3d4af6b ok jsing, deraadt, bcook
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-13 19:35:21 +0000