summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Move ALPN and NPN fields from SSL/SSL_CTX to internal.jsing2017-01-227-125/+129
| | | | ok beck@
* Move internal parts of ssl_session_st to internalbeck2017-01-224-40/+40
| | | | ok jsing@
* Move recently added min_version/max_version from SSL and SSL_CTX to theirjsing2017-01-222-10/+6
| | | | opaque structs.
* Wrap long lines.jsing2017-01-221-4/+7
|
* Bump majors for libssl and libtls following the translucent struct change.jsing2017-01-222-2/+2
| | | | Further changes to the publically visible structs will ride this bump.
* Convert publically visible structs to translucent structs.jsing2017-01-228-29/+111
| | | | | | | | | | | | | This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary. This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified. ok beck@
* Clean up ssl3_new() - in particular, we do not need to zero fields thatjsing2017-01-221-11/+4
| | | | | | are within a struct that was just allocated via calloc. ok beck@
* There is no point in setting struct fields to zero, when you've alreadyjsing2017-01-221-5/+2
| | | | | | zeroed the entire struct via memset. ok beck@
* use BN_div_nonct where it is safe to do so.beck2017-01-211-2/+2
| | | | ok guenther@
* Add ct and nonct versions of BN_mod_inverse for internal usebeck2017-01-2113-36/+67
| | | | ok jsing@
* Split out BN_div and BN_mod into ct and nonct versions for Internal use.beck2017-01-2117-58/+92
| | | | ok jsing@
* Make explicit _ct and _nonct versions of bn_mod_exp funcitons thatbeck2017-01-2119-47/+249
| | | | | | | | | | | | matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@
* whitespacederaadt2017-01-212-5/+5
|
* 1. When shrinking a chunk allocation, compare the size of the currentotto2017-01-211-46/+87
| | | | | | | | | | allocation to the size of the new allocation (instead of the requested size). 2. Previously realloc takes the easy way and always reallocates if C is active. This commit fixes by carefully updating the recorded requested size in all cases, and writing the canary bytes in the proper location after reallocating. 3. Introduce defines to test if MALLOC_MOVE should be done and to compute the new value.
* Specify minimum and maximum protocol version for each method. This isjsing2017-01-216-6/+36
| | | | | | currently unused, but will be in the near future. ok beck@
* Place {DECLARE,IMPLEMENT}_OBJ_BSEARCH{_GLOBAL,}_CMP_FN macros undefjsing2017-01-211-1/+5
| | | | LIBRESSL_INTERNAL.
* Expand DECLARE_OBJ_BSEARCH_CMP_FN and IMPLEMENT_OBJ_BSEARCH_CMP_FN macros.jsing2017-01-216-28/+168
| | | | No change to generated assembly excluding line numbers.
* /usr/bin/unifdef -D MONT_MUL_MOD -D MONT_EXP_WORD -D RECP_MUL_MOD -m bn_exp.cbeck2017-01-211-23/+2
| | | | | with some style cleanup after. no binary change ok jsing@
* Expand DECLARE_OBJ_BSEARCH_CMP_FN and IMPLEMENT_OBJ_BSEARCH_CMP_FN macros.jsing2017-01-212-8/+38
| | | | No change to generated assembly excluding line numbers.
* Expand DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN macro.jsing2017-01-211-2/+2
| | | | No change in preprocessor output (ignoring whitespace and line numbers).
* Expand IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN macro.jsing2017-01-211-2/+16
| | | | No change in generated assembly.
* fix bogus commentbeck2017-01-211-2/+2
| | | | ok jsing@
* Make return value of X509_verify_cert be consistent with the error code,beck2017-01-211-2/+10
| | | | | | with the caveat that we force V_OK when a user provided callback has us returning success. ok inoguchi@ jsing@
* rearrange pledge promises into the canonical order; easier to eyeballderaadt2017-01-2039-77/+77
|
* fix pledge for openssl ocsp - we will need tty to ask for a cert pwbeck2017-01-201-2/+2
|
* Rework internal_verify, mostly from OpenSSL. so we can progressbeck2017-01-201-102/+102
| | | | | towards cleaning up the V_OK stuff. ok kinichiro@
* fix openssl ocsp to not report sucess when the ocsp responder rejects usbeck2017-01-191-3/+3
| | | | ok deraadt@ krw@
* unhook ocsp test from the default since it currently requires network access andbeck2017-01-181-2/+1
| | | | therefore appears to break in bluhm's test setup
* Correctly tls_config_set_ca_file() return value (no effective change).jsing2017-01-171-2/+2
| | | | Spotted by inoguchi@
* whitespacederaadt2017-01-131-3/+3
|
* Inline strlen() call to reduce/simplify code.jsing2017-01-121-5/+2
|
* Inline tls_get_new_cb_bio() from the only place that it gets called,jsing2017-01-121-22/+11
| | | | | simplifying the code. Also check the provided read and write callbacks before assigning to the context.
* If tls_set_cbs() fails an error will already be specified, so do notjsing2017-01-122-8/+4
| | | | replace it with a less specific one.
* change two trailing Xr to Fn; ok schwarzejmc2017-01-122-6/+6
|
* Simplify the TLS callback BIO code - a pointer to the tls context can bejsing2017-01-121-66/+7
| | | | | | | stored directly in bio->ptr, rather than allocating and deallocating an intermediate struct. Diff from Marko Kreen <markokr at gmail dot com> - thanks!
* If tls_get_new_cb_bio() fails, an error will already be set.jsing2017-01-121-5/+2
|
* If no callbacks are specified, return after setting an error rather thanjsing2017-01-121-2/+4
| | | | | | continuing on. Also noticed by Marko Kreen.
* Add regress tests for libtls, which currently cover handshakes and closesjsing2017-01-123-1/+356
| | | | using callbacks, file descriptors and sockets.
* Add support for AArch64.patrick2017-01-112-0/+182
|
* Avoid leaking conninfo servername.jsing2017-01-091-1/+3
| | | | Issue found by and fix from Shuo Chen <chenshuo at chenshuo dot com>.
* Provide TLS_INT for consistency with libssl/libcrypto.jsing2017-01-092-2/+4
|
* add missing comma in the NAME sectionschwarze2017-01-071-3/+3
|
* fix a typo in an .Xr reported by jmc@schwarze2017-01-071-3/+3
|
* Add and remove some blank lines, in order to make X509_verify_cert()jsing2017-01-071-6/+4
| | | | (slightly) more readable.
* a little more cleanup;jmc2017-01-075-23/+23
|
* Revert part of r1.54 as there are at least two situations where we are stilljsing2017-01-071-4/+2
| | | | | | | returning ok == 1, with ctx->error not being X509_V_OK. Hopefully we can restore this behaviour once these are ironed out. Discussed with beck@
* correctly mark all documented macros found in <openssl/bn.h>schwarze2017-01-073-9/+11
|
* Use .Fn rather than .Xr for X509_VERIFY_PARAM_lookup(),schwarze2017-01-071-3/+3
| | | | | | | | fixing a dead link reported by jmc@. Only about half of X509_VERIFY_PARAM is documented so far, and the extensible lookup table feels like one of the more arcane features and probably not the next thing to document.
* Document X509_NAME_hash(3), listed in <openssl/x509.h>;schwarze2017-01-071-3/+20
| | | | | | | jmc@ reported that X509_LOOKUP_hash_dir(3) references it. Even though OpenSSL does not document it, given that it is used for file names that users have to create, it is sufficiently exposed to users to be worth documenting.
* Write a new manual page X509_STORE_load_locations(3) from scratch.schwarze2017-01-072-1/+119
| | | | | | | | | | | Not documented by OpenSSL, but listed in <openssl/x509_vfy.h> and referenced from X509_LOOKUP_hash_dir(3), and clearly more important than the latter. Fixes three dead links reported by jmc@. Most of the information from SSL_CTX_load_verify_locations(3) should probably be moved here, but not all, since the SSL page also talks about SSL servers and clients and the like. As i'm not completely sure regarding the boundaries, i'm leaving that as it is for now.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 05:50:24 +0000