summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Improve on code from the previous commit.jsing2016-09-221-7/+5
| | | | ok bcook@
* Avoid unbounded memory growth, which can be triggered by a clientjsing2016-09-221-9/+20
| | | | | | repeatedly renegotiating and sending OCSP Status Request TLS extensions. Fix based on OpenSSL.
* Check for packet with truncated DTLS cookie.guenther2016-09-221-12/+17
| | | | | | | | | | | Flip pointer comparison logic to avoid beyond-end-of-buffer pointers to make it less likely a compiler will decide to screw you. Based on parts of openssl commits 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 and 89c2720298f875ac80777da2da88a64859775898 ok jsing@
* Improve ticket validity checking when tlsext_ticket_key_cb() callbackguenther2016-09-221-4/+25
| | | | | | | | | | | chooses a different HMAC algorithm. Avert memory leaks if the callback preps the HMAC in some way. Based on openssl commit 1bbe48ab149893a78bf99c8eb8895c928900a16f but retaining a pre-callback length check to guarantee the callback is provided the buffer that the API claims. ok bcook@ jsing@
* revert documentation update for the clearning behavior we already revertedbcook2016-09-221-5/+1
|
* Delete casts to off_t and size_t that are implied by assignmentsguenther2016-09-216-20/+19
| | | | | | | or prototypes. Ditto for some of the char* and void* casts too. verified no change to instructions on ILP32 (i386) and LP64 (amd64) ok natano@ abluhm@ deraadt@ millert@
* shorten version;jmc2016-09-201-17/+4
|
* shorten the verify error list;jmc2016-09-201-42/+41
|
* Avoid selecting weak digests for (EC)DH when using SNI.bcook2016-09-201-3/+12
| | | | | | | | | | | from OpenSSL: SSL_set_SSL_CTX is normally called for SNI after ClientHello has received and the digest to use for each certificate has been decided. The original ssl->cert contains the negotiated digests and is now copied to the new ssl->cert. noted by David Benjamin and Kinichiro Inoguchi
* put the spkac section in the right place;jmc2016-09-191-60/+60
|
* shorten verify;jmc2016-09-191-154/+96
|
* Update ld search path for libssl/libcrypto, fixes cross-build after source ↵bcook2016-09-192-6/+6
| | | | | | moved. from Patrick Wildt
* move page junking tp unmap(), right before we stick the region in the cache;otto2016-09-181-6/+6
| | | | ok tedu@
* remove comment about CMS; ok jsingderaadt2016-09-171-3/+2
|
* add some Xr for acme-client(1);jmc2016-09-151-1/+2
|
* some spkac shortening; ok beckjmc2016-09-151-68/+13
|
* shorten ts;jmc2016-09-151-283/+63
|
* Set callbacks on the right tls ctx on accept.bcook2016-09-141-2/+2
| | | | From Tobias Pape
* Handle the FLUSH BIO cntl, that happens at the end of SSL handshakes.bcook2016-09-141-1/+2
| | | | from Tobias Pape
* Allow callback read/write functions to set TLS_WANT_POLLOUT/POLLIN.bcook2016-09-141-3/+21
| | | | from Tobias Pape
* Generate pkg-config files at build time like everything else. Thisnatano2016-09-142-4/+6
| | | | | | | avoids permission problems due to the build and install stages being run by different users. ok deraadt jasper
* add a little more typing to the first callback argument.tedu2016-09-132-7/+7
| | | | it's always a tls context.
* shorten speed;jmc2016-09-121-48/+14
| | | | help/ok guenther bcook
* Files in /etc/ssl belong to root. ok deraadtnatano2016-09-111-4/+4
|
* missing space after commatb2016-09-091-2/+2
| | | | | | (this was apparently lost during the repo surgery) ok bcook
* back out calls to EVP_CIPHER_CTX_cleanup() in EVP_Cipher/Encrypt/DecryptFinalbcook2016-09-091-4/+1
| | | | | Software that refers to ctx after calling Final breaks with these changes. revert parts of 1.31 and 1.32
* shorten smime;jmc2016-09-081-344/+83
|
* remove a cms leftoverderaadt2016-09-051-2/+1
|
* remove CMS manuals; beck@ agress with the general ideaschwarze2016-09-0523-2347/+1
|
* Enable mbrtowc(3) and wcrtomb(3) tests now that mbsinit(3) works.schwarze2016-09-051-2/+2
| | | | Related to locale/multibyte_citrus.c rev. 1.7.
* shorten sess_id;jmc2016-09-041-84/+44
|
* fix Dt;jmc2016-09-041-2/+2
|
* Nuke one more cms tendrilbeck2016-09-041-4/+1
| | | | ok jsing@
* bye bye cms. send it to the atticbeck2016-09-042-1144/+2
| | | | ok jsing@
* Remove cms.jsing2016-09-041-8/+1
|
* Remove cms.jsing2016-09-0415-7541/+0
| | | | ok beck@, guenther@, tedu@
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-045-69/+293
| | | | No change in preprocessed output, ignoring whitespace and line numbers.
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-042-7/+27
| | | | No change in preprocessed output, ignoring whitespace and line numbers.
* Set errno more consistently, and fix a warning, ok tedunicm2016-09-041-21/+29
|
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-041-33/+133
| | | | No change in preprocessed output, ignoring whitespace.
* minor tweaks;jmc2016-09-041-7/+7
|
* rmtedu2016-09-041-68/+0
|
* oops, name file after main functiontedu2016-09-041-0/+68
|
* it doesn't say anything yet, but start adding a man pagetedu2016-09-041-0/+68
|
* Place IMPLEMENT_PEM macros under #ifndef LIBRESSL_INTERNAL.jsing2016-09-041-2/+4
|
* Sort and group functions.jsing2016-09-045-250/+226
|
* Expand IMPLEMENT_PEM macros.jsing2016-09-041-2/+29
| | | | No change in generated assembly.
* Expand IMPLEMENT_PEM macros.jsing2016-09-044-30/+545
| | | | No change in generated assembly.
* Make the key sizes and offsets arrays const, ok tedunicm2016-09-041-2/+2
|
* Less S390.jsing2016-09-0412-4596/+2
| | | | ok deraadt@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 12:17:10 +0000