summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Follow BoringSSL's nomenclature in SSL_select_next_proto()tb2024-07-111-28/+30
| | | | | | | | | | | | | | | | | | | SSL_select_next_poto() was written with NPN in mind. NPN has a weird fallback mechanism which is baked into the API. This is makes no sense for ALPN, where the API behavior is undesirable since it a server should not end up choosing a protocol it doesn't (want to) support. Arguably, ALPN should simply have had its own API for protocol selection supporting the proper semantics, instead of shoehorning an NPN API into working for ALPN. Commit https://boringssl-review.googlesource.com/c/boringssl/+/17206/ renamed the arguments to work for both NPN and ALPN, with the slight downside of honoring client preference instead of the SHOULD in RFC 7301, section 3.2. This grates for most consumers in the wild, but so be it. The behavior is saner and safer. discussed with davidben ok beck
* Zap warning against __findenv usage, it is not exported by libcjca2024-07-101-3/+1
| | | | | The comment probably made sense before guenther restricted the symbols exported by libc in 2015.
* Remove the static symbols.namespace, and just generate the _libre_beck2024-07-102-3359/+3
| | | | | | symbols from symbols.list now that we have everything hidden ok tb@
* Teach symbols test about the namespacetb2024-07-102-3/+9
| | | | | | This ensures that when adding public symbols, the magic is not omitted. with/ok beck
* forgot to add a history section for the TLS PRF APItb2024-07-101-1/+4
|
* link EVP_PKEY_CTX_set_tls1_prf_md.3 to buildtb2024-07-101-1/+2
|
* Import EVP_PKEY_CTX_set_tls1_prf_md.3 from OpenSSL 1.1.1tb2024-07-101-0/+168
| | | | | With only slight application of color to this entelodont's lips. It's the usual deal - hard to say what's worse, the code or its docs...
* Including kdf.h isn't enough, you also need evp.htb2024-07-101-2/+3
| | | | | It will be a cold day in hell before I see an OpenSSL manpage without mistakes in it.
* Unwrap two linestb2024-07-101-7/+4
|
* Add another empty linetb2024-07-091-1/+2
|
* Turn tls1_prf_alg() into single exittb2024-07-091-9/+11
| | | | | requested by jsing on review ok beck
* Unwrap a few more linestb2024-07-091-9/+5
|
* Unwrap a couple of linestb2024-07-091-5/+3
|
* Align math with t1_enc.ctb2024-07-091-6/+8
| | | | suggested by jsing on review
* Minor cosmetics in pkey_tls1_prf_derive()tb2024-07-091-5/+3
| | | | noticed by jsing on review
* Replace explicit_bzero() plus free() with freezero()tb2024-07-091-3/+2
| | | | This is simpler, if slightly more expensive
* Improve test coverage for TLS1-PRFtb2024-07-091-4/+177
| | | | | | This is basically a copy of the libssl unit tests, moved to libcrypto to avoid starting the infection of libssl with this particular piece of EVP garbage.
* Add a minimal regress test for TLS1-PRFtb2024-07-091-1/+96
|
* Shuffle things into a more sensible ordertb2024-07-091-63/+58
| | | | no functional change
* Use better order in EVP_PKEY_CTRL_TLS_SECRETtb2024-07-091-6/+5
| | | | Also avoid an unnecessary NULL check.
* Add tls1_prf_pkey_meth to pkey_methodstb2024-07-091-1/+3
| | | | ok jsing
* Make a NULL check explicittb2024-07-091-2/+2
|
* Zap or align some ugly commentstb2024-07-091-4/+3
|
* Test & assign once moretb2024-07-091-4/+4
|
* sec_len -> secret_lentb2024-07-091-3/+3
|
* Test and assign in tls1_prf_P_hash()tb2024-07-091-5/+8
|
* Fix whitespace around '/'tb2024-07-091-4/+4
|
* Invert logic in tls1_prf_alg()tb2024-07-091-22/+22
|
* olen -> out_lentb2024-07-091-15/+15
|
* Add a few empty linestb2024-07-091-1/+7
|
* seedlen -> seed_lentb2024-07-091-10/+10
|
* seclen -> secret_lentb2024-07-091-7/+7
|
* slen -> secret_lentb2024-07-091-7/+8
|
* sec -> secrettb2024-07-091-17/+17
|
* Replace local typedef with spelling out the struct nametb2024-07-091-8/+8
|
* Remove a few useless commentstb2024-07-091-6/+1
|
* Apply a knfmt(8) sledgehammertb2024-07-091-226/+236
|
* Add an RCS tagtb2024-07-091-1/+1
|
* Replace license stub with full licensetb2024-07-091-5/+55
| | | | | This reverts to the license added in OpenSSL's initial import of this file in commit 1eff3485b63f84956b5f212aa4d853783bf6c8b5
* link tls1_prf.c to buildtb2024-07-091-1/+2
| | | | ok jsing
* Replace a malloc() call with calloc()tb2024-07-091-1/+1
|
* Replace an ossl_assert() with an error checktb2024-07-091-2/+1
|
* Use C99 initializers for tls1_prf_pkey_meth()tb2024-07-091-19/+23
|
* Inline an instance of OPENSSL_memdup()tb2024-07-091-2/+11
|
* Tidy up includestb2024-07-091-3/+7
|
* OPENSSL_free() -> free()tb2024-07-091-1/+1
|
* OPENSSL_cleanse() -> explicit_bzero()tb2024-07-091-3/+3
|
* OPENSSL_clear_free() -> freezero()tb2024-07-091-4/+4
|
* OPENSSL_malloc() -> malloc()tb2024-07-091-1/+1
|
* Spell OPENSSL_zalloc() correctly as calloc()tb2024-07-091-1/+1
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-31 02:21:47 +0000