summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* ssl_sess_cert_free() checks for NULL, so do not bother doing it at thejsing2017-01-242-6/+8
| | | | call sites.
* There is no point in zeroing fields that exist within a struct that isjsing2017-01-241-3/+1
| | | | about to be explicit_bzero'd and freed.
* Add missing documentation for tls_config_set_verify_depthclaudio2017-01-241-1/+5
| | | | Done together with jsing@
* Shuffle the deck chairs to bring them back in order.claudio2017-01-241-9/+9
|
* tls_config_add_keypair_mem is the function to add additional keypairs andclaudio2017-01-241-5/+5
| | | | | | ocsp_staple functions set the OCSP response they don't add them (which implies you can call them multiple times). Discussed with jsing@ beck@
* move default_passwd_cb and default_passwd_cb_userdata back intobeck2017-01-234-30/+35
| | | | | | | the ssl_ctx from internal - these are used directly by python and openvpn and a few other things - we have the set accessors but the get accessors were added in 1.1 and these roll their own caveat OPENSSL_VERSION chickenpluckery
* Move options and mode from SSL_CTX and SSL to internal, since these can bejsing2017-01-2312-66/+70
| | | | set and cleared via existing functions.
* Split most of SSL_METHOD out into an internal variant, which is opaque.jsing2017-01-2323-303/+378
| | | | Discussed with beck@
* hook malloc_general to the testsotto2017-01-231-2/+2
|
* test malloc/realloc/free with some flag combo'sotto2017-01-232-0/+122
|
* Remove ssl_ctrl, ssl_ctx_ctrl, ssl_callback_ctrl and ssl_ctx_callback_ctrljsing2017-01-238-76/+14
| | | | | | | from SSL_METHOD, replacing usage with direct calls to the appropriate functions. ok beck@
* send state and rstate from ssl_st into internal. There are accessorsbeck2017-01-2316-295/+296
| | | | | so these should not be diddled with directly ok jsing@
* move back read_hash and enc_read_ctx into ssl_st. wpa_supplicant andbeck2017-01-238-52/+57
| | | | other perversions touches them sickly and unnaturally.
* Fix regress to handle movement of ssl structures to internalbeck2017-01-231-2/+4
|
* Move a large part of ssl_st into internal, so we can see what squeals.beck2017-01-2322-888/+892
| | | | ok jsing@
* Move ex_data, next and prev from SSL_SESSION to internal.jsing2017-01-233-31/+32
| | | | ok beck@
* Move most of the fields in SSL_CTX to internal - the ones that remain arejsing2017-01-2311-202/+209
| | | | | | known to be in use. ok beck@
* move the callbacks from ssl_st to internalbeck2017-01-2319-230/+237
| | | | ok jsing@
* Move callback function pointers and argument pointers from SSL_CTX tojsing2017-01-2316-200/+210
| | | | | | internal. ok beck@
* Move not_resumable and sess_cert from SSL_SESSION to internal.jsing2017-01-237-47/+50
| | | | ok beck@
* Remove heartbeat related fields from the SSL_CTX, which are unusedjsing2017-01-231-9/+1
| | | | (thankfully).
* Move the stats struct from SSL_CTX to internal.jsing2017-01-2310-65/+64
| | | | ok beck@
* Move most of the SSL3_STATE fields to internal - the ones that remain arejsing2017-01-2218-681/+690
| | | | | | known to be used by ports. ok beck@
* Disable session cache and tickets by default.claudio2017-01-221-1/+5
| | | | OK beck@ jsing@
* Update the TLS ALPN unit tests to work with internal/opaque data.jsing2017-01-222-13/+11
|
* Move most of DTLS1_STATE to internal.beck2017-01-2211-273/+272
| | | | ok jsing@
* Move ALPN and NPN fields from SSL/SSL_CTX to internal.jsing2017-01-227-125/+129
| | | | ok beck@
* Move internal parts of ssl_session_st to internalbeck2017-01-224-40/+40
| | | | ok jsing@
* Move recently added min_version/max_version from SSL and SSL_CTX to theirjsing2017-01-222-10/+6
| | | | opaque structs.
* Wrap long lines.jsing2017-01-221-4/+7
|
* Bump majors for libssl and libtls following the translucent struct change.jsing2017-01-222-2/+2
| | | | Further changes to the publically visible structs will ride this bump.
* Convert publically visible structs to translucent structs.jsing2017-01-228-29/+111
| | | | | | | | | | | | | This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary. This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified. ok beck@
* Clean up ssl3_new() - in particular, we do not need to zero fields thatjsing2017-01-221-11/+4
| | | | | | are within a struct that was just allocated via calloc. ok beck@
* There is no point in setting struct fields to zero, when you've alreadyjsing2017-01-221-5/+2
| | | | | | zeroed the entire struct via memset. ok beck@
* use BN_div_nonct where it is safe to do so.beck2017-01-211-2/+2
| | | | ok guenther@
* Add ct and nonct versions of BN_mod_inverse for internal usebeck2017-01-2113-36/+67
| | | | ok jsing@
* Split out BN_div and BN_mod into ct and nonct versions for Internal use.beck2017-01-2117-58/+92
| | | | ok jsing@
* Make explicit _ct and _nonct versions of bn_mod_exp funcitons thatbeck2017-01-2119-47/+249
| | | | | | | | | | | | matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@
* whitespacederaadt2017-01-212-5/+5
|
* 1. When shrinking a chunk allocation, compare the size of the currentotto2017-01-211-46/+87
| | | | | | | | | | allocation to the size of the new allocation (instead of the requested size). 2. Previously realloc takes the easy way and always reallocates if C is active. This commit fixes by carefully updating the recorded requested size in all cases, and writing the canary bytes in the proper location after reallocating. 3. Introduce defines to test if MALLOC_MOVE should be done and to compute the new value.
* Specify minimum and maximum protocol version for each method. This isjsing2017-01-216-6/+36
| | | | | | currently unused, but will be in the near future. ok beck@
* Place {DECLARE,IMPLEMENT}_OBJ_BSEARCH{_GLOBAL,}_CMP_FN macros undefjsing2017-01-211-1/+5
| | | | LIBRESSL_INTERNAL.
* Expand DECLARE_OBJ_BSEARCH_CMP_FN and IMPLEMENT_OBJ_BSEARCH_CMP_FN macros.jsing2017-01-216-28/+168
| | | | No change to generated assembly excluding line numbers.
* /usr/bin/unifdef -D MONT_MUL_MOD -D MONT_EXP_WORD -D RECP_MUL_MOD -m bn_exp.cbeck2017-01-211-23/+2
| | | | | with some style cleanup after. no binary change ok jsing@
* Expand DECLARE_OBJ_BSEARCH_CMP_FN and IMPLEMENT_OBJ_BSEARCH_CMP_FN macros.jsing2017-01-212-8/+38
| | | | No change to generated assembly excluding line numbers.
* Expand DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN macro.jsing2017-01-211-2/+2
| | | | No change in preprocessor output (ignoring whitespace and line numbers).
* Expand IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN macro.jsing2017-01-211-2/+16
| | | | No change in generated assembly.
* fix bogus commentbeck2017-01-211-2/+2
| | | | ok jsing@
* Make return value of X509_verify_cert be consistent with the error code,beck2017-01-211-2/+10
| | | | | | with the caveat that we force V_OK when a user provided callback has us returning success. ok inoguchi@ jsing@
* rearrange pledge promises into the canonical order; easier to eyeballderaadt2017-01-2039-77/+77
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-26 03:49:40 +0000