summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Assign and test, as is consistent with the rest of the libtls code.jsing2016-11-041-7/+4
|
* Use a consistent name for struct bio_cb * variables.jsing2016-11-041-6/+6
|
* Rename struct bio_cb_st to struct bio_cb.jsing2016-11-041-8/+8
|
* Do not cast a pointer to a struct, to a char * when assigning to a void *.jsing2016-11-041-2/+2
|
* Use a consistent name for a BIO *, rather than having four different namesjsing2016-11-041-49/+51
| | | | in the same file.
* Avoid signed vs unsigned comparisons.jsing2016-11-041-3/+4
| | | | ok miod@
* convert X509 manuals from pod to mdocschwarze2016-11-0439-1825/+2566
|
* Completely rewrite the session handling ASN.1 code using CBB and CBS. Thisjsing2016-11-041-616/+329
| | | | | | | addresses two 2038 related issues and also adds support for allocation in the i2d function, which will allow for simplification in the callers. ok beck@ miod@
* Convert ssl3_get_server_kex_dhe() to CBS.jsing2016-11-041-42/+19
| | | | ok beck@
* No need to reach libssl private headers and to define TERMIOS anymore.miod2016-11-041-4/+1
| | | | ok bcook@
* Remove I386_ONLY define. It was only used to prefer amiod2016-11-0418-60/+15
| | | | | | | faster-on-genuine-80386-but-slower-on-80486-onwards innstruction sequence in the SHA512 code, and had not been enabled in years, if at all. ok tom@ bcook@
* In OPENSSL_wipe_cpu() on i386, which noone uses anyway, check the propermiod2016-11-041-1/+1
| | | | | | flag for the presence of a FPU before deciding to wipe the fpu registers. ok jsing@
* There's not much point having three static functions that do a cast andjsing2016-11-041-33/+6
| | | | | assign a pointer, when we can just inline the three and do one cast followed by three pointer assignments.
* Do not mix declarations and code.jsing2016-11-041-3/+7
|
* Rename the internal bio related functions so that they have a commonjsing2016-11-041-22/+22
| | | | prefix. Makes the code more readable and removes shadowing.
* Add X509_up_ref, from boringbeck2016-11-042-2/+11
| | | | ok jsing@
* convert RSA manuals from pod to mdocschwarze2016-11-0431-1223/+1919
|
* MALLOC_STATS tweaks, by default not compiled inotto2016-11-041-13/+29
|
* There's not much point in casting a void * to a specific type just beforejsing2016-11-041-4/+2
| | | | | | calling free(). ok beck@ ingo@
* new sentence, new line, and zap trailing whitespace;jmc2016-11-041-3/+4
|
* bump minor for ocsp_require_stapling additionbeck2016-11-041-1/+1
|
* Add ocsp_require_stapling config option for tls - allows a connectionbeck2016-11-047-12/+37
| | | | | | to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@
* small tweak to also check canaries if F is in effectotto2016-11-031-3/+5
|
* In ssl3_read_bytes(), do not process more than three consecutive TLSjsing2016-11-031-4/+24
| | | | | | | | records, otherwise a peer can potentially cause us to loop indefinately. Return with an SSL_ERROR_WANT_READ instead, so that the caller can choose when they want to handle further processing for this connection. ok beck@ miod@
* make OCSP_URL only show up when an OCSP url is actually present in the certbeck2016-11-031-2/+3
|
* Make OCSP Stapling: only appear if there is stapling info present.beck2016-11-031-5/+3
|
* convert RAND manuals from pod to mdocschwarze2016-11-0311-196/+204
|
* zap the overview manual page of the RAND subsystemschwarze2016-11-032-36/+1
| | | | | that contained nothing but duplicate and misleading information; OK jsing@
* convert PEM and PKCS manuals from pod to mdocschwarze2016-11-0327-1380/+2231
|
* Split ssl3_get_key_exchange() into separate functions for DHE/ECDHE.jsing2016-11-031-205/+256
| | | | ok beck@ (who was struggling to keep lunch down while reviewing the diff)
* Don't do OCSP validation when we have disabled certificate verificationbeck2016-11-032-5/+8
| | | | | or certificate validation. ok jsing@
* convert configuration manuals from pod to mdocschwarze2016-11-039-305/+340
|
* convert remaining ASN1 object manuals from pod to mdocschwarze2016-11-035-175/+299
|
* Only set an error from libssl related code, if an error has not alreadyjsing2016-11-032-7/+47
| | | | | | | | been set by libtls code. This avoids the situation where a libtls callback has set an error, only to have it replaced by a less useful libssl based error. ok beck@
* convert HMAC and MD5 manuals from pod to mdocschwarze2016-11-035-210/+393
|
* convert EVP manuals from pod to mdocschwarze2016-11-0349-2724/+4229
|
* Fix handshake failures:beck2016-11-031-20/+26
| | | | | split out internals of OCSP verification to allow callback to verify before TLS handshake is complete
* Clean up the TLS handshake digest handling - this refactors some of thejsing2016-11-032-30/+43
| | | | | | | | | | | | | | | | | | | code for improved readability, however it also address two issues. The first of these is a hard-to-hit double free that will occur if EVP_DigestInit_ex() fails. To avoid this and to be more robust, ensure that tls1_digest_cached_records() either completes successfully and sets up all of the necessary digests, or it cleans up and frees everything that was allocated. The second issue is that EVP_DigestUpdate() can fail - detect and handle this in tls1_finish_mac() and change the return type to an int so that a failure can be propagated to the caller (the callers still need to be fixed to handle this, in a later diff). The double-free was reported by Matthew Dillon. ok beck@ doug@ miod@
* bit more cleanup;jmc2016-11-021-9/+9
|
* fix shadow declaration of time in parameter list.beck2016-11-021-2/+2
| | | | ok jsing@
* Ensure handshake is complete before processing an ocsp response for a ctxbeck2016-11-021-0/+3
| | | | ok jsing@
* tweak previous;jmc2016-11-021-32/+26
|
* convert ERR manuals from pod to mdoc; while reading this,schwarze2016-11-0223-705/+963
| | | | i wtfed, laughed, puked, and cried in more or less that order...
* bump minor for ocsp api additionsbeck2016-11-021-1/+1
|
* Add OCSP client side support to libtls.beck2016-11-028-9/+641
| | | | | | | | | | | | | - Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@
* convert DSA and EC manuals from pod to mdocschwarze2016-11-0233-1241/+2658
|
* Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FNjsing2016-11-022-7/+13
| | | | macros. Only change in generated assembly is due to line numbering.
* Expand another LHASH_OF macro.jsing2016-11-021-2/+2
|
* Expand DECLARE_LHASH_OF and LHASH_OF macros.jsing2016-11-021-3/+5
|
* Expand DECLARE_PEM_rw macro.jsing2016-11-021-2/+7
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-31 16:12:31 +0000