summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Allow a default option to be specified by having a NULL name, but a validjsing2014-12-281-4/+4
| | | | option type. In this case process the option as per normal.
* Add regress tests for multiple argument callback functions.jsing2014-12-281-1/+38
|
* Provide an option type that allows for a callback function to consume anjsing2014-12-282-3/+12
| | | | | arbitrary number of arguments. This will allow for more complex option handling as required by some of the openssl(1) applications.
* Add option parsing regress tests with end of options handling.jsing2014-12-281-17/+50
|
* Teach option parsing that a single hyphen denotes the end of named optionsjsing2014-12-281-2/+14
| | | | (as currently only implemented by some of the openssl(1) applications).
* Add regress tests for option parsing with multiple unnamed arguments.jsing2014-12-281-3/+45
|
* Provide a mechanism for option parsing to return the number of argumentsjsing2014-12-287-14/+22
| | | | | that it has consumed. This allows for the handling of multiple unnamed arguments, including lists of filenames.
* Update regress to match change in unnamed argument handling.jsing2014-12-281-6/+5
|
* Only accept a single unnamed argument - the existing behaviour is tojsing2014-12-281-1/+12
| | | | | | | silently accept multiple unnamed arguments, ignoring all except the last. This behaviour was already inconsistent between openssl(1) applications; apply the principal of least surprise. This will also simplify the addition of upcoming functionality.
* Slightly simplify options parsing logic.jsing2014-12-281-65/+58
|
* Update options regress to match option function pointer change.jsing2014-12-281-4/+4
|
* Provide two different function pointers for option function callbacks. Thisjsing2014-12-284-13/+14
| | | | | allows for simpler code in the common cases and will allow for further extension to support the complex cases.
* Provide initial regress tests for the complex option parsing that is neededjsing2014-12-283-1/+239
| | | | | for openssl(1), which is also variable in behaviour between applications (and currently inconsistent).
* include netinet/in.h to define struct in6_addr.bcook2014-12-271-1/+2
| | | | Noticed while testing libtls on FreeBSD.
* simplify crypt_checkpass. The API promise is that this function doesn'ttedu2014-12-241-11/+5
| | | | | | | | | use global data. The simplest fix is to only check blowfish passwords, and implicitly lock out DES passwords. crypt_checkpass is currently only used in one place, passwd, to verify the local user's password, so this is probably acceptable. Gives people a little more time to migrate away from DES before introduing checkpass into more places.
* Clean up CIPHERS and related sections:lteo2014-12-241-154/+10
| | | | | | | | | | | | | | - Sync cipher strings with the ones that are actually implemented. - Remove CIPHERS SUITE NAMES (the actual cipher suites can be obtained via "openssl ciphers -v"), CIPHERS NOTES, and CIPHERS HISTORY sections. - Stop mentioning export cipher suites since they have already been removed. feedback from deraadt@ and jmc@ ok jmc@
* CA.sh and CA.pl are gonelteo2014-12-191-6/+1
|
* Sync message digest algorithms with the ones actually implemented inlteo2014-12-191-9/+29
| | | | | | "openssl dgst". feedback/ok jmc@
* Add size_t to int checks for SSL functions.doug2014-12-173-8/+39
| | | | | | | | | | libtls accepts size_t for lengths but libssl accepts int. This verifies that the input does not exceed INT_MAX. It also avoids truncating size_t when comparing with int and adds printf-style attributes for tls_set_error(). with input from deraadt@ and tedu@ ok tedu@
* typo; ok deraadtsthen2014-12-162-3/+3
|
* warn for correct symbolderaadt2014-12-161-2/+2
|
* Now that we have Camellia support in libcrypto, bring in the SHA256 flavour ofmiod2014-12-164-4/+328
| | | | the Camellia ciphersuites for TLS 1.2 introduced in RFC 5932. From OpenSSL HEAD.
* Move 40MB of .rodata and 40MB of stack to .bss; allows this test to run onmiod2014-12-151-3/+7
| | | | platforms with small MAXTSIZ or MAXSSIZ.
* Add error handling for EVP_DigestInit_ex().doug2014-12-1515-56/+98
| | | | | | | | | | | | | A few EVP_DigestInit_ex() calls were left alone since reporting an error would change the public API. Changed internal ssl3_cbc_digest_record() to return a value due to the above change. It will also now set md_out_size=0 on failure. This is based on part of BoringSSL's commit to fix malloc crashes: https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364 ok miod@
* unconditionally align SSL payloadsbcook2014-12-146-78/+36
| | | | | | | | Remove support for conditional payload alignment, since we would never want to turn it off. Also, consistently use size_t for calculating the alignment. ok miod@
* Convert all of the straight forward client handshake handling code to usejsing2014-12-146-212/+134
| | | | | | the new handshake functions. ok miod@
* Provide functions for starting, finishing and writing SSL handshakejsing2014-12-146-8/+120
| | | | | | | | | | | | | | | messages. This will allow for removal of repeated/duplicated code. Additionally, DTLS was written by wholesale copying of the SSL/TLS code, with some DTLS specifics being added to the duplicated code. Since these SSL handshake message functions know how to handle both SSL/TLS and DTLS, upon conversion the duplicate versions will become identical (or close to), at which point the DTLS versions can be removed and the SSL/TLS versions used for both protocols. Partially based on similar changes in OpenSSL. ok miod@
* Remove trailing whitespace.jsing2014-12-1459-559/+559
|
* unifdef OPENSSL_NO_NEXTPROTONEGjsing2014-12-141-12/+0
|
* Remove redundant NULL checks before free - BN_free(), BIO_free_all() andjsing2014-12-141-17/+12
| | | | EC_GROUP_free() all have implicit NULL checks.
* unifdef OPENSSL_NO_NEXTPROTONEGjsing2014-12-144-41/+4
|
* unifdef OPENSSL_NO_NEXTPROTONEG, which is one of the last standing #ifndefjsing2014-12-1412-130/+12
| | | | | | | mazes in libssl. NPN is being replaced by ALPN, however it is still going to be around for a while yet. ok miod@
* unifdef NETSCAPE_HANG_BUG from the DTLS code. The code is not currentlyjsing2014-12-142-46/+2
| | | | | | | enabled and I would hope that no one is using client certificates with DTLS and Netscape, assuming it even supported it... ok bcook@ miod@
* catch up with swab.c rev. 1.9:schwarze2014-12-121-5/+23
| | | | update SYNOPSIS and DESCRIPTION and add STANDARDS
* Increase cipher suite test coverage by including all cipher suites thatjsing2014-12-121-5/+5
| | | | use RSA authentication, rather than only those that use RSA key exchange.
* update swab() to match the current posix definition. "rationale: none."tedu2014-12-111-50/+24
| | | | | | rewrite the function to be simpler as well. the compiler can unroll the loop for us if necessary. ok schwarze
* ssl3_init_finished_mac() calls BIO_new() which can fail since it in turnjsing2014-12-1017-42/+115
| | | | | | | | calls malloc(). Instead of silently continuing on failure, check the return value of BIO_new() and propagate failure back to the caller for appropriate handling. ok bcook@
* Remove support for GOST R 34.10-94 signature authentication, along withjsing2014-12-1018-154/+30
| | | | | | | the two ciphersuites that use it. GOST94 public/private keys have been long obsoleted and libcrypto does not have support for them anyway. Discussed with Dmitry Eremin-Solenikov.
* Add ALPN support to openssl(1).jsing2014-12-102-11/+95
| | | | Based on OpenSSL.
* Add regress for ALPN.jsing2014-12-102-1/+180
| | | | Based on OpenSSL.
* libssl major++jsing2014-12-102-2/+2
|
* Add support for ALPN.jsing2014-12-1010-16/+594
| | | | | | Based on OpenSSL and BoringSSL. ok bcook@
* add stdint.h to ssl.h.bcook2014-12-102-2/+6
| | | | ok jsing@
* fix previous.daniel2014-12-101-2/+4
|
* Xr and Ox fixes;jmc2014-12-093-12/+18
|
* random seed buffer must be unsignedderaadt2014-12-091-2/+2
|
* no more string(3);jmc2014-12-091-3/+2
|
* fix NAME;jmc2014-12-091-3/+3
|
* improve warnings from rand_r(), rand(), and random()libressl-v2.1.2deraadt2014-12-092-3/+8
| | | | | It may take a few iterations to get the tone right. previously discussed with millert
* In ingo's new world order, we do not want multiple manual pages describingderaadt2014-12-093-247/+3
| | | | | | | the same thingies. Therefore these "lists of functions" man pages can go away. Hurray! I've wanted these pages to die for around 10 years! ok ingo (and i think jmc)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-07 10:07:05 +0000