summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Typo: freezeo -> freezerotb2017-05-151-3/+3
| | | | From "fenderq" on freenode via tj@
* - fix bug wrt posix_memalign(3) of blocks between half a page and a pageotto2017-05-132-8/+18
| | | | | - document posix_memalign() does not play nice with reacallocarray(3) and freezero(3)
* Fix a problem introduced in freezero() conversion and usejsg2017-05-111-2/+2
| | | | | | | | | | sizeof(struct) not sizeof(pointer). otto@ points out that on OpenBSD currently freezero() would have still zeroed the entire allocation, but this is not documented behaviour and may change in future. ok tom@
* Implement nc -W recvlimit to terminate netcat after receiving abluhm2017-05-102-8/+28
| | | | | | number of packets. This allows to send a UDP request, receive a reply and check the result on the command line. input jmc@; OK millert@
* simplify startdate/enddate validationbeck2017-05-081-27/+5
| | | | ok jsing@
* Print size_t's correctly.beck2017-05-081-3/+3
| | | | Fix from Jonas 'Sortie' Termansen <sortie@maxsi.org>
* BUF_MEM_grow_clean() returns an int, not a size_t. Humourously, on successjsing2017-05-081-3/+3
| | | | it returns "len", which is a size_t value, as an int...
* Revise cipher suites in regress to match DSS cipher suite removal.jsing2017-05-071-96/+82
|
* Drop cipher suites with DSS authentication - there is no good reason tojsing2017-05-071-197/+1
| | | | | | keep these around. ok beck@
* Instead of starting a 'zero-sized' CBB at the size of the first additionjsing2017-05-071-5/+8
| | | | | | | | to the CBB, then doubling, start with an initial size of 64 bytes. Almost all uses will exceed this size and we avoid multiple small recallocarray() calls during the initial usage. ok beck@
* Move state from ssl->internal to the handshake structure.beck2017-05-0715-256/+267
| | | | | | | while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
* Limit -Werror to gcc4 as was done in libcrypto/libssl/libtls to avoidjsg2017-05-072-6/+14
| | | | | | failed builds with different compilers. ok jsing@
* Ensure that a client context has been connected before attempting tojsing2017-05-072-4/+12
| | | | complete a TLS handshake.
* Add a (currently failing) call to tls_handshake() on a client context thatjsing2017-05-071-1/+8
| | | | | has not yet been connected. We expect this to fail, but it should fail gracefully.
* Also test calling tls_handshake() on a server connection context that hasjsing2017-05-071-1/+7
| | | | already completed a TLS handshake.
* Return an error if tls_handshake() is called on a TLS context that hasjsing2017-05-071-1/+6
| | | | already completed a TLS handshake.
* Add a test that calls tls_handshake() on a connection that has alreadyjsing2017-05-071-1/+7
| | | | | completed a TLS handshake. This should return a failure, but currently succeeds (hence the regress currently fails).
* An an initial sequencing/ordering test for libtls.jsing2017-05-071-1/+61
|
* Split TLS client/server handshake and close code into separate functionsjsing2017-05-061-4/+27
| | | | so that it can be reused.
* Bring in an SSL_HANDSHAKE structure and commence the great shovellingbeck2017-05-0612-115/+121
| | | | ok jsing@, gcc@, regress@
* Move TLS test code into a function that is called from main, making itjsing2017-05-062-17/+33
| | | | easier for new tests to be added.
* Free tls_configs earlier now that we have refcounting.jsing2017-05-061-4/+4
|
* Use freezero() for the tls_load_file() failure case, since we'rejsing2017-05-061-4/+4
| | | | | | potentially dealing with key material. Also switch a calloc to malloc, since we immediately copy the same amount of data to the newly allocated buffer.
* BIO_free_all() and EVP_PKEY_free() can be called with NULL.jsing2017-05-061-5/+3
|
* Add more functions.jsing2017-05-061-1/+5
|
* Sort/group functions.jsing2017-05-061-5/+10
|
* Not much point using a failed variable here.jsing2017-05-061-3/+4
|
* Be explicit about when it is safe to call tls_config_free().jsing2017-05-061-3/+8
| | | | Discussed with beck@
* Document tls_unload_file().jsing2017-05-061-3/+14
|
* Perform reference counting for tls_config. This allows tls_config_free() tojsing2017-05-064-6/+22
| | | | | | | | | be called as soon as it has been passed to the final tls_configure() call, simplifying lifetime tracking for the application. Requested some time ago by tedu@. ok beck@
* Provide a tls_unload_file() function, that frees the memory returned fromjsing2017-05-063-2/+10
| | | | | | | | a tls_load_file() call, ensuring that it the contents become inaccessible. This is specifically needed on platforms where the library allocators may be different from the application allocator. ok beck@
* Bring in HKDF, from BoringSSL, with regress tests modified to bebeck2017-05-066-2/+496
| | | | | in C. Ride previous minor bump ok tom@ inoguchi@ jsing@
* Add regress coverage for SSL{,_CTX}_set_{min,max}_proto_version().jsing2017-05-061-12/+304
|
* Provide SSL{,_CTX}_set_{min,max}_proto_version() functions.jsing2017-05-066-5/+115
| | | | | | Rides minor bump. ok beck@
* space needed between macro arg and punctuation;jmc2017-05-061-2/+2
|
* Bump minors for symbol addition in libcryptobeck2017-05-063-3/+3
| | | | ok jsing@
* Add ASN1_TIME_set_to to exported symbolsbeck2017-05-061-0/+4
| | | | ok jsing@
* Add ASN1_TIME_set_tm to set an asn1 from a struct tm *beck2017-05-063-5/+44
| | | | ok jsing@
* Add missing $OpenBSD$ tags.jsing2017-05-064-2/+4
|
* Fix the ca command so that certs it generates have RFC5280 conformant time.beck2017-05-041-16/+56
| | | | Problem noticed by Harald Dunkel <harald.dunkel@aixigo.de>
* Move tls_config_skip_private_key_check() out from under HIDDEN_DECLS.claudio2017-05-041-2/+4
| | | | | | Even though this is not a real public interface we need the symbol in the shared library so that relayd can use it (needed for TLS key privsep) OK beck@
* make the description strings match the codederaadt2017-05-031-10/+10
|
* the XXXfree functions being called accept NULL, so don't check first.deraadt2017-05-023-26/+14
| | | | ok beck
* Add regress for free functions that should be safe with NULLbeck2017-05-022-0/+63
|
* use freezero() instead of memset/explicit_bzero + free. Substantiallyderaadt2017-05-0238-238/+109
| | | | | | | | | | reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
* No original OpenSSL code remains in this file. Relicensebeck2017-04-301-54/+13
|
* whitespacebeck2017-04-301-3/+3
|
* Make BIO_get_host_ip just yet another getaddrinfo wrapperbeck2017-04-301-27/+20
|
* Rework BIO_accept to be more like modern code.beck2017-04-301-54/+19
| | | | ok jsing@
* Only enable -Werror on libcrypto/libssl/libtls if we are building withjsing2017-04-303-7/+14
| | | | | | | gcc4. This should avoid failed builds while transitioning compilers. While here also make the CFLAGS blocks consistent across makefiles. Discussed with deraadt@, ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 04:56:16 +0000