| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Add an explict list of exported symbols with just the functions declared | guenther | 2016-11-04 | 3 | -2/+85 |
| | | | | | | | | in <tls.h>, and use __{BEGIN,END}_HIDDEN_DECLS in tls_internal.h to optimize internal functions ok jsing@ | ||||
| * | Nuke the KRB5 ASN.1 code from orbit. | jsing | 2016-11-04 | 3 | -984/+1 |
| | | | | | ok beck@ | ||||
| * | Ride the current major bump and enable assembler code for nist 256p curve, | miod | 2016-11-04 | 4 | -3/+19 |
| | | | | | | | | | on amd64 only for now. Stanzas to enable it on arm, i386 and sparc64 are provided but commented out for lack of testing due to the machine room being currently in storage. ok jsing@ | ||||
| * | make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden | beck | 2016-11-04 | 14 | -43/+133 |
| | | | | | | | functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@ | ||||
| * | Make do_dtls1_write() static to d1_pkt.c and delete declarations for | guenther | 2016-11-04 | 2 | -8/+6 |
| | | | | | | | three functions that were removed a while ago ok jsing@ | ||||
| * | Fix some linewrapping glitches | guenther | 2016-11-04 | 1 | -7/+5 |
| | | | | | ok jsing@ | ||||
| * | Some tests require internal symbols; have them link with the static | guenther | 2016-11-04 | 4 | -8/+10 |
| | | | | | | | | libssl or libtls so they can continue to see them after the shared library namespace is cleaned up ok jsing@ | ||||
| * | Add assembler code for the nist 256-bit GFp curve, written initially by | miod | 2016-11-04 | 9 | -6/+19107 |
| | | | | | | | | | | Intel. Obtained from BoringSSL, with some integration work borrowed from OpenSSL 1.0.2; assembler code for arm and sparc64 borrowed from OpenSSL 1.1.0. None of this code is enabled in libcrypto yet. ok beck@ jsing@ | ||||
| * | Replace all uses of magic numbers when operating on OPENSSL_ia32_P[] by | miod | 2016-11-04 | 26 | -146/+245 |
| | | | | | | | | | | | | | | | | meaningful constants in a private header file, so that reviewers can actually get a chance to figure out what the code is attempting to do without knowing all cpuid bits. While there, turn it from an array of two 32-bit ints into a properly aligned 64-bit int. Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will now always use OPENSSL_cpu_caps() and check for the proper bits in the whole 64-bit word it returns. i386 tests and ok jsing@ | ||||
| * | Address some signed vs unsigned warnings and check that an integer value | jsing | 2016-11-04 | 1 | -4/+14 |
| | | | | | | | | | | is positive before passing it to several functions as a size_t. Additionally, in tls_load_file() there is not much point using calloc(), when we're immediately reading into the buffer (having an extra byte for NUL termination seems pointless given the API). ok beck@ miod@ | ||||
| * | Assign and test, as is consistent with the rest of the libtls code. | jsing | 2016-11-04 | 1 | -7/+4 |
| | | |||||
| * | Use a consistent name for struct bio_cb * variables. | jsing | 2016-11-04 | 1 | -6/+6 |
| | | |||||
| * | Rename struct bio_cb_st to struct bio_cb. | jsing | 2016-11-04 | 1 | -8/+8 |
| | | |||||
| * | Do not cast a pointer to a struct, to a char * when assigning to a void *. | jsing | 2016-11-04 | 1 | -2/+2 |
| | | |||||
| * | Use a consistent name for a BIO *, rather than having four different names | jsing | 2016-11-04 | 1 | -49/+51 |
| | | | | | in the same file. | ||||
| * | Avoid signed vs unsigned comparisons. | jsing | 2016-11-04 | 1 | -3/+4 |
| | | | | | ok miod@ | ||||
| * | convert X509 manuals from pod to mdoc | schwarze | 2016-11-04 | 39 | -1825/+2566 |
| | | |||||
| * | Completely rewrite the session handling ASN.1 code using CBB and CBS. This | jsing | 2016-11-04 | 1 | -616/+329 |
| | | | | | | | | addresses two 2038 related issues and also adds support for allocation in the i2d function, which will allow for simplification in the callers. ok beck@ miod@ | ||||
| * | Convert ssl3_get_server_kex_dhe() to CBS. | jsing | 2016-11-04 | 1 | -42/+19 |
| | | | | | ok beck@ | ||||
| * | No need to reach libssl private headers and to define TERMIOS anymore. | miod | 2016-11-04 | 1 | -4/+1 |
| | | | | | ok bcook@ | ||||
| * | Remove I386_ONLY define. It was only used to prefer a | miod | 2016-11-04 | 18 | -60/+15 |
| | | | | | | | | faster-on-genuine-80386-but-slower-on-80486-onwards innstruction sequence in the SHA512 code, and had not been enabled in years, if at all. ok tom@ bcook@ | ||||
| * | In OPENSSL_wipe_cpu() on i386, which noone uses anyway, check the proper | miod | 2016-11-04 | 1 | -1/+1 |
| | | | | | | | flag for the presence of a FPU before deciding to wipe the fpu registers. ok jsing@ | ||||
| * | There's not much point having three static functions that do a cast and | jsing | 2016-11-04 | 1 | -33/+6 |
| | | | | | | assign a pointer, when we can just inline the three and do one cast followed by three pointer assignments. | ||||
| * | Do not mix declarations and code. | jsing | 2016-11-04 | 1 | -3/+7 |
| | | |||||
| * | Rename the internal bio related functions so that they have a common | jsing | 2016-11-04 | 1 | -22/+22 |
| | | | | | prefix. Makes the code more readable and removes shadowing. | ||||
| * | Add X509_up_ref, from boring | beck | 2016-11-04 | 2 | -2/+11 |
| | | | | | ok jsing@ | ||||
| * | convert RSA manuals from pod to mdoc | schwarze | 2016-11-04 | 31 | -1223/+1919 |
| | | |||||
| * | MALLOC_STATS tweaks, by default not compiled in | otto | 2016-11-04 | 1 | -13/+29 |
| | | |||||
| * | There's not much point in casting a void * to a specific type just before | jsing | 2016-11-04 | 1 | -4/+2 |
| | | | | | | | calling free(). ok beck@ ingo@ | ||||
| * | new sentence, new line, and zap trailing whitespace; | jmc | 2016-11-04 | 1 | -3/+4 |
| | | |||||
| * | bump minor for ocsp_require_stapling addition | beck | 2016-11-04 | 1 | -1/+1 |
| | | |||||
| * | Add ocsp_require_stapling config option for tls - allows a connection | beck | 2016-11-04 | 7 | -12/+37 |
| | | | | | | | to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@ | ||||
| * | small tweak to also check canaries if F is in effect | otto | 2016-11-03 | 1 | -3/+5 |
| | | |||||
| * | In ssl3_read_bytes(), do not process more than three consecutive TLS | jsing | 2016-11-03 | 1 | -4/+24 |
| | | | | | | | | | records, otherwise a peer can potentially cause us to loop indefinately. Return with an SSL_ERROR_WANT_READ instead, so that the caller can choose when they want to handle further processing for this connection. ok beck@ miod@ | ||||
| * | make OCSP_URL only show up when an OCSP url is actually present in the cert | beck | 2016-11-03 | 1 | -2/+3 |
| | | |||||
| * | Make OCSP Stapling: only appear if there is stapling info present. | beck | 2016-11-03 | 1 | -5/+3 |
| | | |||||
| * | convert RAND manuals from pod to mdoc | schwarze | 2016-11-03 | 11 | -196/+204 |
| | | |||||
| * | zap the overview manual page of the RAND subsystem | schwarze | 2016-11-03 | 2 | -36/+1 |
| | | | | | | that contained nothing but duplicate and misleading information; OK jsing@ | ||||
| * | convert PEM and PKCS manuals from pod to mdoc | schwarze | 2016-11-03 | 27 | -1380/+2231 |
| | | |||||
| * | Split ssl3_get_key_exchange() into separate functions for DHE/ECDHE. | jsing | 2016-11-03 | 1 | -205/+256 |
| | | | | | ok beck@ (who was struggling to keep lunch down while reviewing the diff) | ||||
| * | Don't do OCSP validation when we have disabled certificate verification | beck | 2016-11-03 | 2 | -5/+8 |
| | | | | | | or certificate validation. ok jsing@ | ||||
| * | convert configuration manuals from pod to mdoc | schwarze | 2016-11-03 | 9 | -305/+340 |
| | | |||||
| * | convert remaining ASN1 object manuals from pod to mdoc | schwarze | 2016-11-03 | 5 | -175/+299 |
| | | |||||
| * | Only set an error from libssl related code, if an error has not already | jsing | 2016-11-03 | 2 | -7/+47 |
| | | | | | | | | | been set by libtls code. This avoids the situation where a libtls callback has set an error, only to have it replaced by a less useful libssl based error. ok beck@ | ||||
| * | convert HMAC and MD5 manuals from pod to mdoc | schwarze | 2016-11-03 | 5 | -210/+393 |
| | | |||||
| * | convert EVP manuals from pod to mdoc | schwarze | 2016-11-03 | 49 | -2724/+4229 |
| | | |||||
| * | Fix handshake failures: | beck | 2016-11-03 | 1 | -20/+26 |
| | | | | | | split out internals of OCSP verification to allow callback to verify before TLS handshake is complete | ||||
| * | Clean up the TLS handshake digest handling - this refactors some of the | jsing | 2016-11-03 | 2 | -30/+43 |
| | | | | | | | | | | | | | | | | | | | | code for improved readability, however it also address two issues. The first of these is a hard-to-hit double free that will occur if EVP_DigestInit_ex() fails. To avoid this and to be more robust, ensure that tls1_digest_cached_records() either completes successfully and sets up all of the necessary digests, or it cleans up and frees everything that was allocated. The second issue is that EVP_DigestUpdate() can fail - detect and handle this in tls1_finish_mac() and change the return type to an int so that a failure can be propagated to the caller (the callers still need to be fixed to handle this, in a later diff). The double-free was reported by Matthew Dillon. ok beck@ doug@ miod@ | ||||
| * | bit more cleanup; | jmc | 2016-11-02 | 1 | -9/+9 |
| | | |||||
| * | fix shadow declaration of time in parameter list. | beck | 2016-11-02 | 1 | -2/+2 |
| | | | | | ok jsing@ | ||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |