summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* rename tlslegacy to tlsall, and better describe what it does.beck2016-11-062-8/+8
| | | | ok jsing@
* Adjust cipher suite strengths - move MD5 to LOW, RC4 to LOW and 3DES tojsing2016-11-061-13/+13
| | | | | | MEDIUM. ok beck@ bcook@
* Update regress for IDEA cipher suite removal.jsing2016-11-061-83/+83
|
* Remove the single IDEA cipher suite. There is no good reason to supportjsing2016-11-063-29/+3
| | | | | | this. ok beck@ bcook@
* unifdef -m -UOPENSSL_NO_CHACHA -UOPENSSL_NO_POLY1305jsing2016-11-062-6/+2
| | | | ok beck@
* Add regress test script for openssl command.inoguchi2016-11-063-2/+966
| | | | ok beck@
* Avoid compiling in an unused function.jsing2016-11-061-0/+2
| | | | Spotted by guenther@
* adjust guards to elide unused Bi arraybcook2016-11-061-2/+0
| | | | ok jsing@
* Rework X509_verify_cert to support alt chains on certificate verification,beck2016-11-061-117/+265
| | | | | via boringssl. ok jsing@ miod@
* The upcoming x509 alt chains diff tightens the trust requirementsbeck2016-11-061-1/+17
| | | | | | | for certificates. This (from OpenSSL) ensures that the current "default" behaviour remains the same. We should revisit this later ok jsing@
* Commit a reminder that the default is not the default. This needs tobeck2016-11-061-1/+2
| | | | | be revisited. ok jsing@
* remove unused variablebcook2016-11-061-6/+3
|
* use the correct function for freebcook2016-11-061-2/+2
| | | | ok beck@
* add an .Xr that was missingschwarze2016-11-061-1/+2
|
* document BN_set_negative() and BN_is_negative();schwarze2016-11-056-516/+69
| | | | feedback and OK bcook@, OK jsing@
* Part one of the alt chains changes, bring in newer modifications tobeck2016-11-053-73/+411
| | | | | VERIFY_PARAMS - based on boringssl. ok jsing@ miod@
* Add objects for X25519, X448, Ed25519 and Ed448.jsing2016-11-052-0/+15
| | | | ok miod@
* One of the error paths would attempt to access not-yet-initialized locals.miod2016-11-051-2/+2
| | | | | | Simply return since there is nothing more to do. Spotted by coverity. ok jsing@ beck@
* Do a partial CBB conversion of ssl3_send_server_key_exchange(), which willjsing2016-11-051-52/+67
| | | | | | make it easier to do further clean up. ok beck@ miod@
* fix misplaced quote by tls_peer_ocsp_this_updatebcook2016-11-051-2/+2
|
* zap trailing whitespace, and add -o to usage() and help (-h);jmc2016-11-052-6/+9
|
* tweak previous;jmc2016-11-051-6/+6
|
* move manual pages from doc/ to man/ for consistency with otherschwarze2016-11-0585-169/+169
| | | | | libraries, in particular considering that there are unrelated files in doc/; requested by jsing@ and beck@
* Check BIO_new*() for failure.miod2016-11-052-4/+9
| | | | ok beck@ jsing@
* More X509_STORE_CTX_set_*() return value checks.miod2016-11-053-12/+16
| | | | ok beck@ jsing@
* bump minors for symbol addition for ocsp and x25519 symbol additionsbeck2016-11-053-3/+3
|
* Add support for server side OCSP stapling to libtls.beck2016-11-059-16/+98
| | | | Add support for server side OCSP stapling to netcat.
* Add regress for X25519, converted from BoringSSL.jsing2016-11-053-1/+150
|
* after getting rid of the pod files, clean up the Makefiles; ok bcook@schwarze2016-11-054-41/+23
|
* Add support for X25519.jsing2016-11-055-1/+5136
| | | | | | This brings in code from BoringSSL, which is mostly taken from SUPERCOP. ok beck@ bcook@
* rename ocsp_ctx to ocspbeck2016-11-053-68/+68
| | | | ok jsing@
* minor mandoc -Tlint nitsschwarze2016-11-053-9/+8
|
* add the missing content, sorry for committing an empty fileschwarze2016-11-051-0/+69
|
* Stricter validation of inputs of OPENSSL_asc2uni() and OPENSSL_uni2asc().miod2016-11-051-17/+34
| | | | | | While there, try to make these slightly less obfuscated. ok beck@ jsing@
* convert the remaining manual pages from pod to mdocschwarze2016-11-0525-1650/+3615
|
* X509_STORE_CTX_set_*() may fail, so check for errors.miod2016-11-051-4/+14
| | | | ok beck@
* Do not leak the ressources possibly allocated by EVP_MD_CTX_init() in themiod2016-11-051-2/+3
| | | | | | trivial error path of PKCS12_key_gen_uni(). ok beck@ jsing@
* Set PROG so that the binary correctly gets recompiled when the librariesmiod2016-11-051-11/+5
| | | | | | it is linked against change. ok beck@ jsing@
* Make sure PEM_SealInit() will correctly destroy the PEM_ENCODE_SEAL_CTXmiod2016-11-051-8/+22
| | | | | | | upon error, as there is no way to do this outside of PEM_SealFinal(), which can only work if PEM_SealInit() succeeded... ok beck@ jsing@
* No need to duplicate definitions from evp.h locally.miod2016-11-052-14/+2
| | | | ok bock@ jsing@
* Stop abusing the ternary operator to decide which function to call in amiod2016-11-051-3/+6
| | | | | return statement. ok beck@ jsing@
* further tweakage, with an improvement from joel;jmc2016-11-051-5/+5
| | | | ok jsing schwarze
* Convert ssl3_get_server_kex_ecdhe() to CBS, simplifying tls1_check_curve()jsing2016-11-053-62/+41
| | | | | | | in the process. This also fixes a long standing bug where tls1_ec_curve_id2nid() is called with only one byte of the curve ID. ok beck@ miod@
* Remove generated Symbols.map on make clean.jsing2016-11-052-3/+5
| | | | ok guenther@
* tweak previousschwarze2016-11-041-34/+39
|
* Move pqueue regress from libcrypto to libssl, since that's where the pqueuejsing2016-11-045-5/+5
| | | | | code now lives. Also unbreak the regress following the symbol hiding changes in libssl.
* Rename ssl3_get_key_exchange() to ssl3_get_server_key_exchange(), sincejsing2016-11-043-7/+7
| | | | | | that's what it really is. ok miod@
* Build with WARNINGS=Yes.jsing2016-11-041-1/+3
|
* Avoid shadowing the socket global.jsing2016-11-041-3/+3
| | | | ok miod@
* Make the tls_keypair_new() function a valid prototype.jsing2016-11-041-2/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-12 10:25:26 +0000