summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* nuke trailing whitespacebeck2015-09-091-4/+3
| | | | ok jsing@
* Stop exporting from libc the <mpool.h> and the mpool_* APIguenther2015-09-091-0/+122
| | | | ports scan by sthen@
* Only take ownership of a socket if we allocated it within libtls. If we arejsing2015-09-092-11/+5
| | | | | | passed a socket then the caller is responsible for closing it. ok bcook@
* Netcat could hang during write(2) although poll(2) reports that thebluhm2015-09-081-15/+6
| | | | | | | | | socket is writeable. This happens because netcat tries to write more than the low water mark of the socket write buffer. With a non-blocking socket you may get a short write, otherwise it blocks. The latter could cause a total hang of the netcat process depending on the upper protocol. So make the network connection non-blocking. OK claudio@ millert@
* Remove the default HTTPS port from tls_connect() - this is a TLS library,jsing2015-09-082-6/+6
| | | | | | not a HTTPS library. ok beck@
* Fix aliasing of sys_errlist, sys_nerr, sys_siglist, and sys_signameguenther2015-09-062-15/+4
| | | | | | to eliminate duplicate copies of the tables and get direct access internally ok kettenis@ deraadt@
* Use new framework for wrapping cat{open,gets,close}(), eliminatingguenther2015-09-052-8/+2
| | | | | | _cat* in the process. ok kettenis@
* synchronize synopsis and usage.sobrado2015-09-031-2/+2
|
* Replace dtls1_client_hello() with ssl3_client_hello() - both are basicallyjsing2015-09-026-212/+58
| | | | | | | | | | | the same code, with two slight differences for DTLS handling. Also, make use of send_cookie to determine if the client random needs to be preserved, rather than testing if it is zeroed (hopefully your random number generator never returned all zeros, since the existing code would break). Inspired by BoringSSL. ok doug@
* Fewer magic numbers - we already have defines for the header lengths, sojsing2015-09-022-10/+14
| | | | | | make use of them. ok doug@
* Add an initial TLS client regress, which currently covers ClientHellojsing2015-09-013-1/+369
| | | | message generation.
* Remove duplicate prototype for SSL_get_selected_srtp_profile().jsing2015-09-012-4/+2
| | | | From Aaron Burghardt.
* Remove the ssl_prepare_{client,server}hello_tlsext() functions, which arejsing2015-09-0110-68/+10
| | | | | | now nothing more than noops. ok bcook@ doug@
* Make it always safe to call CBB_cleanup() providing that CBB_init() orjsing2015-09-012-4/+16
| | | | | | CBB_init_fixed() have been attempted. ok doug@
* Add framework for resolving (pun intended) libc namespace issues, usingguenther2015-08-3143-49/+233
| | | | | | | | | | | | wrapper .h files and asm labels to let internal calls resolve directly and not be overridable or use the PLT. Then, apply that framework to most of the functions in stdio.h, string.h, err.h, and wchar.h. Delete the should-have-been-hidden-all-along _v?(err|warn)[cx]? symbols while here. tests clean on i386, amd64, sparc64, powerpc, and mips64 naming feedback from kettenis@ and millert@ ok kettenis@
* Use nanosleep instead of sleep to avoid the extra layer and simplify laterguenther2015-08-301-5/+8
| | | | | | symbol hiding ok w/tweak deraadt@
* Now that SSLv3 is going away, TLS_* and SSLv23 are equivalent.doug2015-08-297-288/+12
| | | | | | Remove the TLS method data and tls_any_* functions. Point to SSLv23. ok jsing@
* Delete s3_meth.c since it was only for SSLv3 support.doug2015-08-291-103/+0
| | | | ok jsing@
* Remove SSLv3 method data structs and unlink s3_meth.c from the build.doug2015-08-295-164/+6
| | | | ok jsing@
* Kill coverity 128475beck2015-08-282-4/+4
| | | | ok doug@
* Improve libtls error messages.jsing2015-08-275-55/+101
| | | | | | | | | | | | The tls_set_error() function previously stored the errno but did nothing with it. Change tls_set_error() to append the strerror(3) of the stored errno so that we include useful information regarding failures. Provide a tls_set_errorx() function that does not store the errno or include strerror(3) in the error message. Call this function instead of tls_set_error() for errors where the errno value has no useful meaning. With feedback from and ok doug@
* Split the persistent/configuration flags from temporary state flags andjsing2015-08-273-11/+14
| | | | | | | | | | | ensure that the temporary state flags get cleared in tls_reset(). Fixes a bug spotted by Marko Kreen whereby TLS_CONNECTING could remain on reset. While here, also move the TLS_STATE_CONNECTING check to after the TLS_CLIENT check - if TLS_STATE_CONNECTING was ever set on any other context type it would allow a bypass. ok bluhm@
* Change AEAD out_len argument to size_t instead of ssize_t - while here,jsing2015-08-272-20/+16
| | | | | | | rename it to out_len so that its purpose is more obvious. Also, drop two checks that are no longer possible (and have not been for a long time). Spotted by and ok doug@
* Remove SSLv3 support from LibreSSL regression tests.doug2015-08-273-56/+5
|
* Make functions that are internal to tls verify static.jsing2015-08-271-7/+8
| | | | | | Spotted by Marko Kreen. Rides libtls major bump.
* Crank major version for libssl and libtls due to SSLv3 removal.doug2015-08-273-3/+3
|
* Remove SSLv3 support from LibreSSL.doug2015-08-2720-178/+36
| | | | | | | | | | This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support. Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@. ok jsing@, beck@
* Use static and __{BEGIN,ENV}_HIDDEN_DECLS to hide a bunch of internalguenther2015-08-272-4/+7
| | | | | | symbols that are not longer exported. (This improves the generated code.) ok deraadt@
* Move the __rand48_* declarations into rand48.h, and then hide both themguenther2015-08-277-25/+13
| | | | | | and __dorand48() and __rand48_deterministic ok deraadt@
* unify versions, so they are easier to diff.deraadt2015-08-258-18/+18
|
* KNFderaadt2015-08-252-12/+8
|
* ISO8859-1 support has been removedguenther2015-08-231-8/+1
| | | | ok semarie@
* Remove all duplicate prototypes for *_main functions (these are alreadyjsing2015-08-2242-185/+102
| | | | | | | | | provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere). ok deraadt@ doug@
* Unify error message between client and server.jsing2015-08-221-2/+2
|
* SSL_set_app_data is a macro for SSL_set_ex_data(), which is a wrapperjsing2015-08-222-6/+10
| | | | | around CRYPTO_set_ex_data(), which can fail. Since this is the case, check the return value of CRYPTO_set_ex_data^WSSL_set_ex_data^WSSL_set_app_data.
* Store a reference to the libtls context in the SSL client connection appjsing2015-08-221-1/+3
| | | | | | data (as is already done for server connections). From Marko Kreen.
* Make tls_read()/tls_write always set outlen to zero on error - this gotjsing2015-08-221-5/+5
| | | | | | broken by r1.4. Spotted by Marko Kreen.
* All these files include <stdlib.h>, so do not need to castderaadt2015-08-202-5/+5
| | | | malloc/calloc/realloc* returns.
* bump to 2.3.0 for the next LibreSSL release cyclebcook2015-08-202-6/+6
|
* Properly handle missing TLS extensions in client hello as a non-failure.bcook2015-08-192-2/+6
| | | | | Noticed by @Ligushka from github. ok miod@, doug@
* bring prototypes into scope, requires movement of a large global objectderaadt2015-08-198-202/+208
| | | | | out of .h file ok jsing
* typosmiod2015-08-1810-10/+10
|
* Improve openssl s_client -starttls xmpp support.landry2015-08-112-7/+28
| | | | | | | | | From https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest - add a -xmpphost option to specify the xmpp virtual host - fix an infinite loop when the vhost isnt what the server expects - fix communication with openfire & prosody servers with tweaks & ok bcook@ doug@ manpage bits jmc@
* spelling; ok deraadtjmc2015-08-022-4/+4
|
* remove ssl3 bits; ok dougjmc2015-08-021-58/+14
|
* Don't hardcode /usr/src, use BSDSRCDIRtobiasu2015-07-311-2/+2
|
* Fix SRTP parsing.doug2015-07-312-6/+4
| | | | | | | jsing@ noticed that during the CBS conversion, an extra CBS_len comparison was introduced. It should be 0 after extracting MKI. ok jsing@ bcook@ deraadt@
* Add linker warnings in case SSLv3_{,client,server}_method are referenced.miod2015-07-295-5/+35
| | | | | | | Use of this symbols proves the existence of a code path willingly using SSLv3, even with OPENSSL_NO_SSL3 being defined, which hints that it needs fixing. Discussed with the LibreSSL cabal during c2k15; ok deraadt@
* Use named initialisers for X509V3_EXT_METHOD structs (for the usualjsing2015-07-2938-456/+1176
| | | | reasons) - only change in generated assembly is due to line numbering.
* Expand obsolete M_ASN1.*(cmp|dup|print|set) macros - no change in generatedjsing2015-07-2940-108/+108
| | | | | | assembly. ok bcook@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-03 19:55:20 +0000