summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/labs.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2017-01-26Remove ssl3_undef_enc_method - if we have internal bugs we want to segfaultjsing5-36/+8
so that we can debug it, rather than adding a "should not be called" error to the stack. Discussed with beck@
2017-01-26Remove a sess_cert reference from a comment in the public header.jsing1-5/+2
Noted by zhuk@
2017-01-25split the tls_init(3) that had grown fat to allow healthy future growth;schwarze15-888/+1474
suggested by jsing@; "i would just chuck it in" jmc@
2017-01-25Fix array initialization syntax for ocspcheck.cinoguchi1-1/+1
Conformance to C99, and avoiding build break on VisualStudio and HP-UX. OK millert@
2017-01-25document BN_asc2bn(3);schwarze1-3/+27
jsing@ confirmed that it is a public function worth documenting
2017-01-25remove __BEGIN_DECLS and __END_DECLS from http.hinoguchi1-5/+1
sync with ocspcheck and acme-client ok benno@
2017-01-25bring changes from acme-client over here.benno1-56/+54
ok beck@
2017-01-25Update ssl versions regress to handle min/max configured versions andjsing1-47/+201
the cover the ssl_supported_version_range() function.
2017-01-25Limit enabled version range by the versions configured on the SSL_CTX/SSL,jsing3-23/+84
provide an ssl_supported_versions_range() function which also limits the versions to those supported by the current method. ok beck@
2017-01-25Add start of a regress for cert gen and validation. not clean, won'tbeck5-0/+394
hook it up yet
2017-01-25link in rsa testbeck1-1/+2
2017-01-25Add rsa test from openssl, since it has a license nowbeck2-0/+344
2017-01-25Change the SSL_IS_DTLS() macro to check the version, rather than using ajsing2-7/+4
flag in the encryption methods. We can do this since there is currently only one DTLS version. This makes upcoming changes easier. ok beck@
2017-01-25Construct a BN_gcd_nonct, based on BN_mod_inverse_no_branch, as suggestedbeck6-10/+170
by Alejandro Cabrera <aldaya@gmail.com> to avoid the possibility of a sidechannel timing attack during RSA private key generation. Modify BN_gcd to become not visible under LIBRESSL_INTERNAL and force the use of the _ct or _nonct versions of the function only within the library. ok jsing@
2017-01-25Provide ssl3_packet_read() and ssl3_packet_extend() functions that improvejsing3-35/+59
the awkward API provided by ssl3_read_n(). Call these when we need to read or extend a packet. ok beck@
2017-01-25Provide defines for SSL_CTRL_SET_CURVES/SSL_CTRL_SET_CURVES_LIST for thingsjsing1-1/+15
that are conditioning on these. From BoringSSL. ok beck@
2017-01-24fix make clean and warningsotto2-1/+3
2017-01-24make sure realloc preserves dataotto1-17/+45
2017-01-24use ${.OBJDIR}otto1-8/+8
2017-01-24BUF_MEM_free(), X509_STORE_free() and X509_VERIFY_PARAM_free() all checkjsing2-18/+10
for NULL, as does lh_free() - do not do the same from the caller.
2017-01-24sk_free() checks for NULL so do not bother doing it from the callers.jsing4-10/+9
2017-01-24sk_pop_free() checks for NULL so do not bother doing it from the callers.jsing7-50/+31
2017-01-24Within libssl a SSL_CTX * is referred to as a ctx - fix this forjsing1-29/+29
SSL_CTX_free().
2017-01-24correct usage format; ok beck claudio bennoderaadt1-2/+3
2017-01-24in resolver(3), document that _EDNS0 and _DNSSEC are no ops;jmc1-6/+17
diff from kirill miazine while here, bump all the no op texts to one standard blurb; help/ok jca
2017-01-24fix mode on open() and ftruncate(), noticed bybeck1-2/+4
bcook@
2017-01-24#if 0 the ecformats_list and eccurves_list - these are currently unused butjsing1-2/+5
will be revisited at some point in the near future.
2017-01-24Remove unused cert variable.jsing1-3/+1
Found by bcook@
2017-01-24Say no to two line error messages on failurebeck1-4/+3
2017-01-24s/returns/exits/beck1-2/+2
2017-01-24Break run-on sentence into two.beck1-3/+4
2017-01-24string terminator is called a NULderaadt2-5/+5
2017-01-24Actually load the cafile when providede, and error message cleanupbeck1-4/+4
2017-01-24use warn, I have errno here. noticed by theobeck1-1/+1
2017-01-24Yes the "if (const == val" idiom provides some safety, but it grates onderaadt1-58/+58
us too much. ok beck jsing
2017-01-24knfbeck1-1/+2
2017-01-24revert accidental commit of theo diffbeck1-58/+58
2017-01-24Just don't bother with OpenSSL error strings, they are mostlybeck2-77/+71
irrelevant and look gross here anyway.. we don't need them
2017-01-24various cleanup;jmc2-29/+28
2017-01-24Bump libssl and libtls minors due to symbol additions.jsing2-2/+2
2017-01-24slight cleanupsderaadt1-4/+3
2017-01-24Add a -groups option to openssl s_client, which allows supported EC curvesjsing1-7/+17
to be specified as a colon separated list. ok beck@
2017-01-24Update client tests for changes in default EC formats/curves.jsing1-52/+31
2017-01-24Add support for setting the supported EC curves viajsing7-26/+197
SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names. This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself. Inspired by parts of BoringSSL and OpenSSL. ok beck@
2017-01-24s/exit/exist/ typobeck1-2/+2
2017-01-24New ocspcheck utility to validate a certificate against its ocsp responderbeck5-0/+1634
and save the reply for stapling ok deraadt@ jsing@
2017-01-24Correct bounds checks used when generating the EC curves extension.jsing1-3/+3
ok beck@
2017-01-24accross -> across;jmc1-2/+2
2017-01-24Use prime256v1 for tests unless otherwise specified.jsing1-4/+0
2017-01-24Fix typo in brainpool curve name within a comment.jsing1-2/+2
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-21 04:04:30 +0000