summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Move most of DTLS1_STATE to internal.beck2017-01-2211-273/+272
| | | | ok jsing@
* Move ALPN and NPN fields from SSL/SSL_CTX to internal.jsing2017-01-227-125/+129
| | | | ok beck@
* Move internal parts of ssl_session_st to internalbeck2017-01-224-40/+40
| | | | ok jsing@
* Move recently added min_version/max_version from SSL and SSL_CTX to theirjsing2017-01-222-10/+6
| | | | opaque structs.
* Bump majors for libssl and libtls following the translucent struct change.jsing2017-01-221-1/+1
| | | | Further changes to the publically visible structs will ride this bump.
* Convert publically visible structs to translucent structs.jsing2017-01-228-29/+111
| | | | | | | | | | | | | This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary. This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified. ok beck@
* Clean up ssl3_new() - in particular, we do not need to zero fields thatjsing2017-01-221-11/+4
| | | | | | are within a struct that was just allocated via calloc. ok beck@
* There is no point in setting struct fields to zero, when you've alreadyjsing2017-01-221-5/+2
| | | | | | zeroed the entire struct via memset. ok beck@
* Specify minimum and maximum protocol version for each method. This isjsing2017-01-216-6/+36
| | | | | | currently unused, but will be in the near future. ok beck@
* Expand DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN macro.jsing2017-01-211-2/+2
| | | | No change in preprocessor output (ignoring whitespace and line numbers).
* Expand IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN macro.jsing2017-01-211-2/+16
| | | | No change in generated assembly.
* Pull out, rework and dedup the code that determines the highest sharedjsing2017-01-034-79/+62
| | | | | | version. ok beck@ doug@
* Add support for SSL_get_server_tmp_key().jsing2016-12-302-3/+74
| | | | ok doug@
* Pull out (and largely rewrite) the code that determines the enabledjsing2016-12-303-40/+54
| | | | | | | | | | protocol version range. This also fixes a bug whereby if all protocols were disabled, the client would still use TLSv1.2 in the client hello, only to have if fail with unsupported version when it received and processed the server hello. ok doug@
* Remove now unused c2l, c2ln, l2c, n2l, l2cn and n2l3 macros.jsing2016-12-302-53/+2
|
* Explicitly include openssl/opensslconf.h in headers that use OPENSSL_NO_*jsing2016-12-302-2/+4
| | | | defines - do not rely on another heading making those available for us.
* fix typo; from OpenSSLschwarze2016-12-291-4/+4
| | | | | | commit 67adf0a7c273a82901ce8705ae8d71ee2f1c959c Author: Markus Triska <triska@metalevel.at> Date: Sun Dec 25 19:58:38 2016 +0100
* Restore two frees that were unintentionally lost during recent refactoring.jsing2016-12-261-1/+4
|
* Restore previous ASN.1 encoding for the peer certificate - this wasjsing2016-12-261-7/+5
| | | | | | | | unintentionally changed during the CBS/CBB rewrite. Issue reported by jeremy@ due to failing ruby tests. Analysis and near identical diff from Kazuki Yamaguchi <k at rhe.jp>.
* Restore previous behaviour of incrementing the pointer so that it pointsjsing2016-12-261-1/+2
| | | | | | at the end of the buffer. Issue identified by and diff from Kazuki Yamaguchi <k at rhe.jp>.
* Pacify compiler warning about an unitialized variable which is obviouslyderaadt2016-12-211-3/+3
| | | | | not really being used. ok beck.
* Bump libcrypto/libssl/libtls majors due to libcrypto symbol removal andjsing2016-12-211-1/+1
| | | | changes to libssl non-opaque structs.
* Add minimum and maximum version fields to SSL, SSL_CTX and SSL_METHODjsing2016-12-211-1/+10
| | | | | | for future work. Discussed with beck@
* Add support for ECDHE with X25519.jsing2016-12-217-91/+316
| | | | | | Testing of an earlier revision by naddy@. ok beck@
* Convert ssl3_get_server_hello() to CBS.jsing2016-12-183-60/+67
| | | | ok doug@
* various minor cleanup;jmc2016-12-1610-34/+34
|
* Make sure all manual pages discussing X509_NAME objectsschwarze2016-12-144-12/+16
| | | | | reference X509_NAME_new(3). Sparingly add a few other references to relevant X509_NAME*(3) pages while here.
* Complete the CBB conversion and cleanup of send_client_key_exchange().jsing2016-12-131-42/+12
| | | | ok doug@
* Convert ssl3_send_client_kex_gost() to CBB.jsing2016-12-131-17/+19
| | | | ok doug@
* Convert ssl3_send_client_kex_ecdhe() to CBB. Also check the return value ofjsing2016-12-131-34/+35
| | | | | | the EC_POINT_point2oct() calls. Feedback from and ok doug@
* Add Copyright and license.schwarze2016-12-101-1047/+149
| | | | | | | | | | | | | | Delete all the function prototypes. They are all available from their individual manual pages. Here, they were incomplete and nothing but a maintenance nightmare. Add several missing cross reference, such that this page now references all libssl manual pages. Delete a sentence that said nothing and correct a typo. Now all libssl manuals have proper Copyright notices and licenses, and i have merged all improvements from OpenSSL that i could find.
* Write an SSL_get_shared_ciphers(3) manual from scratch; another oneschwarze2016-12-102-1/+72
| | | | | | | | where BUGS is longer than DESCRIPTION. The function is listed in ssl(3) and <openssl/ssl.h>, so it's clearly public. The code looks slightly mysterious to me, so it would be welcome if somebody more familiar with TLS protocols could check factual accuracy.
* New manual pages SSL_get_certificate(3), SSL_get_state(3), andschwarze2016-12-105-4/+286
| | | | | SSL_num_renegotiations(3) written from scratch. These functions are listed in ssl(3) and <openssl/ssl.h>, so they are clearly public.
* Document SSL_version(3). It's listed in ssl(3) and <openssl/ssl.h>,schwarze2016-12-101-7/+20
| | | | so it's clearly a public interface.
* Write SSL_renegotiate(3) manual from scratch; this function is listedschwarze2016-12-072-1/+58
| | | | | | | in ssl(3) and <openssl/ssl.h>, so it's clearly a public interface. More could probably be said, the code looks somewhat mysterious to me, but i think this stub is already better than nothing.
* add missing .Nm SSL_peek in the NAME sectionschwarze2016-12-071-3/+4
|
* Write SSL_copy_session_id(3) manual from scratch. This function isschwarze2016-12-072-1/+78
| | | | | | | listed in ssl(3) and <openssl/ssl.h>, so it's clearly a public interface. We might wish to merge the improved code from OpenSSL 1.1.0, but that's major bump, so i'm documenting the BUGS for now.
* Write new SSL_dup(3) manual from scratch. This function is listedschwarze2016-12-072-1/+61
| | | | in ssl(3) and <openssl/ssl.h>, so it is clearly public.
* New SSL_dup_CA_list(3) manual written from scratch.schwarze2016-12-072-1/+53
| | | | Mentioned in ssl(3) and <openssl/ssl.h>, so it is public.
* Add documentation for SSL_add_file_cert_subjects_to_stack(3) andschwarze2016-12-071-25/+103
| | | | | | | | | | | | | | | SSL_add_dir_cert_subjects_to_stack(3), written from scratch. Both functions are listed in ssl(3) and <openssl/ssl.h> and recommended for the use by browsers in source code comments, so they are clearly public interfaces. Mention deduplication. Purge some duplicate text and improve some wording while here. Two additional cross references instead of the useless ssl(3). Add HISTORY, AUTHORS, and BUGS. It is depressing that BUGS (purely from code inspection) became longer than the DESCRIPTION.
* Convert ssl3_send_client_kex_dhe() to CBB.jsing2016-12-071-14/+23
| | | | ok doug@
* Ensure that we zero memory that contiansthe ASN.1 encoded session, sincejsing2016-12-071-26/+29
| | | | | | this contains the session master key. ok deraadt@ doug@
* Ensure that we zero memory used to hold the ASN.1 encoded session, sincejsing2016-12-071-1/+4
| | | | | | this contains the session master key. ok deraadt@ doug@
* An SSL_SESSION_print(3) manual written from scratch. It's clearlyschwarze2016-12-062-1/+68
| | | | | a public interface since it's listed both in ssl(3) and in <openssl/ssl.h>. Nothing to pilfer from OpenSSL in this case...
* s/SSL_CTX_need_tmp_rsa/SSL_CTX_need_tmp_RSA/schwarze2016-12-061-5/+5
| | | | | | | | | | | | | | because that's what <openssl/ssl.h> #defines. That's likely a typo in the header file because all the other functions are called *tmp_rsa*(). But it would be a bad idea to fix such a bug in interfaces that are only provided for backward compatibility in the first place, so i'm adjusting the manual to be bug-compatible with the code, for now. But, pretty please, for the next major bump, somebody go get Bob's flensing knife and excise this part of the interface. Like, export ciphers? Really?
* Copyright and license for the remaining manuals in this directoryschwarze2016-12-066-13/+296
|
* Add Copyright and license.schwarze2016-12-061-8/+52
| | | | | | Garbage collect empty RETURN VALUES section. Delete useless cross reference to ssl(3). Add cross reference to SSL_SESSION_new(3).
* New manual page SSL_SESSION_new(3) written from scratch.schwarze2016-12-062-1/+64
| | | | | | The function prototype is listed in ssl(3) and <openssl/ssl.h>, so it's clearly a public interface, but OpenSSL has no documentation about it whatsoever.
* Convert ssl3_send_client_kex_rsa() to CBB.jsing2016-12-061-14/+36
| | | | ok doug@
* Now that ssl3_send_{client,server}_certificate() are using the commonjsing2016-12-064-176/+6
| | | | handshake functions, we can remove more copied code from DTLS.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-04 21:42:45 +0000