summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Add support for building arc4random with MSVC.bcook2015-09-101-7/+8
| | | | | | | By default, MSVC's stdlib.h defines min(), so we need to spell out something less common to avoid picking it up. ok deraadt@ beck@ miod@
* Call tls_set_errorx() instead of tls_set_error() injsing2015-09-101-5/+5
| | | | tls_configure_ssl_verify(). Also tweak an error message and unwrap a line.
* Pull in namespace.h when building all .c files using gcc's -include option,guenther2015-09-102-3/+18
| | | | | | | | so that we can provide asm labels for the memcpy/memset/__stack_smash_handler calls that it generates ab initio. Eliminate direct #includes of it. Make sure it's a dependency of all objects (unnecessary for asm, but close enough). ok deraadt@
* When loading a DSA key from an raw (without DH parameters) ASN.1 serialization,miod2015-09-102-4/+96
| | | | | | | | | | | | | perform some consistency checks on its `p' and `q' values, and return an error if the checks failed. Thanks for Georgi Guninski (guninski at guninski dot com) for mentioning the possibility of a weak (non prime) q value and providing a test case. See https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html for a longer discussion. ok bcook@ beck@
* delete empty SYNOPSIS sectionschwarze2015-09-102-6/+4
|
* Remove support for DTLS_BAD_VER. We do not support non-standard andjsing2015-09-1020-98/+46
| | | | | | | incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years. ok bcook@ miod@
* improve examples,deraadt2015-09-101-8/+11
| | | | | | | 1. hoist pollfd fields which don't change upwards 2. show ret as ssize_t, it MUST BE, or there will be lots of crying 3. on first pass, must check for either POLLIN|POLLOUT ok millert beck
* Put OPENSSL_cleanse under #ifndef LIBRESSL_INTERNAL.jsing2015-09-102-2/+8
|
* CRYPTO_set_mem_debug_functions() and CRYPTO_set_mem_functions() are alreadyjsing2015-09-102-36/+6
| | | | | | | | | noops, so neuter the CRYPTO_malloc_init and CRYPTO_malloc_debug_init macros. With input from miod@ ok beck@ bcook@ miod@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-10139-399/+423
| | | | ok miod@
* document client side certificate verification functionality.beck2015-09-102-3/+19
| | | | ok jsing@
* reduce .Nd to one line and kill .Tn while hereschwarze2015-09-105-25/+15
|
* Remove pointless comments.jsing2015-09-106-12/+12
| | | | ok "captain obvious"
* document changed tls_read and tls_write semantics.beck2015-09-101-15/+58
| | | | | | | document functions that clear errno. change examples to provide demonstration of both the blocking and non-blocking cases. ok jsing@, bluhm@
* Replace remaining M_ASN1_STRING_* macros with calls to ASN1_STRING_*.jsing2015-09-106-36/+36
| | | | | | | This is not the same as the macro expansion, however the ASN1_STRING_* functions do match the macro expansions. ok doug@ miod@
* mlink tls_handshake;jmc2015-09-101-1/+2
|
* tweak previous;jmc2015-09-101-3/+3
|
* missing commas at the end of .Nm lines in the NAME sectionschwarze2015-09-101-3/+3
|
* Correctly document the behaviour of tls_close() - the caller is responsiblejsing2015-09-101-5/+6
| | | | | | for closing the file descriptors unless libtls allocated them. ok beck@
* Replace TLS_{READ,WRITE}_AGAIN with TLS_WANT_POLL{IN,OUT} and correctlyjsing2015-09-101-20/+13
| | | | | | document the calling requirements. ok beck@
* Update libtls man page to reflect tls_handshake() related changes.jsing2015-09-101-35/+37
| | | | ok beck@
* revert accidental commitbeck2015-09-101-4/+4
|
* comment for errno clobbering, to indicate why we do this.beck2015-09-102-5/+9
| | | | ok deraadt@ jsing@
* bump majorbeck2015-09-101-1/+1
| | | | ok jsing@
* change TLS_READ_AGAIN to TLS_WANT_POLLIN and TLS_WRITE_AGAIN to TLS_WANT_POLLOUTbeck2015-09-102-7/+7
| | | | | | | to make it more clear to users of this api what needs to be done in these error cases. Discussed extensively with bluhm@ and jsing@ and others. ok jsing@
* Change tls_read and tls_write semantics to return an ssize_t to betterbeck2015-09-102-21/+14
| | | | | | | | match read() and write() semantics to make porting existing code using read/write easier.. requested by bluhm@ who convinced jsing and I to break the api ok jsing@ bluhm@
* Split tls_handshake() out from tls_accept/tls_connect. By doing this thejsing2015-09-105-59/+120
| | | | | | | | | | | | | | | tls_accept/tls_connect functions can be guaranteed to succeed or fail and will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves the semantics of tls_accept_*. The tls_handshake() function now does I/O and can return TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will trigger the handshake if it has not already completed, meaning that in many cases existing code will continue to work. Discussed over many coffees at l2k15. ok beck@ bluhm@
* tweak Nd after previous; ok mpijmc2015-09-101-2/+2
|
* add MLINKS for _prefer_ciphers_*jmc2015-09-101-1/+3
|
* Add support for preferring the server's cipher list or the client's cipherjsing2015-09-105-8/+47
| | | | | | | | list. Prefer the server's cipher list by default. Based on a diff from Kyle Thompson <jmp at giga dot moe>. ok beck@ bcook@
* Remove link_addr(3). A function to encode the name of an interface inmpi2015-09-103-136/+8
| | | | | | | | | | | | a sockaddr_dl is a questionnable interface. But now it makes it harder to properly reference ifp becauses of this. Set sdl_index to the index of the corresponding interface when constructing a routing message. Ridding previous libc crank. ok guenther@, deraadt@, dlg@
* Fix an incorrect error check in DSA verify.bcook2015-09-102-8/+4
| | | | | | From Matt Caswell's OpenSSL commit "RT3192: spurious error in DSA verify". https://github.com/openssl/openssl/commit/eb63bce040d1cc6147d256f516b59552c018e29b
* Add missing CVS Mdocdate tags. No text change, except for the changeschwarze2015-09-0916-16/+16
| | | | of date that can't be helped.
* Indent labels with a space so that diff -p is more friendly.jsing2015-09-096-18/+18
| | | | Requested by bluhm@
* Check handshake_func against NULL rather than 0, since it is a functionjsing2015-09-092-14/+14
| | | | | | pointer. ok bcook@ miod@
* Add client certificate support. Still needs a few tweaks but this willbeck2015-09-096-34/+76
| | | | | ride upcoming minor bump ok jsing@
* always clear errno when coming back from tls_read tls_write, and tls_close.beck2015-09-091-9/+20
| | | | | | | this avoids the problem of people checking for return values < 0 and then checking for errno before checking for TLS_READ_AGAIN TLS_WRITE_AGAIN - since we can not guarantee what errno will be set to from the underlying library calls
* nuke trailing whitespacebeck2015-09-091-4/+3
| | | | ok jsing@
* Stop exporting from libc the <mpool.h> and the mpool_* APIguenther2015-09-091-0/+122
| | | | ports scan by sthen@
* Only take ownership of a socket if we allocated it within libtls. If we arejsing2015-09-092-11/+5
| | | | | | passed a socket then the caller is responsible for closing it. ok bcook@
* Remove the default HTTPS port from tls_connect() - this is a TLS library,jsing2015-09-082-6/+6
| | | | | | not a HTTPS library. ok beck@
* Fix aliasing of sys_errlist, sys_nerr, sys_siglist, and sys_signameguenther2015-09-062-15/+4
| | | | | | to eliminate duplicate copies of the tables and get direct access internally ok kettenis@ deraadt@
* Use new framework for wrapping cat{open,gets,close}(), eliminatingguenther2015-09-052-8/+2
| | | | | | _cat* in the process. ok kettenis@
* Replace dtls1_client_hello() with ssl3_client_hello() - both are basicallyjsing2015-09-026-212/+58
| | | | | | | | | | | the same code, with two slight differences for DTLS handling. Also, make use of send_cookie to determine if the client random needs to be preserved, rather than testing if it is zeroed (hopefully your random number generator never returned all zeros, since the existing code would break). Inspired by BoringSSL. ok doug@
* Fewer magic numbers - we already have defines for the header lengths, sojsing2015-09-022-10/+14
| | | | | | make use of them. ok doug@
* Remove duplicate prototype for SSL_get_selected_srtp_profile().jsing2015-09-012-4/+2
| | | | From Aaron Burghardt.
* Remove the ssl_prepare_{client,server}hello_tlsext() functions, which arejsing2015-09-0110-68/+10
| | | | | | now nothing more than noops. ok bcook@ doug@
* Make it always safe to call CBB_cleanup() providing that CBB_init() orjsing2015-09-012-4/+16
| | | | | | CBB_init_fixed() have been attempted. ok doug@
* Add framework for resolving (pun intended) libc namespace issues, usingguenther2015-08-3143-49/+233
| | | | | | | | | | | | wrapper .h files and asm labels to let internal calls resolve directly and not be overridable or use the PLT. Then, apply that framework to most of the functions in stdio.h, string.h, err.h, and wchar.h. Delete the should-have-been-hidden-all-along _v?(err|warn)[cx]? symbols while here. tests clean on i386, amd64, sparc64, powerpc, and mips64 naming feedback from kettenis@ and millert@ ok kettenis@
* Use nanosleep instead of sleep to avoid the extra layer and simplify laterguenther2015-08-301-5/+8
| | | | | | symbol hiding ok w/tweak deraadt@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-03 23:08:17 +0000