summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Cast pointers to uintptr_t to avoid potential signedness errors.dtucker2016-10-143-7/+24
| | | | | Based on patch from yuanjie.huang at windriver.com via OpenSSH bz#2608, with & ok millert, ok deraadt.
* 0xd0 -> 0xdb; ok deraadt@ millert@ tedu@otto2016-10-141-3/+3
|
* optimize canary code a bit by storing offset of sizes table instead ofotto2016-10-121-5/+7
| | | | recomputing it all the time
* make clear the length printed is the requested lengthotto2016-10-081-3/+3
|
* grammar fix previous;jmc2016-10-071-2/+2
|
* document "chunk canary corrupted" errorotto2016-10-071-2/+7
|
* stray tabotto2016-10-071-2/+2
|
* Beter implementation of chunk canaries: store size in chunk meta dataotto2016-10-071-61/+63
| | | | instead of chunk itself; does not change actual allocated size; ok tedu@
* Fix some broken .Xr links, loosely based on a diffschwarze2016-10-051-13/+12
| | | | | | | | from Rob Pierce <rob at 2keys dot ca>. The content of this page may also need expert attention, i suspect it may be lacking modern algorithms and over-emphasizing obsolete ones, but i dare not touch the content.
* use the same type for buf as the return type in tls_load_filebcook2016-10-031-2/+3
| | | | ok tedu@, noted by kinichiro
* Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate()guenther2016-10-021-5/+11
| | | | | based on openssl commit a5184a6c89ff954261e73d1e8691ab73b9b4b2d4 ok bcook@
* Detect zero-length encrypted session data early, instead of when malloc(0)guenther2016-10-021-2/+2
| | | | | | | fails or the HMAC check fails. Noted independently by jsing@ and Kurt Cancemi (kurt (at) x64architecture.com) ok bcook@
* In X509_cmp_time(), pass asn1_time_parse() the tag of the field beingguenther2016-10-021-2/+3
| | | | | | | | | parsed so that a malformed GeneralizedTime field is recognized as an error instead of potentially being interpreted as if it was a valid UTCTime. Reported by Theofilos Petsios (theofilos (at) cs.columbia.edu) ok beck@ tedu@ jsing@
* Append to CLEANFILES instead of replacing it, so libcrypto.pc isnatano2016-09-231-2/+2
| | | | | | deleted on make clean. ok millert
* Improve on code from the previous commit.jsing2016-09-221-7/+5
| | | | ok bcook@
* Avoid unbounded memory growth, which can be triggered by a clientjsing2016-09-221-9/+20
| | | | | | repeatedly renegotiating and sending OCSP Status Request TLS extensions. Fix based on OpenSSL.
* Check for packet with truncated DTLS cookie.guenther2016-09-221-12/+17
| | | | | | | | | | | Flip pointer comparison logic to avoid beyond-end-of-buffer pointers to make it less likely a compiler will decide to screw you. Based on parts of openssl commits 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 and 89c2720298f875ac80777da2da88a64859775898 ok jsing@
* Improve ticket validity checking when tlsext_ticket_key_cb() callbackguenther2016-09-221-4/+25
| | | | | | | | | | | chooses a different HMAC algorithm. Avert memory leaks if the callback preps the HMAC in some way. Based on openssl commit 1bbe48ab149893a78bf99c8eb8895c928900a16f but retaining a pre-callback length check to guarantee the callback is provided the buffer that the API claims. ok bcook@ jsing@
* revert documentation update for the clearning behavior we already revertedbcook2016-09-221-5/+1
|
* Delete casts to off_t and size_t that are implied by assignmentsguenther2016-09-216-20/+19
| | | | | | | or prototypes. Ditto for some of the char* and void* casts too. verified no change to instructions on ILP32 (i386) and LP64 (amd64) ok natano@ abluhm@ deraadt@ millert@
* Avoid selecting weak digests for (EC)DH when using SNI.bcook2016-09-201-3/+12
| | | | | | | | | | | from OpenSSL: SSL_set_SSL_CTX is normally called for SNI after ClientHello has received and the digest to use for each certificate has been decided. The original ssl->cert contains the negotiated digests and is now copied to the new ssl->cert. noted by David Benjamin and Kinichiro Inoguchi
* Update ld search path for libssl/libcrypto, fixes cross-build after source ↵bcook2016-09-192-6/+6
| | | | | | moved. from Patrick Wildt
* move page junking tp unmap(), right before we stick the region in the cache;otto2016-09-181-6/+6
| | | | ok tedu@
* Set callbacks on the right tls ctx on accept.bcook2016-09-141-2/+2
| | | | From Tobias Pape
* Handle the FLUSH BIO cntl, that happens at the end of SSL handshakes.bcook2016-09-141-1/+2
| | | | from Tobias Pape
* Allow callback read/write functions to set TLS_WANT_POLLOUT/POLLIN.bcook2016-09-141-3/+21
| | | | from Tobias Pape
* Generate pkg-config files at build time like everything else. Thisnatano2016-09-142-4/+6
| | | | | | | avoids permission problems due to the build and install stages being run by different users. ok deraadt jasper
* add a little more typing to the first callback argument.tedu2016-09-132-7/+7
| | | | it's always a tls context.
* Files in /etc/ssl belong to root. ok deraadtnatano2016-09-111-4/+4
|
* missing space after commatb2016-09-091-2/+2
| | | | | | (this was apparently lost during the repo surgery) ok bcook
* back out calls to EVP_CIPHER_CTX_cleanup() in EVP_Cipher/Encrypt/DecryptFinalbcook2016-09-091-4/+1
| | | | | Software that refers to ctx after calling Final breaks with these changes. revert parts of 1.31 and 1.32
* remove CMS manuals; beck@ agress with the general ideaschwarze2016-09-0523-2347/+1
|
* fix Dt;jmc2016-09-041-2/+2
|
* Remove cms.jsing2016-09-041-8/+1
|
* Remove cms.jsing2016-09-0415-7541/+0
| | | | ok beck@, guenther@, tedu@
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-045-69/+293
| | | | No change in preprocessed output, ignoring whitespace and line numbers.
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-042-7/+27
| | | | No change in preprocessed output, ignoring whitespace and line numbers.
* Set errno more consistently, and fix a warning, ok tedunicm2016-09-041-21/+29
|
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-041-33/+133
| | | | No change in preprocessed output, ignoring whitespace.
* minor tweaks;jmc2016-09-041-7/+7
|
* rmtedu2016-09-041-68/+0
|
* oops, name file after main functiontedu2016-09-041-0/+68
|
* it doesn't say anything yet, but start adding a man pagetedu2016-09-041-0/+68
|
* Place IMPLEMENT_PEM macros under #ifndef LIBRESSL_INTERNAL.jsing2016-09-041-2/+4
|
* Sort and group functions.jsing2016-09-045-250/+226
|
* Expand IMPLEMENT_PEM macros.jsing2016-09-041-2/+29
| | | | No change in generated assembly.
* Expand IMPLEMENT_PEM macros.jsing2016-09-044-30/+545
| | | | No change in generated assembly.
* Make the key sizes and offsets arrays const, ok tedunicm2016-09-041-2/+2
|
* Less S390.jsing2016-09-0412-4596/+2
| | | | ok deraadt@
* Bump TLS_API for addition of callbacks.jsing2016-09-041-2/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-21 15:42:48 +0000