summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Rearrange text a bit to make it clear what "discarded" means; ok jmc@ deraadt@otto2017-04-231-8/+13
|
* For small allocations (chunk) freezero only validates the givenotto2017-04-221-5/+10
| | | | | | | | size if canaries are enabled. In that case we have the exact requested size of the allocation. But we can at least check the given size against the chunk size if C is not enabled. Plus add some braces so my brain doesn't have to scan for dangling else problems when I see this code.
* Fix previous.visa2017-04-201-2/+2
|
* Get TCB address using the RDHWR instruction instead of __get_tcb().visa2017-04-201-4/+5
| | | | | | | | | | | This gives fast access to the address on systems that implement the UserLocal register. TCB caching is still used when running in the single-threaded mode in order not to penalize old systems. The kernel counterpart of this change must be in place before using this diff! With guenther@
* don't forget to fill in canary bytes for posix_memalign(3); reported byotto2017-04-181-1/+4
| | | | and ok jeremy@
* consictently use .Dv NULL and a few other tweaks; ok schwarze@otto2017-04-171-20/+17
|
* whitespace fixesotto2017-04-171-14/+14
|
* backout previous, data_len is not always initializedotto2017-04-161-2/+5
|
* Use freezero(3) when cleaning up session tickets - not only does it requirejsing2017-04-141-6/+3
| | | | | less code, but there is also a potential performance gain since they can be larger allocations.
* Use freezero(3) to clean up the X25519 keys - simpler, cleaner code.jsing2017-04-141-6/+3
|
* Use freezero(3) in the CBB clean up path, since this could hold sensitivejsing2017-04-141-3/+2
| | | | information (such as master keys).
* Switch i2d_SSL_SESSION() back to freezero(3) now that the size constraintsjsing2017-04-141-5/+2
| | | | have been relaxed.
* Clean up server key exchange EC point handling. Encode the point directlyjsing2017-04-141-27/+15
| | | | | | | | into the CBB memory, rather than mallocing and memcpying, which also makes makes the code more consistent with the client. Add a missing check for the first EC_POINT_point2oct() call. ok beck@
* allow clearing less than allocated and document freezero(3) betterotto2017-04-132-13/+26
|
* New strstr() implementation from musl libc by Rich Felker. Thismillert2017-04-121-44/+180
| | | | | | | | version uses the two-way string matching algorithm and is faster than the old implementation. With this change, ports that check for strstr having linear complexity time strstr will no longer replace the libc strstr with a private version. OK deraadt@ espie@
* Revert ssl_asn1.c r1.50 - CBB and freezero(3) do not play nicely together.jsing2017-04-111-2/+5
| | | | | | Back this out while we investigate and implement a solution. Found the hard way by sthen@
* new X25519(3) manual page;schwarze2017-04-105-10/+113
| | | | from Dr. Stephen Henson <steve@openssl.org>, OpenSSL commit d218f3c3
* Use freezero() for the internal opaque structures, instead of the currentjsing2017-04-103-18/+9
| | | | explicit_bzero()/free(). Less code and potentially less overhead.
* Use freezero() for X25519 keys - same result with more readable code.jsing2017-04-101-7/+3
|
* document three additional functions;schwarze2017-04-101-7/+60
| | | | from Emilia Kasper <emilia at openssl dot org>, OpenSSL commit 4ac139b4
* Rework name verification code so that a match is indicated via an argument,jsing2017-04-105-47/+76
| | | | | | | | | | rather than return codes. More strictly follow RFC 6125, in particular only check the CN if there are no SAN identifiers present in the certificate (per section 6.4.4). Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>. ok beck@ jca@
* freezero() the key block; simpler code and less of it.jsing2017-04-101-7/+3
|
* Use freezero() for i2d_SSL_SESSION() - one line of code instead of three.jsing2017-04-101-5/+2
| | | | | | In this case the memory allocated can also be significant, in which case freezero() will have less overhead than explicit_bzero() (munmap instead of touching all of the memory to write zeros).
* fix some .Xr errors that jmc@ found with mdoclint(1)schwarze2017-04-103-12/+13
|
* new manual page SSL_get_server_tmp_key(3)schwarze2017-04-103-2/+88
| | | | from Matt Caswell <matt@openssl.org>, OpenSSL commit 508fafd8
* Additional SSL_SESSION documentationschwarze2017-04-1011-16/+349
| | | | | from Matt Caswell <matt at openssl dot org>, OpenSSL commit b31db505. Improve crosslinking while here.
* for pure *_ctrl() wrapper macros, move the reference from ssl(3)schwarze2017-04-1014-49/+54
| | | | to SSL_CTX_ctrl(3) to make ssl(3) slightly more palatable
* new manual page SSL_CTX_set_tlsext_servername_callback(3) for SNI;schwarze2017-04-102-1/+126
| | | | | from <Jon dot Spillett at oracle dot com> via OpenSSL commit 8c55c461
* tweak previous;jmc2017-04-101-4/+4
|
* Convert various client key exchange functions to freezero(3). The memoryjsing2017-04-101-14/+5
| | | | | contents needs to be made inaccessible - this is simpler and less error prone than the current "if not NULL, explicit_bzero(); free()" dance.
* Introducing freezero(3) a version of free that guarantees the processotto2017-04-102-36/+130
| | | | | | no longer has access to the content of a memmory object. It does this by either clearing (if the object memory remains cached) or by calling munmap(2). ok millert@, deraadt@, guenther@
* pasto; from <Jon dot Spillett at oracle dot com> via OpenSSL commit 3aaa1bd0schwarze2017-04-101-3/+3
|
* typo fix; from <Jon dot Spillett at oracle dot com>schwarze2017-04-101-5/+5
| | | | via OpenSSL commit 7bd27895
* Simplify/clean up BUF_MEM_grow_clean().jsing2017-04-091-17/+16
| | | | ok beck@
* With recallocarray() BUF_MEM_grow() is essentially the same asjsing2017-04-091-28/+2
| | | | | | | BUF_MEM_grow_clean() (the only difference is clearing on internal down sizing), so make it a wrapper. ok beck@ deraadt@
* Explicitly test for NULL.jsing2017-04-091-4/+4
| | | | ok beck@
* Use uint8_t instead of u_int8_t - for consistency and to make things easierjsing2017-04-071-2/+2
| | | | | | for portable. From Raphael Hittich.
* trailing ; on end of macro definition is wrong; ok guentherderaadt2017-04-061-4/+4
|
* Consistentcy between nmembers and size order. From Christopher Hettrick;otto2017-04-061-8/+8
| | | | ok deraadt@
* bump version for new development branchbcook2017-04-061-3/+3
|
* first print size in meta-data then supplied arg size when an inconsistency isotto2017-04-061-3/+3
| | | | detected wrt recallocarray()
* Add tls_peer_cert_chain_pem - To retreive the peer certificate and chainbeck2017-04-057-6/+77
| | | | | | | as PEM format. This allows for it to be used or examined with tools external to libtls bump minor ok jsing@
* Internal changes to allow for relayd engine privsep. sends the hash of thebeck2017-04-055-29/+87
| | | | | | public key as an identifier to RSA, and adds an function for relayd to use to disable private key checking when doing engine privsep. ok jsing@
* Fix silly code that printfs NULL when there are no fractional secondsbeck2017-04-031-2/+2
| | | | | | on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
* rephrase more enumerations of functionsotto2017-03-291-13/+10
|
* tweak previous;jmc2017-03-291-3/+5
|
* Fix typo in function name;schwarze2017-03-281-4/+5
| | | | | from Markus Triska <triska at metalevel dot at> via OpenSSL commit 1f164c6f.
* After i wrote SSL_renegotiate(3) from scratch, OpenSSL alsoschwarze2017-03-281-12/+109
| | | | | | | documented the function. Merge the more detailed descriptions and the additional documentation of SSL_renegotiate_abbreviated(3) and SSL_renegotiate_pending(3). From Matt Caswell, OpenSSL commit 39820637.
* small cleanup & optimization; ok deraadt@ millert@otto2017-03-281-2/+5
|
* reinstate the capitalisation from previous, as advised by schwarze;jmc2017-03-271-3/+3
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 09:15:20 +0000