summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Move most of the SSL3_STATE fields to internal - the ones that remain arejsing2017-01-2218-681/+690
| | | | | | known to be used by ports. ok beck@
* Disable session cache and tickets by default.claudio2017-01-221-1/+5
| | | | OK beck@ jsing@
* Move most of DTLS1_STATE to internal.beck2017-01-2211-273/+272
| | | | ok jsing@
* Move ALPN and NPN fields from SSL/SSL_CTX to internal.jsing2017-01-227-125/+129
| | | | ok beck@
* Move internal parts of ssl_session_st to internalbeck2017-01-224-40/+40
| | | | ok jsing@
* Move recently added min_version/max_version from SSL and SSL_CTX to theirjsing2017-01-222-10/+6
| | | | opaque structs.
* Wrap long lines.jsing2017-01-221-4/+7
|
* Bump majors for libssl and libtls following the translucent struct change.jsing2017-01-222-2/+2
| | | | Further changes to the publically visible structs will ride this bump.
* Convert publically visible structs to translucent structs.jsing2017-01-228-29/+111
| | | | | | | | | | | | | This change adds an internal opaque struct for each of the significant publically visible structs. The opaque struct is then allocated and attached to the publically visible struct when the appropriate *_new() function is called, then cleared and freed as necessary. This will allow for changes to be made to the internals of libssl, without requiring a major bump each time the publically visible structs are modified. ok beck@
* Clean up ssl3_new() - in particular, we do not need to zero fields thatjsing2017-01-221-11/+4
| | | | | | are within a struct that was just allocated via calloc. ok beck@
* There is no point in setting struct fields to zero, when you've alreadyjsing2017-01-221-5/+2
| | | | | | zeroed the entire struct via memset. ok beck@
* use BN_div_nonct where it is safe to do so.beck2017-01-211-2/+2
| | | | ok guenther@
* Add ct and nonct versions of BN_mod_inverse for internal usebeck2017-01-2113-36/+67
| | | | ok jsing@
* Split out BN_div and BN_mod into ct and nonct versions for Internal use.beck2017-01-2117-58/+92
| | | | ok jsing@
* Make explicit _ct and _nonct versions of bn_mod_exp funcitons thatbeck2017-01-2114-39/+106
| | | | | | | | | | | | matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@
* 1. When shrinking a chunk allocation, compare the size of the currentotto2017-01-211-46/+87
| | | | | | | | | | allocation to the size of the new allocation (instead of the requested size). 2. Previously realloc takes the easy way and always reallocates if C is active. This commit fixes by carefully updating the recorded requested size in all cases, and writing the canary bytes in the proper location after reallocating. 3. Introduce defines to test if MALLOC_MOVE should be done and to compute the new value.
* Specify minimum and maximum protocol version for each method. This isjsing2017-01-216-6/+36
| | | | | | currently unused, but will be in the near future. ok beck@
* Place {DECLARE,IMPLEMENT}_OBJ_BSEARCH{_GLOBAL,}_CMP_FN macros undefjsing2017-01-211-1/+5
| | | | LIBRESSL_INTERNAL.
* Expand DECLARE_OBJ_BSEARCH_CMP_FN and IMPLEMENT_OBJ_BSEARCH_CMP_FN macros.jsing2017-01-216-28/+168
| | | | No change to generated assembly excluding line numbers.
* /usr/bin/unifdef -D MONT_MUL_MOD -D MONT_EXP_WORD -D RECP_MUL_MOD -m bn_exp.cbeck2017-01-211-23/+2
| | | | | with some style cleanup after. no binary change ok jsing@
* Expand DECLARE_OBJ_BSEARCH_CMP_FN and IMPLEMENT_OBJ_BSEARCH_CMP_FN macros.jsing2017-01-212-8/+38
| | | | No change to generated assembly excluding line numbers.
* Expand DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN macro.jsing2017-01-211-2/+2
| | | | No change in preprocessor output (ignoring whitespace and line numbers).
* Expand IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN macro.jsing2017-01-211-2/+16
| | | | No change in generated assembly.
* fix bogus commentbeck2017-01-211-2/+2
| | | | ok jsing@
* Make return value of X509_verify_cert be consistent with the error code,beck2017-01-211-2/+10
| | | | | | with the caveat that we force V_OK when a user provided callback has us returning success. ok inoguchi@ jsing@
* Rework internal_verify, mostly from OpenSSL. so we can progressbeck2017-01-201-102/+102
| | | | | towards cleaning up the V_OK stuff. ok kinichiro@
* whitespacederaadt2017-01-131-3/+3
|
* Inline strlen() call to reduce/simplify code.jsing2017-01-121-5/+2
|
* Inline tls_get_new_cb_bio() from the only place that it gets called,jsing2017-01-121-22/+11
| | | | | simplifying the code. Also check the provided read and write callbacks before assigning to the context.
* If tls_set_cbs() fails an error will already be specified, so do notjsing2017-01-122-8/+4
| | | | replace it with a less specific one.
* change two trailing Xr to Fn; ok schwarzejmc2017-01-122-6/+6
|
* Simplify the TLS callback BIO code - a pointer to the tls context can bejsing2017-01-121-66/+7
| | | | | | | stored directly in bio->ptr, rather than allocating and deallocating an intermediate struct. Diff from Marko Kreen <markokr at gmail dot com> - thanks!
* If tls_get_new_cb_bio() fails, an error will already be set.jsing2017-01-121-5/+2
|
* If no callbacks are specified, return after setting an error rather thanjsing2017-01-121-2/+4
| | | | | | continuing on. Also noticed by Marko Kreen.
* Add support for AArch64.patrick2017-01-112-0/+182
|
* Avoid leaking conninfo servername.jsing2017-01-091-1/+3
| | | | Issue found by and fix from Shuo Chen <chenshuo at chenshuo dot com>.
* add missing comma in the NAME sectionschwarze2017-01-071-3/+3
|
* fix a typo in an .Xr reported by jmc@schwarze2017-01-071-3/+3
|
* Add and remove some blank lines, in order to make X509_verify_cert()jsing2017-01-071-6/+4
| | | | (slightly) more readable.
* a little more cleanup;jmc2017-01-075-23/+23
|
* Revert part of r1.54 as there are at least two situations where we are stilljsing2017-01-071-4/+2
| | | | | | | returning ok == 1, with ctx->error not being X509_V_OK. Hopefully we can restore this behaviour once these are ironed out. Discussed with beck@
* correctly mark all documented macros found in <openssl/bn.h>schwarze2017-01-073-9/+11
|
* Use .Fn rather than .Xr for X509_VERIFY_PARAM_lookup(),schwarze2017-01-071-3/+3
| | | | | | | | fixing a dead link reported by jmc@. Only about half of X509_VERIFY_PARAM is documented so far, and the extensible lookup table feels like one of the more arcane features and probably not the next thing to document.
* Document X509_NAME_hash(3), listed in <openssl/x509.h>;schwarze2017-01-071-3/+20
| | | | | | | jmc@ reported that X509_LOOKUP_hash_dir(3) references it. Even though OpenSSL does not document it, given that it is used for file names that users have to create, it is sufficiently exposed to users to be worth documenting.
* Write a new manual page X509_STORE_load_locations(3) from scratch.schwarze2017-01-072-1/+119
| | | | | | | | | | | Not documented by OpenSSL, but listed in <openssl/x509_vfy.h> and referenced from X509_LOOKUP_hash_dir(3), and clearly more important than the latter. Fixes three dead links reported by jmc@. Most of the information from SSL_CTX_load_verify_locations(3) should probably be moved here, but not all, since the SSL page also talks about SSL servers and clients and the like. As i'm not completely sure regarding the boundaries, i'm leaving that as it is for now.
* Remove cross references to the undocumented functions X509_STORE_new(3)schwarze2017-01-062-7/+4
| | | | | | | and X509_STORE_add_lookup(3) reported by jmc@. Even though these functions are public, they seem more useful internally than for application programs, so now is not the time to document them.
* Delete a sentence containing a cross reference to an undocumentedschwarze2017-01-061-6/+2
| | | | | | | function that had the the sole purpose of discouraging its use. Not talking about it at all discourages using it even more. Dangling cross reference reported by jmc@.
* resolve duplication of names and prototypes in manuals related to ex_dataschwarze2017-01-065-67/+23
| | | | and sprinkle cross references instead; more work is obviously needed here
* Replace two dangling .Xrs to sk_*() macros with .Fn; reported by jmc@.schwarze2017-01-061-4/+6
| | | | | | The safestack stuff is the most ill-designed user interface i have seen so far in OpenSSL. It looks positively undocumentable. At least i'm not trying to document it right now.
* Delete a cross reference to the undocumented function X509_check_purpose(3)schwarze2017-01-061-3/+2
| | | | | | | | | that wasn't accompanied by any related information. Reported by jmc@. There are a dozen functions handling X509_PURPOSE objects, all undocumented, a host of defines, and it seems that a callback is required. So this seems complicated, i doubt that is much used in practice, and i'm not diving into it at this point in time.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 00:26:51 +0000