summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* For all functions known to be infected by LC_NUMERIC, add shortschwarze2019-01-162-4/+22
| | | | | | | | CAVEATS pointing to the new CAVEATS section in setlocale(3). Make those in wprintf(3) and wscanf(3) more concise since duplicate information is a bad idea. Incompleteness of information originally pointed out by millert@. OK millert@
* There are cases where a program doing dns requests wants to set theotto2019-01-141-2/+4
| | | | | Checking Disabled flag. Introduce a RES flag to do so. ok krw@ deraadt@ eric@
* Move default numer of pools in the multi-threaded case to 8. Various testsotto2019-01-101-2/+2
| | | | by me and others indicate that it is the optimum.
* Make the "not my pool" searching loop a tiny bit smarter, whileotto2019-01-102-22/+39
| | | | | | making the number of pools variable. Do not document the malloc conf settings atm, don't know yet if they will stay. Thanks to all the testers. ok deraadt@
* correct article;jmc2019-01-022-6/+6
|
* Make AES CCM available in tables.tb2018-12-261-1/+4
| | | | | | Omission reported by reyk and Alice Wonder. ok bcook jsing
* Make this page much more readable by deleting as much text as possibleschwarze2018-12-241-28/+9
| | | | | | | | | about functions that are deprecated, identical to other functions, and never made sense in the first place. As deraadt@ points out, we should not hide the information that matters in a heap of clutter. It would waste reader's time and make confusion and accidental misuse more likely. OK deraadt@ jmc@
* EVP_MD_CTX_cleanup() is deprecated and doesn't free, so recommend usingtb2018-12-234-12/+12
| | | | | | EVP_MD_CTX_free() instead if the goal is to avoid leaking memory. From my corresponding upstream commit, reminded by schwarze
* Document EVP_PKEY_new_mac_key(3);schwarze2018-12-221-8/+50
| | | | | from Matt Caswell <matt at openssl dot org> via OpenSSL commit d45a97f4 Mar 5 17:41:49 2018 +0000.
* Delete irrelevant HISTORY details. Simply use BN_rand(3); thereschwarze2018-12-221-12/+2
| | | | | | | is no need to know at which time BN_pseudo_rand(3) was made the same as BN_rand(3). Considering that question might even mislead people to attempt ill-advised #ifdef'ing. Pointed out by deraadt@.
* The wrong header file was given for EVP_PKEY_CTX_set_signature_md(3).schwarze2018-12-211-13/+69
| | | | | | | | | | | | | Also clarify to which algorithms it applies. From Matt Caswell <matt at openssl dot org> via OpenSSL commit d45a97f4 Mar 5 17:41:49 2018 +0000. Document EVP_PKEY_CTX_get_rsa_padding(3), EVP_PKEY_CTX_get_rsa_pss_saltlen(3), EVP_PKEY_CTX_set_rsa_mgf1_md(3), and EVP_PKEY_CTX_get_rsa_mgf1_md(3). From Antoine Salon <asalon at vmware dot com> via OpenSSL commit 87103969 Oct 1 14:11:57 2018 -0700 from the OpenSSL_1_1_1-stable branch, which is still under a free license.
* Document the ECDSA_SIG_new(3) return value.schwarze2018-12-211-2/+10
| | | | | | Inspired by OpenSSL commit 6da34cfb Jun 2 16:17:32 2018 -0400 by Ken Goldman <kgoldman at us dot ibm dot com>, but use the same wording as in ASN1_item_new(3) instead.
* Clarify behaviour of DH_get0_pqg(3) and DH_get0_key(3) with NULL arguments;schwarze2018-12-211-4/+19
| | | | | from <Matthias dot St dot Pierre at ncp dash e dot com> via OpenSSL commit 5777254b May 27 09:07:07 2018 +0200.
* grammar and style fixes from wesinator at githubschwarze2018-12-211-13/+14
| | | | via OpenSSL commit 521738e9 Oct 5 14:58:30 2018 -0400
* Since OpenBSD 6.1, BN_pseudo_rand*(3) does the same as BN_rand*(3).schwarze2018-12-211-10/+18
| | | | | Say so, and note that OpenSSL followed suit in 1.1.0 according to OpenSSL commit 5ecff87d Jun 21 13:55:02 2017 +0100.
* Mention that some functions call BN_GENCB_call(3) with a secondschwarze2018-12-211-4/+15
| | | | | argument of 3; from Beat Bolli <dev at drbeat dot li> via OpenSSL commit bd93f1ac Jul 28 16:45:22 2018 -0400.
* Correctly describe the return values of BN_hex2bn(3) and BN_dec2bn(3).schwarze2018-12-191-5/+8
| | | | | | Inspired by OpenSSL commit a130950d Aug 23 12:06:41 2017 -0400 by Rich Salz <rsalz at openssl dot org>, but using a more explicit wording, and fixing *both* places rather than only half of them.
* Specify the return values of some of these functions more precisely;schwarze2018-12-191-15/+16
| | | | | | | | inspired by OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800 by Paul Yang <yang sot yang at baishancloud dot com>, but without creating a RETURN VALUES section because that makes no sense here: it would either result in a confusing order of information or in duplicate information.
* typo;schwarze2018-12-191-4/+5
| | | | | from Jakub Wilk <jwilk at jwilk dot net> via OpenSSL commit a21285b3 Aug 21 18:30:34 2018 +0200
* Regenerate root CA list using updated format-pem.pl. Specifically thissthen2018-12-161-101/+1
| | | | | | | | | | | | | drops CA certificates whose validity dates don't comply with the rules on ASN.1 encoding in RFC 5280 (and predecessors - same rule goes back to at least RFC 2459, section 4.1.2.5). LibreSSL strictly enforces this, so attempting to validate certificates signed by these CAs just result in the following: error 13 at 1 depth lookup:format error in certificate's notBefore field "probably" beck@
* Add a check that libressl is actually able to verify CA certs.sthen2018-12-161-12/+28
| | | | Skip outputting them if invalid (e.g. GENERALIZEDTIME date before 2050).
* Delete a note taken during the rev. 1.1 man page spliteschwarze2018-12-141-5/+2
| | | | | | that should have been deleted before commit. The cross reference is already present below SEE ALSO. Glitch noticed by jsing@.
* Improve speed for the multi-threaded case by reducing lock contention.otto2018-12-101-30/+21
| | | | tested by many; ok florian@
* style; OK ottoflorian2018-12-091-3/+3
|
* Remove an ugly hack in the client certificate verification code that workstb2018-12-071-48/+44
| | | | | | | | | | around broken GOST implementations. It looks like client certificates with GOST have been completely broken since reimport of the GOST code, so no-one is using LibreSSL this way. The client side was fixed only last week for TLSv1.0 and TLSv1.1. This workaround is now in the way of much needed simplifcation and cleanup, so it is time for it to go. suggested by and ok jsing
* remove a stray line accidentally left behind in rev. 1.120;schwarze2018-12-051-3/+2
| | | | patch from Hiltjo Posthuma <hiltjo at codemadness dot org>
* Send SSL_AD_DECODE alerts in the case of a bad hello request or antb2018-12-031-7/+7
| | | | | | | invalid change cipher spec. Found due to dead assignment warnings by the Clang static analyzer. ok inoguchi (previous version), jsing
* Restore function prototype for ASN1_dup, fixing usage on I32LP64 platforms.jeremy2018-11-301-1/+7
| | | | | | This prototype was removed inadvertantly in r1.50. OK jsing@
* missed adding tls_default_ca_cert_file here. found by sthentedu2018-11-291-0/+1
|
* expose the default cert file as a function, not a define. it's reallytedu2018-11-295-10/+24
| | | | | | an internal detail of the library, so the string should live inside it, not in the application code. ok jsing
* Refactor a tangle in ssl3_send_client_verify() into one function for eachtb2018-11-291-118/+213
| | | | | | | | | | type, sigalgs/rsa/ec/gost. Move a few special dances for GOST where they belong now. This prompted a fix for a long-standing bug with GOST client certificate authentication where tls1_transcript_data() fails since the transcript was already freed before. Add a bit of missing error checking and leave some further cleanup for later. idea, guidance & ok jsing
* Correct lock initialisation for libcrypto.jsing2018-11-282-16/+55
| | | | | | | | | | | | The current crypto_lock_init() function is not called early enough, meaning that locks are already in use before it gets called. Worse, locks could be in use when they are then initialised. Furthermore, since functions like CRYPTO_lock() are public API, these could be called directly bypassing initialisation. Avoid these issues by using static initialisers. ok bcook@
* Refactor "find the right pool" code into a function. ok djm@ tb@otto2018-11-271-65/+34
|
* spelling; from miodjmc2018-11-251-2/+2
|
* zap 10 tab leading whitespace before 'struct evp_pkey_ctx_st {'tb2018-11-241-2/+2
|
* Store and return the locking callbacks, restoring previous behaviour.jsing2018-11-241-6/+12
| | | | | | | | | | | The previous code meant that a caller could set the locking callback, after which CRYPTO_get_locking_callback() would return non-NULL. Some existing code depends on this behaviour, specifically to identify if lock handling has been configured. As such, always returning NULL from CRYPTO_get_locking_callback() can result in unexpected application behaviour. ok bcook@
* Fix DTLS transcript handling for HelloVerifyRequest.jsing2018-11-214-18/+26
| | | | | | | | | | | | | If DTLS sees a HelloVerifyRequest the transcript is reset - the previous tls1_init_finished_mac() function could be called multiple times and would discard any existing state. The replacement tls1_transcript_init() is more strict and fails if a transcript already exists. Provide an explicit tls1_transcript_reset() function and call it from the appropriate places. This also lets us make DTLS less of a special snowflake and call tls1_transcript_init() in the same place as used for TLS. ok beck@ tb@
* fold the contents of malloc.conf.5 into malloc.3 and sysctl.2,jmc2018-11-211-6/+118
| | | | | | now that there is essentially no malloc.conf; text tweaked by deraadt; ok otto deraadt
* Introducing malloc_usable_size() was a mistake. While some otherotto2018-11-212-105/+5
| | | | | | | | | | | libs have it, it is a function that is considered harmful, so: Delete malloc_usable_size(). It is a function that blurs the line between malloc managed memory and application managed memory and exposes some of the internal workings of malloc. If an application relies on that, it is likely to break using another implementation of malloc. If you want usable size x, just allocate x bytes. ok deraadt@ and other devs
* Saw a mention somewhere a while back that the gotdata() function inderaadt2018-11-205-144/+27
| | | | | | | | here could creates non-uniformity since very short fetches of 0 would be excluded. blocks of 0 are just as random as any other data, including blocks of 4 4 4.. This is a misguided attempt to identify errors from the entropy churn/gather code doesn't make sense, errors don't happen. ok bcook
* Fix compilation on alpha, where DEF_WEAK() really must be paired withguenther2018-11-191-2/+1
| | | | PROTO_NORMAL(). Problem noted by deraadt@
* Revert previous - DTLSv1 uses MD5+SHA1 for RSA signature verification.jsing2018-11-192-10/+4
| | | | Discussed with beck@
* Revert previous - the default sigalg for RSA key exchange is {sha1,rsa}.jsing2018-11-191-4/+4
| | | | | | | In TLSv1.2, if the client does not send a signature algorithms extension then for RSA key exchange a signature algorithm of {sha1,rsa} is implied. The MD5+SHA1 hash only applies to older versions of TLS, which do not support sigalgs.
* Implement malloc_usable_size(); ok millert@ deraadt@ and jmc@ for the man pageotto2018-11-182-6/+108
|
* Fix DTLS, because DTLS still remains a special flower, allows regress to passbeck2018-11-172-4/+10
|
* Fix whitespace around assignment operators.tb2018-11-171-7/+7
|
* revert previousbeck2018-11-161-5/+3
|
* Fix DTLS. Because the DTLS code is strange. I am really coming around tobeck2018-11-161-3/+5
| | | | joel's line of thinking about it
* Unbreak legacy ciphers for prior to 1.1 by setting having a legacybeck2018-11-164-10/+22
| | | | | sigalg for MD5_SHA1 and using it as the non sigalgs default ok jsing@
* Port OpenSSL commit 99540ec79491f59ed8b46b4edf130e17dc907f52 -- mitigationtb2018-11-151-4/+4
| | | | | | | | | | for a timing vullnerability in ECDSA signature generation (CVE-2018-0735). Note that the blinding that we introduced back in June for ECDSA and DSA should mitigate this and related issues. This simply adds an additional layer of protection. discussed with jsing
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 15:28:00 +0000