summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* link back to evp(3), just like for the other group entry pagesschwarze2019-06-071-2/+3
|
* Remove pointless direct backlinks from the leaf pages HMAC(3) andschwarze2019-06-072-6/+4
| | | | | | | PKCS5_PBKDF2_HMAC(3) to the top level page evp(3). The leaf pages still have backlinks to the group entry page EVP_DigestInit(3), which is enough. Redundancy and asymmetry pointed out by tb@.
* remove cross-references to the obsolete function OpenSSL_add_all_algorithms(3)schwarze2019-06-073-21/+7
|
* minor errors in previous commit pointed out by jmc@schwarze2019-06-064-8/+8
|
* Tree structure for manual pages: crypto(3) links to 33 functionschwarze2019-06-06117-281/+539
| | | | | | | | | | | group pages, and these link on to all their second-level subpages. Only a handful of second-level pages have third-level subpages. So all crypto pages can now be reached from the www.libressl.org frontpage via at most four clicks, in most cases three clicks. Also link back from leaf pages to their respective group pages and add a couple of additional links between related pages. Triggered by a question from deraadt@. OK jmc@ tb@
* provide getters and setters for the RSA_METHOD interfacegilles2019-06-056-5/+246
| | | | ok tb@, jsing@, sthen@
* Fix bogus cross reference: EVP_SignDigest* -> EVP_DigestSign*tb2019-06-051-3/+3
|
* OPENSSL_realloc(3) is no longer used, we now use reallocarray(3)schwarze2019-06-041-3/+3
|
* Readability tweak in a comment.tb2019-06-041-2/+2
|
* Remove the blinding later to avoid leaking information on the lengthtb2019-06-041-3/+3
| | | | | | | | of ckinv. Pointed out and fix suggested by David Schrammel and Samuel Weiser ok jsing
* Readability tweaks for comments that explain the blinding.tb2019-06-041-5/+5
|
* Remove the blinding later to avoid leaking information on the lengthtb2019-06-041-3/+3
| | | | | | | | of kinv. Pointed out and fix suggested by David Schrammel and Samuel Weiser ok jsing
* .In openssl/x509_vfy.hschwarze2019-06-041-3/+4
| | | | for consistency with all the other X509_STORE_*(3) manual pages
* Add several missing .In linesschwarze2019-06-041-3/+13
| | | | | and add a sentence pointing to the detailed description in RSA_get_ex_new_index(3), worded like in DH_get_ex_new_index(3).
* add missing .In linesschwarze2019-06-032-4/+6
|
* add missing .In lineschwarze2019-06-031-2/+3
|
* Complete the ld.so boot cleanup: move most libc initialization fromguenther2019-06-022-8/+5
| | | | | | | | | | | | | | | | | _csu_finish() to _libc_preinit(), which is an .init_array function in shared libc (and mark it INITFIRST) or a .preinit_array function in static libc, grabbing the _dl_cb callback there from ld.so. Then in _csu_finish(), invoke the dl_clean_boot() callback to free ld.so's startup bits before main() gets control. Other cleanups this permits: - move various startup structures into .data.rel.ro - the dl* stubs in libc can be strong and call the callbacks provided via _dl_cb - no longer need to conditionalize dlctl() calls on presence of _DYNAMIC original concept and full diff ok kettenis@ ok deraadt@
* __realpath(2) appears to have improved, so re-enable the code thatderaadt2019-05-301-3/+136
| | | | | checks userland-parsing vs kernel parsing, we are hoping to spot another bug..
* Relax parsing of TLS key share extensions on the server.jsing2019-05-291-5/+2
| | | | | | | | | | | The RFC does not require X25519 and it also allows clients to send an empty key share when the want the server to select a group. The current behaviour results in handshake failures where the client supports TLS 1.3 and sends a TLS key share extension that does not contain X25519. Issue reported by Hubert Kario via github. ok tb@
* Do not send an SNI extension when resuming a session that contains a serverjsing2019-05-291-1/+4
| | | | | | | | name (which means the client sent SNI during the initial handshake). Issue reported by Renaud Allard. ok tb@
* There are some bugs in __realpath(2) -- it isn't quite ready so disablederaadt2019-05-291-136/+3
| | | | calling it until those are fixed.
* Fix typo and label indent.jsing2019-05-281-3/+3
|
* Tidy up some names/structures following the renaming of TLS extensionjsing2019-05-281-35/+35
| | | | | | | | | functions based on message type (clienthello/serverhello), to which side is handling the processing. No intended functional change. ok beck@
* Enable the use of the kernel __realpath() system call in the libc wrapper.beck2019-05-281-3/+136
| | | | | | | | For now, this also still uses the existing realpath implmentation and emits a syslog if we see differening results. Once we have run with that for a little while we will remove the old code ok deraadt@
* Only override size of chunk if we're not given the actual length.otto2019-05-231-2/+3
| | | | Fixes malloc_conceal...freezero with malloc options C and/or G.
* bump to LibreSSL 3.0.0bcook2019-05-231-3/+3
| | | | ok tb@
* add stdlib.h for reallocarraybcook2019-05-231-1/+2
|
* *an* RSA;jmc2019-05-203-9/+9
|
* clarify that later flags modify earlier flags;schwarze2019-05-191-2/+4
| | | | | triggered by a question from Jan Stary <hans at stare dot cz> on misc@; OK otto@
* More consistently put remarks about the less useful LC_* categoties,schwarze2019-05-162-14/+26
| | | | | | i.e. those other than LC_CTYPE, into the CAVEATS section, and standardize wording somewhat. OK jmc@
* delete two stray blank linesschwarze2019-05-151-4/+2
|
* s3 is never NULL since s2 (formerly used for SSLv2) does not exist, so there isbcook2019-05-153-29/+20
| | | | | | | no need to check for it. Fixes COV-165788, identified with help from Alex Bumstead. ok jsing@
* Correct missing test to determine if length is in bytes or in bits.beck2019-05-141-1/+3
| | | | | Issue found by Guido Vranken <guidovranken@gmail.com> ok tedu@ tb@
* Remove unused pad check, which is handled by tls1_cbc_remove_padding() now.bcook2019-05-131-4/+2
| | | | | | Fixes COV-174858 ok tb@
* Acquire mutex before incrementing the refcount. Fixes COV-186144bcook2019-05-131-1/+3
| | | | ok tb@
* Move 'how this works' details from namespace.h to DETAILSguenther2019-05-132-112/+136
|
* explicitly mention that RES_NOALIASES has no effect;schwarze2019-05-131-3/+4
| | | | | jmc@ noticed that the text wasn't completely clear; OK jmc@
* Mention introduction of *_conceal.otto2019-05-131-2/+8
|
* Fix signed overflow in X509_CRL_print().tb2019-05-121-1/+4
| | | | | | fixes oss-fuzz #14558 ok beck jsing
* Revert the other hunk of r1.36 as well: in the case of CCM, ccm.key istb2019-05-121-1/+11
| | | | | | | | | assigned from aesni_ccm_init_key() via CRYPTO_ccm128_init(), so it needs to be copied over... Pointed out by Guido Vranken. ok jsing
* Stop the eyebleed in here and just use callocbeck2019-05-121-31/+8
|
* $OpenBSD$tb2019-05-114-0/+4
|
* Remove commented out rc5 bitstb2019-05-117-20/+6
|
* Initialize EC_KEY_METHOD before use.bcook2019-05-101-2/+2
| | | | | | Fixes COV-186146 ok tb, beck
* Revert part of r1.36: in the case of GCM, gcm.key is assigned fromtb2019-05-101-1/+7
| | | | | | | | | aesni_gcm_init_key() via CRYPTO_gcm128_init(), so it needs to be copied over... Fixes cryptofuzz issue #14352 and likely also #14374. ok beck jsing
* Inroduce malloc_conceal() and calloc_conceal(). Similar to theirotto2019-05-102-199/+219
| | | | | counterparts but return memory in pages marked MAP_CONCEAL and on free() freezero() is actually called.
* Fix incorrect carry operation in 512 bit addition: in the casetb2019-05-091-6/+8
| | | | | | | | | that there is already a carry and Sigma[i-1] == -1, the carry must be kept. From Dmitry Eremin-Solenik. Fixes incorrect Streebog result reported by Guido Vranken.
* In DTLS, use_srtp is part of the extended server hello while in TLSv1.3,tb2019-05-081-2/+3
| | | | | | | | | | it is an encrypted extension. Include it in the server hello for now. This will have to be revisited once TLSv1.3 gets there. Fixes SRTP negotiation. Problem found by two rust-openssl regress failures reported by mikeb. with & ok beck
* initialize safestack pointersbcook2019-05-083-6/+6
| | | | ok beck@, tb@
* Make sure that the tag buffer size is equal to the tag sizetb2019-05-081-2/+2
| | | | | | | | | in CRYPTO_ccm128_tag(). Otherwise the caller might end up using the part of the tag buffer that was left uninitialized. Issue found by Guido Vranken. ok inoguchi
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 05:07:33 +0000