| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
ok beck@
|
| |
|
|
|
|
|
|
| |
on amd64 only for now. Stanzas to enable it on arm, i386 and sparc64 are
provided but commented out for lack of testing due to the machine room
being currently in storage.
ok jsing@
|
| |
|
|
|
|
| |
functions.. document with a man page.
bump majors on libtls, libssl, libcrypto
ok jsing@ guenther@
|
| |
|
|
|
|
| |
three functions that were removed a while ago
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
| |
Intel. Obtained from BoringSSL, with some integration work borrowed from
OpenSSL 1.0.2; assembler code for arm and sparc64 borrowed from OpenSSL 1.1.0.
None of this code is enabled in libcrypto yet.
ok beck@ jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
meaningful constants in a private header file, so that reviewers can actually
get a chance to figure out what the code is attempting to do without knowing
all cpuid bits.
While there, turn it from an array of two 32-bit ints into a properly aligned
64-bit int.
Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will
now always use OPENSSL_cpu_caps() and check for the proper bits in the
whole 64-bit word it returns.
i386 tests and ok jsing@
|
| |
|
|
|
|
|
|
|
| |
is positive before passing it to several functions as a size_t.
Additionally, in tls_load_file() there is not much point using calloc(),
when we're immediately reading into the buffer (having an extra byte for
NUL termination seems pointless given the API).
ok beck@ miod@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
in the same file.
|
| |
|
|
| |
ok miod@
|
| | |
|
| |
|
|
|
|
|
| |
addresses two 2038 related issues and also adds support for allocation in
the i2d function, which will allow for simplification in the callers.
ok beck@ miod@
|
| |
|
|
| |
ok beck@
|
| |
|
|
| |
ok bcook@
|
| |
|
|
|
|
|
| |
faster-on-genuine-80386-but-slower-on-80486-onwards innstruction sequence in
the SHA512 code, and had not been enabled in years, if at all.
ok tom@ bcook@
|
| |
|
|
|
|
| |
flag for the presence of a FPU before deciding to wipe the fpu registers.
ok jsing@
|
| |
|
|
|
| |
assign a pointer, when we can just inline the three and do one cast
followed by three pointer assignments.
|
| | |
|
| |
|
|
| |
prefix. Makes the code more readable and removes shadowing.
|
| |
|
|
| |
ok jsing@
|
| | |
|
| | |
|
| |
|
|
|
|
| |
calling free().
ok beck@ ingo@
|
| | |
|
| |
|
|
|
|
| |
to indicate that it requires the peer to provide a stapled OCSP response
with the handshake. Provide a "-T muststaple" for nc that uses it.
ok jsing@, guenther@
|
| | |
|
| |
|
|
|
|
|
|
| |
records, otherwise a peer can potentially cause us to loop indefinately.
Return with an SSL_ERROR_WANT_READ instead, so that the caller can choose
when they want to handle further processing for this connection.
ok beck@ miod@
|
| | |
|
| |
|
|
|
| |
that contained nothing but duplicate and misleading information;
OK jsing@
|
| | |
|
| |
|
|
| |
ok beck@ (who was struggling to keep lunch down while reviewing the diff)
|
| |
|
|
|
| |
or certificate validation.
ok jsing@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
been set by libtls code. This avoids the situation where a libtls callback
has set an error, only to have it replaced by a less useful libssl based
error.
ok beck@
|
| | |
|
| | |
|
| |
|
|
|
| |
split out internals of OCSP verification to allow callback
to verify before TLS handshake is complete
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
code for improved readability, however it also address two issues.
The first of these is a hard-to-hit double free that will occur if
EVP_DigestInit_ex() fails. To avoid this and to be more robust, ensure
that tls1_digest_cached_records() either completes successfully and sets
up all of the necessary digests, or it cleans up and frees everything
that was allocated.
The second issue is that EVP_DigestUpdate() can fail - detect and handle
this in tls1_finish_mac() and change the return type to an int so that a
failure can be propagated to the caller (the callers still need to be
fixed to handle this, in a later diff).
The double-free was reported by Matthew Dillon.
ok beck@ doug@ miod@
|
| | |
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| | |
|
| |
|
|
| |
i wtfed, laughed, puked, and cried in more or less that order...
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Provide access to certificate OCSP URL
- Provide ability to check a raw OCSP reply against an
established TLS ctx
- Check and validate OCSP stapling info in the TLS handshake
if a stapled OCSP response is provided.`
Add example code to show OCSP URL and stapled info
into netcat.
ok jsing@
|
