summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Shuffle the code in ssl3_send_finished() to make it more logical/readable.jsing2015-09-112-18/+14
| | | | ok beck@
* Replace dtls1_send_finished() with ssl3_send_finished() - they're nowjsing2015-09-118-96/+12
| | | | | | | both essentially the same (in fact DTLS benefits from improvements previously made to the ssl3_send_finished() function). ok beck@
* style(9), fix comments, wrap long lines and tweak whitespace.jsing2015-09-112-62/+118
|
* Convert dtls1_send_finished() and ssl3_send_finished() tojsing2015-09-114-44/+20
| | | | | | ssl3_handshake_msg_start()/ssl3_handshake_msg_finish(). ok beck@
* typoderaadt2015-09-111-2/+2
|
* Bring back the expansion-into-.byte-sequences routines removed in r1.9, butmiod2015-09-112-24/+134
| | | | | | | | | | | | only define them if not building for the "openbsd" flavour. This way, non-obfuscated output can still be generated for analysis, by using the "openbsd" flavour (which OpenBSD HEAD will do), and obfuscated output, compatible with older as(1), will be generated for other platforms. The portable version of LibreSSL can then use "openbsd-portable" as the flavour for OpenBSD/amd64 so that generated files can be compiled with OpenBSD 5.7 and other older versions stuck with as(1) 2.15.
* Put the *method* data structures and functions in the same place.jsing2015-09-114-155/+122
| | | | | | | We can also now nuke ssl23_get_method() since it is the same as tls1_get_method(). And the empty file can bite the dust. ok bcook@ miod@
* Pass "openbsd" instead of "openbsd-elf" as the "flavour" to the perl assemblermiod2015-09-112-4/+4
| | | | | machinery. OpenBSD has never been not ELF on amd64, and changing this will actually make -portable life slightly easier in the near future.
* Put the *server_method* data structures and functions in the same place.jsing2015-09-114-148/+122
| | | | | | | We can also now nuke ssl23_get_server_method() since it is the same as tls1_get_server_method(). ok miod@
* Put the *client_method* data structures and functions in the same place.jsing2015-09-114-148/+122
| | | | | | | We can also now nuke ssl23_get_client_method() since it is the same as tls1_get_client_method(). ok bcook@ miod@
* more for NAME;jmc2015-09-111-1/+4
|
* more cleanup;jmc2015-09-111-16/+15
|
* update NAME; various cleanupjmc2015-09-111-20/+20
|
* document tls_get_peer_subject, tls_get_peer_issuer, and tls_get_peer_hashbeck2015-09-112-3/+58
| | | | ok jsing@
* != -> == that I broke while bikesheddingbeck2015-09-111-2/+2
|
* Do not match a wildcard against a name with no host part.beck2015-09-111-1/+4
| | | | ok jsing@
* add tls_peer functions for checking names and issuers of peer certificates.beck2015-09-117-13/+95
| | | | ok jsing@
* Fixup inter-bank movq/movd operations, emit bytes for pclmulqdq again.bcook2015-09-116-26/+54
| | | | | | | | | | Fixes builds gcc + Apple's assembler, working on reenabling builds with older OpenBSD releases. based on OpenSSL commit: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=902b30df193afc3417a96ba72a81ed390bd50de3 ok miod@
* unify files furtherderaadt2015-09-1120-122/+122
|
* Provide tls_peer_cert_hash() which returns a hash of the raw certificatejsing2015-09-113-2/+92
| | | | | | | | | | | | | that was presented by the peer. The hash used is currently SHA256, however since we prefix the result with the hash name, we can change this in the future as the need arises. The same output can be generated by using: h=$(openssl x509 -outform der -in mycert.crt | sha256) printf "SHA256:${h}\n" ok beck@
* _getnetbyaddr and _getnetbyname appear to be historical accidents inderaadt2015-09-113-103/+2
| | | | our tree. ok guenther miod
* Store a reference to the peer certificate (if any) upon completion of thejsing2015-09-112-2/+8
| | | | | | handshake. Free the reference when we reset the TLS context. ok beck@
* Wrap blowfish, sha*, md5, and rmd160 so that internal calls go directguenther2015-09-112-2/+24
| | | | ok deraadt@
* specify what is permitted as an argument to tls_config_set_ciphers()beck2015-09-111-1/+11
|
* actually set return value to 0 on success.beck2015-09-111-1/+2
| | | | ok jsing@ who wears the cone of shame.
* - add some missing NAME entriesjmc2015-09-111-6/+8
| | | | | - zap trailing whitespace - avoid "can not"
* sort MLINKS into the same order as the man page;jmc2015-09-111-4/+4
|
* Add support for building arc4random with MSVC.bcook2015-09-101-7/+8
| | | | | | | By default, MSVC's stdlib.h defines min(), so we need to spell out something less common to avoid picking it up. ok deraadt@ beck@ miod@
* Call tls_set_errorx() instead of tls_set_error() injsing2015-09-101-5/+5
| | | | tls_configure_ssl_verify(). Also tweak an error message and unwrap a line.
* Pull in namespace.h when building all .c files using gcc's -include option,guenther2015-09-102-3/+18
| | | | | | | | so that we can provide asm labels for the memcpy/memset/__stack_smash_handler calls that it generates ab initio. Eliminate direct #includes of it. Make sure it's a dependency of all objects (unnecessary for asm, but close enough). ok deraadt@
* When loading a DSA key from an raw (without DH parameters) ASN.1 serialization,miod2015-09-102-4/+96
| | | | | | | | | | | | | perform some consistency checks on its `p' and `q' values, and return an error if the checks failed. Thanks for Georgi Guninski (guninski at guninski dot com) for mentioning the possibility of a weak (non prime) q value and providing a test case. See https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html for a longer discussion. ok bcook@ beck@
* delete empty SYNOPSIS sectionschwarze2015-09-102-6/+4
|
* Remove support for DTLS_BAD_VER. We do not support non-standard andjsing2015-09-1020-98/+46
| | | | | | | incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years. ok bcook@ miod@
* improve examples,deraadt2015-09-101-8/+11
| | | | | | | 1. hoist pollfd fields which don't change upwards 2. show ret as ssize_t, it MUST BE, or there will be lots of crying 3. on first pass, must check for either POLLIN|POLLOUT ok millert beck
* Put OPENSSL_cleanse under #ifndef LIBRESSL_INTERNAL.jsing2015-09-102-2/+8
|
* CRYPTO_set_mem_debug_functions() and CRYPTO_set_mem_functions() are alreadyjsing2015-09-102-36/+6
| | | | | | | | | noops, so neuter the CRYPTO_malloc_init and CRYPTO_malloc_debug_init macros. With input from miod@ ok beck@ bcook@ miod@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-10139-399/+423
| | | | ok miod@
* document client side certificate verification functionality.beck2015-09-102-3/+19
| | | | ok jsing@
* reduce .Nd to one line and kill .Tn while hereschwarze2015-09-105-25/+15
|
* Remove pointless comments.jsing2015-09-106-12/+12
| | | | ok "captain obvious"
* document changed tls_read and tls_write semantics.beck2015-09-101-15/+58
| | | | | | | document functions that clear errno. change examples to provide demonstration of both the blocking and non-blocking cases. ok jsing@, bluhm@
* Replace remaining M_ASN1_STRING_* macros with calls to ASN1_STRING_*.jsing2015-09-106-36/+36
| | | | | | | This is not the same as the macro expansion, however the ASN1_STRING_* functions do match the macro expansions. ok doug@ miod@
* mlink tls_handshake;jmc2015-09-101-1/+2
|
* tweak previous;jmc2015-09-101-3/+3
|
* missing commas at the end of .Nm lines in the NAME sectionschwarze2015-09-101-3/+3
|
* Correctly document the behaviour of tls_close() - the caller is responsiblejsing2015-09-101-5/+6
| | | | | | for closing the file descriptors unless libtls allocated them. ok beck@
* Replace TLS_{READ,WRITE}_AGAIN with TLS_WANT_POLL{IN,OUT} and correctlyjsing2015-09-101-20/+13
| | | | | | document the calling requirements. ok beck@
* Update libtls man page to reflect tls_handshake() related changes.jsing2015-09-101-35/+37
| | | | ok beck@
* revert accidental commitbeck2015-09-101-4/+4
|
* comment for errno clobbering, to indicate why we do this.beck2015-09-102-5/+9
| | | | ok deraadt@ jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 08:55:44 +0000