summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* bump to 2.3.1bcook2015-09-272-6/+6
|
* Use ASN1_item_dup() instead of ASN1_dup().jsing2015-09-264-14/+10
| | | | ok bcook@
* lint is dead: delete useless LINTLIBRARY commentsguenther2015-09-262-4/+2
| | | | ok millert@
* We don't need no stinking "EXAMPLE OF THE DSA" or README (the credits arejsing2015-09-264-252/+0
| | | | | | already in the code). ok beck@ miod@
* typos in documentation; better wording, suggested by jmc@libressl-v2.3.0sobrado2015-09-2251-88/+88
| | | | ok jmc@
* Don't wrap initialized variables: binutils appears to be mishandling themguenther2015-09-191-1/+3
| | | | | | on arm and m88k problems with optind observed by jsg@
* avoid void * pointer arithmeticbcook2015-09-182-4/+4
| | | | ok miod@
* Revert bn_print.c:r1.25 ("handle negative-zero in BN_bn2dec() too") forsthen2015-09-182-62/+44
| | | | now, it has a NULL deref. Segfault reported by Mikolaj Kucharski, ok bcook
* Remove more EVP_sha() SHA-0 references.bcook2015-09-173-6/+5
|
* Re-add missing comma from SHA-0 removal which breaks mlinks generation.sthen2015-09-172-2/+2
| | | | Worked out by bcook@
* include stdint.h for uint64_tbcook2015-09-172-2/+4
| | | | noted by Bernard Spil
* tweak previous;jmc2015-09-141-2/+2
|
* Provide tls_config_insecure_noverifytime() in order to be able to disablejsing2015-09-146-6/+29
| | | | | | certificate validity checking. ok beck@
* Add support for disabling certificate and CRL validity checking.jsing2015-09-144-22/+30
| | | | | | Loosely based on changes in OpenSSL. ok beck@
* delete bogus trailing .Ns from SYNOPSIS .Ft macrosschwarze2015-09-142-12/+12
|
* fix formatting by adding the required quotes to .Fa in the SYNOPSISschwarze2015-09-144-22/+22
|
* Remove useless quoting from .Fo and .Fn function names, to preventschwarze2015-09-143-10/+10
| | | | | | development of a cargo cult in case people look at existing files for examples. This achieves a consistent .Fo and .Fn quoting style across the whole tree.
* some conn_version and conn_cipher bits;jmc2015-09-142-9/+10
|
* Only two of the *rand48.c files need <math.h>, so just #include it in themguenther2015-09-143-4/+5
|
* use .Va for global variables, and .Vt where the type is includedschwarze2015-09-141-4/+3
|
* Expose EOF without close-notify via tls_close().jsing2015-09-142-6/+14
| | | | | | | | | | | Make tls_read(3)/tls_write(3) follow read(2)/write(2) like semantics and return 0 on EOF with and without close-notify. However, if we saw an EOF from the underlying file descriptors without getting a close-notify, save this and make it visible when tls_close(3) is called. This keeps the semantics we want, but makes it possible to detect truncation at higher layers, if necessary. ok beck@ guenther@
* Return an error if tls_handshake() or tls_close() is called on a contextjsing2015-09-141-2/+13
| | | | | | for which they are not valid operations. ok beck@
* add missing function return typesschwarze2015-09-141-2/+3
|
* Wrap <ifaddrs.h>, <netinet/in.h>, and <netinet/if_ether.h> so internalguenther2015-09-143-3/+7
| | | | calls go direct and all the symbols are weak
* Wrap <net/if.h> and <net/if_dl.h> so internal calls go direct and all theguenther2015-09-142-2/+4
| | | | symbols are weak
* Remove cast of int* to int*guenther2015-09-141-2/+2
|
* Finish wrapping <netdb.h> so that calls go direct and the symbols are all weakguenther2015-09-149-9/+24
|
* Temporarily revive MD4 for MS CHAP support.doug2015-09-1427-42/+1320
|
* Crank major version due to removal of SHA-0 and MD4 from libcrypto.doug2015-09-135-10/+10
|
* Remove MD4 support from LibreSSL.doug2015-09-1327-1320/+42
| | | | | | | | MD4 should have been removed a long time ago. Also, RFC 6150 moved it to historic in 2011. Rides the major crank from removing SHA-0. Discussed with many including beck@, millert@, djm@, sthen@ ok jsing@, input + ok bcook@
* Wrap <arpa/inet.h> and <arpa/nameser.h> so that calls go direct and theguenther2015-09-135-5/+11
| | | | symbols without underbar prefix are all weak
* Remove SHA-0 support.doug2015-09-1321-649/+35
| | | | | | | SHA-0 was withdrawn shortly after publication 20 years ago and replaced with SHA-1. This will require a major crank. ok bcook@, jsing@
* For now, permit overriding of the malloc family, to make emacs happyguenther2015-09-131-6/+6
|
* Since a major bump of libcrypto is coming, remove OPENSSL_ia32cap andmiod2015-09-134-34/+4
| | | | | OPENSSL_ia32cap_loc; nothing in ports uses them besides embedded copies of OpenSSL. This opens the `all hell gets loose' window.
* Handle negative-zero in BN_bn2dec() too, just like in BN_print().deraadt2015-09-132-44/+62
| | | | ok miod
* Reorder functions for readability/consistency.jsing2015-09-132-470/+456
|
* BN does support negative-zero -- BN_print() sets the standard here.deraadt2015-09-132-6/+6
| | | | | | | BN_bn2hex() had a 1-byte overflow when creating "-0\0". Reported to me a while back by unknown person -- did not have enough experience to push this through then. advice from jsing, ok miod
* work around the stupid semantics of SSL_read and SSL_write to make surebeck2015-09-131-3/+3
| | | | | we can indicate an EOF properly on tls_read and tls_write ok jsing@
* Wrap <pwd.h> so that calls go direct and the symbols are all weak.guenther2015-09-132-7/+8
| | | | Hide bcrypt_autorounds(), prefixing with an underbar for static builds.
* Overshot w/PROTO_DEPRECATED: seed48_deterministic() is used internallyguenther2015-09-131-1/+2
|
* Only check for key truncation if no KDF function is being used.jsing2015-09-132-8/+8
| | | | ok beck@ miod@
* Don't leak conninfo - spotted by marko kreen.beck2015-09-131-2/+3
| | | | ok jsing@
* Stop generating private keys in a network buffer.jsing2015-09-132-58/+58
| | | | | | | | | | The current client key exchange code generates DH and ECDH keys into the same buffer that we use to send data to the network - stop doing this and malloc() a new buffer, which we explicit_bzero() and free() on return. This also benefits from ASLR and means that the keys are no longer generated in a well known location. ok beck@
* The number of rounds is just two digits in the salt. We've alreadymillert2015-09-131-2/+2
| | | | | verified that they are there via isdigit() so we can convert from ASCII to an int without using atoi(). OK guenther@ deraadt@
* Use ECDH_size() instead of rolling our own.jsing2015-09-134-24/+22
| | | | ok beck@
* Switch to miod's shiny new OPENSSL_cpu_caps() and we can now also enablejsing2015-09-132-6/+6
| | | | | | the AES acceleration checking for i386. ok beck@ miod@
* Merge ech_ossl.c into ech_key.c - not much point having one file with ajsing2015-09-135-432/+294
| | | | | | four line function and a tonne of license text. ok beck@
* Nuke openssl/e_os2.h, since nothing should be using it.jsing2015-09-132-86/+1
| | | | ok deraadt@ "hurray! finally!" miod@ "Yay!" sthen@
* Provide ECDH_size().jsing2015-09-136-8/+22
| | | | "jajaja" miod@
* Check ECDH output buffer length and avoid truncation.jsing2015-09-136-12/+32
| | | | | | | | | Currently, if you call ECDH_compute_key() it will silently truncate the resulting key if the output buffer is less than the key size. Instead, detect this condition and return an error. If the buffer provided is larger than the key length, zero the remainder. ok beck@ miod@ "+ shivers"
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-26 16:03:52 +0000