summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* The upcoming x509 alt chains diff tightens the trust requirementsbeck2016-11-061-1/+17
| | | | | | | for certificates. This (from OpenSSL) ensures that the current "default" behaviour remains the same. We should revisit this later ok jsing@
* Commit a reminder that the default is not the default. This needs tobeck2016-11-061-1/+2
| | | | | be revisited. ok jsing@
* remove unused variablebcook2016-11-061-6/+3
|
* use the correct function for freebcook2016-11-061-2/+2
| | | | ok beck@
* add an .Xr that was missingschwarze2016-11-061-1/+2
|
* document BN_set_negative() and BN_is_negative();schwarze2016-11-056-516/+69
| | | | feedback and OK bcook@, OK jsing@
* Part one of the alt chains changes, bring in newer modifications tobeck2016-11-053-73/+411
| | | | | VERIFY_PARAMS - based on boringssl. ok jsing@ miod@
* Add objects for X25519, X448, Ed25519 and Ed448.jsing2016-11-052-0/+15
| | | | ok miod@
* One of the error paths would attempt to access not-yet-initialized locals.miod2016-11-051-2/+2
| | | | | | Simply return since there is nothing more to do. Spotted by coverity. ok jsing@ beck@
* Do a partial CBB conversion of ssl3_send_server_key_exchange(), which willjsing2016-11-051-52/+67
| | | | | | make it easier to do further clean up. ok beck@ miod@
* fix misplaced quote by tls_peer_ocsp_this_updatebcook2016-11-051-2/+2
|
* tweak previous;jmc2016-11-051-6/+6
|
* move manual pages from doc/ to man/ for consistency with otherschwarze2016-11-0585-169/+169
| | | | | libraries, in particular considering that there are unrelated files in doc/; requested by jsing@ and beck@
* Check BIO_new*() for failure.miod2016-11-052-4/+9
| | | | ok beck@ jsing@
* More X509_STORE_CTX_set_*() return value checks.miod2016-11-053-12/+16
| | | | ok beck@ jsing@
* bump minors for symbol addition for ocsp and x25519 symbol additionsbeck2016-11-053-3/+3
|
* Add support for server side OCSP stapling to libtls.beck2016-11-057-12/+79
| | | | Add support for server side OCSP stapling to netcat.
* after getting rid of the pod files, clean up the Makefiles; ok bcook@schwarze2016-11-054-41/+23
|
* Add support for X25519.jsing2016-11-055-1/+5136
| | | | | | This brings in code from BoringSSL, which is mostly taken from SUPERCOP. ok beck@ bcook@
* rename ocsp_ctx to ocspbeck2016-11-053-68/+68
| | | | ok jsing@
* minor mandoc -Tlint nitsschwarze2016-11-053-9/+8
|
* add the missing content, sorry for committing an empty fileschwarze2016-11-051-0/+69
|
* Stricter validation of inputs of OPENSSL_asc2uni() and OPENSSL_uni2asc().miod2016-11-051-17/+34
| | | | | | While there, try to make these slightly less obfuscated. ok beck@ jsing@
* convert the remaining manual pages from pod to mdocschwarze2016-11-0525-1650/+3615
|
* X509_STORE_CTX_set_*() may fail, so check for errors.miod2016-11-051-4/+14
| | | | ok beck@
* Do not leak the ressources possibly allocated by EVP_MD_CTX_init() in themiod2016-11-051-2/+3
| | | | | | trivial error path of PKCS12_key_gen_uni(). ok beck@ jsing@
* Make sure PEM_SealInit() will correctly destroy the PEM_ENCODE_SEAL_CTXmiod2016-11-051-8/+22
| | | | | | | upon error, as there is no way to do this outside of PEM_SealFinal(), which can only work if PEM_SealInit() succeeded... ok beck@ jsing@
* No need to duplicate definitions from evp.h locally.miod2016-11-052-14/+2
| | | | ok bock@ jsing@
* Stop abusing the ternary operator to decide which function to call in amiod2016-11-051-3/+6
| | | | | return statement. ok beck@ jsing@
* further tweakage, with an improvement from joel;jmc2016-11-051-5/+5
| | | | ok jsing schwarze
* Convert ssl3_get_server_kex_ecdhe() to CBS, simplifying tls1_check_curve()jsing2016-11-053-62/+41
| | | | | | | in the process. This also fixes a long standing bug where tls1_ec_curve_id2nid() is called with only one byte of the curve ID. ok beck@ miod@
* Remove generated Symbols.map on make clean.jsing2016-11-052-3/+5
| | | | ok guenther@
* tweak previousschwarze2016-11-041-34/+39
|
* Rename ssl3_get_key_exchange() to ssl3_get_server_key_exchange(), sincejsing2016-11-043-7/+7
| | | | | | that's what it really is. ok miod@
* Build with WARNINGS=Yes.jsing2016-11-041-1/+3
|
* Avoid shadowing the socket global.jsing2016-11-041-3/+3
| | | | ok miod@
* Make the tls_keypair_new() function a valid prototype.jsing2016-11-041-2/+2
|
* Avoid another signed vs unsigned comparison.jsing2016-11-041-2/+6
| | | | ok miod@
* Tidy up the usage of peer_ecdh_tmp, following the fixed ECDH removal.jsing2016-11-041-13/+5
| | | | ok beck@
* Kill a bunch of OLD_ASN1 usage by replacing ASN1_{d2i,i2d}_* withjsing2016-11-047-53/+107
| | | | | | ASN1_item_{d2i,i2d}_* equivalents. ok guenther@ miod@
* Mark a couple local functions as staticguenther2016-11-042-4/+4
| | | | ok jsing@ beck@
* The *_method_data structures can be staticguenther2016-11-046-21/+21
| | | | ok jsing@
* Add an explict list of exported symbols with just the functionsguenther2016-11-045-11/+289
| | | | | | | declared in the public headers, and use __{BEGIN,END}_HIDDEN_DECLS in the internal headers to optimize internal functions ok jsing@
* Add an explict list of exported symbols with just the functions declaredguenther2016-11-043-2/+85
| | | | | | | in <tls.h>, and use __{BEGIN,END}_HIDDEN_DECLS in tls_internal.h to optimize internal functions ok jsing@
* Nuke the KRB5 ASN.1 code from orbit.jsing2016-11-043-984/+1
| | | | ok beck@
* Ride the current major bump and enable assembler code for nist 256p curve,miod2016-11-044-3/+19
| | | | | | | | on amd64 only for now. Stanzas to enable it on arm, i386 and sparc64 are provided but commented out for lack of testing due to the machine room being currently in storage. ok jsing@
* make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hiddenbeck2016-11-0414-43/+133
| | | | | | functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
* Make do_dtls1_write() static to d1_pkt.c and delete declarations forguenther2016-11-042-8/+6
| | | | | | three functions that were removed a while ago ok jsing@
* Fix some linewrapping glitchesguenther2016-11-041-7/+5
| | | | ok jsing@
* Add assembler code for the nist 256-bit GFp curve, written initially bymiod2016-11-049-6/+19107
| | | | | | | | | Intel. Obtained from BoringSSL, with some integration work borrowed from OpenSSL 1.0.2; assembler code for arm and sparc64 borrowed from OpenSSL 1.1.0. None of this code is enabled in libcrypto yet. ok beck@ jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 08:59:04 +0000