Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | pasto; from <Jon dot Spillett at oracle dot com> via OpenSSL commit 3aaa1bd0 | schwarze | 2017-04-10 | 1 | -3/+3 | |
| | ||||||
* | typo fix; from <Jon dot Spillett at oracle dot com> | schwarze | 2017-04-10 | 1 | -5/+5 | |
| | | | | via OpenSSL commit 7bd27895 | |||||
* | Simplify/clean up BUF_MEM_grow_clean(). | jsing | 2017-04-09 | 1 | -17/+16 | |
| | | | | ok beck@ | |||||
* | With recallocarray() BUF_MEM_grow() is essentially the same as | jsing | 2017-04-09 | 1 | -28/+2 | |
| | | | | | | | BUF_MEM_grow_clean() (the only difference is clearing on internal down sizing), so make it a wrapper. ok beck@ deraadt@ | |||||
* | Explicitly test for NULL. | jsing | 2017-04-09 | 1 | -4/+4 | |
| | | | | ok beck@ | |||||
* | Use uint8_t instead of u_int8_t - for consistency and to make things easier | jsing | 2017-04-07 | 1 | -2/+2 | |
| | | | | | | for portable. From Raphael Hittich. | |||||
* | trailing ; on end of macro definition is wrong; ok guenther | deraadt | 2017-04-06 | 1 | -4/+4 | |
| | ||||||
* | Consistentcy between nmembers and size order. From Christopher Hettrick; | otto | 2017-04-06 | 1 | -8/+8 | |
| | | | | ok deraadt@ | |||||
* | bump version for new development branch | bcook | 2017-04-06 | 1 | -3/+3 | |
| | ||||||
* | first print size in meta-data then supplied arg size when an inconsistency is | otto | 2017-04-06 | 1 | -3/+3 | |
| | | | | detected wrt recallocarray() | |||||
* | Add tls_peer_cert_chain_pem - To retreive the peer certificate and chain | beck | 2017-04-05 | 7 | -6/+77 | |
| | | | | | | | as PEM format. This allows for it to be used or examined with tools external to libtls bump minor ok jsing@ | |||||
* | Internal changes to allow for relayd engine privsep. sends the hash of the | beck | 2017-04-05 | 5 | -29/+87 | |
| | | | | | | public key as an identifier to RSA, and adds an function for relayd to use to disable private key checking when doing engine privsep. ok jsing@ | |||||
* | Fix silly code that printfs NULL when there are no fractional seconds | beck | 2017-04-03 | 1 | -2/+2 | |
| | | | | | | on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@ | |||||
* | rephrase more enumerations of functions | otto | 2017-03-29 | 1 | -13/+10 | |
| | ||||||
* | tweak previous; | jmc | 2017-03-29 | 1 | -3/+5 | |
| | ||||||
* | Fix typo in function name; | schwarze | 2017-03-28 | 1 | -4/+5 | |
| | | | | | from Markus Triska <triska at metalevel dot at> via OpenSSL commit 1f164c6f. | |||||
* | After i wrote SSL_renegotiate(3) from scratch, OpenSSL also | schwarze | 2017-03-28 | 1 | -12/+109 | |
| | | | | | | | documented the function. Merge the more detailed descriptions and the additional documentation of SSL_renegotiate_abbreviated(3) and SSL_renegotiate_pending(3). From Matt Caswell, OpenSSL commit 39820637. | |||||
* | small cleanup & optimization; ok deraadt@ millert@ | otto | 2017-03-28 | 1 | -2/+5 | |
| | ||||||
* | reinstate the capitalisation from previous, as advised by schwarze; | jmc | 2017-03-27 | 1 | -3/+3 | |
| | ||||||
* | tweak previous; | jmc | 2017-03-26 | 3 | -9/+9 | |
| | ||||||
* | Stop enumeration all allocation functions, just say "allocation functions"libressl-v2.5.2 | otto | 2017-03-26 | 1 | -32/+13 | |
| | | | | ok jmc@ deraadt@ | |||||
* | merge new UI documentation from OpenSSL | schwarze | 2017-03-26 | 5 | -13/+651 | |
| | ||||||
* | document X509_Digest(3) and friends; | schwarze | 2017-03-25 | 2 | -1/+135 | |
| | | | | from Rich Salz <rsalz@openssl.org>, OpenSSL commit 3e5d9da5 etc. | |||||
* | document the public function X509_cmp_time(3); | schwarze | 2017-03-25 | 2 | -1/+88 | |
| | | | | | from Emilia Kasper <emilia@openssl.org>, OpenSSL commit 80770da3, tweaked by me | |||||
* | correct RETURN VALUES; | schwarze | 2017-03-25 | 1 | -7/+13 | |
| | | | | from Richard Levitte <levitte@openssl.org>, OpenSSL commit cdd6c8c5 | |||||
* | fix two more prototypes; | schwarze | 2017-03-25 | 1 | -5/+5 | |
| | | | | from Matt Caswell <matt@openssl.org>, OpenSSL commit b41f6b64 | |||||
* | correct prototypes; | schwarze | 2017-03-25 | 1 | -5/+5 | |
| | | | | from Matt Caswell <matt@openssl.org>, OpenSSL commit b41f6b64 | |||||
* | complete description of RETURN VALUES; | schwarze | 2017-03-25 | 1 | -6/+8 | |
| | | | | from Alexander Koeppe via OpenSSL commit bb6c5e7f | |||||
* | minimal stub-quality documentation of EVP_MD_CTX_ctrl(3); | schwarze | 2017-03-25 | 1 | -3/+17 | |
| | | | | from Todd Short <tshort@akamai.com> via OpenSSL commit 52ad5b60 | |||||
* | OpenSSL documented the public function BIO_printf(3) (and friends) | schwarze | 2017-03-25 | 3 | -3/+91 | |
| | | | | | in commit 2ca2e917. Document it here, too, but do not use their text. Be more concise and more precise at the same time. | |||||
* | document ASN1_tag2str(3); from OpenSSL commit 9e183d22 | schwarze | 2017-03-25 | 1 | -4/+14 | |
| | ||||||
* | Update RFC reference for TLSEXT_TYPE_padding. | jsing | 2017-03-25 | 1 | -5/+2 | |
| | ||||||
* | Check tls1_PRF() return value in tls1_generate_master_secret(). | jsing | 2017-03-25 | 1 | -4/+4 | |
| | ||||||
* | More cleanup for tls1_PRF()/tls1_P_hash() - change the argument order of | jsing | 2017-03-25 | 1 | -46/+50 | |
| | | | | | | | tls1_PRF() so that it matches tls1_P_hash(), use more explicit argument names and change lengths to size_t. ok inoguchi@ | |||||
* | add a helper function to print all pools #ifdef MALLOC_STATS | otto | 2017-03-24 | 1 | -1/+16 | |
| | | | | from David CARLIER | |||||
* | document new recallocarray diagnostic; zap a few diagnostics that should | otto | 2017-03-24 | 1 | -8/+9 | |
| | | | | never occur | |||||
* | move recallocarray to malloc.c and | otto | 2017-03-24 | 2 | -19/+207 | |
| | | | | | | | - use internal meta-data to do more consistency checking (especially with option C) - use cheap free if possible ok deraadt@ | |||||
* | Fewer magic numbers. | jsing | 2017-03-18 | 1 | -3/+3 | |
| | ||||||
* | t1_enc.c | jsing | 2017-03-18 | 1 | -3/+2 | |
| | ||||||
* | Currently tls1_PRF() requires that a temporary buffer be provided, that | jsing | 2017-03-18 | 1 | -50/+32 | |
| | | | | | | | | | | | | | | matches the size of the output buffer. This is used in the case where there are multiple hashes - tls_P_hash() is called with the temporary buffer and the result is then xored into the output buffer. Avoid this by simply using a local buffer in tls_P_hash() and then xoring the result into the output buffer. Overall this makes the code cleaner and simplifies all of the tls_PRF() callers. Similar to BoringSSL. ok inoguchi@ | |||||
* | remove unneccessary macro; | jmc | 2017-03-17 | 1 | -2/+2 | |
| | ||||||
* | Strengthen description of recallocarray(3) behaviour, hoping that readers | deraadt | 2017-03-17 | 1 | -5/+10 | |
| | | | | | make the behaviour -> use case connection. help from jmc and jsing | |||||
* | Convert BUF_MEM_grow() and BUF_MEM_grow_clean() to recallocarray(), | jsing | 2017-03-16 | 1 | -13/+3 | |
| | | | | | | | | | | ensuring that the buffer contents are zeroed on allocation and not leaked when resizing. It is worth noting that BUF_MEM_grow_clean() already did this manually by avoiding realloc(). ok beck@ inoguchi@ | |||||
* | Use calloc() instead of malloc() followed by manually zeroing fields. | jsing | 2017-03-16 | 1 | -6/+3 | |
| | | | | ok beck@ inoguchi@ | |||||
* | Remove the handshake digests and related code, replacing remaining uses | jsing | 2017-03-10 | 7 | -166/+45 | |
| | | | | | | | with the handshake hash. For now tls1_digest_cached_records() is retained to release the handshake buffer. ok beck@ inoguchi@ | |||||
* | Switch CBB to use recallocarray() - this ensures that we do not leak | jsing | 2017-03-10 | 1 | -2/+2 | |
| | | | | | | secrets via realloc(). ok inoguchi@ | |||||
* | First pass at cleaning up the tls1_P_hash() function - remove a pointless | jsing | 2017-03-10 | 1 | -20/+19 | |
| | | | | | | | EVP_DigestSignInit() call and avoid the need for ctx_tmp by reordering the code slightly. ok inoguchi@ | |||||
* | Make tls1_PRF() non-static so it can be regress tested. | jsing | 2017-03-10 | 1 | -2/+7 | |
| | ||||||
* | Correctly handle TLS PRF with MD5+SHA1 - the secret has to be partitioned | jsing | 2017-03-07 | 1 | -5/+26 | |
| | | | | | | and each hash processed separately. Tested by tb@ | |||||
* | Some tweaks from jmc@ and describe better what recallocarray does; | otto | 2017-03-07 | 1 | -7/+16 | |
| | | | | help and ok from tom@ and deraadt@ |