summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Instead of declaring a union in multiple places, move it to tls_internal.h.jsing2015-09-293-15/+14
| | | | ok deraadt@
* clean some ugly intendation wartsderaadt2015-09-295-12/+21
|
* remove excessive brackets on pointer mathderaadt2015-09-282-16/+16
|
* Explicit NULL checks and style(9) tweaks.jsing2015-09-281-7/+7
|
* Redo 1.25, without the NULL deref.miod2015-09-272-44/+62
| | | | ok sthen@ bcook@
* bump to 2.3.1bcook2015-09-272-6/+6
|
* Use ASN1_item_dup() instead of ASN1_dup().jsing2015-09-264-14/+10
| | | | ok bcook@
* lint is dead: delete useless LINTLIBRARY commentsguenther2015-09-262-4/+2
| | | | ok millert@
* We don't need no stinking "EXAMPLE OF THE DSA" or README (the credits arejsing2015-09-264-252/+0
| | | | | | already in the code). ok beck@ miod@
* typos in documentation; better wording, suggested by jmc@libressl-v2.3.0sobrado2015-09-2251-88/+88
| | | | ok jmc@
* Don't wrap initialized variables: binutils appears to be mishandling themguenther2015-09-191-1/+3
| | | | | | on arm and m88k problems with optind observed by jsg@
* avoid void * pointer arithmeticbcook2015-09-182-4/+4
| | | | ok miod@
* Revert bn_print.c:r1.25 ("handle negative-zero in BN_bn2dec() too") forsthen2015-09-182-62/+44
| | | | now, it has a NULL deref. Segfault reported by Mikolaj Kucharski, ok bcook
* Remove more EVP_sha() SHA-0 references.bcook2015-09-173-6/+5
|
* Re-add missing comma from SHA-0 removal which breaks mlinks generation.sthen2015-09-172-2/+2
| | | | Worked out by bcook@
* include stdint.h for uint64_tbcook2015-09-172-2/+4
| | | | noted by Bernard Spil
* tweak previous;jmc2015-09-141-2/+2
|
* Provide tls_config_insecure_noverifytime() in order to be able to disablejsing2015-09-146-6/+29
| | | | | | certificate validity checking. ok beck@
* Add support for disabling certificate and CRL validity checking.jsing2015-09-144-22/+30
| | | | | | Loosely based on changes in OpenSSL. ok beck@
* delete bogus trailing .Ns from SYNOPSIS .Ft macrosschwarze2015-09-142-12/+12
|
* fix formatting by adding the required quotes to .Fa in the SYNOPSISschwarze2015-09-144-22/+22
|
* Remove useless quoting from .Fo and .Fn function names, to preventschwarze2015-09-143-10/+10
| | | | | | development of a cargo cult in case people look at existing files for examples. This achieves a consistent .Fo and .Fn quoting style across the whole tree.
* some conn_version and conn_cipher bits;jmc2015-09-142-9/+10
|
* Only two of the *rand48.c files need <math.h>, so just #include it in themguenther2015-09-143-4/+5
|
* use .Va for global variables, and .Vt where the type is includedschwarze2015-09-141-4/+3
|
* Expose EOF without close-notify via tls_close().jsing2015-09-142-6/+14
| | | | | | | | | | | Make tls_read(3)/tls_write(3) follow read(2)/write(2) like semantics and return 0 on EOF with and without close-notify. However, if we saw an EOF from the underlying file descriptors without getting a close-notify, save this and make it visible when tls_close(3) is called. This keeps the semantics we want, but makes it possible to detect truncation at higher layers, if necessary. ok beck@ guenther@
* Return an error if tls_handshake() or tls_close() is called on a contextjsing2015-09-141-2/+13
| | | | | | for which they are not valid operations. ok beck@
* add missing function return typesschwarze2015-09-141-2/+3
|
* Wrap <ifaddrs.h>, <netinet/in.h>, and <netinet/if_ether.h> so internalguenther2015-09-143-3/+7
| | | | calls go direct and all the symbols are weak
* Wrap <net/if.h> and <net/if_dl.h> so internal calls go direct and all theguenther2015-09-142-2/+4
| | | | symbols are weak
* Remove cast of int* to int*guenther2015-09-141-2/+2
|
* Finish wrapping <netdb.h> so that calls go direct and the symbols are all weakguenther2015-09-149-9/+24
|
* Temporarily revive MD4 for MS CHAP support.doug2015-09-1427-42/+1320
|
* Crank major version due to removal of SHA-0 and MD4 from libcrypto.doug2015-09-135-10/+10
|
* Remove MD4 support from LibreSSL.doug2015-09-1327-1320/+42
| | | | | | | | MD4 should have been removed a long time ago. Also, RFC 6150 moved it to historic in 2011. Rides the major crank from removing SHA-0. Discussed with many including beck@, millert@, djm@, sthen@ ok jsing@, input + ok bcook@
* Wrap <arpa/inet.h> and <arpa/nameser.h> so that calls go direct and theguenther2015-09-135-5/+11
| | | | symbols without underbar prefix are all weak
* Remove SHA-0 support.doug2015-09-1321-649/+35
| | | | | | | SHA-0 was withdrawn shortly after publication 20 years ago and replaced with SHA-1. This will require a major crank. ok bcook@, jsing@
* For now, permit overriding of the malloc family, to make emacs happyguenther2015-09-131-6/+6
|
* Since a major bump of libcrypto is coming, remove OPENSSL_ia32cap andmiod2015-09-134-34/+4
| | | | | OPENSSL_ia32cap_loc; nothing in ports uses them besides embedded copies of OpenSSL. This opens the `all hell gets loose' window.
* Handle negative-zero in BN_bn2dec() too, just like in BN_print().deraadt2015-09-132-44/+62
| | | | ok miod
* Reorder functions for readability/consistency.jsing2015-09-132-470/+456
|
* BN does support negative-zero -- BN_print() sets the standard here.deraadt2015-09-132-6/+6
| | | | | | | BN_bn2hex() had a 1-byte overflow when creating "-0\0". Reported to me a while back by unknown person -- did not have enough experience to push this through then. advice from jsing, ok miod
* work around the stupid semantics of SSL_read and SSL_write to make surebeck2015-09-131-3/+3
| | | | | we can indicate an EOF properly on tls_read and tls_write ok jsing@
* Wrap <pwd.h> so that calls go direct and the symbols are all weak.guenther2015-09-132-7/+8
| | | | Hide bcrypt_autorounds(), prefixing with an underbar for static builds.
* Overshot w/PROTO_DEPRECATED: seed48_deterministic() is used internallyguenther2015-09-131-1/+2
|
* Only check for key truncation if no KDF function is being used.jsing2015-09-132-8/+8
| | | | ok beck@ miod@
* Don't leak conninfo - spotted by marko kreen.beck2015-09-131-2/+3
| | | | ok jsing@
* Stop generating private keys in a network buffer.jsing2015-09-132-58/+58
| | | | | | | | | | The current client key exchange code generates DH and ECDH keys into the same buffer that we use to send data to the network - stop doing this and malloc() a new buffer, which we explicit_bzero() and free() on return. This also benefits from ASLR and means that the keys are no longer generated in a well known location. ok beck@
* The number of rounds is just two digits in the salt. We've alreadymillert2015-09-131-2/+2
| | | | | verified that they are there via isdigit() so we can convert from ASCII to an int without using atoi(). OK guenther@ deraadt@
* Use ECDH_size() instead of rolling our own.jsing2015-09-134-24/+22
| | | | ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 20:31:45 +0000