| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2022-01-07 | Prepare to provide EVP_AEAD_CTX_{new,free}() | tb | 2 | -3/+29 | |
| ok jsing | |||||
| 2022-01-07 | Revert previous accidental commit | tb | 1 | -2/+2 | |
| 2022-01-07 | Rename dh_tmp to dhe_params. | jsing | 5 | -33/+39 | |
| Support for non-ephemeral DH was removed a long time ago - as such, the dh_tmp and dh_tmp_cb are used for DHE parameters. Rename them to reflect reality. ok inoguchi@ tb@ | |||||
| 2022-01-07 | Stop attempting to duplicate the public and private key of dh_tmp. | jsing | 1 | -17/+1 | |
| Support for non-ephemeral DH was removed a very long time ago - the only way that dh_tmp is set is via DHparams_dup(), hence the public and private keys are always going to be NULL. ok inoguchi@ tb@ | |||||
| 2022-01-07 | Convert legacy server to tls_key_share. | jsing | 6 | -233/+115 | |
| This requires a few more additions to the DHE key share code - we need to be able to either set the DHE parameters or specify the number of key bits for use with auto DHE parameters. Additionally, we need to be able to serialise the DHE parameters to send to the client. This removes the infamous 'tmp' struct from ssl3_state_internal_st. ok inoguchi@ tb@ | |||||
| 2022-01-07 | A few more files need asn1_locl.h. | tb | 3 | -3/+8 | |
| 2022-01-07 | include asn1_locl.h where it will be needed for the bump. | tb | 7 | -7/+19 | |
| discussed with jsing | |||||
| 2022-01-07 | Prepare to make RSA and RSA_METHOD opaque by including rsa_locl.h | tb | 9 | -9/+19 | |
| where it will be needed in the upcoming bump. discussed with jsing | |||||
| 2022-01-07 | Add an essentially empty ocsp_local.h and include it in the files | tb | 10 | -9/+95 | |
| that will need it in the upcoming bump. discussed with jsing | |||||
| 2022-01-07 | gost needs to look into ecs_locl.h | tb | 2 | -2/+4 | |
| 2022-01-07 | Prepare the move of DSA_SIG, DSA_METHOD and DSA to dsa_locl.h by | tb | 10 | -10/+25 | |
| including the local header where it will be needed. discussed with jsing | |||||
| 2022-01-07 | Add an essentially empty dh_local.h and include it in the files where | tb | 10 | -9/+88 | |
| it will be needed in the upcoming bump. discussed with jsing | |||||
| 2022-01-07 | zap trailing whitespace | tb | 1 | -9/+9 | |
| 2022-01-07 | Let dtlstest peek into bio_local.h | tb | 2 | -2/+4 | |
| 2022-01-07 | Add a new, mostly empty, bio_local.h and include it in the files | tb | 23 | -22/+128 | |
| that will need it in the upcoming bump. discussed with jsing | |||||
| 2022-01-06 | refer to longindex as an argument, not a field; | jmc | 1 | -3/+3 | |
| from uwe@netbsd -r1.22 ok millert | |||||
| 2022-01-06 | Revise for change to tls_key_share_peer_public() | jsing | 1 | -3/+2 | |
| 2022-01-06 | Convert legacy TLS client to tls_key_share. | jsing | 7 | -256/+181 | |
| This requires adding DHE support to tls_key_share. In doing so, tls_key_share_peer_public() has to lose the group argument and gains an invalid_key argument. The one place that actually needs the group check is tlsext_keyshare_client_parse(), so add code to do this. ok inoguchi@ tb@ | |||||
| 2022-01-06 | Allocate and free the EVP_AEAD_CTX struct in tls13_record_protection. | jsing | 1 | -7/+13 | |
| This brings the code more in line with the tls12_record_layer and reduces the effort needed to make EVP_AEAD_CTX opaque. Prompted by and ok tb@ | |||||
| 2022-01-06 | Add regress tests for ASN1_BIT_STRING. | jsing | 1 | -2/+113 | |
| 2022-01-06 | Add a comment that explains why build_addr_block_tests isn't const | tb | 2 | -3/+8 | |
| 2022-01-06 | Convert SCT verification to CBB. | jsing | 1 | -56/+57 | |
| ok inoguchi@ tb@ | |||||
| 2022-01-06 | Sync from libssl. | jsing | 2 | -2/+21 | |
| 2022-01-06 | Test CBB_add_u64() | jsing | 1 | -2/+6 | |
| 2022-01-06 | Provide CBB_add_u64() | jsing | 2 | -2/+21 | |
| Prompted by and ok tb@ | |||||
| 2022-01-06 | minor tweaks, no code change | tb | 1 | -4/+3 | |
| Adjust a comment to reality, zap a stray empty line and fix whitespace before comment after #endif | |||||
| 2022-01-06 | With openssl-ruby-tests 20220105, test_post_connection_check_wildcard_san | tb | 1 | -2/+2 | |
| is now an unexpected pass, so remove it from the expected failures. | |||||
| 2022-01-06 | Free memory before assign to avoid leak | inoguchi | 1 | -1/+7 | |
| CID 313263 313301 313322 | |||||
| 2022-01-06 | Free memory if error occurred | inoguchi | 1 | -2/+4 | |
| 2022-01-06 | Remove NULL check before free | inoguchi | 1 | -3/+2 | |
| 2022-01-06 | Fix a copy-paste error that led to an out-of-bounds access. | tb | 1 | -2/+2 | |
| Found via a crash on bluhm's i386 regress test box | |||||
| 2022-01-06 | Add test coverage for SCT validation. | jsing | 4 | -7/+116 | |
| Of note, the public APIs for this mean that the only way you can add a CTLOG is by reading a configuration file from disk - there is no programmatic way to do this. | |||||
| 2022-01-06 | t_syscall was a test for the gcc 1.x off_t syscall padding, | guenther | 2 | -125/+2 | |
| which was an implementation detail and has been deleted, so delete the test | |||||
| 2022-01-05 | Prepare to provide DSA_bits() | tb | 2 | -2/+11 | |
| Used by Qt5 and Qt6 and slightly reduces the patching in there. ok inoguchi jsing | |||||
| 2022-01-05 | Prepare to provide BIO_set_retry_reason() | tb | 2 | -2/+11 | |
| Needed by freerdp. ok inoguchi jsing | |||||
| 2022-01-05 | Prepare to provide a number of RSA accessors | tb | 2 | -2/+67 | |
| This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will be exposed in the upcoming bump. ok inoguchi jsing | |||||
| 2022-01-05 | Prepare to provide ECDSA_SIG_get0_{r,s}() | tb | 2 | -2/+19 | |
| ok inoguchi jsing | |||||
| 2022-01-05 | Prepare to provide DH_get_length() | tb | 2 | -2/+11 | |
| Will be needed by openssl(1) dhparam. ok inoguchi jsing | |||||
| 2022-01-05 | Prepare to provide DSA_get0_{p,q,g,{priv,pub}_key}() | tb | 2 | -2/+39 | |
| ok inoguchi jsing | |||||
| 2022-01-05 | Prepare to provide DH_get0_{p,q,g,{priv,pub}_key}() | tb | 2 | -2/+39 | |
| These are accessors that allow getting one specific DH member. They are less error prone than the current getters DH_get0_{pqg,key}(). They are used by many ports and will also be used in base for this reason. Who can remember whether the pub_key or the priv_key goes first in DH_get0_key()? ok inoguchi jsing | |||||
| 2022-01-05 | Prepare to provide BIO_set_next(). | tb | 2 | -2/+11 | |
| This will be needed in libssl and freerdp after the next bump. ok inoguchi jsing | |||||
| 2022-01-05 | Prepare to provide X509_{set,get}_verify() and X509_STORE_get_verify_cb() | tb | 2 | -7/+37 | |
| as well as the X509_STORE_CTX_verify_cb and X509_STORE_CTX_verify_fn types This will fix the X509_STORE_set_verify_func macro which is currently broken, as pointed out by schwarze. ok inoguchi jsing | |||||
| 2022-01-05 | Unindent a few lines of code and avoid shadowed variables. | tb | 1 | -12/+7 | |
| 2022-01-05 | Rename {c,p}_{min,max} into {child,parent}_{min,max} | tb | 1 | -7/+8 | |
| 2022-01-05 | Two minor KNF tweaks | tb | 1 | -5/+5 | |
| 2022-01-05 | Use child_aor and parent_aor instead of aorc and aorp | tb | 1 | -15/+15 | |
| suggested by jsing | |||||
| 2022-01-05 | Rename fp and fc into parent_af and child_af for readability. | tb | 1 | -24/+29 | |
| suggested by jsing | |||||
| 2022-01-05 | Globally rename all IPAddressFamily *f into af since this is slightly | tb | 1 | -64/+65 | |
| more readable. Repeated complaints by jsing | |||||
| 2022-01-05 | Add a helper function to turn unchecked (but sound) use of | tb | 1 | -13/+18 | |
| sk_find + sk_value into something easier to follow and swallow. ok inoguchi jsing | |||||
| 2022-01-05 | Hoist IPAddressFamily_cmp() to the other IPAddressFamily functions. | tb | 1 | -29/+29 | |
| ok inoguchi jsing | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |