summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Absorb SSL_AEAD_CTX into struct tls12_record_protection.jsing2021-05-163-73/+63
| | | | | | | | The information contained in SSL_AEAD_CTX really belongs in the tls12_record_protection struct. Absorb SSL_AEAD_CTX, using more appropriate types in the process. ok tb@
* Zero the tls12_record_protection struct instead of individual fields.jsing2021-05-161-9/+3
| | | | | | | | In tls12_record_protection_clear(), rather than zeroing or NULLing individual fields once a pointer has been freed, zero the entire struct once the pointers have been dealt with. ok tb@
* Avoid including tls13_internal.h in tls13_record.h.jsing2021-05-161-2/+1
| | | | | While the implementation needs tls13_internal.h, consumers of tls13_record.h should not.
* Avoid pulling ssl_locl.h into self-contained code.jsing2021-05-164-8/+4
|
* Make local header inclusion consistent.jsing2021-05-1618-51/+36
| | | | | Consistently include local headers in the same location, using the same grouping/sorting across all files.
* Move DTLS structs/definitions/prototypes to dtls_locl.h.jsing2021-05-1614-214/+282
| | | | | | | | Now that the DTLS structs are opaque, add a dtls_locl.h header and move internal-only structs from dtls1.h, along with prototypes from ssl_locl.h. Only pull this header in where DTLS code actually exists. ok inoguchi@ tb@
* Add a missing space.jsing2021-05-161-2/+2
|
* Fix formatting of multi-line license comment per style(9).jsing2021-05-164-8/+12
|
* Avoid pulling ssl_sigalgs.h in via ssl_locl.h.jsing2021-05-163-4/+7
| | | | | Forward declare struct sigalg in ssl_locl.h and avoid including ssl_sigalgs.h. Explicitly include ssl_sigalgs.h where it is needed.
* Remove unnecessary includes from the bytestring APIs.jsing2021-05-164-14/+4
| | | | | The bytestring APIs are self contained, hence including openssl headers here is unnecessary.
* Explicitly include <openssl/opensslconf.h> in files using OPENSSL_NO_*jsing2021-05-1613-16/+30
| | | | | | Where a file references to OPENSSL_NO_* conditions, ensure that we explicitly include <openssl/opensslconf.h> before any references, rather than relying on another header to pull this in.
* whitespace/KNFtb2021-05-141-4/+4
|
* Improve libcrypto obj_xref.h generatorinoguchi2021-05-141-0/+4
| | | | | | | Modify objxref.pl to output $OpenBSD$ header and __BEGIN_HIDDEN_DECLS / __END_HIDDEN_DECLS . ok and comment from tb@
* Add missing .Pp in HISTORY section.tb2021-05-132-4/+6
|
* Add missing .Pptb2021-05-131-2/+3
|
* Merge documentation for SSL_CIPHER_find(3) from OpenSSL 1.1.1.tb2021-05-121-2/+29
|
* Install SSL_SESSION_get0_cipher.3tb2021-05-121-1/+2
|
* Document SSL_SESSION_get0_cipher(3)tb2021-05-121-0/+94
| | | | | | | Based on the OpenSSL 1.1.1 manual written by Rich Salz with a healthy dose of improvements by schwarze. ok schwarze
* Modify cms test in appstest.sh to work with ec cert/keyinoguchi2021-05-121-32/+53
|
* Add obj_xref for ECDH schemes in RFC 5753inoguchi2021-05-122-1/+34
| | | | | | | | | | Found missing sigoid_srt record in crypto/objects/obj_xref.h, and this causes error while executing openssl cms -encrypt with EC key/cert. Added required definitions to obj_xref.txt and obj_xref.h. Issue reported by Theodore Wynnychenko (tmw <at> uchicago.edu) on misc. ok tb@
* Document SSL_CTX_get_ssl_method(3)tb2021-05-111-4/+15
|
* Merge some details from OpenSSL 1.1.1.tb2021-05-112-6/+24
|
* missing word in previoustb2021-05-111-1/+2
|
* Merge documentation for EVP_DigestVerify() from OpenSSL 1.1.1.tb2021-05-111-4/+37
|
* Merge documentation for EVP_DigestSign from OpenSSL 1.1.1.tb2021-05-111-4/+39
|
* zap stray commatb2021-05-111-3/+3
|
* Replace unnecessary calls to EC_GROUP_get_curve_GF{p,2m}() withtb2021-05-101-15/+3
| | | | EC_GROUP_get_curve() and remove no longer needed prototypes.
* It's no longer necessary to link ecdhtest statically.tb2021-05-101-2/+2
|
* Merge documentation for EC_GROUP_{set,get}_curve(3) from OpenSSL 1.1.1.tb2021-05-101-20/+57
|
* Merge documentation for EC_POINT_{get,set}_coordinates andtb2021-05-101-20/+70
| | | | for EC_POINT_set_compressed_coordinates from OpenSSL 1.1.1.
* give libtls the same bump as libssltb2021-05-101-2/+2
|
* bump libssl major after struct visibility changes and symbol additiontb2021-05-101-2/+2
|
* bump libcrypto minor after symbol additiontb2021-05-101-1/+1
|
* Make SSL_CIPHER, SSL_CTX, SSL_SESSION, {DTLS1,SSL3}_STATEtb2021-05-103-8/+7
| | | | | | and a few other structs in libssl opaque. from/ok jsing
* Provide SSL_SESSION_get0_cipher(3)tb2021-05-103-2/+10
| | | | ok jsing
* Provide SSL_CTX_get_ssl_method(3)tb2021-05-103-2/+11
| | | | ok jsing
* Provide SSL_CIPHER_find(3)tb2021-05-103-2/+10
| | | | ok jsing
* Expose EVP_Digest{Sign,Verify}(3)tb2021-05-102-5/+3
| | | | ok jsing
* Expose EC_POINT_{get,set}_affine_coordinates(3) andtb2021-05-102-7/+11
| | | | | | EC_POINT_set_compressed_coordinates(3) ok jsing
* Expose EC_GROUP_{get,set}_curve(3)tb2021-05-102-3/+4
| | | | ok jsing
* Add draft-ietf-sidrops-rpki-rsc OIDjob2021-05-092-0/+2
| | | | | | | | Listed under 'SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)' https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 OK tb@
* Prepare to provide EVP_Digest{Sign,Verify}tb2021-05-092-3/+35
| | | | | | | | | | | These are one-shot versions combining EVP_Digest{Sign,Verify}{Update,Final}. and are part of the OpenSSL 1.1.1 API. While they simplify callers in some situations slightly, their real use is for EdDSA that by design can't be split into Update/Final steps. Based on OpenSSL commit 7539418981c140648a620d72edd7398564878b5c ok inoguchi
* Replace DTLS w_epoch with epoch from TLSv1.2 record layer.jsing2021-05-055-29/+20
| | | | ok inoguchi@ tb@
* Rewrite TLSv1.2 key block handling.jsing2021-05-055-134/+247
| | | | | | | | | | | | | For TLSv1.2 a single key block is generated, then partitioned into individual secrets for use as IVs and keys. The previous implementation splits this across two functions tls1_setup_key_block() and tls1_change_cipher_state(), which means that the IV and key sizes have to be known in multiple places. This implementation generates and partitions the key block in a single step, meaning that the secrets are then simply handed out when requested. ok inoguchi@ tb@
* Rename shutdown_all() to shutdown_peers() for consistency.tb2021-05-041-3/+3
|
* Use limits.h instead of sys/limits.h in dtlstest.c for portableinoguchi2021-05-031-2/+2
| | | | discussed and input from jsing@
* Modify regress ssl_get_shared_ciphers for portableinoguchi2021-05-032-6/+6
| | | | | | | - Split out the intermediate path (../certs/) to Makefile - Change 'shutdown' to 'shutdown_all' ok tb@
* Hook openssl-ruby test to regress treetb2021-05-031-1/+2
|
* Add scaffold to run the ruby/openssl regression teststb2021-05-031-0/+72
| | | | | | | | | | | | | | | | | | This test depends on the ruby/ruby-openssl-tests port that bundles the sources and tests of the Ruby OpenSSL gem below /usr/local. The Makefile compiles the openssl.so shared object below obj/ that provides Ruby bindings for the OpenSSL API. Once this is built, the regression tests are run. There are currently 4 failing tests, all related to the new verifier. At least one libssl bug is hidden behind a pend. All this will hopefully be fixed during this release cycle. This adds a decent amount of test coverage without being overly expensive. This way, regressions should be spotted during development so jeremy will no longer have to chase and work around them. Joint work with jeremy, positive feedback from bcook and jsing.
* tweak one description to make it uniquetb2021-05-031-2/+3
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-22 11:58:51 +0000