summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Correct direction of SSL_ERROR_ZERO_RETURN caseguenther2018-04-291-3/+3
| | | | ok schwarze@
* reference hosts(5) instead of networks(5)schwarze2018-04-281-3/+3
|
* Remove references to the obsolete getnetent(3) and networks(5).schwarze2018-04-282-10/+7
|
* Stop talking about /etc/networks, which is no longer used,schwarze2018-04-281-39/+38
| | | | | | and reference gethostby*(3) and /etc/hosts instead. Say that setnetent(3), getnetent(3), and endnetent(3) now do nothing. With feedback from guenther and significant help from deraadt@.
* Say that sethostent(3), gethostent(3), and endhostent(3) do nothing.schwarze2018-04-281-50/+19
| | | | | | While here, stop implying plans to support additional address families in the future, and do not call gethostbyname2(3) "advanced". OK deraadt@ guenther@
* To allow us to get rid of /etc/networks, make setnetent(3),schwarze2018-04-281-75/+4
| | | | | | getnetent(3), and endnetent(3) do nothing, just like sethostent(3), gethostent(3), and endhostent(3) years ago. OK deraadt@ guenther@
* Fix a small timing side channel in dsa_sign_setup(). Simple adaptationtb2018-04-281-12/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | of OpenSSL commit c0caa945f6ef30363e0d01d75155f20248403df4 to our version of this function. ok beck, jsing Original commit message: commit c0caa945f6ef30363e0d01d75155f20248403df4 Author: Pauli <paul.dale@oracle.com> Date: Wed Nov 1 06:58:13 2017 +1000 Address a timing side channel whereby it is possible to determine some information about the length of the scalar used in DSA operations from a large number (2^32) of signatures. This doesn't rate as a CVE because: * For the non-constant time code, there are easier ways to extract more information. * For the constant time code, it requires a significant number of signatures to leak a small amount of information. Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4576)]
* Fix a small timing side channel in ecdsa_sign_setup(). Up to whitespacetb2018-04-281-8/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this is OpennSSL commit 4a089bbdf11f9e231cc68f42bba934c954d81a49. ok beck, jsing Original commit message: commit 4a089bbdf11f9e231cc68f42bba934c954d81a49 Author: Pauli <paul.dale@oracle.com> Date: Wed Nov 1 06:58:39 2017 +1000 Address a timing side channel whereby it is possible to determine some information about the length of the scalar used in ECDSA operations from a large number (2^32) of signatures. This doesn't rate as a CVE because: * For the non-constant time code, there are easier ways to extract more information. * For the constant time code, it requires a significant number of signatures to leak a small amount of information. Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4576)]
* trailing whitespace, and move arg checking before pledgebeck2018-04-271-17/+17
| | | | | in preparation for pledgepath ok deraadt@
* Put function name on a separate line and zap stray whitespace.tb2018-04-251-3/+4
|
* In asn1.h rev. 1.46 2018/04/25 11:48:21, tb@ added const qualifiersschwarze2018-04-257-30/+30
| | | | | to some parameters of some functions. Update the documentation. Add a few additional missing const qualifiers while here.
* Avoid talking about the innternal, undocumented data type "struct lhash_st",schwarze2018-04-251-3/+3
| | | | show the public data type name "LHASH_OF(SSL_SESSION)" instead.
* Document the callbacks as taking "SSL *" and "SSL_CTX *" argumentsschwarze2018-04-251-7/+7
| | | | | and avoid the internal, undocumented names "struct ssl_st *" and "struct ssl_ctx_st *".
* In ssl.h rev. 1.156 2018/04/25 07:10:39, tb@ added const qualifiersschwarze2018-04-255-16/+16
| | | | | to some parameters and return values of some functions. Update the documentation.
* remove whitespace before closing parenstb2018-04-251-5/+5
|
* Add const to functions in asn1/asn1.h as they did in OpenSSL.tb2018-04-2519-92/+96
| | | | | | | BIO_f_asn1() will be taken care of later. Tested in a bulk by sthen ok bcook jca jsing
* Fix capitalization of data. Pointed out by jsing and forgotten intb2018-04-251-2/+2
| | | | previous commit.
* The cookie in the cookie verify callback needs to be const.tb2018-04-252-4/+5
| | | | ok jsing (as part of a larger diff)
* OpenSSL started adding const to functions all over the place. Make alltb2018-04-257-38/+30
| | | | | | | | our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step. this went through a i386 bulk by sthen ok jsing
* Make the NULL check a separate if statement for readability andtb2018-04-231-2/+4
| | | | | | grepability. Req. by jsing
* Make whitespace between functions and structs a bit more consistent.tb2018-04-231-3/+7
|
* Test X509_CRL_METHOD_free(NULL)tb2018-04-231-1/+2
|
* Make X509_CRL_METHOD_free() NULL-safe.tb2018-04-231-2/+2
| | | | ok bcook
* About half of the listed functions are wrappers of ASN1_item_free().tb2018-04-231-113/+113
| | | | Annotate them.
* Add a big pile of *_free() functions which I audited to be NULL-safe.tb2018-04-231-2/+109
|
* Document the "f" callback argument that tb@ asked about.schwarze2018-04-191-2/+16
| | | | | While here, include a patch from tb@ adding the missing return type to ENGINE_ctrl() in the SYNOPSIS.
* tweak previous;jmc2018-04-181-2/+3
|
* SEE ALSO and HISTORYschwarze2018-04-1812-26/+301
|
* delete engine(3); nothing of value left in that pageschwarze2018-04-182-537/+1
|
* link to ENGINE_register_RSA(3) rather than engine(3)schwarze2018-04-181-8/+7
|
* * Document DH_up_ref(3), DSA_up_ref(3), and RSA_up_ref(3).schwarze2018-04-183-16/+73
| | | | | | * Correct documentation of DH_new(3), DH_free(3), DSA_new(3), DSA_free(3), RSA_new(3), and RSA_free(3) with respect to reference counting. * Stop referencing engine(3).
* * Make the description of method selection simpler, more precise,schwarze2018-04-182-128/+67
| | | | | | | and more concise. * Correct the description of the return values of DH_set_method(3) and DSA_set_method(3). * Stop referencing engine(3).
* * Do not document the non-existent function RSA_null_method(3).schwarze2018-04-181-105/+43
| | | | | | | | | | * Add three missing const qualifiers to function prototypes. * Correct the argument type of RSA_new_method(3). * Remove duplicate decsription of RSA_flags(3) and RSA_new_method(3). * Make the description of method selection simpler, more precise, and more concise. * Correct description of the return value of RSA_set_method(3). * Stop referencing engine(3).
* add a few new sentences regarding the big pictureschwarze2018-04-152-2/+15
|
* Rewrite the ENGINE_*(3) documentation from scratch - step 2,schwarze2018-04-158-395/+633
| | | | | | covering the remaining functions that were documented in engine(3), except for seven functions that are completely pointless and that were merely listed but not really documented.
* Rewrite the ENGINE_*(3) documentation from scratch (step 1,schwarze2018-04-1510-530/+1303
| | | | | covering 60% of the documented functions). The old, abominable engine(3) manual page shall die soon.
* In eng_lib.c rev. 1.14 2018/04/14 07:18:37, tb@ allowed ENGINE_free(3)schwarze2018-04-141-53/+46
| | | | | | to accept a NULL argument. Document that. While here, make the related sentences more precise and less verbose. Tweaks and OK tb@.
* Make ENGINE_free() succeed on NULL. Matches OpenSSL's behavior andtb2018-04-148-41/+41
| | | | | | simplifies the caller side. tested by & ok inoguchi; discussed with schwarze
* make ENGINE_finish() succeed on NULL and simplify callers as intb2018-04-1413-100/+58
| | | | | | | | | | | OpenSSL commit 7c96dbcdab9 by Rich Salz. This cleans up the caller side quite a bit and reduces the number of lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net shows that almost nothing checks the return value of ENGINE_finish(). While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'. ok jsing, tested by & ok inoguchi
* In ssl.h rev. 1.155 2018/04/11 17:47:36, jsing@ changedschwarze2018-04-111-13/+3
| | | | | SSL_OP_TLS_ROLLBACK_BUG to no longer have any effect. Update the manual page.
* Nuke SSL_OP_TLS_ROLLBACK_BUG - this is a workaround for buggy clients fromjsing2018-04-112-36/+17
| | | | | | | around the SSLv3/TLSv1.0 period... and buggy clients are buggy. This also helps to clean up the RSA key exchange code. ok "kill it with fire" beck@ tb@
* Delete the description of the argument of the "ciphers" commandschwarze2018-04-101-145/+13
| | | | | | | | | because it was (1) woefully incomplete, (2) partially outdated and wrong, (3) in parts imprecisely worded and hard to understand, (4) excessively technical for a section 1 manual, (5) of excessive size for this particular page, (6) and didn't belong here in the first place because it essentially tried to document a C API - SSL_CTX_set_cipher_list(3), which is now documented, so point to it.
* Write documentation for the control string parameter from scratch,schwarze2018-04-101-30/+273
| | | | collecting the information by inspecting the source code.
* tweak usage()tb2018-04-101-1/+1
|
* Fail early if an X509_VERIFY_PARAM is poisoned - don't allowbeck2018-04-081-8/+10
| | | | | this to be "overridden" by the user supplied callback. ok jsing@
* sort the list of data structures and add the missing ECDH and ECDSA;schwarze2018-04-081-57/+13
| | | | | triggered by OpenSSL commit a73d990e Feb 27 19:02:24 2018 +0100, but with different content
* tweak previous;jmc2018-04-071-4/+4
|
* Correct man page for OpenSSL_no_config() to indicate that itbeck2018-04-071-4/+8
| | | | | suppresses any future config file loading. ok schwarze@ with a nit from jsing@
* Remove function pointers for ssl_{read,write,peek}.jsing2018-04-078-59/+11
| | | | | | | Now that everything goes through the same code path, we can remove a layer of indirection and just call ssl3_{read,write,peek} directly. ok beck@ inoguchi@
* Nuke SSL3_FLAGS_DELAY_CLIENT_FINISHED and SSL3_FLAGS_POP_BUFFER.jsing2018-04-074-70/+8
| | | | | | | These flags enabled experimental behaviour in the write path, which nothing uses. Removing this code greatly simplifies ssl3_write(). ok beck@ inoguchi@ sthen@ tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 02:43:04 +0000