summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hiddenbeck2016-11-0414-43/+133
| | | | | | functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
* Make do_dtls1_write() static to d1_pkt.c and delete declarations forguenther2016-11-042-8/+6
| | | | | | three functions that were removed a while ago ok jsing@
* Fix some linewrapping glitchesguenther2016-11-041-7/+5
| | | | ok jsing@
* Some tests require internal symbols; have them link with the staticguenther2016-11-044-8/+10
| | | | | | | libssl or libtls so they can continue to see them after the shared library namespace is cleaned up ok jsing@
* Add assembler code for the nist 256-bit GFp curve, written initially bymiod2016-11-049-6/+19107
| | | | | | | | | Intel. Obtained from BoringSSL, with some integration work borrowed from OpenSSL 1.0.2; assembler code for arm and sparc64 borrowed from OpenSSL 1.1.0. None of this code is enabled in libcrypto yet. ok beck@ jsing@
* Replace all uses of magic numbers when operating on OPENSSL_ia32_P[] bymiod2016-11-0426-146/+245
| | | | | | | | | | | | | | | meaningful constants in a private header file, so that reviewers can actually get a chance to figure out what the code is attempting to do without knowing all cpuid bits. While there, turn it from an array of two 32-bit ints into a properly aligned 64-bit int. Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will now always use OPENSSL_cpu_caps() and check for the proper bits in the whole 64-bit word it returns. i386 tests and ok jsing@
* Address some signed vs unsigned warnings and check that an integer valuejsing2016-11-041-4/+14
| | | | | | | | | is positive before passing it to several functions as a size_t. Additionally, in tls_load_file() there is not much point using calloc(), when we're immediately reading into the buffer (having an extra byte for NUL termination seems pointless given the API). ok beck@ miod@
* Assign and test, as is consistent with the rest of the libtls code.jsing2016-11-041-7/+4
|
* Use a consistent name for struct bio_cb * variables.jsing2016-11-041-6/+6
|
* Rename struct bio_cb_st to struct bio_cb.jsing2016-11-041-8/+8
|
* Do not cast a pointer to a struct, to a char * when assigning to a void *.jsing2016-11-041-2/+2
|
* Use a consistent name for a BIO *, rather than having four different namesjsing2016-11-041-49/+51
| | | | in the same file.
* Avoid signed vs unsigned comparisons.jsing2016-11-041-3/+4
| | | | ok miod@
* convert X509 manuals from pod to mdocschwarze2016-11-0439-1825/+2566
|
* Completely rewrite the session handling ASN.1 code using CBB and CBS. Thisjsing2016-11-041-616/+329
| | | | | | | addresses two 2038 related issues and also adds support for allocation in the i2d function, which will allow for simplification in the callers. ok beck@ miod@
* Convert ssl3_get_server_kex_dhe() to CBS.jsing2016-11-041-42/+19
| | | | ok beck@
* No need to reach libssl private headers and to define TERMIOS anymore.miod2016-11-041-4/+1
| | | | ok bcook@
* Remove I386_ONLY define. It was only used to prefer amiod2016-11-0418-60/+15
| | | | | | | faster-on-genuine-80386-but-slower-on-80486-onwards innstruction sequence in the SHA512 code, and had not been enabled in years, if at all. ok tom@ bcook@
* In OPENSSL_wipe_cpu() on i386, which noone uses anyway, check the propermiod2016-11-041-1/+1
| | | | | | flag for the presence of a FPU before deciding to wipe the fpu registers. ok jsing@
* There's not much point having three static functions that do a cast andjsing2016-11-041-33/+6
| | | | | assign a pointer, when we can just inline the three and do one cast followed by three pointer assignments.
* Do not mix declarations and code.jsing2016-11-041-3/+7
|
* Rename the internal bio related functions so that they have a commonjsing2016-11-041-22/+22
| | | | prefix. Makes the code more readable and removes shadowing.
* Add X509_up_ref, from boringbeck2016-11-042-2/+11
| | | | ok jsing@
* convert RSA manuals from pod to mdocschwarze2016-11-0431-1223/+1919
|
* MALLOC_STATS tweaks, by default not compiled inotto2016-11-041-13/+29
|
* There's not much point in casting a void * to a specific type just beforejsing2016-11-041-4/+2
| | | | | | calling free(). ok beck@ ingo@
* new sentence, new line, and zap trailing whitespace;jmc2016-11-041-3/+4
|
* bump minor for ocsp_require_stapling additionbeck2016-11-041-1/+1
|
* Add ocsp_require_stapling config option for tls - allows a connectionbeck2016-11-047-12/+37
| | | | | | to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@
* small tweak to also check canaries if F is in effectotto2016-11-031-3/+5
|
* In ssl3_read_bytes(), do not process more than three consecutive TLSjsing2016-11-031-4/+24
| | | | | | | | records, otherwise a peer can potentially cause us to loop indefinately. Return with an SSL_ERROR_WANT_READ instead, so that the caller can choose when they want to handle further processing for this connection. ok beck@ miod@
* make OCSP_URL only show up when an OCSP url is actually present in the certbeck2016-11-031-2/+3
|
* Make OCSP Stapling: only appear if there is stapling info present.beck2016-11-031-5/+3
|
* convert RAND manuals from pod to mdocschwarze2016-11-0311-196/+204
|
* zap the overview manual page of the RAND subsystemschwarze2016-11-032-36/+1
| | | | | that contained nothing but duplicate and misleading information; OK jsing@
* convert PEM and PKCS manuals from pod to mdocschwarze2016-11-0327-1380/+2231
|
* Split ssl3_get_key_exchange() into separate functions for DHE/ECDHE.jsing2016-11-031-205/+256
| | | | ok beck@ (who was struggling to keep lunch down while reviewing the diff)
* Don't do OCSP validation when we have disabled certificate verificationbeck2016-11-032-5/+8
| | | | | or certificate validation. ok jsing@
* convert configuration manuals from pod to mdocschwarze2016-11-039-305/+340
|
* convert remaining ASN1 object manuals from pod to mdocschwarze2016-11-035-175/+299
|
* Only set an error from libssl related code, if an error has not alreadyjsing2016-11-032-7/+47
| | | | | | | | been set by libtls code. This avoids the situation where a libtls callback has set an error, only to have it replaced by a less useful libssl based error. ok beck@
* convert HMAC and MD5 manuals from pod to mdocschwarze2016-11-035-210/+393
|
* convert EVP manuals from pod to mdocschwarze2016-11-0349-2724/+4229
|
* Fix handshake failures:beck2016-11-031-20/+26
| | | | | split out internals of OCSP verification to allow callback to verify before TLS handshake is complete
* Clean up the TLS handshake digest handling - this refactors some of thejsing2016-11-032-30/+43
| | | | | | | | | | | | | | | | | | | code for improved readability, however it also address two issues. The first of these is a hard-to-hit double free that will occur if EVP_DigestInit_ex() fails. To avoid this and to be more robust, ensure that tls1_digest_cached_records() either completes successfully and sets up all of the necessary digests, or it cleans up and frees everything that was allocated. The second issue is that EVP_DigestUpdate() can fail - detect and handle this in tls1_finish_mac() and change the return type to an int so that a failure can be propagated to the caller (the callers still need to be fixed to handle this, in a later diff). The double-free was reported by Matthew Dillon. ok beck@ doug@ miod@
* bit more cleanup;jmc2016-11-021-9/+9
|
* fix shadow declaration of time in parameter list.beck2016-11-021-2/+2
| | | | ok jsing@
* Ensure handshake is complete before processing an ocsp response for a ctxbeck2016-11-021-0/+3
| | | | ok jsing@
* tweak previous;jmc2016-11-021-32/+26
|
* convert ERR manuals from pod to mdoc; while reading this,schwarze2016-11-0223-705/+963
| | | | i wtfed, laughed, puked, and cried in more or less that order...
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-27 13:12:28 +0000