summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* fix the same "an non" issue found by tb in EVP_EncryptInit.3;jmc2018-08-261-3/+3
|
* Check return value of EVP_CipherInit_ex()tb2018-08-261-6/+15
|
* Run Wycheproof AES-CBC-PKCS5 testvectors against libcrypto.tb2018-08-261-1/+189
|
* Remove some redundant info from log.Fatalftb2018-08-261-2/+2
|
* simplify returned valuetb2018-08-261-2/+2
|
* Some of the functions in this manual need <openssl/dsa.h>, otherstb2018-08-261-3/+45
| | | | | | | | | need <openssl/x509.h>. The functions {d2i,i2d}_DSA_params_{bio,fp}(3) were missing from the manual, so document them. The return values of the i2d_* functions are left undocumented, as these still need to be audited. ok schwarze (lots of input and help as usual)
* typo: an nonce -> a noncetb2018-08-261-3/+3
|
* Stop s_server if error occurs in regress appstest.shinoguchi2018-08-261-4/+13
|
* Also run DSA tests with the PEM encoded public key.tb2018-08-251-2/+22
|
* update usage for pkcs8;jmc2018-08-241-10/+9
| | | | ok tb
* tweak previous;jmc2018-08-241-3/+3
|
* crank majors after symbol addition/modification/removaltb2018-08-243-6/+6
|
* Adjust documentation for SSL_copy_session_id()tb2018-08-241-8/+7
| | | | ok jsing
* Let SSL_copy_session_id() return an int for error checking.tb2018-08-243-28/+31
| | | | | | | | | | Accordingly, add some error checking to SSL_copy_session_id(), BIO_ssl_copy_session_id(), and SSL_dup(). Prompted by OpenSSL commit 17dd65e6e1f Tested in a bulk build by sthen ok jsing
* Add const to EVP_PKCS82PKEY().tb2018-08-242-4/+4
| | | | | tested in a bulk by sthen ok jsing
* Add consts to EVP_PKEY_asn1_set_private()tb2018-08-248-16/+16
| | | | | | | | | Requires adding a const to the priv_decode() member of EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode() functions. All this is already documented this way. tested in a bulk build by sthen ok jsing
* After removing support for broken PKCS#8 formats (it was high time),tb2018-08-247-22/+19
| | | | | | | | we can add const to PKCS8_pkey_get0(). In order for this to work, we need to sprinkle a few consts here and there. tested in a bulk by sthen ok jsing
* The broken pkcs8 formats generated by openssl pkcs -{embed,nooct,nsdb}tb2018-08-241-22/+2
| | | | | | are no longer supported. Remove their documentation. ok jsing
* Stop handling broken PKCS#8 formats in openssl(1).tb2018-08-241-52/+2
| | | | ok jsing
* Remove EVP_PKEY2PKCS8_broken() and PKCS8_set_broken()tb2018-08-245-98/+46
| | | | | | | | | | | Provide PKCS8_pkey_add1_attr_by_NID() and PKCS8_pkey_get0_attrs(). Remove the whole broken code and simplify pkcs8_priv_key_info_st accordingly. Based on OpenSSL commit 54dbf42398e23349b59f258a3dd60387bbc5ba13 plus some const that was added later. tested in a bulk build by sthen ok jsing
* Document const change for OCSP_cert_to_id()tb2018-08-241-4/+4
| | | | ok jsing
* Add const to two arguments of OCSP_cert_to_id()tb2018-08-242-6/+7
| | | | | tested in a bulk by sthen ok jsing
* Provide X509_get0_serialNumber()tb2018-08-243-2/+10
| | | | | tested in a bulk by sthen ok jsing
* Turn a number of #defines into proper functions with prototypes matchingtb2018-08-245-18/+80
| | | | | | those that OpenSSL has had for ages. ok jsing
* Change PEM_Sign{Init,Update}() to return an int.tb2018-08-242-8/+8
| | | | | tested in a bulk by sthen ok jsing
* Check return value of EVP_EncodeUpdate() in PEM_write_bio().tb2018-08-241-2/+3
| | | | ok jsing
* Check return value of EVP_EncodeUpdate() in b64_write().tb2018-08-241-3/+4
| | | | ok jsing
* Convert EVP_EncodeUpdate() to return an int to allow for errortb2018-08-242-8/+10
| | | | | | | | | checking. Matches our documented behavior. Based on OpenSSL commit c5ebfcab713a82a1d46a51c8c2668c419425b387 tested in a bulk by sthen ok jsing
* Provide EVP_CIPHER_CTX_encrypting().tb2018-08-243-2/+10
| | | | | tested in a bulk by sthen ok jsing
* unifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE.jsing2018-08-242-26/+3
| | | | | | This code has been rotting since 2006. ok bcook@ tb@
* Document prototype change and return values for BIO_set_cipher()tb2018-08-241-3/+5
| | | | ok jsing
* Return an int in BIO_set_cipher() to be able to report errors.tb2018-08-242-13/+22
| | | | | tested in a bulk by sthen ok jsing
* In DSO_up_ref(), check return value of CRYPTO_add() and reporttb2018-08-241-3/+5
| | | | | | failure accordingly. ok jsing
* In ENGINE_up_ref(), check return value of CRYPTO_add() and reporttb2018-08-241-3/+5
| | | | | | failure accordingly. ok jsing
* Document new prototype and return values of X509_OBJECT_up_ref_count()tb2018-08-241-3/+6
| | | | ok jsing
* Make X509_OBJECT_up_ref_count return an int.tb2018-08-242-9/+7
| | | | | | | Based on OpenSSL commit c5ebfcab713a82a1d46a51c8c2668c419425b387 tested in a bulk by sthen ok jsing
* Update documentation of CRYPTO_mem_leaks*.tb2018-08-241-6/+12
| | | | ok jsing
* Let CRYPTO_mem_leaks{,_fp,_cb}() return -1.tb2018-08-242-12/+12
| | | | | | | | | These functions are no-ops. Their signature was changed by OpenSSL to allow error checking. This way we return an error and do not indicate the (non-)existence of memory leaks. tested in a bulk by sthen ok jsing
* Simplify session ticket parsing/handling.jsing2018-08-244-69/+46
| | | | | | | | | | | | The original implementation is rather crazy and means that we effectively have two lots of code that parse a ClientHello and two lots of code that parse TLS extensions. Partially simplify this by passing a CBS containing the extension block through to the session handling functions, removing the need to reimplement the ClientHello parsing. While here standarise on naming for session_id and session_id_len. ok inoguchi@ tb@
* Pull up the parsing of a ClientHello.jsing2018-08-241-20/+20
| | | | | | | | | Parse up until the extensions (if any), then proceed with processing, rather than gradually parsing while processing. This makes the code cleaner, requires messages to be valid before processing and makes way for upcoming changes. ok inoguchi@ tb@
* Add my copyright.tb2018-08-241-1/+2
| | | | Discussed with jsing
* Remove DSA from TODO list and add RSA-PSS back.tb2018-08-241-2/+2
|
* Also test DSA with the DER encoded key. Lots of help from jsing, thanks!tb2018-08-241-1/+27
|
* Clean up handshake message start/finish functions.jsing2018-08-246-76/+38
| | | | | | | | Now that all handshake messages are created using CBB, remove the non-CBB ssl3_handshake_msg_start()/ssl3_handshake_msg_finish() functions. Rename the CBB variants by dropping the _cbb suffix. ok bcook@ inoguchi@ tb@
* Run our DSA against wycheproof test vectors.tb2018-08-231-1/+129
|
* Add license header.inoguchi2018-08-231-0/+17
|
* Check reusing SSL/TLS session ticket by regression testinoguchi2018-08-231-8/+38
| | | | | | | | | - Added checking for session ticket reusing with using openssl(1) s_server and s_client command in appstest.sh - Confirm certificate verification status. - Save s_server message to log file. ok tb@ and jsing@
* Use a monotonic clock for the benchmark timeout.cheloha2018-08-221-24/+9
| | | | | | | | While here, we don't need the app_timer_* wrapper function, it only obfuscates things, so delete it. Also while here, totalTime only needs to be assigned once. ok tb@
* Correct session ticket encryption.jsing2018-08-221-4/+11
| | | | | | | | | | The CBB conversion resulted in the ticket encryption being handled incorrectly, resulting in only the last block being used. Fix this and restore the previous behaviour. Issue found by inoguchi@ and sebastia@. ok inoguchi@ and tb@
* fix return valuetb2018-08-211-3/+3
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 00:23:26 +0000