summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* convert ERR manuals from pod to mdoc; while reading this,schwarze2016-11-0223-705/+963
| | | | i wtfed, laughed, puked, and cried in more or less that order...
* bump minor for ocsp api additionsbeck2016-11-021-1/+1
|
* Add OCSP client side support to libtls.beck2016-11-028-9/+641
| | | | | | | | | | | | | - Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@
* convert DSA and EC manuals from pod to mdocschwarze2016-11-0233-1241/+2658
|
* Expand LHASH_OF, IMPLEMENT_LHASH_DOALL_ARG_FN and LHASH_DOALL_ARG_FNjsing2016-11-022-7/+13
| | | | macros. Only change in generated assembly is due to line numbering.
* Expand another LHASH_OF macro.jsing2016-11-021-2/+2
|
* Expand DECLARE_LHASH_OF and LHASH_OF macros.jsing2016-11-021-3/+5
|
* Expand DECLARE_PEM_rw macro.jsing2016-11-021-2/+7
|
* Expand IMPLEMENT_LHASH_COMP_FN/IMPLEMENT_LHASH_HASH_FN macros - the onlyjsing2016-11-021-5/+17
| | | | change to generated assembly results from a difference in line numbers.
* Wrap some >80 char lines.jsing2016-11-021-9/+9
|
* convert DES and DH manuals from pod to mdocschwarze2016-11-0215-715/+1244
|
* remove some old option letters and also make P non-settable. It hasotto2016-10-311-24/+6
| | | | | been the default for ages, and I see no valid reason to be able to disable it. ok natano@
* bump to LibreSSL 2.5.1bcook2016-10-311-3/+3
|
* Pages in the malloc cache are either reused quickly or unmappedotto2016-10-281-14/+1
| | | | | | quickly. In both cases it does not make sense to set hints on them. So remove that option, which is just a remainder of old times when malloc used to hold on to pages. ok stefan@
* $OpenBSD$tb2016-10-223-0/+3
|
* - fix MALLOC_STATS compileotto2016-10-221-3/+6
| | | | - redundant cast is redundant
* fix some void * arithmetic by castingotto2016-10-211-4/+4
|
* and recommit with fixed GCotto2016-10-211-103/+112
|
* backout for now; flag combination GC is not okotto2016-10-201-110/+103
|
* avoid sentence splicing;jmc2016-10-201-2/+2
|
* canary corruption message changed a bitotto2016-10-201-5/+5
|
* Also place canaries in > page sized objects (if C is in effect); ok tb@otto2016-10-201-103/+110
|
* unifdef OPENSSL_NO_CMSjsing2016-10-198-123/+8
|
* Update client hello messages to follow the removal of fixed ECDH.jsing2016-10-191-89/+65
|
* Remove support for fixed ECDH cipher suites - these is not widely supportedjsing2016-10-197-466/+42
| | | | | | | | | and more importantly they do not provide PFS (if you want to use ECDH, use ECDHE instead). With input from guenther@. ok deraadt@ guenther@
* Remove the save_errno dance inside strerror_r(3). It is from thebluhm2016-10-191-5/+3
| | | | | time when we had national language support. OK millert@
* If BN_div_word() fails (by returning (BN_ULONG)-1) or if the divisionguenther2016-10-171-4/+8
| | | | | | | | | | fails to reduce the input in the expected space then fail out instead of overflowing the allocated buffer. combines openssl commits 28a89639da50b1caed4ff3015508f23173bf3e49 and 3612ff6fcec0e3d1f2a598135fe12177c0419582 ok doug@ beck@
* Move libcrypto, librpcsvc and gnu/usr.bin/cc/include from RDIRS to PRDIRS,tb2016-10-161-2/+4
| | | | | | | | | | | | | | and add prereq targets, so some header files are generated by BUILDUSER during 'make prereq' instead of by root during 'make includes'. Switch the order of 'make cleandir' and 'make includes' during 'make build' so we don't generate many files twice. Except for some machine@ symlinks from ${MACHINE}/stand, /usr/obj is now clean from files generated by root during 'make build'. Those will be cleaned up in a second step. help, testing & ok deraadt, input from natano, further testing rpe
* Roll back uintptr_t cast changes after discussions with tedu, otto anddtucker2016-10-163-24/+7
| | | | | | | | | | | | | others. C11 6.5.6.9 says: When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. In these cases the objects are arrays of char so the result is defined, and we believe that the report is based on a compiler incorrectly trapping on defined behaviour.
* Wrap _malloc_init() so internal calls go directlyguenther2016-10-152-2/+6
| | | | | prodded by otto@ ok kettenis@ otto@
* Cast pointers to uintptr_t to avoid potential signedness errors.dtucker2016-10-143-7/+24
| | | | | Based on patch from yuanjie.huang at windriver.com via OpenSSH bz#2608, with & ok millert, ok deraadt.
* 0xd0 -> 0xdb; ok deraadt@ millert@ tedu@otto2016-10-141-3/+3
|
* optimize canary code a bit by storing offset of sizes table instead ofotto2016-10-121-5/+7
| | | | recomputing it all the time
* make clear the length printed is the requested lengthotto2016-10-081-3/+3
|
* grammar fix previous;jmc2016-10-071-2/+2
|
* document "chunk canary corrupted" errorotto2016-10-071-2/+7
|
* stray tabotto2016-10-071-2/+2
|
* Beter implementation of chunk canaries: store size in chunk meta dataotto2016-10-071-61/+63
| | | | instead of chunk itself; does not change actual allocated size; ok tedu@
* typonaddy2016-10-061-3/+3
|
* Fix some broken .Xr links, loosely based on a diffschwarze2016-10-051-13/+12
| | | | | | | | from Rob Pierce <rob at 2keys dot ca>. The content of this page may also need expert attention, i suspect it may be lacking modern algorithms and over-emphasizing obsolete ones, but i dare not touch the content.
* use the same type for buf as the return type in tls_load_filebcook2016-10-031-2/+3
| | | | ok tedu@, noted by kinichiro
* Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate()guenther2016-10-021-5/+11
| | | | | based on openssl commit a5184a6c89ff954261e73d1e8691ab73b9b4b2d4 ok bcook@
* Detect zero-length encrypted session data early, instead of when malloc(0)guenther2016-10-021-2/+2
| | | | | | | fails or the HMAC check fails. Noted independently by jsing@ and Kurt Cancemi (kurt (at) x64architecture.com) ok bcook@
* In X509_cmp_time(), pass asn1_time_parse() the tag of the field beingguenther2016-10-021-2/+3
| | | | | | | | | parsed so that a malformed GeneralizedTime field is recognized as an error instead of potentially being interpreted as if it was a valid UTCTime. Reported by Theofilos Petsios (theofilos (at) cs.columbia.edu) ok beck@ tedu@ jsing@
* Append to CLEANFILES instead of replacing it, so libcrypto.pc isnatano2016-09-231-2/+2
| | | | | | deleted on make clean. ok millert
* trim STANDARDS; ok jsinglibressl-v2.5.0jmc2016-09-221-13/+1
|
* some minor cleanup;jmc2016-09-221-47/+17
|
* shorten x509;jmc2016-09-221-755/+414
|
* Improve on code from the previous commit.jsing2016-09-221-7/+5
| | | | ok bcook@
* Avoid unbounded memory growth, which can be triggered by a clientjsing2016-09-221-9/+20
| | | | | | repeatedly renegotiating and sending OCSP Status Request TLS extensions. Fix based on OpenSSL.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 15:10:43 +0000