summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* link in rsa testbeck2017-01-251-1/+2
|
* Add rsa test from openssl, since it has a license nowbeck2017-01-252-0/+344
|
* Change the SSL_IS_DTLS() macro to check the version, rather than using ajsing2017-01-252-7/+4
| | | | | | | flag in the encryption methods. We can do this since there is currently only one DTLS version. This makes upcoming changes easier. ok beck@
* Construct a BN_gcd_nonct, based on BN_mod_inverse_no_branch, as suggestedbeck2017-01-256-10/+170
| | | | | | | | | | | by Alejandro Cabrera <aldaya@gmail.com> to avoid the possibility of a sidechannel timing attack during RSA private key generation. Modify BN_gcd to become not visible under LIBRESSL_INTERNAL and force the use of the _ct or _nonct versions of the function only within the library. ok jsing@
* Provide ssl3_packet_read() and ssl3_packet_extend() functions that improvejsing2017-01-253-35/+59
| | | | | | | the awkward API provided by ssl3_read_n(). Call these when we need to read or extend a packet. ok beck@
* Provide defines for SSL_CTRL_SET_CURVES/SSL_CTRL_SET_CURVES_LIST for thingsjsing2017-01-251-1/+15
| | | | | | | | that are conditioning on these. From BoringSSL. ok beck@
* fix make clean and warningsotto2017-01-242-1/+3
|
* make sure realloc preserves dataotto2017-01-241-17/+45
|
* use ${.OBJDIR}otto2017-01-241-8/+8
|
* BUF_MEM_free(), X509_STORE_free() and X509_VERIFY_PARAM_free() all checkjsing2017-01-242-18/+10
| | | | for NULL, as does lh_free() - do not do the same from the caller.
* sk_free() checks for NULL so do not bother doing it from the callers.jsing2017-01-244-10/+9
|
* sk_pop_free() checks for NULL so do not bother doing it from the callers.jsing2017-01-247-50/+31
|
* Within libssl a SSL_CTX * is referred to as a ctx - fix this forjsing2017-01-241-29/+29
| | | | SSL_CTX_free().
* correct usage format; ok beck claudio bennoderaadt2017-01-241-2/+3
|
* in resolver(3), document that _EDNS0 and _DNSSEC are no ops;jmc2017-01-241-6/+17
| | | | | | | diff from kirill miazine while here, bump all the no op texts to one standard blurb; help/ok jca
* fix mode on open() and ftruncate(), noticed bybeck2017-01-241-2/+4
| | | | bcook@
* #if 0 the ecformats_list and eccurves_list - these are currently unused butjsing2017-01-241-2/+5
| | | | will be revisited at some point in the near future.
* Remove unused cert variable.jsing2017-01-241-3/+1
| | | | Found by bcook@
* Say no to two line error messages on failurebeck2017-01-241-4/+3
|
* s/returns/exits/beck2017-01-241-2/+2
|
* Break run-on sentence into two.beck2017-01-241-3/+4
|
* string terminator is called a NULderaadt2017-01-242-5/+5
|
* Actually load the cafile when providede, and error message cleanupbeck2017-01-241-4/+4
|
* use warn, I have errno here. noticed by theobeck2017-01-241-1/+1
|
* Yes the "if (const == val" idiom provides some safety, but it grates onderaadt2017-01-241-58/+58
| | | | | us too much. ok beck jsing
* knfbeck2017-01-241-1/+2
|
* revert accidental commit of theo diffbeck2017-01-241-58/+58
|
* Just don't bother with OpenSSL error strings, they are mostlybeck2017-01-242-77/+71
| | | | irrelevant and look gross here anyway.. we don't need them
* various cleanup;jmc2017-01-242-29/+28
|
* Bump libssl and libtls minors due to symbol additions.jsing2017-01-242-2/+2
|
* slight cleanupsderaadt2017-01-241-4/+3
|
* Add a -groups option to openssl s_client, which allows supported EC curvesjsing2017-01-241-7/+17
| | | | | | to be specified as a colon separated list. ok beck@
* Update client tests for changes in default EC formats/curves.jsing2017-01-241-52/+31
|
* Add support for setting the supported EC curves viajsing2017-01-247-26/+197
| | | | | | | | | | | | | SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names. This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself. Inspired by parts of BoringSSL and OpenSSL. ok beck@
* s/exit/exist/ typobeck2017-01-241-2/+2
|
* New ocspcheck utility to validate a certificate against its ocsp responderbeck2017-01-245-0/+1634
| | | | | | and save the reply for stapling ok deraadt@ jsing@
* Correct bounds checks used when generating the EC curves extension.jsing2017-01-241-3/+3
| | | | ok beck@
* accross -> across;jmc2017-01-241-2/+2
|
* Use prime256v1 for tests unless otherwise specified.jsing2017-01-241-4/+0
|
* Fix typo in brainpool curve name within a comment.jsing2017-01-241-2/+2
|
* There is no point returning then breaking...jsing2017-01-241-2/+1
|
* unifdef OPENSSL_NO_BIO - we do not support this in any form.jsing2017-01-241-15/+1
| | | | ok beck@
* Introduce ticket support. To enable them it is enough to set a positiveclaudio2017-01-246-14/+251
| | | | | | | | | | | | | | | | | | | | lifetime with tls_config_set_session_lifetime(). This enables tickets and uses an internal automatic rekeying mode for the ticket keys. If multiple processes are involved the following functions can be used to make tickets work accross all instances: - tls_config_set_session_id() sets the session identifier - tls_config_add_ticket_key() adds an encryption and authentication key For now only the last 4 keys added will be used (unless they are too old). If tls_config_add_ticket_key() is used the caller must ensure to add new keys regularly. It is best to do this 4 times per session lifetime (which is also the ticket key lifetime). Since tickets break PFS it is best to minimize the session lifetime according to needs. With a lot of help, input and OK beck@, jsing@
* ssl_cert_free() checks for NULL itself.jsing2017-01-241-10/+5
|
* Remove a "free up if allocated" comment that exists before code that freesjsing2017-01-241-2/+1
| | | | | | things if they are allocated. ok captainobvious@
* sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same fromjsing2017-01-244-27/+16
| | | | the callers.
* ssl_sess_cert_free() checks for NULL, so do not bother doing it at thejsing2017-01-242-6/+8
| | | | call sites.
* There is no point in zeroing fields that exist within a struct that isjsing2017-01-241-3/+1
| | | | about to be explicit_bzero'd and freed.
* Add missing documentation for tls_config_set_verify_depthclaudio2017-01-241-1/+5
| | | | Done together with jsing@
* Shuffle the deck chairs to bring them back in order.claudio2017-01-241-9/+9
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 00:47:19 +0000