summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* rephrase more enumerations of functionsotto2017-03-291-13/+10
|
* tweak previous;jmc2017-03-291-3/+5
|
* Fix typo in function name;schwarze2017-03-281-4/+5
| | | | | from Markus Triska <triska at metalevel dot at> via OpenSSL commit 1f164c6f.
* After i wrote SSL_renegotiate(3) from scratch, OpenSSL alsoschwarze2017-03-281-12/+109
| | | | | | | documented the function. Merge the more detailed descriptions and the additional documentation of SSL_renegotiate_abbreviated(3) and SSL_renegotiate_pending(3). From Matt Caswell, OpenSSL commit 39820637.
* small cleanup & optimization; ok deraadt@ millert@otto2017-03-281-2/+5
|
* repair knf & whitespace that jumped out of the screen during reviewderaadt2017-03-271-23/+18
| | | | ok beck
* use a path of "/" if the URL does not include a trailing / - sincebeck2017-03-271-2/+5
| | | | | | the web server probably doesn't like it, even though you published the url without the trailing / in the certificate. (hello digicert!) ok claudio@
* Fail early if an ocep server returns a non-200 http response, there is nobeck2017-03-271-1/+4
| | | | point in trying to parse error pages as an ocsp response.
* reinstate the capitalisation from previous, as advised by schwarze;jmc2017-03-271-3/+3
|
* recallocarray() for data buffer from the net.deraadt2017-03-261-3/+5
| | | | ok beck
* tweak previous;jmc2017-03-263-9/+9
|
* Stop enumeration all allocation functions, just say "allocation functions"libressl-v2.5.2otto2017-03-261-32/+13
| | | | ok jmc@ deraadt@
* merge new UI documentation from OpenSSLschwarze2017-03-265-13/+651
|
* document X509_Digest(3) and friends;schwarze2017-03-252-1/+135
| | | | from Rich Salz <rsalz@openssl.org>, OpenSSL commit 3e5d9da5 etc.
* document the public function X509_cmp_time(3);schwarze2017-03-252-1/+88
| | | | | from Emilia Kasper <emilia@openssl.org>, OpenSSL commit 80770da3, tweaked by me
* correct RETURN VALUES;schwarze2017-03-251-7/+13
| | | | from Richard Levitte <levitte@openssl.org>, OpenSSL commit cdd6c8c5
* fix two more prototypes;schwarze2017-03-251-5/+5
| | | | from Matt Caswell <matt@openssl.org>, OpenSSL commit b41f6b64
* correct prototypes;schwarze2017-03-251-5/+5
| | | | from Matt Caswell <matt@openssl.org>, OpenSSL commit b41f6b64
* complete description of RETURN VALUES;schwarze2017-03-251-6/+8
| | | | from Alexander Koeppe via OpenSSL commit bb6c5e7f
* minimal stub-quality documentation of EVP_MD_CTX_ctrl(3);schwarze2017-03-251-3/+17
| | | | from Todd Short <tshort@akamai.com> via OpenSSL commit 52ad5b60
* OpenSSL documented the public function BIO_printf(3) (and friends)schwarze2017-03-253-3/+91
| | | | | in commit 2ca2e917. Document it here, too, but do not use their text. Be more concise and more precise at the same time.
* document ASN1_tag2str(3); from OpenSSL commit 9e183d22schwarze2017-03-251-4/+14
|
* Update RFC reference for TLSEXT_TYPE_padding.jsing2017-03-251-5/+2
|
* Check tls1_PRF() return value in tls1_generate_master_secret().jsing2017-03-251-4/+4
|
* Update regress to match changes to tls1_PRF().jsing2017-03-251-10/+10
|
* More cleanup for tls1_PRF()/tls1_P_hash() - change the argument order ofjsing2017-03-251-46/+50
| | | | | | | tls1_PRF() so that it matches tls1_P_hash(), use more explicit argument names and change lengths to size_t. ok inoguchi@
* add a helper function to print all pools #ifdef MALLOC_STATSotto2017-03-241-1/+16
| | | | from David CARLIER
* document new recallocarray diagnostic; zap a few diagnostics that shouldotto2017-03-241-8/+9
| | | | never occur
* move recallocarray to malloc.c andotto2017-03-242-19/+207
| | | | | | | - use internal meta-data to do more consistency checking (especially with option C) - use cheap free if possible ok deraadt@
* Fewer magic numbers.jsing2017-03-181-3/+3
|
* t1_enc.cjsing2017-03-181-3/+2
|
* Update regress and remove temporary buffer to match changes in tls_PRF().jsing2017-03-181-8/+4
|
* Currently tls1_PRF() requires that a temporary buffer be provided, thatjsing2017-03-181-50/+32
| | | | | | | | | | | | | | matches the size of the output buffer. This is used in the case where there are multiple hashes - tls_P_hash() is called with the temporary buffer and the result is then xored into the output buffer. Avoid this by simply using a local buffer in tls_P_hash() and then xoring the result into the output buffer. Overall this makes the code cleaner and simplifies all of the tls_PRF() callers. Similar to BoringSSL. ok inoguchi@
* remove unneccessary macro;jmc2017-03-171-2/+2
|
* Strengthen description of recallocarray(3) behaviour, hoping that readersderaadt2017-03-171-5/+10
| | | | | make the behaviour -> use case connection. help from jmc and jsing
* Convert BUF_MEM_grow() and BUF_MEM_grow_clean() to recallocarray(),jsing2017-03-161-13/+3
| | | | | | | | | | ensuring that the buffer contents are zeroed on allocation and not leaked when resizing. It is worth noting that BUF_MEM_grow_clean() already did this manually by avoiding realloc(). ok beck@ inoguchi@
* Use calloc() instead of malloc() followed by manually zeroing fields.jsing2017-03-161-6/+3
| | | | ok beck@ inoguchi@
* copy /etc/services in test directoryeric2017-03-141-1/+2
|
* refresh the test infrastructure a bit.eric2017-03-103-90/+93
|
* Remove the handshake digests and related code, replacing remaining usesjsing2017-03-107-166/+45
| | | | | | | with the handshake hash. For now tls1_digest_cached_records() is retained to release the handshake buffer. ok beck@ inoguchi@
* Switch CBB to use recallocarray() - this ensures that we do not leakjsing2017-03-101-2/+2
| | | | | | secrets via realloc(). ok inoguchi@
* First pass at cleaning up the tls1_P_hash() function - remove a pointlessjsing2017-03-101-20/+19
| | | | | | | EVP_DigestSignInit() call and avoid the need for ctx_tmp by reordering the code slightly. ok inoguchi@
* Add a unit test for tls1_PRF().jsing2017-03-102-1/+257
|
* Make tls1_PRF() non-static so it can be regress tested.jsing2017-03-101-2/+7
|
* The netcat server did not print the correct TLS error message ifbluhm2017-03-091-2/+2
| | | | | | the handshake after accept had failed. Use the context of the accepted TLS connection. OK beck@
* remove bogus variable expansioneric2017-03-092-4/+4
|
* missing includeeric2017-03-091-1/+2
|
* Correctly handle TLS PRF with MD5+SHA1 - the secret has to be partitionedjsing2017-03-071-5/+26
| | | | | | and each hash processed separately. Tested by tb@
* Add a test that covers a libtls client talking to a Go TLS server withjsing2017-03-071-5/+107
| | | | | varying minimum and maximum protocol versions. This gives us protocol version test coverage against an independent TLS stack.
* Allow ciphers to be set on the TLS config.jsing2017-03-071-0/+10
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-27 20:31:15 +0000