summaryrefslogtreecommitdiffstats
path: root/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix rsa key output formatinoguchi2019-11-201-5/+12
| | | | | | This fixes openssl(1) rsa -text output format ok tb@
* Sync documentation fixes from upstream:djm2019-11-1928-660/+39
| | | | | | | | | | | commit 99c4cb00b50b846e4ba2492f67d44171de8c7066 Author: pedro martelletto <pedro@yubico.com> Date: Mon Nov 18 16:55:37 2019 +0100 documentation fixes ensure man pages are named after existing functions; pointed out by Jason McIntyre <jmc@openbsd.org>; thanks!
* Add prototypes for the functions that update application secretsbeck2019-11-181-1/+3
| | | | so that the regress tests will work for them
* Provide a clean interface for sending TLSv1.3 alerts.jsing2019-11-182-5/+17
| | | | ok beck@
* Change tls13_record_layer_phh() to take a CBS as this avoids ownershipjsing2019-11-172-8/+6
| | | | | | issues and makes call sites cleaner. ok beck@
* Correct update of application traffic secrets to use an empty contextbeck2019-11-171-3/+7
| | | | | | rather than the hash of an empty context ok jsing@
* Bring back the ssl_shutdown internal method pointer.jsing2019-11-173-4/+21
| | | | | | | For now ssl3_shutdown() is called in all cases, however TLSv1.3 will soon get its own version. ok beck@
* Add a reference for the non-standard post-handshake handshake (PHH).tb2019-11-171-2/+2
| | | | ok beck, jsing
* Ensure that we are never operating in plaintext mode once the handshakejsing2019-11-171-1/+7
| | | | | | is complete, which should never occur. ok beck@
* Provide framework for sending alerts and post-handshake handshake messages.jsing2019-11-172-15/+174
| | | | | | Discussed at length with beck@ ok beck@ tb@
* indent with a tab instead of 8 spacestb2019-11-171-2/+2
|
* Move the TLSv1.3 server message handling stubs.jsing2019-11-172-125/+125
|
* Add the initial framework for the TLSv1.3 server.jsing2019-11-173-3/+84
| | | | ok beck@
* tls13_connect() should be static.jsing2019-11-171-2/+2
|
* Fix backoff to legacy when in client auth mode.beck2019-11-171-2/+2
| | | | ok jsing@
* Drop back to the legacy tls method if we are doing client authenticaitonbeck2019-11-171-1/+7
| | | | | | from a tls 1.3 connection, for now. ok jsing@
* Separate the callbacks for recieved and completed post handshake messagesbeck2019-11-173-10/+22
| | | | | | from the record layer ok jsing@
* Allow 1.3 ciphers in libtls.beck2019-11-161-2/+2
| | | | ok jsing@
* Revert previous deduplication diff, I broke portable in a strange way.beck2019-11-161-47/+58
| | | | | I'll figure it out a bit later. Found and diagnosed by inoguchi@
* Allow portable to override the default CA bundle locationbeck2019-11-162-3/+7
| | | | ok kinichiro@ jsing@
* Deduplicate some extension processing code.beck2019-11-151-58/+47
| | | | ok tb@ inoguchi@
* Fix a segmentation fault in ncurses.fcambus2019-11-151-6/+6
| | | | | | | | | | | | | | | | This is a backported patch [1] from ncurses-5.7-20100501. It takes begx and begy values into account when calculating lengths, in order to avoid writing data past the end of the buffer when calling memset in wredrawln(). From upstream NEWS file: 20100501 + correct limit-check in wredrawln, accounting for begy/begx values (patch by David Benjamin). [1] https://lists.gnu.org/archive/html/bug-ncurses/2010-04/msg00017.html OK nicm@
* our older gcc requires forced -std=c99deraadt2019-11-152-4/+4
|
* LDADD for libcbor and libusbhiddjm2019-11-141-1/+4
|
* extra whitespacederaadt2019-11-142-2/+0
|
* add libcbor and libfido2djm2019-11-141-3/+3
|
* import libfido2 (git HEAD). This library allows communication withdjm2019-11-1470-0/+14154
| | | | | | U2F/FIDO2 devices over USB. feedback and "start the churn" deraadt@
* Add libcbor; an implementation of the Concise Binary Objectdjm2019-11-1447-0/+5933
| | | | | | | | | Representation (CBOR) encoding format defined in RFC7049. This is a dependency of libfido2, that we'll use for U2F/FIDO support in OpenSSH. feedback and "Looks good enough to me" deraadt@
* Add missing cross-reference to NOTES section.millert2019-11-141-3/+3
| | | | OK kn@ tb@
* Now that libc.so has only five PLT entries on almost all our archs,guenther2019-11-121-2/+2
| | | | | | link it with -znow ok kettenis@ deraadt@ jca@
* Mark as 'protected' all the routines from the quad/ and softfloat/ subdirs,guenther2019-11-1025-161/+170
| | | | | | | | | as well as those in arch/arm/gen/divsi3.S. This cleans up the PLTs on the 32bit archs. luna88k testing by aoyama@ "looks good" kettenis@, testing and ok deraadt@
* MPLSCTL_MAXINKLOOP (net.mpls.maxloop_inkernel) was removed. Adjust manpage.claudio2019-11-051-8/+3
|
* Allow ip addresses as argument to SSL_set1_host() but be careful to nototto2019-11-041-2/+14
| | | | poison the context. ok and help jsing@ tb@
* Reshuffle RSA_PSS_PARAMS and RSA_OAEP_PARAMS to avoid duplicate typedef.jsing2019-11-041-21/+19
| | | | | | Issue spotted by bcook@ ok bcook@ inoguchi@
* Sort standard_methods by pkey_id.inoguchi2019-11-021-4/+4
| | | | ok jsing@
* CMS didn't make the 6.6 release: adjust the text in the HISTORY sectionsschwarze2019-11-0223-69/+69
|
* .Xr CMS_ContentInfo_new 3schwarze2019-11-021-2/+3
|
* .Xr BIO_new_CMS 3schwarze2019-11-021-2/+3
|
* document PEM_read_CMS(3), PEM_read_bio_CMS(3), PEM_write_CMS(3), andschwarze2019-11-021-3/+46
| | | | PEM_write_bio_CMS(3) which jsing@ just enabled in Symbols.list rev. 1.91
* In Symbols.list rev. 1.91, jsing enabled many CMS functions.schwarze2019-11-021-1/+24
| | | | Install the new manual pages documenting the majority of them.
* Bring back some icky buffer allocation code so that pkey_rsa_print()jsing2019-11-021-9/+41
| | | | | | works again with the horrific API that is ASN1_bn_print(). Issue spotted by inoguchi@
* Bump libcrypto, libssl and libtls minors due to symbol additions.jsing2019-11-023-3/+3
|
* Provide RSA_PKCS1_OpenSSL().jsing2019-11-023-3/+10
| | | | Prompted by inoguchi@
* Make RSA_padding_{add,check}_PKCS1_OAEP_mgf1() public.jsing2019-11-023-9/+10
|
* Make RSA_OAEP_PARAMs public.jsing2019-11-023-17/+22
|
* Document tls_conn_cipher_strength().jsing2019-11-021-2/+14
| | | | ok schwarze@
* Enable CMS in LibreSSL.jsing2019-11-023-2/+135
| | | | ok bcook@ deraadt@ inoguchi@ job@ tb@
* Provide tls_conn_cipher_strength().jsing2019-11-024-3/+15
| | | | | | | | | This returns the strength in bits of the symmetric cipher used for the connection. Diff from gilles@ ok tb@
* In evp/pmeth_lib.c rev. 1.16, jsing@ enabled EVP_PKEY_RSA_PSS.schwarze2019-11-011-3/+5
| | | | Document it.
* In rsa.h rev. 1.45, jsing@ providedschwarze2019-11-011-8/+16
| | | | | | the three macro constants RSA_PSS_SALTLEN_*; document them. The wording is a combination of our existing text and the wording in the OpenSSL 1.1.1 branch, which is still under a free license.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.