aboutsummaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* Fix declarations and constification for inline stack.Dr. Stephen Henson2016-01-073-5/+7
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Change STACK_OF to use inline functions.Dr. Stephen Henson2016-01-071-2057/+100
| | | | | | | Change DECLARE_STACK_OF into inline functions. This avoids the need for auto generated mkstack.pl macros and now handles const properly. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove more (rest?) of FIPS build stuff.Rich Salz2016-01-061-4/+0
| | | | Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* DANE support structures, constructructors and accessorsViktor Dukhovni2016-01-054-0/+218
| | | | | | | | | Also tweak some of the code in demos/bio, to enable interactive testing of BIO_s_accept's use of SSL_dup. Changed the sconnect client to authenticate the server, which now exercises the new SSL_set1_host() function. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix X509_STORE_CTX_cleanup()Viktor Dukhovni2016-01-031-1/+1
| | | | Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* X509_verify_cert() cleanupViktor Dukhovni2016-01-032-2/+3
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Instead of a local hack, implement SIZE_MAX in numbers.h if it's missingRichard Levitte2016-01-021-0/+4
| | | | Reviewed-by: Stephen Henson <steve@openssl.org>
* Protocol version selection and negotiation rewriteViktor Dukhovni2016-01-021-5/+3
| | | | | | | | | | | | | | | | | | | The protocol selection code is now consolidated in a few consecutive short functions in a single file and is table driven. Protocol-specific constraints that influence negotiation are moved into the flags field of the method structure. The same protocol version constraints are now applied in all code paths. It is now much easier to add new protocol versions without reworking the protocol selection logic. In the presence of "holes" in the list of enabled client protocols we no longer select client protocols below the hole based on a subset of the constraints and then fail shortly after when it is found that these don't meet the remaining constraints (suiteb, FIPS, security level, ...). Ideally, with the new min/max controls users will be less likely to create "holes" in the first place. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Add support for minimum and maximum protocol versionKurt Roeckx2016-01-022-0/+14
| | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Remove the #ifndef OPENSSL_SYS_VMS around SSL_add_dir_cert_subjects_to_stackRichard Levitte2015-12-301-2/+0
| | | | | | It served a purpose, but not any more. Reviewed-by: Stephen Henson <steve@openssl.org>
* Fix no-engine.Ben Laurie2015-12-291-1/+1
| | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Server side EVP_PKEY DH supportDr. Stephen Henson2015-12-231-1/+1
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Always generate DH keys for ephemeral DH cipher suites.Dr. Stephen Henson2015-12-231-2/+2
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* redundant redeclaration of 'OPENSSL_strlcpy'Roumen Petrov2015-12-231-1/+0
| | | | | | | Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #1523
* __STDC_VERSION__ is not defined for c89 compilersRoumen Petrov2015-12-231-2/+4
| | | | | | | Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #1522
* Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER and SSL_OP_TLS_D5_BUG support.Kurt Roeckx2015-12-231-2/+2
| | | | | | | | | Suggested by David Benjamin Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org> MR: #1520
* Add ossl_inlineDr. Stephen Henson2015-12-222-40/+70
| | | | | | | Add macro ossl_inline for use in public headers where a portable inline is required. Change existing inline to use ossl_inline Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* remove unused error codeDr. Stephen Henson2015-12-221-1/+0
| | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* make errorsDr. Stephen Henson2015-12-221-1/+10
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* SSL library configuration module.Dr. Stephen Henson2015-12-221-0/+4
| | | | | | | | This adds support for SSL/TLS configuration using configuration modules. Sets of command value pairs are store and can be replayed through an SSL_CTX or SSL structure using SSL_CTX_config or SSL_config. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Cleanup CRYPTO_{push,pop}_infoRich Salz2015-12-221-5/+6
| | | | | | | | Rename to OPENSSL_mem_debug_{push,pop}. Remove simple calls; keep only calls used in recursive functions. Ensure we always push, to simplify so that we can always pop Reviewed-by: Richard Levitte <levitte@openssl.org>
* Rename *_realloc_clean to *_clear_reallocRich Salz2015-12-221-3/+3
| | | | | | | Just like *_clear_free routines. Previously undocumented, used a half-dozen times within OpenSSL source. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove the "eay" c-file-style indicatorsRichard Levitte2015-12-187-7/+7
| | | | | | | Since we don't use the eay style any more, there's no point tryint to tell emacs to use it. Reviewed-by: Matt Caswell <matt@openssl.org>
* Modify the lower level memory allocation routines to take size_tRichard Levitte2015-12-171-16/+16
| | | | | | We've been using int for the size for a long time, it's about time... Reviewed-by: Rich Salz <rsalz@openssl.org>
* mem-cleanup, cont'd.Rich Salz2015-12-161-3/+0
| | | | | | | Remove LEVITTE_DEBUG_MEM. Remove {OPENSSL,CRYPTO}_remalloc. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Rename some BUF_xxx to OPENSSL_xxxRich Salz2015-12-162-26/+31
| | | | | | | | | Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} Add #define's for the old names. Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Constify EC_KEY in ECDH_compute_key.Dr. Stephen Henson2015-12-161-4/+5
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove SSL_OP_SINGLE_ECDH_USE code.Dr. Stephen Henson2015-12-161-2/+2
| | | | | | | Since auto ecdh is now always used SSL_OP_SINGLE_ECDH_USE is redundant. Simplify associated code. Reviewed-by: Richard Levitte <levitte@openssl.org>
* New EC functions.Dr. Stephen Henson2015-12-161-0/+37
| | | | | | | | | | New functions EC_POINT_point2buf and EC_KEY_key2buf which encode a point and allocate a buffer in one call. New function EC_KEY_oct2key() which sets public key in an EC_KEY structure from an encoded point. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove GMP engine.Rich Salz2015-12-151-3/+0
| | | | Reviewed-by: Ben Laurie <ben@openssl.org>
* New function X509_get0_pubkeyDr. Stephen Henson2015-12-141-1/+3
| | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Add EVP_PKEY_get0_* functions.Dr. Stephen Henson2015-12-141-5/+10
| | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* remove ancient SSLeay bug workaroundDr. Stephen Henson2015-12-131-1/+2
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Adapt PEM routines to the opaque EVP_ENCODE_CTXRichard Levitte2015-12-111-1/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Make EVP_ENCODE_CTX opaqueRichard Levitte2015-12-112-16/+5
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633).Rob Stradling2015-12-102-0/+10
| | | | | | | | Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org> GH: #495, MR: #1435
* Restore full support for EVP_CTX_create() etc.Viktor Dukhovni2015-12-101-5/+3
| | | | | | | | Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Prepare for 1.1.0-pre2-devMatt Caswell2015-12-101-3/+3
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Prepare for 1.1.0-pre1 releaseOpenSSL_1_1_0-pre1Matt Caswell2015-12-101-2/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* OpenSSL 1.1.0 is now in pre releaseMatt Caswell2015-12-101-3/+3
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* x86[_64] assembly pack: add optimized AES-NI OCB subroutines.Andy Polyakov2015-12-101-2/+11
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Wire ChaCha20-Poly1305 to TLS.Andy Polyakov2015-12-102-0/+19
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* crypto/evp: add e_chacha20_poly1305.c.Andy Polyakov2015-12-101-0/+8
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add ChaCha20-Poly1305 and ChaCha20 NIDs.Andy Polyakov2015-12-101-0/+8
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Move the definitions of EC_KEY and EC_KEY_METHOD to ossl_typ.hRichard Levitte2015-12-092-3/+3
| | | | | | | | Most of all, that has inclusion of openssl/engine.h work even if EC has been disabled. This is the same as has been done for DH, DSA, RSA and more... Reviewed-by: Stephen Henson <steve@openssl.org>
* add compatibility headersDr. Stephen Henson2015-12-092-0/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* add block commentDr. Stephen Henson2015-12-091-0/+4
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* EC_KEY_METHOD accessors.Dr. Stephen Henson2015-12-091-0/+97
| | | | | | Set of accessors to set and get each field. Reviewed-by: Richard Levitte <levitte@openssl.org>
* make errorsDr. Stephen Henson2015-12-091-0/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Engine EC_KEY_METHOD functionality.Dr. Stephen Henson2015-12-091-10/+9
| | | | | | | | Rename ENGINE _EC_KEY functions to _EC. Add support for EC_KEY_METHOD in ENGINE_set_default et al. Copy ec_meth. Reviewed-by: Richard Levitte <levitte@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-11 06:02:59 +0000