aboutsummaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* Add SSL_early_get1_extensions_present()Benjamin Kaduk2017-06-121-0/+1
| | | | | | | | | | It is an API to be used from the early callback that indicates what extensions were present in the ClientHello, and in what order. This can be used to eliminate unneeded calls to SSL_early_get0_ext() (which itself scales linearly in the number of extensions supported by the library). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2976)
* Introduce ASN1_TIME_set_string_X509 APIRich Salz2017-06-111-0/+3
| | | | | | | | | | | | | | | | | | | | Make funcs to deal with non-null-term'd string in both asn1_generalizedtime_to_tm() and asn1_utctime_to_tm(). Fixes issue #3444. This one is used to enforce strict format (RFC 5280) check and to convert GeneralizedTime to UTCTime. apps/ca has been changed to use the new API. Test cases and documentation are updated/added Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3566)
* mark V_ASN1_PRIMATIVE_TAG as compatJosh Soref2017-06-091-1/+1
| | | | | | | | | | This incorrectly spelled item exists for compatibility purposes CLA: Trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3460)
* Fix a bundle of trailing spaces in several filesPaul Yang2017-06-091-1/+1
| | | | | | | | Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3622)
* Fix #340: Parse ASN1_TIME to struct tmTodd Short2017-06-081-0/+1
| | | | | | | This works with ASN1_UTCTIME and ASN1_GENERALIZED_TIME Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3378)
* make error tables const and separate header fileRich Salz2017-06-0759-2864/+3396
| | | | | | | | | | | | | | | | | | | Run perltidy on util/mkerr Change some mkerr flags, write some doc comments Make generated tables "const" when genearting lib-internal ones. Add "state" file for mkerr Renerate error tables and headers Rationalize declaration of ERR_load_XXX_strings Fix out-of-tree build Add -static; sort flags/vars for options. Also tweak code output Moved engines/afalg to engines (from master) Use -static flag Standard engine #include's of errors Don't linewrap err string tables unless necessary Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3392)
* Fix #2400 Add NO_RENEGOTIATE optionTodd Short2017-06-061-0/+4
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3432)
* Fix define to match documentationDr. Stephen Henson2017-06-061-1/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3621)
* Add some OID's from X.520Erwann Abalea2017-05-311-0/+18
| | | | | | | CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3590)
* Add UI functionality to duplicate the user dataRichard Levitte2017-05-311-1/+14
| | | | | | | | This can be used by engines that need to retain the data for a longer time than just the call where this user data is passed. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3575)
* make errorsDr. Stephen Henson2017-05-301-0/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
* make errorsDr. Stephen Henson2017-05-301-0/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
* Add EdDSA algorithm OIDs from draft-ietf-curdle-pkix-04Dr. Stephen Henson2017-05-301-0/+8
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
* make errorsDr. Stephen Henson2017-05-301-0/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
* fixing incorrect OID of signingCertificateV2Marek Klein2017-05-291-1/+1
| | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3538)
* Revert "Add internal functions to fetch a refcount"Richard Levitte2017-05-281-13/+0
| | | | | | | | | It turned out to be a bad idea. This reverts commits 6891a79da67ccd621b67e49b60ddc188d7864291 and c27bc74698ed043b7549d5637ec0a8cf65b39e59. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3576)
* Correct small typo in CRYPTO_GET_REFRichard Levitte2017-05-281-1/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3574)
* Add internal functions to fetch a refcountRichard Levitte2017-05-271-0/+13
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3573)
* Fix spelling errors in CMS.Josh Soref2017-05-271-2/+7
| | | | | | | | | Unfortunately it affects error code macros in public cms.h header, for which reason misspelled names are preserved for backward compatibility. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3463)
* Add an error to the stack on failure in dtls1_write_bytes()Matt Caswell2017-05-221-0/+1
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
* Fix ASN1_TIME_to_generalizedtime to take a const ASN1_TIMEMatt Caswell2017-05-191-2/+2
| | | | | | Fixes #1526 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3360)
* Make SSL_is_server() accept a const SSLMatt Caswell2017-05-191-1/+1
| | | | | | Fixes #1526 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3360)
* Add a new unsolicited extension error code and add enum tagMatt Caswell2017-05-171-0/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3418)
* Clean up SSL_OP_* a bitTodd Short2017-05-121-42/+58
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3439)
* Cleanup - use e_os2.h rather than stdint.hRichard Levitte2017-05-111-5/+1
| | | | | | | Not exactly everywhere, but in those source files where stdint.h is included conditionally, or where it will be eventually Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3447)
* Unclash clashing reason codes in ssl.hRichard Levitte2017-05-111-2/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3441)
* Send a missing_extension alert if key_share/supported groups not presentMatt Caswell2017-05-111-0/+1
| | | | | | Only applies if we're not doing psk. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3436)
* TLSv1.3 alerts cannot be fragmented and only one per recordMatt Caswell2017-05-111-0/+1
| | | | | | We should be validating that. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3436)
* Add EVP_DigestSign and EVP_DigesVerifyDr. Stephen Henson2017-05-111-0/+8
| | | | | | | | | Add "single part" digest sign and verify functions. These sign and verify a message in one function. This simplifies some operations and it will later be used as the API for algorithms which do not support the update/final mechanism (e.g. PureEdDSA). Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3409)
* Ignore MSVC warnings (via Gisle Vanem)Rich Salz2017-05-101-0/+13
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3420)
* Verify that if we have an HRR then something will changeMatt Caswell2017-05-091-0/+1
| | | | | | | It is invalid if we receive an HRR but no change will result in ClientHello2. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3414)
* Add PEM_bytes_read_bio_secmem()Benjamin Kaduk2017-05-081-0/+3
| | | | | | | | | | | | | Split the PEM_bytes_read_bio() implementation out into a pem_bytes_read_bio_flags() helper, to allow it to pass PEM_FLAG_SECURE as needed. Adjust the cleanup to properly use OPENSSL_secure_free() when needed, and reimplement PEM_bytes_read() as a wrapper around the _flags helper. Add documentation for PEM_bytes_read_bio() and the new secmem variant. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1700)
* Add PEM_read_bio_exBenjamin Kaduk2017-05-081-0/+8
| | | | | | | | | | | | | | The extended function includes a 'flags' argument to allow callers to specify different requested behaviors. In particular, callers can request that temporary storage buffers are allocated from the secure heap, which could be relevant when loading private key material. Refactor PEM_read_bio to use BIO_mems instead of BUFs directly, use some helper routines to reduce the overall function length, and make some of the checks more reasonable. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1700)
* Add support to SSL_trace() for inner content typesMatt Caswell2017-05-081-1/+2
| | | | | | | When using the -trace option with TLSv1.3 all records appear as "application data". This adds the ability to see the inner content type too. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3408)
* Send the supported_groups extension in EE where applicableMatt Caswell2017-05-081-0/+1
| | | | | | | | | The TLSv1.3 spec says that a server SHOULD send supported_groups in the EE message if there is a group that it prefers to the one used in the key_share. Clients MAY act on that. At the moment we don't do anything with it on the client side, but that may change in the future. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3395)
* Update the TLSv1.3 version indicator for draft-20Matt Caswell2017-05-031-3/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3371)
* Add an SSL_ prefix to SERVERINFOV2 and SERVERINFOV1Matt Caswell2017-05-031-2/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3298)
* Extend the SERVERINFO file format to include an extensions contextMatt Caswell2017-05-031-0/+9
| | | | | | | | This enables us to know what messages the extensions are relevant for in TLSv1.3. The new file format is not compatible with the previous one so we call it SERVERINFOV2. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3298)
* Added support for ESSCertIDv2Marek Klein2017-05-032-0/+31
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/771)
* TLS1.3 PaddingTodd Short2017-05-021-0/+15
| | | | | | | | | | Add padding callback for application control Standard block_size callback Documentation and tests included Configuration file/s_client/s_srver option Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3130)
* Check fflush on BIO_ctrl callRich Salz2017-04-281-0/+1
| | | | | | | | Bug found and fix suggested by Julian RĂ¼th. Push error if fflush fails Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3266)
* Add parentheses on public macros where appropriate.Bernd Edlinger2017-04-2711-147/+168
| | | | | | | Fixes #3063. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3100)
* Add support for SSL_SESSION_is_resumable()Matt Caswell2017-04-261-0/+1
| | | | | | | Provide a way to test whether the SSL_SESSION object can be used to resume a sesion or not. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3008)
* Add support for custom signature parametersDr. Stephen Henson2017-04-252-0/+17
| | | | | | | | | | | | | | | | | | Many signature types define the digest and public key type by a single OID such as ecdsa_with_sha256. Some types (RSA-PSS for example) use a single OID to indicate the signature scheme and additional parameters are encoded in the AlgorithmIdentifier. Add an X509_SIG_INFO structure to contain details about the signature type: specifically the digest algorithm, public key algorithm, security bits and various flags. This supports both existing algorithms and more complex types. Add accessors for the structure and a special case that retrieves signature information from a certificate. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3301)
* Switch command-line utils to new nameopt API.Dmitry Belyavskiy2017-04-251-0/+1
| | | | | | | | | | | | | | | | | The CA names should be printed according to user's decision print_name instead of set of BIO_printf dump_cert_text instead of set of BIO_printf Testing cyrillic output of X509_CRL_print_ex Write and use X509_CRL_print_ex Reduce usage of X509_NAME_online Using X509_REQ_print_ex instead of X509_REQ_print Fix nameopt processing. Make dump_cert_text nameopt-friendly Move nameopt getter/setter to apps/apps.c Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3262)
* Document BIO_lookup_ex()Matt Caswell2017-04-251-2/+2
| | | | | | We also change the enum type to an int. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3286)
* Don't attempt to send fragments > max_send_fragment in DTLSMatt Caswell2017-04-251-0/+1
| | | | | | | | | We were allocating the write buffer based on the size of max_send_fragment, but ignoring it when writing data. We should fragment handshake messages if they exceed max_send_fragment and reject application data writes that are too large. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3286)
* Add better error logging if SCTP AUTH chunks are not enabledMatt Caswell2017-04-251-0/+1
| | | | | | | In order to use SCTP over DTLS we need ACTP AUTH chunks to be enabled in the kernel. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3286)
* Add a BIO_lookup_ex() functionMatt Caswell2017-04-251-0/+4
| | | | | | | | | | | | The existing BIO_lookup() wraps a call to getaddrinfo and provides an abstracted capability to lookup addresses based on socket type and family. However it provides no ability to lookup based on protocol. Normally, when dealing with TCP/UDP this is not required. However getaddrinfo (at least on linux) never returns SCTP addresses unless you specifically ask for them in the protocol field. Therefore BIO_lookup_ex() is added which provides the protocol field. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3286)
* Fix typo in OPENSSL_LH_new compat APIRich Salz2017-04-241-1/+1
| | | | | | | | CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3292)
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-30 11:56:22 +0000