openbsd/src/lib/libssl/hidden, branch master

openbsd/src/lib/libssl/hidden, branch master A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=master 2025-10-24T11:36:08+00:00 Provide SSL_SESSION_dup() 2025-10-24T11:36:08+00:00 tb 2025-10-24T11:36:08+00:00 urn:sha1:da2e8f3e57cf705fb1f88e94e321027a68cb42cf As reported by ajacoutot and sthen, an update to net/neon is blocked on that missing symbol. ok kenjiro sync with crypto_namespace.h: avoid asm("") for MSVC 2025-08-18T16:00:53+00:00 tb 2025-08-18T16:00:53+00:00 urn:sha1:2e7e54d39b2c2daad577d5ebd98d8a826edc4703 Removes another patch in portable Remove SSL_add_compression_method 2024-08-31T10:51:48+00:00 tb 2024-08-31T10:51:48+00:00 urn:sha1:a0ced14fec228fa0dfd2fa5d87c942b0af9326d8 Prepare to provide SSL_CTX_set1_cert_store() 2024-08-03T04:50:27+00:00 tb 2024-08-03T04:50:27+00:00 urn:sha1:7ffee9d08a91191b5a4fb21336efef092b583c3e SSL_CTX_set_cert_store() should have been called SSL_CTX_set0_cert_store() since it takes ownership of the store argument. Apparently a few people ran into the issue of not bumping the refcount themselves, leading to use after frees about 10 years ago. This is a quite rarely used API and there are no misuses in the ports tree, but since someone did the work of writing a diff, we can still add it. Needless to say that SSL_CTX_get_cert_store() obviously has the exact same issue and nobody seems to have thought of adding a get0 or get1 version to match... Fixes https://github.com/libressl/openbsd/issues/71 From Kenjiro Nakayama Prepare to provide SSL_CIPHER_get_handshake_digest() 2024-07-14T15:39:36+00:00 tb 2024-07-14T15:39:36+00:00 urn:sha1:e4ca538cbd7bb43768a6ebdf1fa7c4cd248be01b Needed by newer freeradius. This is a straightforward implementation that essentially duplicates tls13_cipher_hash(). ok jsing Despite being an ELF citizen, hppa is its own special snowflake and requires 2024-07-12T05:26:34+00:00 miod 2024-07-12T05:26:34+00:00 urn:sha1:7ecb3ebcd7fca446f952c433a265a17c58ef965f different asm stanzas to produce strong aliases. This unbreaks libssl on hppa after the recent switch to LIBRESSL_NAMESPACE. Remove SSL_debug 2024-03-02T11:48:55+00:00 tb 2024-03-02T11:48:55+00:00 urn:sha1:e9b5926a9507a5e2d6e5e20e64dba87cb811c1e0 The garbage truck is quite full by now. Collect the last symbol straggler for this bump. ok jsing Remove SSL_CIPHER_get_by_{id,value}() 2024-03-02T11:45:51+00:00 tb 2024-03-02T11:45:51+00:00 urn:sha1:8e85295d10fd4886e1ba7260f0b7bc17674ccacc While this undocumented API would have been much nicer and saner than SSL_CIPHER_find(), nothing used this except for the exporter test. Let's get rid of it again. libssl uses ssl3_get_cipher_by_{id,value}() directly. ok jsing Export SSL_get_{peer_,}signature_type_nid() 2024-03-02T11:44:47+00:00 tb 2024-03-02T11:44:47+00:00 urn:sha1:e6ba1ba77c418a957100a7562bf08d1ab8eb012e Also move the prototypes to the correct header. Oversight reported by Frank Lichtenheld, thanks! Fixes https://github.com/libressl/openbsd/issues/147 ok jsing Set OPENSSL_NO_ENGINE, remove engine code 2023-07-28T09:53:55+00:00 tb 2023-07-28T09:53:55+00:00 urn:sha1:b5382a6334a2ec0fe73ab6c49ebefb47af93329c ENGINE was special. It's horrible code even by the low standards of this library. Some ports may now try to use the stubs which will fail, but the fallout from this should be minimal. Of course there are various language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE by default will likely help fixing this at some point. ok jsing