openbsd/src/lib/libssl, branch libressl-v3.8.2

openbsd/src/lib/libssl, branch libressl-v3.8.2 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.8.2 2023-09-19T09:40:35+00:00 Mention a subtle difference between PEM_def_callback(3) and the example. 2023-09-19T09:40:35+00:00 schwarze 2023-09-19T09:40:35+00:00 urn:sha1:f3d69207bf78894b3e8e63ea47f028de14d188d8 It's relevant not only for the example, but also because the functions documented here use PEM_def_callback(3) by default, and that exhibits surprising and potentially dangerous behaviour by not NUL-terminating. OK tb@ Remove the duplicate documentation of pem_password_cb(3). 2023-09-19T08:18:13+00:00 schwarze 2023-09-19T08:18:13+00:00 urn:sha1:d6f69273ba0f82df22bf5620f52cffb820b3130a While here, also: * Avoid the misleading term "default password callback" because none of the functions in SSL_CTX_use_certificate(3) support overriding it. * Do not talk about "storing", "writing", and "encryption" since the cb passed to SSL_CTX_set_default_passwd_cb(3) is never used for any of that. * List the functions using cb. * Document what happens by default. * Remove the misleading words "which must be provided by the application" because all this is actually optional. * Make several wordings more precise. * Below EXAMPLES, fix argument naming to agree with pem_password_cb(3), clarify the description of what the example does, and, as suggested by tb@, use strlcpy(3). OK tb@ More 0/NULL confusions in SSL_CTX_new() 2023-09-19T01:22:31+00:00 tb 2023-09-19T01:22:31+00:00 urn:sha1:598993faaa238e16fd2a45e3d4309c981fa1be8f Fix some NULL/0 misspellings in SSL_CTX_new() 2023-09-19T01:19:45+00:00 tb 2023-09-19T01:19:45+00:00 urn:sha1:3db3479dc56f2066cee0391fa2447621a8488c67 Also remove ecdh.h use from libssl 2023-07-28T16:02:34+00:00 tb 2023-07-28T16:02:34+00:00 urn:sha1:09cee29a76e14d0c5f4001461c835de54ccc47e7 bump libcrypto, libssl, libtls majors 2023-07-28T10:41:24+00:00 tb 2023-07-28T10:41:24+00:00 urn:sha1:05c2613cfef27830ae2f1d4c9900241e2b89b444 Set OPENSSL_NO_ENGINE, remove engine code 2023-07-28T09:53:55+00:00 tb 2023-07-28T09:53:55+00:00 urn:sha1:b5382a6334a2ec0fe73ab6c49ebefb47af93329c ENGINE was special. It's horrible code even by the low standards of this library. Some ports may now try to use the stubs which will fail, but the fallout from this should be minimal. Of course there are various language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE by default will likely help fixing this at some point. ok jsing Fix two aliases in libcrypto spotted by the new symbols test 2023-07-19T13:34:33+00:00 tb 2023-07-19T13:34:33+00:00 urn:sha1:395c09090d48e5b2a6b96e544f5846495551dc77 ok jsing Remove old workaround for F5 2023-07-11T17:02:47+00:00 tb 2023-07-11T17:02:47+00:00 urn:sha1:10a824f0305841181398bf956984e4aabcb42a2d F5 is well-known for needing workaround (go read RFC 8446). In this particular case, it required implementation sending CHs larger than 255 bytes to 0x0300 otherwise their server would hang. This is the same hang that required the CH padding extension which broke other implementations. The CH padding extension was removed ~6 years ago, so hopefully this kludge will no longer needed either. ok jsing fix comment to unbreak things that care about warnings 2023-07-08T20:38:23+00:00 beck 2023-07-08T20:38:23+00:00 urn:sha1:65cd15bb04188980f7777f9b29e6f574afd2aed5 ok tb@ krw@