openbsd/src/lib/libssl, branch libressl-v3.9.1

openbsd/src/lib/libssl, branch libressl-v3.9.1 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.9.1 2024-03-02T11:49:22+00:00 crank libssl major 2024-03-02T11:49:22+00:00 tb 2024-03-02T11:49:22+00:00 urn:sha1:39bd9fc6ad325c44884bd30aa554f6aee6e6168e same bump as libcrypto; symbol removal and addition Remove SSL_debug 2024-03-02T11:48:55+00:00 tb 2024-03-02T11:48:55+00:00 urn:sha1:e9b5926a9507a5e2d6e5e20e64dba87cb811c1e0 The garbage truck is quite full by now. Collect the last symbol straggler for this bump. ok jsing Garbage collect TLS1_FLAGS_SKIP_CERT_VERIFY 2024-03-02T11:47:41+00:00 tb 2024-03-02T11:47:41+00:00 urn:sha1:78b02fbe560a8386df61cd0bc9d0031ffefb3ed4 And here goes another weird-ass thing of dubious pedigree. ok jsing Make {SSL3,TLS}_CT_* internal 2024-03-02T11:46:55+00:00 tb 2024-03-02T11:46:55+00:00 urn:sha1:a0b9f13997d3fef1ae0bb36ea3411779fd154d72 And here goes a bunch of unused macros that just had to be in two headers so they could get out of sync. Three of these constants are used in a single function... ok jsing Remove SSL_CIPHER_get_by_{id,value}() 2024-03-02T11:45:51+00:00 tb 2024-03-02T11:45:51+00:00 urn:sha1:8e85295d10fd4886e1ba7260f0b7bc17674ccacc While this undocumented API would have been much nicer and saner than SSL_CIPHER_find(), nothing used this except for the exporter test. Let's get rid of it again. libssl uses ssl3_get_cipher_by_{id,value}() directly. ok jsing Export SSL_get_{peer_,}signature_type_nid() 2024-03-02T11:44:47+00:00 tb 2024-03-02T11:44:47+00:00 urn:sha1:e6ba1ba77c418a957100a7562bf08d1ab8eb012e Also move the prototypes to the correct header. Oversight reported by Frank Lichtenheld, thanks! Fixes https://github.com/libressl/openbsd/issues/147 ok jsing Of course libssl also has a few missing void 2024-02-04T20:50:23+00:00 tb 2024-02-04T20:50:23+00:00 urn:sha1:860f8fe2a068bd6c4f39f8841e6e2dcd30ac3652 From Christian Andersen Rework the exit path of tls13_handshake_recv_action() 2024-02-03T19:57:14+00:00 tb 2024-02-03T19:57:14+00:00 urn:sha1:a9a190e264e21a6afd45894057d027938dc9fa82 If an error occurs in action->recv() for a handshake that needs to downgrade to legacy TLS, the artistic exit path led to hiding the error under TLS13_IO_USE_LEGACY. Rework the exit path to be easier to follow, preserving behavior except that the error can no longer be masked. Detailed analysis and initial diff by Masaru Masuda. Fixes https://github.com/libressl/openbsd/issues/146 ok beck Remove last peeking at TLS1_FLAGS_SKIP_CERT_VERIFY 2024-02-03T18:03:49+00:00 tb 2024-02-03T18:03:49+00:00 urn:sha1:83d44db7e64e388896b56dd02b9501a0fc40a373 This was used for some GOST weirdness. The flag is unused in ports and there is no user in Debian's codesearch. ok beck Zap a trailing blank that snuck into ssl3_get_client_hello() 2024-02-03T17:39:17+00:00 tb 2024-02-03T17:39:17+00:00 urn:sha1:252f0ec664690643eb35eed6ce718a990cc29a41