| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Remove support for conditional payload alignment, since we would never
want to turn it off. Also, consistently use size_t for calculating the
alignment.
ok miod@
|
| |
|
|
|
|
| |
the new handshake functions.
ok miod@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
messages. This will allow for removal of repeated/duplicated code.
Additionally, DTLS was written by wholesale copying of the SSL/TLS code,
with some DTLS specifics being added to the duplicated code. Since these
SSL handshake message functions know how to handle both SSL/TLS and DTLS,
upon conversion the duplicate versions will become identical (or close to),
at which point the DTLS versions can be removed and the SSL/TLS versions
used for both protocols.
Partially based on similar changes in OpenSSL.
ok miod@
|
| | |
|
| | |
|
| |
|
|
| |
EC_GROUP_free() all have implicit NULL checks.
|
| | |
|
| |
|
|
|
|
|
| |
mazes in libssl. NPN is being replaced by ALPN, however it is still going
to be around for a while yet.
ok miod@
|
| |
|
|
|
|
|
| |
enabled and I would hope that no one is using client certificates with DTLS
and Netscape, assuming it even supported it...
ok bcook@ miod@
|
| |
|
|
| |
update SYNOPSIS and DESCRIPTION and add STANDARDS
|
| |
|
|
| |
use RSA authentication, rather than only those that use RSA key exchange.
|
| |
|
|
|
|
| |
rewrite the function to be simpler as well. the compiler can unroll the
loop for us if necessary.
ok schwarze
|
| |
|
|
|
|
|
|
| |
calls malloc(). Instead of silently continuing on failure, check the return
value of BIO_new() and propagate failure back to the caller for appropriate
handling.
ok bcook@
|
| |
|
|
|
|
|
| |
the two ciphersuites that use it. GOST94 public/private keys have been
long obsoleted and libcrypto does not have support for them anyway.
Discussed with Dmitry Eremin-Solenikov.
|
| |
|
|
| |
Based on OpenSSL.
|
| |
|
|
| |
Based on OpenSSL.
|
| | |
|
| |
|
|
|
|
| |
Based on OpenSSL and BoringSSL.
ok bcook@
|
| |
|
|
| |
ok jsing@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
It may take a few iterations to get the tone right.
previously discussed with millert
|
| |
|
|
|
|
|
| |
the same thingies. Therefore these "lists of functions" man pages can go
away.
Hurray! I've wanted these pages to die for around 10 years!
ok ingo (and i think jmc)
|
| | |
|
| |
|
|
| |
observed by jonas termansen
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to returning strong random by default, source from arc4random(3).
Parameters to the seeding functions are ignored, and the subsystems remain
in strong random mode. If you wish the standardized deterministic mode,
call srand_deterministic(), srandom_determistic(), srand48_deterministic(),
seed48_deterministic() or lcong48_deterministic() instead.
The re-entrant functions rand_r(), erand48(), nrand48(), jrand48() are
unaffected by this change and remain in deterministic mode (for now).
Verified as a good roadmap forward by auditing 8800 pieces of software.
Roughly 60 pieces of software will need adaptation to request the
deterministic mode.
Violates POSIX and C89, which violate best practice in this century.
ok guenther tedu millert
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok deraadt naddy
|
| |
|
|
|
|
| |
Casting a pointer to an unsigned long discards bits on an LLP64 system.
ok deraadt@
|
| |
|
|
|
|
|
|
| |
Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting
1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with
(size_t)1 so that we get the correct constant size for the platform.
discussed with tedu@ & deraadt@
|
| | |
|
| |
|
|
|
|
|
|
| |
Remove direct calls to printf from the tls_check_hostname() path. This allows
NUL byte error messages to bubble up to the caller, to be logged in a
program-appropriate way. It also removes non-portable calls to getprogname().
ok jsing@
|
| |
|
|
|
|
|
| |
void pointer is undefined and initialising an array with {} is a syntax
error.
Based on a diff from kinichiro inoguchi.
|
| |
|
|
| |
system. *blush*
|
| |
|
|
|
|
|
| |
sk_GENERAL_NAME_pop_free() instead of sk_GENERAL_NAME_free(). The latter
only frees the stack itself and does not free the items.
From Basskrapfen on github.
|
| |
|
|
| |
generating code for 64-bit mips userland.
|
| | |
|
| |
|
|
|
| |
bn_div_words, bn_mul_add_words, bn_mul_words, bn_sqr_words, bn_sub_words)
on sgi, because the generated assembly code isn't R4000-safe.
|
| | |
|
| |
|
|
| |
From Benjamin Baier <programmer at netzbasis.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Remove direct calls to printf from the tls_check_hostname() path. This allows
NUL byte error messages to bubble up to the caller, to be logged in a
program-appropriate way. It also removes non-portable calls to getprogname().
The semantics of tls_error() are changed slightly: the last error message is
not necessarily preserved between subsequent calls into the library.
When the previous call to libtls succeeds, client programs should treat the
return value of tls_error() as undefined.
ok tedu@
|
| |
|
|
| |
From Minux Ma.
|
| |
|
|
|
|
|
|
|
|
| |
only sometimes being available... and when it was available it was via
the crypto engine. GOST is now part of libcrypto proper.
Instead of trying to do EVP PKEY lookups via string literals and the
ASN1 interfaces, lookup the methods directly using the appropriate NID.
ok bcook@
|
| | |
|
