| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
ok "flensing knife"
|
| |
|
|
| |
ok "flensing knife"
|
| |
|
|
| |
ok "flensing knife"
|
| |
|
|
| |
ok beck@
|
| |
|
|
|
|
|
| |
both essentially the same (in fact DTLS benefits from improvements
previously made to the ssl3_send_finished() function).
ok beck@
|
| | |
|
| |
|
|
|
|
| |
ssl3_handshake_msg_start()/ssl3_handshake_msg_finish().
ok beck@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
only define them if not building for the "openbsd" flavour.
This way, non-obfuscated output can still be generated for analysis, by using
the "openbsd" flavour (which OpenBSD HEAD will do), and obfuscated output,
compatible with older as(1), will be generated for other platforms.
The portable version of LibreSSL can then use "openbsd-portable" as the
flavour for OpenBSD/amd64 so that generated files can be compiled with
OpenBSD 5.7 and other older versions stuck with as(1) 2.15.
|
| |
|
|
|
|
|
| |
We can also now nuke ssl23_get_method() since it is the same as
tls1_get_method(). And the empty file can bite the dust.
ok bcook@ miod@
|
| |
|
|
|
| |
machinery. OpenBSD has never been not ELF on amd64, and changing this will
actually make -portable life slightly easier in the near future.
|
| |
|
|
|
|
|
| |
We can also now nuke ssl23_get_server_method() since it is the same as
tls1_get_server_method().
ok miod@
|
| |
|
|
| |
flag. Pointed out by jmc@'s commit to the openssl(1) man page.
|
| |
|
|
|
|
|
| |
We can also now nuke ssl23_get_client_method() since it is the same as
tls1_get_client_method().
ok bcook@ miod@
|
| |
|
|
|
|
|
| |
We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.
ok jsing@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing@
|
| | |
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
against a wildcard of "*.openbsd.org"
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
|
| |
Fixes builds gcc + Apple's assembler, working on reenabling builds with older
OpenBSD releases.
based on OpenSSL commit:
https://git.openssl.org/?p=openssl.git;a=commitdiff;h=902b30df193afc3417a96ba72a81ed390bd50de3
ok miod@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
that was presented by the peer. The hash used is currently SHA256, however
since we prefix the result with the hash name, we can change this in the
future as the need arises.
The same output can be generated by using:
h=$(openssl x509 -outform der -in mycert.crt | sha256)
printf "SHA256:${h}\n"
ok beck@
|
| |
|
|
| |
our tree. ok guenther miod
|
| | |
|
| |
|
|
|
|
| |
handshake. Free the reference when we reset the TLS context.
ok beck@
|
| |
|
|
| |
ok deraadt@
|
| | |
|
| |
|
|
| |
ok jsing@ who wears the cone of shame.
|
| |
|
|
|
| |
- zap trailing whitespace
- avoid "can not"
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
perform a proper shutdown by sending a "close notify" alert to the
server. This allows s_time to benchmark a full TLS connection
more accurately.
Introduce a new flag called -no_shutdown to make s_time adopt the
previous behavior (i.e. shut down the connection without notifying the
server) so that comparisons can still be made with OpenSSL's version.
The idea of using a flag (which replaces a #define) was suggested by
bcook@. Thanks to millert@ and miod@ as well for their feedback on an
earlier diff which resulted in this change.
ok bcook@ beck@
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
By default, MSVC's stdlib.h defines min(), so we need to spell out something
less common to avoid picking it up.
ok deraadt@ beck@ miod@
|
| |
|
|
| |
tls_configure_ssl_verify(). Also tweak an error message and unwrap a line.
|
| |
|
|
|
|
|
|
| |
so that we can provide asm labels for the memcpy/memset/__stack_smash_handler
calls that it generates ab initio. Eliminate direct #includes of it. Make
sure it's a dependency of all objects (unnecessary for asm, but close enough).
ok deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
perform some consistency checks on its `p' and `q' values, and return an
error if the checks failed.
Thanks for Georgi Guninski (guninski at guninski dot com) for mentioning
the possibility of a weak (non prime) q value and providing a test case.
See https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html
for a longer discussion.
ok bcook@ beck@
|
| | |
|
| |
|
|
|
|
|
| |
incomplete implementations just so that we can interoperate with products
from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
| |
|
|
|
|
|
| |
1. hoist pollfd fields which don't change upwards
2. show ret as ssize_t, it MUST BE, or there will be lots of crying
3. on first pass, must check for either POLLIN|POLLOUT
ok millert beck
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
noops, so neuter the CRYPTO_malloc_init and CRYPTO_malloc_debug_init
macros.
With input from miod@
ok beck@ bcook@ miod@
|
| | |
|
