| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
If no TLS extensions are present in a client hello or server hello, omit
the entire extensions block, rather than including it with a length of
zero.
ok beck@ inoguchi@
|
| |
|
|
|
| |
extensions, both with extensions being present and not present. The not
present case currently fails.
|
| |
|
|
| |
Converted from BoringSSL.
|
| |
|
|
| |
Based on BoringSSL.
|
| |
|
|
|
|
|
|
| |
with "warning: " since 2003, so the messages themselves need not
contain the prefix anymore.
From Scott Cheloha
ok jca, deraadt
|
| |
|
|
| |
Better handling of clock jumps, from Scott Cheloa.
|
| |
|
|
|
|
|
|
| |
While it is not clear (to me) why that ports ends up with corrupted
shared libs, reverting those changes fixes the issue and should allow us
to close p2k17 more smoothly.
Discussed with a bunch, ok ajacoutot@ guenther@
|
| | |
|
| |
|
|
|
|
|
|
| |
will SIGABRT
Bug found by Scott Cheloha <scottcheloha at gmail.com>
OK deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
on the stack instead of mallocing the list and move the APIs from libpthread
to libc so that they can be used inside libc.
Note: the standard was explicitly written to permit/support this
"macro with unmatched brace" style and it's what basically everyone
else already does. We xor the info with random cookies with a
random magic to detect/trip-up overwrites.
Major bump to both libc and libpthread due to the API move.
ok mpi@
|
| |
|
|
|
|
| |
is discarded anyway, the plen variable is a leftover from the -j
jumbo option.
reported by Nan Xiao; OK deraadt@
|
| |
|
|
|
|
|
| |
which results in an internal double free when internal functions are not
in use.
ok otto@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
With review/feedback from inoguchi@
|
| | |
|
| |
|
|
| |
OK deraadt@ jca@ jmc@
|
| |
|
|
| |
Based on a diff from doug@
|
| |
|
|
|
|
|
| |
As part of this, change ssl_cipher_list_to_bytes() to take a CBB argument,
rather than a pointer/length. Some additional clean up/renames while here.
Based on a diff from doug@
|
| |
|
|
| |
Based on a diff from doug@
|
| | |
|
| |
|
|
|
| |
length, since the caller has already been converted to CBS. A small amount
of additional clean up whilst here.
|
| |
|
|
| |
Part of a diff from doug@
|
| |
|
|
|
|
|
|
| |
duplicated code. For now this is essentially adds a diff of the two
functions with 'if (SSL_IS_DTLS(s))' - further clean up and improvement
will follow.
ok inoguchi@
|
| |
|
|
| |
ssl3_accept() - synchronise comments, whitespace, line wrapping, etc.
|
| |
|
|
| |
ssl3_connect() - synchronise comments, whitespace, line wrapping, etc.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
which allows us to drop dtls1_send_change_cipher_spec() entirely.
ok inoguchi@
|
| | |
|
| |
|
|
| |
ok beck@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
default protocols instead of crashing - this makes the behaviour more
useful and mirrors what we already do in tls_config_set_ciphers() et al.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- When parsing the OCSP extension we can have multiple responder IDs - pull
these out correctly.
- Stop using CBS_stow() - it's unnecessary since we just need access to the
data and length (which we can get via CBS_data() and CBS_len()).
- Use a temporary pointer when calling d2i_*() functions, since it will
increment the pointer by the number of bytes it consumed when decoding.
The original code incorrectly passes the pointer allocated via CBS_stow()
(using malloc()) to a d2i_*() function and then calls free() on the now
incremented pointer, most likely resulting in a crash. This issue was
reported by Robert Swiecki who found the issue using honggfuzz.
ok beck@
|
| |
|
|
|
|
|
| |
after we finish building the responder ID list. Otherwise adding to the
responder ID list fails.
ok beck@
|
| |
|
|
| |
ok tb@ tedu@
|
| |
|
|
|
|
|
|
|
|
| |
This fixes a bug where by a TLS server with SNI would always only return
the OCSP staple for the default keypair, rather than returning the OCSP
staple associated with the keypair that was selected via SNI.
Issue reported by William Graeber and confirmed by Andreas Bartelt.
Fix tested by William Graeber and Andreas Bartelt - thanks!
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Complete in the sense that all POSIX *locale(3) and *_l(3) functions
are included, but in OpenBSD, we of course only really care about
LC_CTYPE and we only support ASCII and UTF-8.
With important help from kettenis@, guenther@, and jca@.
Repeated testing in ports bulk builds by naddy@.
Additional testing by jca@, sebastia@, dcoppa@, and others.
OK kettenis@ dcoppa@, and guenther@ on an earlier version.
Riding guenther@'s libc/librthread major bump.
|
| |
|
|
|
|
|
|
| |
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.
Requested by libressl team. Ports testing by naddy@
ok kettenis@
|
