| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Link in the new 'unit' regress and expand the invalid tests to include
some that would fail before the CBS conversion.
input + ok miod@ jsing@
|
| |
|
|
|
|
| |
cipher_list.c is based on code from jsing@.
Discussed with jsing@
|
| |
|
|
|
|
|
| |
bcook@ notes that this check really only impacted 64-bit Windows. Also,
changed the check to be unsigned for consistency.
ok bcook@
|
| | |
|
| |
|
|
|
|
| |
spelt malloc+memcpy, which is what is used in all except two places.
ok deraadt@ doug@
|
| |
|
|
|
|
|
| |
Previously, CBS_dup() had its own offset. However, it is more consistent
to copy everything.
ok miod@ jsing@
|
| |
|
|
|
|
|
|
|
| |
The statements were chained together with OR which makes it more annoying
to debug. Also, it was short circuiting all tests as soon as one function
failed. Since the functions are independent, they should each run until
error.
Discussed with miod@ and jsing@
|
| | |
|
| |
|
|
| |
From BoringSSL commit 3fa65f0f05f67615d9daf48940e07f84d094ac6e.
|
| |
|
|
|
| |
consistent with the behavior of the other libc sort functions.
OK deraadt@
|
| |
|
|
| |
tweak + ok miod@ jsing@
|
| |
|
|
| |
tweak + ok miod@ jsing@
|
| |
|
|
| |
ok miod@ jsing@
|
| |
|
|
| |
From OpenSSL.
|
| |
|
|
|
|
| |
From OpenSSL.
ok miod@ (a while ago)
|
| |
|
|
|
|
| |
From OpenSSL.
ok miod@ (a while ago).
|
| | |
|
| |
|
|
|
|
|
|
| |
From OpenSSL.
Rides libcrypto bump.
ok miod@ (a while ago)
|
| |
|
|
| |
ok deraadt@ doug@ millert@ miod@ sthen@
|
| |
|
|
| |
ok doug@ deraadt@
|
| |
|
|
| |
ok doug@ deraadt@
|
| |
|
|
| |
ok miod@, tweak + ok jsing@
|
| |
|
|
|
|
| |
Suggested by jsing@.
ok jsing@ miod@
|
| |
|
|
|
|
|
| |
Old gcc warns when parameters have the same names as functions. Noticed
by deraadt@.
ok deraadt@ jsing@
|
| |
|
|
| |
ok miod@ jsing@
|
| |
|
|
| |
ok deraadt@ jsing@ miod@
|
| |
|
|
| |
when we can just make spanp const char * to match it. OK deraadt@
|
| |
|
|
|
|
| |
Diff from kinichiro via github.
ok doug@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we no longer have dynamic engines, don't bother falling back to them
if a builtin engine is not found first.
Before:
$ openssl dgst -engine unknown
invalid engine "unknown"
27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown
27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=dynamic
After:
$ openssl dgst -engine unknown
invalid engine "unknown"
27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such
engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown
ok doug@
|
| |
|
|
|
| |
Noted by doug@ in an earlier revision of the dynamic engine removal patch, but
I had forgotten to include it in the latest version.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes using libtls easier to include by including dependent headers,
making something like this work as expected:
#include <iostream>
#include <tls.h>
int main()
{
std::cout << "tls_init: " << tls_init() << "\n";
}
This also makes building a standalone libtls-portable simpler.
ok doug@, jsing@
|
| |
|
|
|
|
|
| |
We do not build, test or ship any dynamic engines, so we can remove the dynamic
engine loader as well. This leaves a stub initialization function in its place.
ok beck@, reyk@, miod@
|
| |
|
|
| |
tweak + ok miod@ jsing@
|
| |
|
|
|
|
|
| |
This is useful for when you need to check the data ahead and then continue
on from the same spot.
input + ok jsing@ miod@
|
| |
|
|
|
|
|
|
|
| |
While the previous types were correct, they can silently accept bad data
via truncation or signed conversion. We now take size_t as input for
CBB_add_u*() and do a range check.
discussed with deraadt@
input + ok jsing@ miod@
|
| |
|
|
|
|
|
|
|
| |
Another relic due to the old US crypto policy.
From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and
95275599399e277e71d064790a1f828a99fc661a.
ok jsing@ miod@
|
| |
|
|
|
|
|
|
| |
DTLS currently doesn't check whether a client cert is expected. This
change makes the logic in dtls1_accept() match that from ssl3_accept().
From OpenSSL commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65
input + ok jsing@ miod@
|
| | |
|
| |
|
|
|
|
| |
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing
the issuing intermediates for letsencrypt.org so is expected to be important
for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok miod@, tweak + ok jsing@
|
| |
|
|
| |
ok miod@ jsing@
|
| |
|
|
| |
ok miod@ jsing@
|
| |
|
|
| |
ok miod@ jsing@
|
| |
|
|
| |
ok miod@ jsing@
|
| |
|
|
| |
"no problem" miod@, tweak + ok jsing@
|
| |
|
|
|
|
| |
This is a common operation when dealing with CBS.
ok miod@ jsing@
|
| |
|
|
| |
"why not" miod@, sure jsing@
|
