| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Support for the IETF standardised chacha20-poly1305 cipher suites was
added 16 months ago, which means they exist in both of the currently
supported OpenBSD releases.
Also prompted by Andreas Bartelt <obsd at bartula dot de>.
ok beck@ doug@
|
|
ok bcook@ jsing@
|
|
input + ok beck@, jsing@
|
|
|
|
can get at it, so libtls can also deal with notafter's past the
realm of 32 bit time in portable
|
|
ok bcook@ beck@
input + ok jsing@
|
|
RFC 4492 only defines elliptic_curves for ClientHello. However, F5 is
sending it in ServerHello. We need to skip over it since our TLS extension
parsing code is now more strict.
Thanks to Armin Wolfermann and WJ Liu for reporting the issue.
input + ok jsing@
|
|
|
|
from Paul Yang <yang dot yang at baishancloud dot com>
via OpenSSL commit 190b9a03 Jun 28 15:46:13 2017 +0800
|
|
from Matt Caswell <matt at openssl dot org>.
In particular, stop talking about SSL 2.0 and SSL 3.0,
but do not start talking about TLS 1.3 just yet.
|
|
that are deprecated no-ops in LibreSSL, but that OpenSSL explicitly
documented on April 19, 2017, without deprecating them.
|
|
from Rich Salz <rsalz at openssl dot org>
via OpenSSL commit 1722496f Jun 8 15:18:38 2017 -0400.
|
|
clarify that SSL_CTX_remove_session(3) marks the session as non-resumable.
From Rich Salz <rsalz at openssl dot org>
via OpenSSL commit 1722496f Jun 8 15:18:38 2017 -0400
and from Matt Caswell <matt at openssl dot org>
via OpenSSL commit b8964668 Apr 26 15:16:18 2017 +0100.
|
|
from the OpenSSL manual and from code inspection.
Use my own Copyright and license because no Copyright-worthy amount
of text from OpenSSL remains.
And, no, these functions do *NOT* check private keys, not at all.
|
|
from Richard Levitte <levitte at openssl dot org>
via OpenSSL commit e9c9971b Jul 1 18:28:50 2017 +0200
|
|
from Emilia Kasper <emilia at openssl dot org>
via OpenSSL commit 1e3f62a3 Jul 17 16:47:13 2017 +0200.
|
|
stating that RSA_padding_check_PKCS1_type_2(3) is weak by design;
from Emilia Kasper <emilia at openssl dot org>
via OpenSSL commit 1e3f62a3 Jul 17 16:47:13 2017 +0200.
|
|
dropping the secmem stuff that we don't want
|
|
now also documents it, in OPENSSL_malloc.pod
|
|
don't have, which implies renaming the file to EVP_PKEY_meth_get0_info.3
|
|
from Rich Salz <rsalz at openssl dot org>
via OpenSSL commit 1722496f Jun 8 15:18:38 2017 -0400
|
|
1. mention three additional functions for stitched ciphers
from Steven Collison <steven at raycoll dot com>
via OpenSSL commit 209fac9f Mar 28 12:46:07 2017 -0700
2. fix wrong data type of an automatic variable in an example
from Paul Yang <paulyang dot inf at gmail dot com>
via OpenSSL commit 719b289d May 22 23:18:45 2017 +0800
3. fix memory leak in sample encryption code and check return value of fopen
from Greg Zaverucha <gregz at microsoft dot com>
via OpenSSL commit 519a5d1e Jun 27 17:38:25 2017 -0700
|
|
|
|
'it works' deraadt@
|
|
from Beat Bolli <dev at drbeat dot li>
via OpenSSL commit 7a67a3ba Jan 18 23:49:43 2017 +0100
|
|
minor improvements. Mostly from Todd Short <tshort at akamai dot com>
via OpenSSL commit cf37aaa3 Aug 4 11:24:03 2017 +1000.
|
|
from Rich Salz, OpenSSL commit a95d7574, July 2, 2017
|
|
the OpenSSL manual page committed on July 27, 2017, and on source
code inspection. Use my own Copyright and license because no
copyright-worthy amount of text from OpenSSL remains.
NOTA BENE:
BUGS Most aspects of the semantics considerably differ from OpenSSL.
|
|
|
|
|
|
While importing:
* Fix the prototypes, they all contained wrong datatypes.
* Delete SSL3_VERSION which is no longer supported.
* Delete TLS1_3_VERSION and DTLS1_2_VERSION, not yet supported.
* Delete the lie that these would be macros.
* Improve SEE ALSO and HISTORY sections.
|
|
both pointed out by jsing@
|
|
|
|
wctrans_l(3), towctrans_l(3), wcscasecmp_l(3), wcsncasecmp_l(3),
and strerror_l(3)
|
|
|
|
|
|
messages, to avoid pulling in piles of other machinery unnecessarily
problem observed by schwarze@
ok deraadt@ millert@
|
|
ok beck@
|
|
|
|
This will only be used in portable. As noted, necessary to
make us conformant to RFC 5280 4.1.2.5.
ok jsing@ bcook@
|
|
Discussed with beck@ and jsing@
ok beck@
|
|
ok guenther@
|
|
Previously, the code would accept NULL and 0 length and try to
malloc/memcpy it. On OpenBSD, malloc(0) does not return NULL. It could
also fail in malloc and leave the old length.
Also, add a note that this public API has backwards semantics of what you
would expect where 0 is success and 1 is failure.
input + ok jsing@ beck@
|
|
strings. The original code is perfectly valid C, however it causes some
compilers to complain since it lacks room for a string NUL terminator and
the compiler is not smart enough to realise that these are only used as
byte arrays and never treated as strings.
ok bcook@ beck@ inoguchi@
|
|
This was added as a workaround for broken F5 TLS termination, which then
created issues talking to broken IronPorts. The size of the padding is
hardcoded so it cannot be used in any generic sense.
ok bcook@ beck@ doug@
|
|
This was a workaround for a server that needed to talk GOST to old/broken
CryptoPro clients. This has no impact on TLS clients that are using GOST.
ok bcook@ beck@ doug@
|
|
ok jsing@
|
|
ok tedu@
|
|
|
