| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
We can also now nuke ssl23_get_method() since it is the same as
tls1_get_method(). And the empty file can bite the dust.
ok bcook@ miod@
|
| |
|
|
|
| |
machinery. OpenBSD has never been not ELF on amd64, and changing this will
actually make -portable life slightly easier in the near future.
|
| |
|
|
|
|
|
| |
We can also now nuke ssl23_get_server_method() since it is the same as
tls1_get_server_method().
ok miod@
|
| |
|
|
|
|
|
| |
We can also now nuke ssl23_get_client_method() since it is the same as
tls1_get_client_method().
ok bcook@ miod@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing@
|
| | |
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
|
| |
Fixes builds gcc + Apple's assembler, working on reenabling builds with older
OpenBSD releases.
based on OpenSSL commit:
https://git.openssl.org/?p=openssl.git;a=commitdiff;h=902b30df193afc3417a96ba72a81ed390bd50de3
ok miod@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
that was presented by the peer. The hash used is currently SHA256, however
since we prefix the result with the hash name, we can change this in the
future as the need arises.
The same output can be generated by using:
h=$(openssl x509 -outform der -in mycert.crt | sha256)
printf "SHA256:${h}\n"
ok beck@
|
| |
|
|
| |
our tree. ok guenther miod
|
| |
|
|
|
|
| |
handshake. Free the reference when we reset the TLS context.
ok beck@
|
| |
|
|
| |
ok deraadt@
|
| | |
|
| |
|
|
| |
ok jsing@ who wears the cone of shame.
|
| |
|
|
|
| |
- zap trailing whitespace
- avoid "can not"
|
| | |
|
| |
|
|
|
|
|
| |
By default, MSVC's stdlib.h defines min(), so we need to spell out something
less common to avoid picking it up.
ok deraadt@ beck@ miod@
|
| |
|
|
| |
tls_configure_ssl_verify(). Also tweak an error message and unwrap a line.
|
| |
|
|
|
|
|
|
| |
so that we can provide asm labels for the memcpy/memset/__stack_smash_handler
calls that it generates ab initio. Eliminate direct #includes of it. Make
sure it's a dependency of all objects (unnecessary for asm, but close enough).
ok deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
perform some consistency checks on its `p' and `q' values, and return an
error if the checks failed.
Thanks for Georgi Guninski (guninski at guninski dot com) for mentioning
the possibility of a weak (non prime) q value and providing a test case.
See https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html
for a longer discussion.
ok bcook@ beck@
|
| | |
|
| |
|
|
|
|
|
| |
incomplete implementations just so that we can interoperate with products
from vendors who have not bothered to fix things in the last ~10 years.
ok bcook@ miod@
|
| |
|
|
|
|
|
| |
1. hoist pollfd fields which don't change upwards
2. show ret as ssize_t, it MUST BE, or there will be lots of crying
3. on first pass, must check for either POLLIN|POLLOUT
ok millert beck
|
| | |
|
| |
|
|
|
|
|
|
|
| |
noops, so neuter the CRYPTO_malloc_init and CRYPTO_malloc_debug_init
macros.
With input from miod@
ok beck@ bcook@ miod@
|
| |
|
|
| |
ok miod@
|
| |
|
|
| |
ok jsing@
|
| | |
|
| |
|
|
| |
ok "captain obvious"
|
| |
|
|
|
|
|
| |
document functions that clear errno.
change examples to provide demonstration of both the blocking and
non-blocking cases.
ok jsing@, bluhm@
|
| |
|
|
|
|
|
| |
This is not the same as the macro expansion, however the ASN1_STRING_*
functions do match the macro expansions.
ok doug@ miod@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
for closing the file descriptors unless libtls allocated them.
ok beck@
|
| |
|
|
|
|
| |
document the calling requirements.
ok beck@
|
| |
|
|
| |
ok beck@
|
| | |
|
| |
|
|
| |
ok deraadt@ jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
| |
to make it more clear to users of this api what needs to be done in these error
cases.
Discussed extensively with bluhm@ and jsing@ and others.
ok jsing@
|
| |
|
|
|
|
|
|
| |
match read() and write() semantics to make porting existing code using
read/write easier.. requested by bluhm@ who convinced jsing and I to break
the api
ok jsing@ bluhm@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tls_accept/tls_connect functions can be guaranteed to succeed or fail and
will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves
the semantics of tls_accept_*.
The tls_handshake() function now does I/O and can return
TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will
trigger the handshake if it has not already completed, meaning that in many
cases existing code will continue to work.
Discussed over many coffees at l2k15.
ok beck@ bluhm@
|
| | |
|
| | |
|
