| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
documenting four PKCS#8 PrivateKeyInfo accessors
|
| | |
|
| |
|
|
| |
Spotted by egcc. ok tb@
|
| | |
|
| |
|
|
|
|
|
|
| |
This is effectively the same record processing limit that was previously
added to the legacy TLS stack - without this a single session can be made
to spin on a stream of alerts or other similar records.
ok beck@ tb@
|
| |
|
|
|
|
| |
Also mop up some mostly unhelpful comments while here.
ok beck@ tb@
|
| |
|
|
| |
ok beck@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
3rd (variadic) mode_t parameter is irrelevant. Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef.
ok millert
|
| |
|
|
| |
from the OpenSSL 1.1.1 branch, which is still under a free license
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
and since CMS_ReceiptRequest_get0_values(3) uses it, add it to the
list of STACK_OF(3) types.
While here, also add the missing CMS_RecipientInfo, CMS_SignerInfo,
OPENSSL_STRING, SRTP_PROTECTION_PROFILE, SSL_CIPHER, SSL_COMP and
X509_NAME to the list of stack types used by the API, drop
STACK_OF(X509_PURPOSE) which is only used internally, and list those
STACK_OF(*) types separately that are obfuscated with typedef.
|
| |
|
|
| |
ok mpi@ deraadt@
|
| |
|
|
| |
ok beck inoguchi jsing
|
| |
|
|
| |
spotted by and ok jsing@
|
| | |
|
| |
|
|
|
|
| |
symbol will be exposed with tb@'s forthcoming bump
ok tb@
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
while here, also apply some minor wording improvements
|
| |
|
|
|
|
|
|
|
| |
Since we don't support session tickets in LibreSSL at the moment
these functions currently do not have any effect.
Again, symbols will appear with tb@'s reptar sized bump..
ok tb@
|
| | |
|
| | |
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
| |
X509_get_extended_key_usage from OpenSSL. Will be linked to the build
after the bump.
input/lgtm schwarze
|
| |
|
|
|
|
| |
to the build after the bump.
tweak & lgtm schwarze
|
| |
|
|
| |
pointed out by schwarze
|
| |
|
|
|
|
|
|
|
|
| |
As these still meet the usual expectations for special, I will leave
it up to ingo to decide to either document separately or in one man
page like OpenSSL did.
Will also need Symbols.list additions by tb@ when he starts the rapture
ok tb@ jsing@
|
| |
|
|
|
|
|
| |
X509_get_extended_key_usage from OpenSSL. Will be linked to the build
after the bump.
input/lgtm schwarze
|
| |
|
|
|
|
| |
to the build after the bump.
tweak & lgtm schwarze
|
| |
|
|
|
|
|
| |
These are no longer public, so we can mop them up along with the machinery
needed to set/clear them.
ok beck@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the introduction of TLSv1.3, we need the ability to determine our
maximum legacy version and to track our peer's maximum legacy version.
This is needed for both the TLS record layer when using TLSv1.3, plus
it is needed for RSA key exhange in TLS prior to TLSv1.3, where the
maximum legacy version is incorporated in the pre-master secret to
avoid downgrade attacks.
This unbreaks RSA KEX for the TLS client when the non-version specific
method is used with TLSv1.0 or TLSv1.1 (clearly no one does this).
ok tb@
|
| |
|
|
| |
and fix some weird typos in comments (duplicate '@' signs)
|
| | |
|
| |
|
|
|
|
|
| |
Now that DTLS1_STATE is opaque, fold DTLS1_STATE_INTERNAL back into
DTLS1_STATE and remove D1I() usage.
ok tb@
|
| |
|
|
| |
plus .Dv NULL, SEE ALSO, HISTORY
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
| |
X509_STORE_CTX and use accessors instead of reaching directly
into the struct.
ok jsing
|
| |
|
|
|
|
| |
out of the X509_STORE_CTX.
ok jsing
|
| |
|
|
|
|
|
| |
This code will soon be used in the DTLSv1.2 and TLSv1.2 stack. Also
introduce tls_internal.h and move/rename the read/write/flush callbacks.
ok beck@ tb@
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
|
| |
Some things in ports care about calling these functions. Since we will
not provide private key logging functionality they are documented
as being for compatibility and that they don't do anything.
ok tb@
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
| |
Symbols.list changes to follow with tb's upcoming bump
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function currently has a long return type that may be <= 0 on
error/retry (which is then cast to an int in order to return it up the
stack), or it returns the length of the handshake message (on success).
This obviously means that 0 can be returned for both success and failure,
which is the reason why a separate 'ok' argument has to exist.
Untangle this mess by changing the return value to an int that indicates
success (1) or error/retry (<= 0). The length never needs to actually be
returned as it is already stored in s->internal->init_num (which is where
the return value is read from anyway).
ok tb@
|
| |
|
|
|
|
|
|
| |
Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long
to uint32_t (matching RFC4507), rather than continuing to work around an
inappropriate type choice.
ok tb@
|
| |
|
|
| |
ok beck jsing
|
