| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This is a hack. The test is in rather poor shape and it is hard to tell
whether it still does what it is supposed to be doing. Hopefully somemone
will rewrite this in a style that doesn't make me squeal on opening this
file...
|
| |
|
|
|
|
|
|
| |
Removing -tls1 moved some tests from the legacy stack to the TLSv1.3 stack.
On a HRR, the alpn callback would be called twice and allocate the global
twice, thereby leaking. So free it up front.
Joint suffering with bcook and beck
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Their time has long since past, and they should not be used.
This change restricts ssl to versions 1.2 and 1.3, and changes
the regression tests to understand we no longer speak the legacy
protocols.
For the moment the magical "golden" byte for byte comparison
tests of raw handshake values are disabled util jsing fixes them.
ok jsing@ tb@
|
| |
|
|
| |
Hopefully that is all. What an absolutely horrid mess.
|
| | |
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
| |
|
|
| |
From beck
|
| |
|
|
|
|
| |
of SHA-1. This helps the switch to security-level aware ssltest.
From jsing
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
From Jonas Termansen
|
| |
|
|
|
| |
This code no longer compiles and the equivalent test coverage has been
added to regress/lib/libssl/ciphers (and is actually run).
|
| |
|
|
| |
This should be moved to a dedicated regress test.
|
| | |
|
| |
|
|
| |
This was removed from libssl a very long time ago...
|
| |
|
|
| |
From Michael Scovetta, PR #108
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This implements automatic thread support initialization in libcrypto.
This does not remove any functions from the ABI, but does turn them into
no-ops. Stub implementations of pthread_mutex_(init|lock|unlock) are
provided for ramdisks.
This does not implement the new OpenSSL 1.1 thread API internally,
keeping the original CRYTPO_lock / CRYPTO_add_lock functions for library
locking. For -portable, crypto_lock.c can be reimplemented with
OS-specific primitives as needed.
ok beck@, tb@, looks sane guenther@
|
| | |
|
| |
|
|
|
|
|
| |
exiting non-zero (which has been masking a DTLS related issue). Also make
the message consistent with other errors.
Spotted by inogochi@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing@
|
| | |
|
| |
|
|
|
| |
by a similar BoringSSL change, but raising the limit to 1024 bits.
ok jsing@ markus@ guenther@ deraadt@
|
| | |
|
| |
|
|
| |
Based on OpenSSL.
|
| |
|
|
| |
using it.
|
| |
|
|
| |
gethostname being declared properly on Compaq platforms that use DEC C...
|
| |
|
|
| |
need to have additional checks here.
|
| |
|
|
| |
with a failure if the NPN verification fails.
|
| | |
|
| |
|
|
|
| |
OPENSSL_NO_X509_VERIFY. We're not going to build with these and the same
removal has already been done for libssl.
|
| | |
|
| | |
|
| |
|
|
| |
ok miod@
|
| |
|
|
|
|
|
|
| |
7 years ago and never made it into an RFC. That code wasn't compiled in
anyway unless one would define the actual on-the-wire extension id bytes;
crank libssl major.
With help and enlightenment from Brendan MacDonell.
|
| | |
|
| |
|
