Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-06-20 | Convert ssl_parse_serverhello_renegotiate_ext to CBS. | Doug Hogan | |
ok miod@ jsing@ | |||
2015-06-20 | Handle NIST curve names in openssl(1) ecparam. | Joel Sing | |
From OpenSSL. | |||
2015-06-20 | Handle NIST curve names. | Joel Sing | |
From OpenSSL. ok miod@ (a while ago) | |||
2015-06-20 | Have ECPKParameters_print() include the NIST curve name, if known. | Joel Sing | |
From OpenSSL. ok miod@ (a while ago). | |||
2015-06-20 | Less mdc2. | Joel Sing | |
2015-06-20 | Provide EC_curve_nid2nist() and EC_curve_nist2nid(). | Joel Sing | |
From OpenSSL. Rides libcrypto bump. ok miod@ (a while ago) | |||
2015-06-20 | Make SSL_OP_ALL readable. | Joel Sing | |
ok deraadt@ doug@ millert@ miod@ sthen@ | |||
2015-06-20 | Put CRYPTO_memcmp() under #ifndef LIBRESSL_INTERNAL. | Joel Sing | |
ok doug@ deraadt@ | |||
2015-06-20 | Replace remaining CRYPTO_memcmp() calls with timingsafe_memcmp(). | Joel Sing | |
ok doug@ deraadt@ | |||
2015-06-20 | Only match devices with a valid configuration. | Martin Pieuchot | |
ok uaa@ | |||
2015-06-20 | sort +0n -> sort -n, the former is historical | Jeremie Courreges-Anglas | |
2015-06-20 | Convert ssl_parse_clienthello_renegotiate_ext to CBS. | Doug Hogan | |
ok miod@, tweak + ok jsing@ | |||
2015-06-20 | sync | Theo de Raadt | |
2015-06-20 | Replace internal call to CRYPTO_memcmp with timingsafe_memcmp. | Doug Hogan | |
Suggested by jsing@. ok jsing@ miod@ | |||
2015-06-20 | Bump major after {,asr_}print_sockaddr() renaming. | Jeremie Courreges-Anglas | |
2015-06-20 | Fix warning on vax due to old gcc. | Doug Hogan | |
Old gcc warns when parameters have the same names as functions. Noticed by deraadt@. ok deraadt@ jsing@ | |||
2015-06-20 | Rename print_sockaddr() to avoid symbol visibility problems | Jeremie Courreges-Anglas | |
print_sockaddr is internal to asr, and conflicts with ports/net/samba4. ok eric@ | |||
2015-06-20 | Crank major for libcrypto, ssl and tls due to MDC-2DES removal. | Doug Hogan | |
ok miod@ jsing@ | |||
2015-06-20 | Remove obsolete MDC-2DES from libcrypto. | Doug Hogan | |
ok deraadt@ jsing@ miod@ | |||
2015-06-19 | Tweak whitespace and remove dangling, unneeded "else". | Jeremie Courreges-Anglas | |
No functional change. | |||
2015-06-19 | remove a bit more isp(4), from brad | Jonathan Matthew | |
2015-06-19 | isp(4) man page needs to go too, pointed out by jmc@ | Jonathan Matthew | |
2014-04-15 | Import the OpenSSL libcrypto tests in a form suitable for our rergress | Miod Vallat | |
infrastructure. The following tests have not been imported, for their code lacks a licence: asn1, rsa, sha256, sha512, wp. | |||
2015-06-19 | Only match devices with a valid configuration. | uaa | |
ok by mpi@ | |||
2015-06-19 | Remove needless casts. There's no reason to cast delim to char * | Todd C. Miller | |
when we can just make spanp const char * to match it. OK deraadt@ | |||
2015-06-19 | sync | Theo de Raadt | |
2015-06-19 | Add missing message digests to function table. | Joel Sing | |
Diff from kinichiro via github. ok doug@ | |||
2015-06-19 | show the number of (currently) known prefixes and the max-prefix limit, | Peter Hessler | |
when we terminate the session. since we terminate the session as soon as we go above the limit, show '>' since there may be more that we haven't/won't process. OK benno@ | |||
2015-06-19 | add 5.9 packages key | Christian Weisgerber | |
2015-06-19 | remove isp(4) now that the ql* family have replaced it | Jonathan Matthew | |
2015-06-19 | Remove fallback dynamic engine loading support. | Brent Cook | |
Since we no longer have dynamic engines, don't bother falling back to them if a builtin engine is not found first. Before: $ openssl dgst -engine unknown invalid engine "unknown" 27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown 27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=dynamic After: $ openssl dgst -engine unknown invalid engine "unknown" 27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown ok doug@ | |||
2015-06-19 | Return the failing engine ID in the error stack. | Brent Cook | |
Noted by doug@ in an earlier revision of the dynamic engine removal patch, but I had forgotten to include it in the latest version. | |||
2015-06-19 | Add standard headers, C++ support to tls.h. | Brent Cook | |
This makes using libtls easier to include by including dependent headers, making something like this work as expected: #include <iostream> #include <tls.h> int main() { std::cout << "tls_init: " << tls_init() << "\n"; } This also makes building a standalone libtls-portable simpler. ok doug@, jsing@ | |||
2015-06-19 | Disable ENGINE_load_dynamic (dynamic engine support). | Brent Cook | |
We do not build, test or ship any dynamic engines, so we can remove the dynamic engine loader as well. This leaves a stub initialization function in its place. ok beck@, reyk@, miod@ | |||
2015-06-19 | sync | Theo de Raadt | |
2015-06-19 | Convert tls1_alpn_handle_client_hello() to CBS. | Doug Hogan | |
tweak + ok miod@ jsing@ | |||
2015-06-19 | Add CBS_dup() to initialize a new CBS with the same values. | Doug Hogan | |
This is useful for when you need to check the data ahead and then continue on from the same spot. input + ok jsing@ miod@ | |||
2015-06-18 | Use the SRCDST define for usage. | Nicholas Marriott | |
2015-06-18 | Use xsnprintf. | Nicholas Marriott | |
2015-06-18 | Remove a stray : and tweak paragraph. | Nicholas Marriott | |
2015-06-18 | Extend the input types for CBB_add_*() to help catch bugs. | Doug Hogan | |
While the previous types were correct, they can silently accept bad data via truncation or signed conversion. We now take size_t as input for CBB_add_u*() and do a range check. discussed with deraadt@ input + ok jsing@ miod@ | |||
2015-06-18 | Remove Microsoft Server Gated Crypto. | Doug Hogan | |
Another relic due to the old US crypto policy. From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and 95275599399e277e71d064790a1f828a99fc661a. ok jsing@ miod@ | |||
2015-06-18 | Change DTLS client cert request code to match TLS. | Doug Hogan | |
DTLS currently doesn't check whether a client cert is expected. This change makes the logic in dtls1_accept() match that from ssl3_accept(). From OpenSSL commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65 input + ok jsing@ miod@ | |||
2015-06-18 | I'm afraid it will be a sunday. | Miod Vallat | |
2015-06-18 | add 5.9 firmware key | Stuart Henderson | |
2015-06-18 | For unsupported sample formats, don't return EINVAL but set the closest | Christian Weisgerber | |
available format. ok ratchov@ | |||
2015-06-18 | Fix stack shuffle such that sj includes si and the last element actually | Martynas Venckus | |
gets a chance to be reordered. | |||
2015-06-18 | spelling fixes from theo buehler; | Jason McIntyre | |
2015-06-18 | CP2110 is handled by uslhcom not uslcom | Jonathan Gray | |
2015-06-18 | Only match devices with a valid configuration. | Martin Pieuchot | |
Tested by jsg@ |