summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-06-20Convert ssl_parse_serverhello_renegotiate_ext to CBS.Doug Hogan
ok miod@ jsing@
2015-06-20Handle NIST curve names in openssl(1) ecparam.Joel Sing
From OpenSSL.
2015-06-20Handle NIST curve names.Joel Sing
From OpenSSL. ok miod@ (a while ago)
2015-06-20Have ECPKParameters_print() include the NIST curve name, if known.Joel Sing
From OpenSSL. ok miod@ (a while ago).
2015-06-20Less mdc2.Joel Sing
2015-06-20Provide EC_curve_nid2nist() and EC_curve_nist2nid().Joel Sing
From OpenSSL. Rides libcrypto bump. ok miod@ (a while ago)
2015-06-20Make SSL_OP_ALL readable.Joel Sing
ok deraadt@ doug@ millert@ miod@ sthen@
2015-06-20Put CRYPTO_memcmp() under #ifndef LIBRESSL_INTERNAL.Joel Sing
ok doug@ deraadt@
2015-06-20Replace remaining CRYPTO_memcmp() calls with timingsafe_memcmp().Joel Sing
ok doug@ deraadt@
2015-06-20Only match devices with a valid configuration.Martin Pieuchot
ok uaa@
2015-06-20sort +0n -> sort -n, the former is historicalJeremie Courreges-Anglas
2015-06-20Convert ssl_parse_clienthello_renegotiate_ext to CBS.Doug Hogan
ok miod@, tweak + ok jsing@
2015-06-20syncTheo de Raadt
2015-06-20Replace internal call to CRYPTO_memcmp with timingsafe_memcmp.Doug Hogan
Suggested by jsing@. ok jsing@ miod@
2015-06-20Bump major after {,asr_}print_sockaddr() renaming.Jeremie Courreges-Anglas
2015-06-20Fix warning on vax due to old gcc.Doug Hogan
Old gcc warns when parameters have the same names as functions. Noticed by deraadt@. ok deraadt@ jsing@
2015-06-20Rename print_sockaddr() to avoid symbol visibility problemsJeremie Courreges-Anglas
print_sockaddr is internal to asr, and conflicts with ports/net/samba4. ok eric@
2015-06-20Crank major for libcrypto, ssl and tls due to MDC-2DES removal.Doug Hogan
ok miod@ jsing@
2015-06-20Remove obsolete MDC-2DES from libcrypto.Doug Hogan
ok deraadt@ jsing@ miod@
2015-06-19Tweak whitespace and remove dangling, unneeded "else".Jeremie Courreges-Anglas
No functional change.
2015-06-19remove a bit more isp(4), from bradJonathan Matthew
2015-06-19isp(4) man page needs to go too, pointed out by jmc@Jonathan Matthew
2014-04-15Import the OpenSSL libcrypto tests in a form suitable for our rergressMiod Vallat
infrastructure. The following tests have not been imported, for their code lacks a licence: asn1, rsa, sha256, sha512, wp.
2015-06-19Only match devices with a valid configuration.uaa
ok by mpi@
2015-06-19Remove needless casts. There's no reason to cast delim to char *Todd C. Miller
when we can just make spanp const char * to match it. OK deraadt@
2015-06-19syncTheo de Raadt
2015-06-19Add missing message digests to function table.Joel Sing
Diff from kinichiro via github. ok doug@
2015-06-19show the number of (currently) known prefixes and the max-prefix limit,Peter Hessler
when we terminate the session. since we terminate the session as soon as we go above the limit, show '>' since there may be more that we haven't/won't process. OK benno@
2015-06-19add 5.9 packages keyChristian Weisgerber
2015-06-19remove isp(4) now that the ql* family have replaced itJonathan Matthew
2015-06-19Remove fallback dynamic engine loading support.Brent Cook
Since we no longer have dynamic engines, don't bother falling back to them if a builtin engine is not found first. Before: $ openssl dgst -engine unknown invalid engine "unknown" 27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown 27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=dynamic After: $ openssl dgst -engine unknown invalid engine "unknown" 27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_list.c:384:id=unknown ok doug@
2015-06-19Return the failing engine ID in the error stack.Brent Cook
Noted by doug@ in an earlier revision of the dynamic engine removal patch, but I had forgotten to include it in the latest version.
2015-06-19Add standard headers, C++ support to tls.h.Brent Cook
This makes using libtls easier to include by including dependent headers, making something like this work as expected: #include <iostream> #include <tls.h> int main() { std::cout << "tls_init: " << tls_init() << "\n"; } This also makes building a standalone libtls-portable simpler. ok doug@, jsing@
2015-06-19Disable ENGINE_load_dynamic (dynamic engine support).Brent Cook
We do not build, test or ship any dynamic engines, so we can remove the dynamic engine loader as well. This leaves a stub initialization function in its place. ok beck@, reyk@, miod@
2015-06-19syncTheo de Raadt
2015-06-19Convert tls1_alpn_handle_client_hello() to CBS.Doug Hogan
tweak + ok miod@ jsing@
2015-06-19Add CBS_dup() to initialize a new CBS with the same values.Doug Hogan
This is useful for when you need to check the data ahead and then continue on from the same spot. input + ok jsing@ miod@
2015-06-18Use the SRCDST define for usage.Nicholas Marriott
2015-06-18Use xsnprintf.Nicholas Marriott
2015-06-18Remove a stray : and tweak paragraph.Nicholas Marriott
2015-06-18Extend the input types for CBB_add_*() to help catch bugs.Doug Hogan
While the previous types were correct, they can silently accept bad data via truncation or signed conversion. We now take size_t as input for CBB_add_u*() and do a range check. discussed with deraadt@ input + ok jsing@ miod@
2015-06-18Remove Microsoft Server Gated Crypto.Doug Hogan
Another relic due to the old US crypto policy. From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and 95275599399e277e71d064790a1f828a99fc661a. ok jsing@ miod@
2015-06-18Change DTLS client cert request code to match TLS.Doug Hogan
DTLS currently doesn't check whether a client cert is expected. This change makes the logic in dtls1_accept() match that from ssl3_accept(). From OpenSSL commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65 input + ok jsing@ miod@
2015-06-18I'm afraid it will be a sunday.Miod Vallat
2015-06-18add 5.9 firmware keyStuart Henderson
2015-06-18For unsupported sample formats, don't return EINVAL but set the closestChristian Weisgerber
available format. ok ratchov@
2015-06-18Fix stack shuffle such that sj includes si and the last element actuallyMartynas Venckus
gets a chance to be reordered.
2015-06-18spelling fixes from theo buehler;Jason McIntyre
2015-06-18CP2110 is handled by uslhcom not uslcomJonathan Gray
2015-06-18Only match devices with a valid configuration.Martin Pieuchot
Tested by jsg@