| Age | Commit message (Collapse) | Author |
|---|
|
ok doug@ deraadt@
|
|
Link in the new 'unit' regress and expand the invalid tests to include
some that would fail before the CBS conversion.
input + ok miod@ jsing@
|
|
bcook@ notes that this check really only impacted 64-bit Windows. Also,
changed the check to be unsigned for consistency.
ok bcook@
|
|
|
|
spelt malloc+memcpy, which is what is used in all except two places.
ok deraadt@ doug@
|
|
ok jung@ jmc@
|
|
Previously, CBS_dup() had its own offset. However, it is more consistent
to copy everything.
ok miod@ jsing@
|
|
From BoringSSL commit 3fa65f0f05f67615d9daf48940e07f84d094ac6e.
|
|
consistent with the behavior of the other libc sort functions.
OK deraadt@
|
|
tweak + ok miod@ jsing@
|
|
tweak + ok miod@ jsing@
|
|
ok miod@ jsing@
|
|
From OpenSSL.
ok miod@ (a while ago)
|
|
From OpenSSL.
ok miod@ (a while ago).
|
|
From OpenSSL.
Rides libcrypto bump.
ok miod@ (a while ago)
|
|
ok deraadt@ doug@ millert@ miod@ sthen@
|
|
ok doug@ deraadt@
|
|
ok doug@ deraadt@
|
|
ok miod@, tweak + ok jsing@
|
|
Suggested by jsing@.
ok jsing@ miod@
|
|
|
|
Old gcc warns when parameters have the same names as functions. Noticed
by deraadt@.
ok deraadt@ jsing@
|
|
print_sockaddr is internal to asr, and conflicts with ports/net/samba4.
ok eric@
|
|
ok miod@ jsing@
|
|
ok deraadt@ jsing@ miod@
|
|
No functional change.
|
|
when we can just make spanp const char * to match it. OK deraadt@
|
|
Noted by doug@ in an earlier revision of the dynamic engine removal patch, but
I had forgotten to include it in the latest version.
|
|
This makes using libtls easier to include by including dependent headers,
making something like this work as expected:
#include <iostream>
#include <tls.h>
int main()
{
std::cout << "tls_init: " << tls_init() << "\n";
}
This also makes building a standalone libtls-portable simpler.
ok doug@, jsing@
|
|
We do not build, test or ship any dynamic engines, so we can remove the dynamic
engine loader as well. This leaves a stub initialization function in its place.
ok beck@, reyk@, miod@
|
|
tweak + ok miod@ jsing@
|
|
This is useful for when you need to check the data ahead and then continue
on from the same spot.
input + ok jsing@ miod@
|
|
While the previous types were correct, they can silently accept bad data
via truncation or signed conversion. We now take size_t as input for
CBB_add_u*() and do a range check.
discussed with deraadt@
input + ok jsing@ miod@
|
|
Another relic due to the old US crypto policy.
From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and
95275599399e277e71d064790a1f828a99fc661a.
ok jsing@ miod@
|
|
DTLS currently doesn't check whether a client cert is expected. This
change makes the logic in dtls1_accept() match that from ssl3_accept().
From OpenSSL commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65
input + ok jsing@ miod@
|
|
"O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross signing
the issuing intermediates for letsencrypt.org so is expected to be important
for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@
|
|
|
|
|
|
|
|
ok miod@, tweak + ok jsing@
|
|
ok miod@ jsing@
|
|
ok miod@ jsing@
|
|
ok miod@ jsing@
|
|
ok miod@ jsing@
|
|
This is a common operation when dealing with CBS.
ok miod@ jsing@
|
|
"why not" miod@, sure jsing@
|
|
These were recently removed and are now set to 0:
SSL_OP_NETSCAPE_CA_DN_BUG
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
SSL_OP_SSLEAY_080_CLIENT_DH_BUG
The code associated with these was deleted in the past at some point
and these are also now 0:
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
SSL_OP_EPHEMERAL_RSA
SSL_OP_MICROSOFT_SESS_ID_BUG
SSL_OP_NETSCAPE_CHALLENGE_BUG
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
The SSL_OP_ALL macro has been updated to reflect the removals.
ok miod@ jsing@
|
|
Original diff from guenther@, adjusted by me.
OK guenther@
|
|
bs_ber.c does not convert BER to DER. It's a hack to convert a DER-like
encoding with one violation (indefinite form) to strict DER. Rename
the functions to reflect this.
ok miod@ jsing@
|
|
|
