| Age | Commit message (Collapse) | Author |
|---|
|
meaningful variable names with use with pointer arithmitic rather than
complex array indexing.
|
|
While here, use meaningful variable names and simplify the calculation.
|
|
They are obsoleted by the RFC3542 api.
ok mpi@
|
|
call abort().
this direction discussed at length with miod beck tedu matthew etc
|
|
|
|
|
|
throw it away and create a new one. This simplifies the code and also
allows ASR to do its thing.
|
|
ssl3_change_cipher_state().
|
|
up in the wrong order when the code was refactored.
|
|
Also use c rather than &c[0].
|
|
This also brings it inline with tls1_change_cipher_state_cipher().
|
|
Based on Adam Langley's chromium patches.
Tested by and ok sthen@
|
|
|
|
EVP_CIPH_FLAG_AEAD_CIPHER into the same if/else block.
|
|
do it properly.
|
|
those that use EVP_AEAD instead ov EVP_CIPHER. This means being able to
change cipher state with an EVP_AEAD and being able to encrypt/decrypt
TLS using the EVP_AEAD. This has no change on existing
non-SSL_CIPHER_ALGORITHM2_AEAD ciphers.
Based on Adam Langley's chromium patches.
Rides the recent libssl bump.
Tested by sthen@
|
|
Read and write contexts are also added to the SSL_CTX, along with
supporting code.
Based on Adam Langley's chromium diffs.
Rides the recent SSL library bump.
|
|
|
|
I accepted that he's right (again) to seperate this out from heavy
sysctl API and this will simply a variety of things. Functionname
is not used by anyone in the ports tree, so we guess we can use it.
Shocking that no application has a function called this.
ok matthew & others who pushed him to start this early on
|
|
7 years ago and never made it into an RFC. That code wasn't compiled in
anyway unless one would define the actual on-the-wire extension id bytes;
crank libssl major.
With help and enlightenment from Brendan MacDonell.
|
|
|
|
ok deraadt, jmc, tedu
|
|
This provides a way for a process to designate pages in its address
space that should be replaced by fresh, zero-initialized anonymous
memory in forked child processes, rather than being copied or shared.
ok jmc, kettenis, tedu, deraadt; positive feedback from many more
|
|
manual page strictly. Return -2 if the strings are not strict numbers.
The numbers remain in the range of "int". Range checking for these parameters
is done later in the pkey_*_ctl() functions, or sometimes in functions much
further downstream... but not always!!!
ok millert miod mikeb
|
|
|
|
behavior for certain inputs. From NetBSD. OK tedu@
|
|
|
|
|
|
|
|
|
|
which just emptied the file but didn't remove it.
|
|
They are obsoleted by the RFC3542 api.
ok mpi@
|
|
OpenSSL 1.0.0.
ok miod@ (a little while back)
|
|
|
|
Just kidding!
unifdef OPENSSL_NO_TLS since we will never want to actually do that.
ok deraadt@
|
|
ok beck
|
|
|
|
(From Jonas Maebe)
OK from beck@
|
|
|
|
|
|
to avoid potential null pointer dereference.
Based on david ramos work.
OK from miod@ and jsing@
|
|
collateral damage.
The syncronous nature of this mechanism has hampered performance for
symmetric crypto relative to brute-force cpu. The assymetric crypto
support never really materialized in drivers.
So abandon the complexity.
ok tedu beck mikeb
some disagrement from djm but if he wants to test /dev/crypto ciphers
he should do it without this this gigantic API in the way
|
|
|
|
|
|
thing for an unsigned char array.
ok deraadt@
|
|
to avoid a possible NULL function call on ctx.final(). None of the callers
currently check the return value of calls to cert_verify_mac(), however
the function already returns 0 in another case and the MAC comparison will
later fail.
Issue reported by David Ramos.
|
|
protect from future field reordering/removal.
No difference in generated assembly.
|
|
|
|
the return value of EVP_MD_CTX_copy_ex(). If the copy fails early then
EVP_DigestUpdate() will invoke md_ctx.update(), which will be a NULL
function pointer.
Analysis and patch from David Ramos.
ok deraadt@
|
|
fails, the NULL check will add an error but it does not abort. This will
result in EVP_DigestInit_ex() being called with a NULL context.
Also ensure that we check the return values from EVP_DigestInit_ex() and
EVP_DigestUpdate().
ok deraadt@ miod@
|
