summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2019-11-18Provide a clean interface for sending TLSv1.3 alerts.Joel Sing
ok beck@
2019-11-17Change tls13_record_layer_phh() to take a CBS as this avoids ownershipJoel Sing
issues and makes call sites cleaner. ok beck@
2019-11-17Correct update of application traffic secrets to use an empty contextBob Beck
rather than the hash of an empty context ok jsing@
2019-11-17Bring back the ssl_shutdown internal method pointer.Joel Sing
For now ssl3_shutdown() is called in all cases, however TLSv1.3 will soon get its own version. ok beck@
2019-11-17Add a reference for the non-standard post-handshake handshake (PHH).Theo Buehler
ok beck, jsing
2019-11-17Ensure that we are never operating in plaintext mode once the handshakeJoel Sing
is complete, which should never occur. ok beck@
2019-11-17Provide framework for sending alerts and post-handshake handshake messages.Joel Sing
Discussed at length with beck@ ok beck@ tb@
2019-11-17indent with a tab instead of 8 spacesTheo Buehler
2019-11-17Move the TLSv1.3 server message handling stubs.Joel Sing
2019-11-17Add the initial framework for the TLSv1.3 server.Joel Sing
ok beck@
2019-11-17tls13_connect() should be static.Joel Sing
2019-11-17Fix backoff to legacy when in client auth mode.Bob Beck
ok jsing@
2019-11-17Drop back to the legacy tls method if we are doing client authenticaitonBob Beck
from a tls 1.3 connection, for now. ok jsing@
2019-11-17Separate the callbacks for recieved and completed post handshake messagesBob Beck
from the record layer ok jsing@
2019-11-16Allow 1.3 ciphers in libtls.Bob Beck
ok jsing@
2019-11-16Revert previous deduplication diff, I broke portable in a strange way.Bob Beck
I'll figure it out a bit later. Found and diagnosed by inoguchi@
2019-11-16Allow portable to override the default CA bundle locationBob Beck
ok kinichiro@ jsing@
2019-11-15Deduplicate some extension processing code.Bob Beck
ok tb@ inoguchi@
2019-11-15Fix a segmentation fault in ncurses.Frederic Cambus
This is a backported patch [1] from ncurses-5.7-20100501. It takes begx and begy values into account when calculating lengths, in order to avoid writing data past the end of the buffer when calling memset in wredrawln(). From upstream NEWS file: 20100501 + correct limit-check in wredrawln, accounting for begy/begx values (patch by David Benjamin). [1] https://lists.gnu.org/archive/html/bug-ncurses/2010-04/msg00017.html OK nicm@
2019-11-15our older gcc requires forced -std=c99Theo de Raadt
2019-11-14LDADD for libcbor and libusbhidDamien Miller
2019-11-14extra whitespaceTheo de Raadt
2019-11-14add libcbor and libfido2Damien Miller
2019-11-14import libfido2 (git HEAD). This library allows communication withDamien Miller
U2F/FIDO2 devices over USB. feedback and "start the churn" deraadt@
2019-11-14Add libcbor; an implementation of the Concise Binary ObjectDamien Miller
Representation (CBOR) encoding format defined in RFC7049. This is a dependency of libfido2, that we'll use for U2F/FIDO support in OpenSSH. feedback and "Looks good enough to me" deraadt@
2019-11-14Add missing cross-reference to NOTES section.Todd C. Miller
OK kn@ tb@
2019-11-12Now that libc.so has only five PLT entries on almost all our archs,Philip Guenther
link it with -znow ok kettenis@ deraadt@ jca@
2019-11-10Mark as 'protected' all the routines from the quad/ and softfloat/ subdirs,Philip Guenther
as well as those in arch/arm/gen/divsi3.S. This cleans up the PLTs on the 32bit archs. luna88k testing by aoyama@ "looks good" kettenis@, testing and ok deraadt@
2019-11-05MPLSCTL_MAXINKLOOP (net.mpls.maxloop_inkernel) was removed. Adjust manpage.Claudio Jeker
2019-11-04Allow ip addresses as argument to SSL_set1_host() but be careful to notOtto Moerbeek
poison the context. ok and help jsing@ tb@
2019-11-04Reshuffle RSA_PSS_PARAMS and RSA_OAEP_PARAMS to avoid duplicate typedef.Joel Sing
Issue spotted by bcook@ ok bcook@ inoguchi@
2019-11-02Sort standard_methods by pkey_id.Kinichiro Inoguchi
ok jsing@
2019-11-02CMS didn't make the 6.6 release: adjust the text in the HISTORY sectionsIngo Schwarze
2019-11-02.Xr CMS_ContentInfo_new 3Ingo Schwarze
2019-11-02.Xr BIO_new_CMS 3Ingo Schwarze
2019-11-02document PEM_read_CMS(3), PEM_read_bio_CMS(3), PEM_write_CMS(3), andIngo Schwarze
PEM_write_bio_CMS(3) which jsing@ just enabled in Symbols.list rev. 1.91
2019-11-02In Symbols.list rev. 1.91, jsing enabled many CMS functions.Ingo Schwarze
Install the new manual pages documenting the majority of them.
2019-11-02Bring back some icky buffer allocation code so that pkey_rsa_print()Joel Sing
works again with the horrific API that is ASN1_bn_print(). Issue spotted by inoguchi@
2019-11-02Bump libcrypto, libssl and libtls minors due to symbol additions.Joel Sing
2019-11-02Provide RSA_PKCS1_OpenSSL().Joel Sing
Prompted by inoguchi@
2019-11-02Make RSA_padding_{add,check}_PKCS1_OAEP_mgf1() public.Joel Sing
2019-11-02Make RSA_OAEP_PARAMs public.Joel Sing
2019-11-02Document tls_conn_cipher_strength().Joel Sing
ok schwarze@
2019-11-02Enable CMS in LibreSSL.Joel Sing
ok bcook@ deraadt@ inoguchi@ job@ tb@
2019-11-02Provide tls_conn_cipher_strength().Joel Sing
This returns the strength in bits of the symmetric cipher used for the connection. Diff from gilles@ ok tb@
2019-11-01In evp/pmeth_lib.c rev. 1.16, jsing@ enabled EVP_PKEY_RSA_PSS.Ingo Schwarze
Document it.
2019-11-01In rsa.h rev. 1.45, jsing@ providedIngo Schwarze
the three macro constants RSA_PSS_SALTLEN_*; document them. The wording is a combination of our existing text and the wording in the OpenSSL 1.1.1 branch, which is still under a free license.
2019-11-01Remove duplicated header.Martin Pieuchot
2019-11-01Add DSA CMS support.Joel Sing
From OpenSSL 1.1.1d. ok tb@
2019-11-01Add RSA CMS support.Joel Sing
From OpenSSL 1.1.1d. ok tb@
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-11 11:01:49 +0000