| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Forward declare struct sigalg in ssl_locl.h and avoid including
ssl_sigalgs.h. Explicitly include ssl_sigalgs.h where it is needed.
|
|
The bytestring APIs are self contained, hence including openssl headers
here is unnecessary.
|
|
Where a file references to OPENSSL_NO_* conditions, ensure that we
explicitly include <openssl/opensslconf.h> before any references, rather
than relying on another header to pull this in.
|
|
|
|
Modify objxref.pl to output $OpenBSD$ header and
__BEGIN_HIDDEN_DECLS / __END_HIDDEN_DECLS .
ok and comment from tb@
|
|
it causes restored stack to be incorrect.
|
|
|
|
|
|
|
|
|
|
Based on the OpenSSL 1.1.1 manual written by Rich Salz with a healthy
dose of improvements by schwarze.
ok schwarze
|
|
Found missing sigoid_srt record in crypto/objects/obj_xref.h, and
this causes error while executing openssl cms -encrypt with EC key/cert.
Added required definitions to obj_xref.txt and obj_xref.h.
Issue reported by Theodore Wynnychenko (tmw <at> uchicago.edu) on misc.
ok tb@
|
|
from unsigned long long to unsigned int.
ok kettenis@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
for EC_POINT_set_compressed_coordinates from OpenSSL 1.1.1.
|
|
#438 and other change #443. A new error constant has been added
to a public header file. According to guenther@ this is an ABI
break that requires a major bump.
OK tb@; tested by matthieu@
|
|
|
|
|
|
|
|
and a few other structs in libssl opaque.
from/ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
EC_POINT_set_compressed_coordinates(3)
ok jsing
|
|
ok jsing
|
|
Simplify integer loading, use 'li <dest>, <value>' instead of x0/zero register
Adjust _JB_SIGMASK to not collide with saved registers.
|
|
Listed under 'SMI Security for S/MIME CMS Content Type
(1.2.840.113549.1.9.16.1)'
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1
OK tb@
|
|
These are one-shot versions combining EVP_Digest{Sign,Verify}{Update,Final}.
and are part of the OpenSSL 1.1.1 API. While they simplify callers in some
situations slightly, their real use is for EdDSA that by design can't be
split into Update/Final steps.
Based on OpenSSL commit 7539418981c140648a620d72edd7398564878b5c
ok inoguchi
|
|
Someone this introduces some problems that I didn't ran into during testing
|
|
part of that locale.
This matches what at least FreeBSD and glibc do.
OK millert@
|
|
ok inoguchi@ tb@
|
|
For TLSv1.2 a single key block is generated, then partitioned into
individual secrets for use as IVs and keys. The previous implementation
splits this across two functions tls1_setup_key_block() and
tls1_change_cipher_state(), which means that the IV and key sizes have to
be known in multiple places.
This implementation generates and partitions the key block in a single
step, meaning that the secrets are then simply handed out when requested.
ok inoguchi@ tb@
|
|
we do on other architectures.
ok mpi@
|
|
Directly update cerror as offset of thread pointer, with
optimizations on error brnaching
ok kettenis@
|
|
based off a combination of aarch64/powerpc64
ok kettenis@
|
|
Per X9.62 4.4.1.b., the compressed representation of a point with
zero x coordinate on a binary curve must have y_bit unset. Error
out in that case of ec_GF2m_set_compressed_coordinates() instead
of ignoring y_bit.
ok jsing
|
|
the CERROR handling code had a gross mistake in that that it didn't
continue processing the code after the macro if no error occurred.
ok kettenis@
|
|
copied from other 64 bit arch
ok jsg@
|
|
After jsing's recent commits, SSL3_CC_{READ,WRITE,CLIENT,SERVER}
and the derived SSL3_CHANGE_CIPHER_{CLIENT,SERVER}_{READ,WRITE}
are no longer used by LibreSSL and should never be used again.
discussed with jsing
|
|
Replace flag gymnastics at call sites with separate read and write,
functions which call the common code. Condition on s->server instead of
using SSL_ST_ACCEPT, for consistency and more readable code.
ok inoguchi@ tb@
|
