Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| 242bbb91 | 2021-11-23 18:26:23 | Transform a mangled comment into something intelligible. from beck | ||
| 7aaded86 | 2021-11-19 18:53:10 | libssl: don't reach for pkey->save_type. For some strange historical reason ECDSA_sign() and ECDSA_verify}() have a type argument that they ignore. For another strange historical reason, the type passed to them from libssl is pkey->save_type, which is used to avoid expensive engine lookups when setting the pkey type... Whatever the aforementioned reasons were, we can't access pkey->save_type with the OpenSSL 1.1 API, and this is thus in the way of making EVP_PKEY opaque. Simply pass in 0 instead. ok jsing | ||
| 2368fd79 | 2021-11-14 22:31:29 | Fix a strange check in the auto DH codepath The code assumes that the server certificate has an RSA key and bases the calculation of the size of the ephemeral DH key on this assumption. So instead of checking whether we have any key by inspecting the dh part of the union, let's check that we actually have an RSA key. While here, make sure that its length is non-negative. ok jsing | ||
| b6c209be | 2021-11-09 18:40:20 | Switch to <endian.h> from <machine/endian.h> for better portability. ok tb@ | ||
| 4ae7d3c3 | 2021-11-08 18:19:22 | Replace <sys/limits.h> with <limits.h> ok tb@ | ||
| 0db19753 | 2021-11-02 13:59:29 | Do not take the strlen() of a NULL name. Defer the CBS_init() to later. Found the hard way by sthen. ok sthen | ||
| 6af37010 | 2021-11-01 16:45:56 | Ensure SSL_set_tlsext_host_name() is given a valid hostname. ok inoguchi@ tb@ | ||
| 0c25913e | 2021-11-01 16:37:17 | Improve SNI hostname validation. For some time now we've validated the hostname provided to the server in the SNI extension. Per RFC 6066, an IP literal is invalid as a hostname - the current code rejects IPv6 literals, but allows IPv4 literals through. Improve this check to explicitly detect both IPv4 and IPv6 literals. Some software has been historically known to include IP literals in SNI, so rather than rejecting this outright (and failing with a decode error), pretend that the SNI extension does not exist (such that we do not break some older clients). ok inoguchi@ tb@ | ||
| 52156a6f | 2021-11-01 08:14:36 | Unifdef LIBRESSL_NEW_API. Now that the library is bumped, this is no longer needed. ok jsing | ||
| 8b2f7724 | 2021-10-31 16:41:23 | Bump majors after struct visibility changes, symbol removal and symbol addition. | ||
| 5bf5caf3 | 2021-10-31 16:38:36 | Update Symbols.list to include API additions | ||
| ad70d475 | 2021-10-31 16:37:25 | libssl: stop reaching into the X509 struct and simplify some code by using X509_get_key_usage(). ok beck jsing | ||
| fdf93b5c | 2021-10-31 06:48:54 | Add explicit CBS_contains_zero_byte() check in CBS_strdup(). If the CBS data contains a zero byte, then CBS_strdup() is only going to return part of the data - add an explicit CBS_contains_zero_byte() and treat such data as an error case. ok tb@ | ||
| c560a301 | 2021-10-27 22:11:21 | Fix HISTORY section: 6.9 -> 7.0 | ||
| 7fe4235f | 2021-10-25 15:16:35 | sort. alphanumerics have lower ASCII values than '_' | ||
| 4b27df2e | 2021-10-25 15:13:52 | Install SSL_read_early_data.3. I should have done this during the last libssl bump. | ||
| c2712b29 | 2021-10-25 10:14:48 | Add record processing limit to DTLS code. This is effectively the same record processing limit that was previously added to the legacy TLS stack - without this a single session can be made to spin on a stream of alerts or other similar records. ok beck@ tb@ | ||
| e2a9b682 | 2021-10-25 10:09:28 | Use ssl_force_want_read() in the DTLS code. Also mop up some mostly unhelpful comments while here. ok beck@ tb@ | ||
| 7e086035 | 2021-10-25 10:01:46 | Fold SSL_SESSION_INTERNAL back into SSL_SESSION. ok beck@ tb@ | ||
| 076fb258 | 2021-10-24 15:10:13 | merge documentation for SSL_read_ex(3), SSL_peek_ex(3), and SSL_write_ex(3) from the OpenSSL 1.1.1 branch, which is still under a free license | ||
| 0a9b063c | 2021-10-24 09:15:00 | Don't leak internal->verfied_chain, clean it up in ssl3_clear and free. spotted by and ok jsing@ | ||
| 4a18b5ba | 2021-10-23 20:42:50 | Add SSL_get0_verified_chain - needed by some new stuff symbol will be exposed with tb@'s forthcoming bump ok tb@ | ||
| 1349d29c | 2021-10-23 17:20:50 | fix wrong and missing return types and wrong macros in the SYNOPSIS; while here, also apply some minor wording improvements | ||
| 8095b130 | 2021-10-23 16:29:15 | Add new OpenSSL API SSL_CTX_set_num_tickets and friends. Since we don't support session tickets in LibreSSL at the moment these functions currently do not have any effect. Again, symbols will appear with tb@'s reptar sized bump.. ok tb@ | ||
| 526e2352 | 2021-10-23 16:11:30 | Unhandroll X509_up_ref() ok beck jsing | ||
| b9d2805d | 2021-10-23 15:36:59 | oops, wrong dir. pointed out by schwarze | ||
| b5b7f1d2 | 2021-10-23 15:30:44 | Add new OpenSSL api SSL_write_ex, SSL_read_ex and SSL_peek_ex As these still meet the usual expectations for special, I will leave it up to ingo to decide to either document separately or in one man page like OpenSSL did. Will also need Symbols.list additions by tb@ when he starts the rapture ok tb@ jsing@ | ||
| 59fb41fe | 2021-10-23 15:30:07 | Import documentation for X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage from OpenSSL. Will be linked to the build after the bump. input/lgtm schwarze | ||
| d8fe5f04 | 2021-10-23 15:27:46 | Import documentation for X509_SIG_get{0,m} from OpenSSL. Will be linked to the build after the bump. tweak & lgtm schwarze | ||
| a0f5591d | 2021-10-23 15:02:27 | Mop up enc_read_ctx and read_hash. These are no longer public, so we can mop them up along with the machinery needed to set/clear them. ok beck@ tb@ | ||
| 01f29c58 | 2021-10-23 14:40:54 | Provide a way to determine our maximum legacy version. With the introduction of TLSv1.3, we need the ability to determine our maximum legacy version and to track our peer's maximum legacy version. This is needed for both the TLS record layer when using TLSv1.3, plus it is needed for RSA key exhange in TLS prior to TLSv1.3, where the maximum legacy version is incorporated in the pre-master secret to avoid downgrade attacks. This unbreaks RSA KEX for the TLS client when the non-version specific method is used with TLSv1.0 or TLSv1.1 (clearly no one does this). ok tb@ | ||
| 8f73431c | 2021-10-23 13:45:44 | Remove unused fields from struct dtls1_retransmit_state. | ||
| f19d9718 | 2021-10-23 13:36:03 | Fold DTLS1_STATE_INTERNAL into DTLS1_STATE. Now that DTLS1_STATE is opaque, fold DTLS1_STATE_INTERNAL back into DTLS1_STATE and remove D1I() usage. ok tb@ | ||
| 052d4ffd | 2021-10-23 13:17:03 | tweak previous: properly mark up function pointer typedef plus .Dv NULL, SEE ALSO, HISTORY | ||
| 1d13974e | 2021-10-23 13:14:38 | Change ssl_verify_cert_chain() for compatibility with opaque X509_STORE_CTX and use accessors instead of reaching directly into the struct. ok jsing | ||
| d3771e01 | 2021-10-23 13:12:55 | Use X509_STORE_CTX_get0_chain() instead of grabbing the chain directly out of the X509_STORE_CTX. ok jsing | ||
| f6184395 | 2021-10-23 13:12:14 | Rename tls13_buffer to tls_buffer. This code will soon be used in the DTLSv1.2 and TLSv1.2 stack. Also introduce tls_internal.h and move/rename the read/write/flush callbacks. ok beck@ tb@ | ||
| d1ec7c35 | 2021-10-23 11:41:51 | Add SSL_CTX_set_keylog_callback and SSL_CTX_get_keylog_callback Some things in ports care about calling these functions. Since we will not provide private key logging functionality they are documented as being for compatibility and that they don't do anything. ok tb@ | ||
| f2c3e964 | 2021-10-23 08:34:36 | Untangle ssl3_get_message() return values. This function currently has a long return type that may be <= 0 on error/retry (which is then cast to an int in order to return it up the stack), or it returns the length of the handshake message (on success). This obviously means that 0 can be returned for both success and failure, which is the reason why a separate 'ok' argument has to exist. Untangle this mess by changing the return value to an int that indicates success (1) or error/retry (<= 0). The length never needs to actually be returned as it is already stored in s->internal->init_num (which is where the return value is read from anyway). ok tb@ | ||
| 18631d23 | 2021-10-23 08:13:02 | Change tlsext_tick_lifetime_hint to uint32_t. Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long to uint32_t (matching RFC4507), rather than continuing to work around an inappropriate type choice. ok tb@ | ||
| ea21f82a | 2021-10-21 08:30:14 | Avoid potential NULL dereferences in dtls1_free() ok jsing | ||
| 47ccd491 | 2021-10-15 16:48:46 | Move various structs from ssl.h/tls1.h to ssl_locl.h. These were already under LIBRESSL_INTERNAL hence no ABI change. ok tb@ | ||
| 1e0f72fe | 2021-09-16 19:25:30 | Implement flushing for TLSv1.3 handshakes. When we finish sending a flight of records, flush the record layer output. This effectively means calling BIO_flush() on the wbio. Some things (such as apache2) have custom BIOs that perform buffering and do not actually send on BIO_write(). Without BIO_flush() the server thinks it has sent data and starts receiving records, however the client never sends records since it never received those that the server should have sent. Joint work with tb@ ok tb@ | ||
| 75d4f95c | 2021-09-14 23:07:18 | Avoid typedef redefinition "typedef struct ssl_st SSL;" is defined in ossl_typ.h. This reverts part of r1.204. ok tb@ | ||
| 55ec4bc3 | 2021-09-14 14:35:09 | zap trailing white space | ||
| d6a7e173 | 2021-09-14 14:31:21 | Call the info cb on connect/accept exit in TLSv1.3 The p5-Net-SSLeay test expects the info callback to be called on connect exit. This is the behavior in the legacy stack but wasn't implemented in the TLSv1.3 stack. With this commit, p5-Net-SSLeay tests are happy again after the bump. ok bluhm inoguchi jsing | ||
| 558305cf | 2021-09-14 14:30:57 | provide a small manual page for the SSL_set_psk_use_session_callback(3) stub, written from scratch; OK tb@ on SSL_set_psk_use_session_callback.3 | ||
| ddcfd890 | 2021-09-14 14:08:15 | Merge the stub SSL_SESSION_is_resumable(3) manual page from the OpenSSL 1.1.1 branch, which is still under a free license. A few tweaks to wording and structure by me. OK tb@ on SSL_SESSION_is_resumable.3 | ||
| cfbb67c9 | 2021-09-11 18:58:41 | merge the description of SSL_get_tlsext_status_type(3) from the OpenSSL 1.1.1 branch, which is still under a free license | ||
| 2876f600 | 2021-09-10 15:06:12 | bump major after symbol addition and struct removal, struct visibility changes | ||
| 60ff7073 | 2021-09-10 15:05:35 | Update Symbols.list after API additions | ||
| a5013a63 | 2021-09-10 14:58:44 | Move SSL_set0_rbio() outside of LIBRESSL_HAS_TLS1_3 ok inoguchi jsing | ||
| 27521bdf | 2021-09-10 14:57:31 | Expose SSL_get_tlext_status_type() in tls1.h ok beck jsing | ||
| ec1252fc | 2021-09-10 14:55:53 | Expose SSL_R_NO_APPLICATION_PROTOCOL in ssl.h ok beck jsing | ||
| 0499db78 | 2021-09-10 14:55:24 | Expose SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE in ssl.h ok beck jsing | ||
| de794d14 | 2021-09-10 14:54:14 | Expose SSL_CTX_get0_privatekey() in ssl.h ok beck | ||
| 51c5ceb2 | 2021-09-10 14:50:19 | Remove TLS1_get_{,client_}version() ok jsing | ||
| 70364e7a | 2021-09-10 14:49:13 | Remove SSL3_RECORD and SSL3_BUFFER with/ok jsing | ||
| fc12a402 | 2021-09-10 14:47:24 | Remove TLS1_RT_HEARTBEAT ok jsing | ||
| d2d09106 | 2021-09-10 14:46:31 | Make SSL opaque with/ok jsing | ||
| cf6ab171 | 2021-09-10 14:44:25 | Remove struct tls_session_ticket_ext_st and TLS_SESSION_TICKET_EXT from public visibility. with/ok jsing | ||
| 715d5aef | 2021-09-10 09:25:29 | Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback As reported by Jeremy Harris, we inherited a strange behavior from OpenSSL, in that we ignore the SSL_TLSEXT_ERR_FATAL return from the ALPN callback. RFC 7301, 3.2 states: 'In the event that the server supports no protocols that the client advertises, then the server SHALL respond with a fatal "no_application_protocol" alert.' Honor this requirement and succeed only on SSL_TLSEXT_ERR_{OK,NOACK} which is the current behavior of OpenSSL. The documentation change is taken from OpenSSL 1.1.1 as well. As pointed out by jsing, there is more to be fixed here: - ensure that the same protocol is selected on session resumption - should the callback be called even if no ALPN extension was sent? - ensure for TLSv1.2 and earlier that the SNI has already been processed ok beck jsing | ||
| 81b25e49 | 2021-09-10 08:59:56 | Prepare to provide SSL_CTX_get0_privatekey() ok beck | ||
| 5b7f4dd6 | 2021-09-08 17:27:33 | Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs ok jsing | ||
| 45aea4dc | 2021-09-08 17:24:23 | Prepare to provide API stubs for PHA ok bcook jsing | ||
| a6ff6cd4 | 2021-09-08 12:56:14 | Prepare to provide SSL_get_tlsext_status_type() Needed for nginx-lua to build with opaque SSL. ok inoguchi jsing | ||
| 0ebaf169 | 2021-09-08 12:32:07 | Prepare to provide SSL_set0_rbio() This is needed for telephony/coturn and telephony/resiprocate to compile without opaque SSL. ok inoguchi jsing | ||
| 8ccc3944 | 2021-09-04 16:26:12 | Factor out the TLSv1.3 code that handles content from TLS records. Currently, the plaintext content from opened TLS records is handled via the rbuf code in the TLSv1.3 record layer. Factor this out and provide a separate struct tls_content, which knows how to track and manipulate the content. This makes the TLSv1.3 code cleaner, however it will also soon also be used to untangle parts of the legacy record layer. ok beck@ tb@ | ||
| 975610e8 | 2021-09-04 15:21:45 | Refactor ssl_update_cache. This now matches the logic used for TLS 1.3 in Openssl 1.1.1 for when to call the session callbacks. I believe it to also generates a lot less eye bleed, confirmed by tb@ ok jsing@ tb@ | ||
| dcc03317 | 2021-09-04 14:31:54 | Improve DTLS hello request handling code. Rather than manually checking multiple bytes, actually parse the DTLS handshake message header, then check the values against what we parsed. ok inoguchi@ tb@ | ||
| ab5ddd1b | 2021-09-04 14:24:28 | Change dtls1_get_message_header() to take a CBS. The callers know the actual length and can initialise a CBS correctly. ok inoguchi@ tb@ | ||
| 7b597b5f | 2021-09-04 14:15:52 | Improve DTLS record header parsing. Rather than pulling out the epoch and then six bytes of sequence number, pull out SSL3_SEQUENCE_SIZE for the sequence number, then pull the epoch off the start of the sequence number. ok inoguchi@ tb@ | ||
| 7795c7f4 | 2021-09-03 13:19:12 | Use SSL3_HM_HEADER_LENGTH instead of the magic number 4. ok beck@ | ||
| 4d783bdb | 2021-09-03 13:18:17 | Ensure that a server hello does not have trailing data. Found by tlsfuzzer. ok beck@ | ||
| b73cd773 | 2021-09-03 13:18:01 | Ensure that a client hello does not have trailing data. Found by tlsfuzzer. ok beck@ | ||
| fefb9253 | 2021-09-03 13:16:54 | Set message_size correctly when switching to the legacy stack. The message_size variable is not actually the handshake message size, rather the number of bytes contained within the handshake message, hence we have to subtract the length of the handshake message header. ok beck@ | ||
| 3332ba85 | 2021-09-02 14:41:03 | We need to allow for either a CERTIFICATE or CERTIFICATE_STATUS message here or we break the handshake with BAD_MESSAGE ok tb@ | ||
| 92bfa7b0 | 2021-09-02 11:58:30 | Call the ocsp callback if present and we get no response, instead of succeeding unconditionally. Makes muststaple work with tls1.3 in nc ok tb@ | ||
| a9ae7771 | 2021-09-02 11:10:43 | Correct the is_server flag in the call to the debug callback to be correct. ok tb@ | ||
| cb9be768 | 2021-09-02 08:51:56 | RFC 6066 section 8 allows the server MAY choose not send the CertificateStatus message, even if it has received a "status_request" extension in the client hello message and has sent a "status_request" extention in the server hello message. Genua found a site that is this broken. This makes it work. ok jsing@ | ||
| f3103e0e | 2021-09-01 13:56:03 | comment out the detailed description of SSL_get_servername(3), leaving only the basic description in the RETURN VALUES section; tb@ pointed out LibreSSL does not currently provide all those guarantees, and he also OK'ed this diff | ||
| 49c081a0 | 2021-08-31 13:34:55 | Defragment DTLS. In normal TLS, it is possible for record fragments to be sent that contain one byte of alert or handshake message payload. In this case we have to read and collate multiple message fragments before we can decide what to do with the record. However, in the case of DTLS, one record is effectively one packet and while it is possible to send handshake messages across multiple records/packets, the minimum payload is the DTLS handshake message header (plus one byte of data if the handshake message has a payload) - without this, there is insufficient information available to be able to reassemble the handshake message. Likewise, splitting an alert across multiple DTLS records simply does not work, as we have no way of knowing if we're collating the same alert or two different alerts that we lost half of each from (unfortunately, these details are not really specified in the DTLS RFC). This means that for DTLS we can expect to receive a full alert message (a whole two bytes) or a handshake record with at least the handshake message header (12 bytes). If we receive messages with less than these lengths we discard them and carry on (which is what the DTLS code already does). Remove all of the pointless fragment handling code from DTLS, while also fixing an issue where one case used rr->data instead of the handshake fragment. ok inoguchi@ tb@ | ||
| e898a018 | 2021-08-31 13:14:43 | Remove a nonsensical s->version == TLS1_VERSION from DTLS code. ok inoguchi@ tb@ (as part of a larger diff) | ||
| 545b2b63 | 2021-08-30 19:25:43 | Clean up and simplify info and msg callbacks. The info and msg callbacks result in duplication - both for code that refers to the function pointers and for the call sites. Avoid this by providing typedefs for the function pointers and pulling the calling sequences into their own functions. ok inoguchi@ tb@ | ||
| 44aae0c1 | 2021-08-30 19:12:25 | Replace DTLS r_epoch with the read epoch from the TLSv1.2 record layer. ok inoguchi@ tb@ | ||
| 609ec8b1 | 2021-08-30 19:00:49 | Move to an AEAD nonce allocated in the TLSv1.2 record layer. There is little to gain by mallocing and freeing the AEAD nonce for each record - move to an AEAD nonce allocated for the record layer, which matches what we do for TLSv1.3. ok inoguchi@ tb@ | ||
| c5fd638a | 2021-08-30 18:18:16 | sync with OpenSSL 1.1.1, which is still under a free license; in particular, this includes new text by Matt Caswell from OpenSSL commit 721eb8f6 Nov 28 12:03:00 2019 +0000 and corrects a wrong argument type that i introduced into the SYNOPSIS; requested by tb@ | ||
| 7fdc4fbd | 2021-08-30 16:50:23 | Ignore warning alert returns from servername callback in TLSv1.3 If a servername callback returns SSL_TLSEXT_ERR_ALERT_WARNING, this results in a fatal error in TLSv1.3 since alert levels are implicit in the alert type and neither close_notify nor user_canceled make sense in this context. OpenSSL chose to ignore this, so we need to follow suit. Found via a broken servername callback in p5-IO-Socket-SSL which returns a Boolean instead of SSL_TLSEXT_ERR_*. This happened to have worked before TLSv1.3 since warning alerts are often ignored. This "fixes" sni.t and sni-verify.t in p5-IO-Socket-SSL. ok beck jsing | ||
| 063f2f30 | 2021-08-28 15:20:58 | Clean up and simplify ssl3_dispatch_alert() and ssl3_send_alert(). ok inoguchi@ tb@ | ||
| b50283df | 2021-08-04 12:41:25 | SSL_CTX_remove_session() checks for a NULL session, avoid doing it twice. Noted by tb@ during review of a larger change. | ||
| 9b9a30ee | 2021-07-31 09:31:04 | We have defines for alert levels - use them instead of magic numbers. | ||
| e3dbb073 | 2021-07-26 03:17:38 | Dedup dtls1_dispatch_alert()/ssl3_dispatch_alert(). The code for dtls1_dispatch_alert() and ssl3_dispatch_alert() is largely identical - with a bit of reshuffling we can use ssl3_dispatch_alert() for both protocols and remove the ssl_dispatch_alert function pointer. ok inoguchi@ tb@ | ||
| 6065f753 | 2021-07-21 08:42:14 | Remove DTLS processed_rcds queue. When DTLS handshake records are received from the next epoch, we will potentially queue them on the unprocessed_rcds queue - this is usually a Finished message that has been received without the ChangeCipherSuite (CCS) message (which may have been dropped or reordered). After the epoch increments (due to the CCS being received), the current code processes all records on the unprocessed queue and immediate queues them on the processed queue, which dtls1_get_record() then pulls from. This form of processing only adds more complexity and another queue. Instead, once the epoch increments, pull a single record from the unprocessed queue and process it, allowing the contents to be consumed by the caller. We repeat this process until the unprocessed queue is empty, at which point we go back to consuming messages from the wire. ok inoguchi@ tb@ | ||
| 686c8b13 | 2021-07-21 07:51:12 | Silently discard invalid DTLS records. Per RFC 6347 section 4.1.2.1, DTLS should silently discard invalid records, including those that have a bad MAC. When converting to the new record layer, we inadvertantly switched to standard TLS behaviour, where an invalid record is fatal. This restores the previous behaviour. Issue noted by inoguchi@ ok inoguchi@ | ||
| a4c22357 | 2021-07-19 08:42:24 | Mop up dtls1_get_ccs_header() and struct ccs_header_st. All this code does is read one byte from memory with an unknown length, potentially being a one byte overread... and then nothing is actually done with the value. ok tb@ | ||
| 38278bf6 | 2021-07-19 08:39:28 | Inline DTLS1_CCS_HEADER_LENGTH rather than having a single use variable. ok tb@ | ||
| 20358f90 | 2021-07-03 16:06:44 | Do a first pass clean up of SSL_METHOD. The num_ciphers, get_cipher_by_char and put_cipher_by_char function pointers use the same function for all methods - call ssl3_num_ciphers() directly, absorb ssl3_get_cipher_by_char() into SSL_CIPHER_find() and remove the unused ssl3_put_cipher_by_char() code. ok inoguchi@ tb@ | ||
| 6ba40c14 | 2021-07-01 17:53:39 | Merge SSL_METHOD_INTERNAL into SSL_METHOD. Now that SSL_METHOD is opaque and in internal headers, we can remove SSL_METHOD_INTERNAL by merging it back into SSL_METHOD. ok tb@ | ||
| 0b5e30a3 | 2021-06-30 18:07:50 | Prepare to provide SSL_get_signature_nid() and friends. This adds functionality for SSL_get_signature_nid(), SSL_get_peer_signature_nid(), SSL_get_signature_type_nid() and SSL_get_peer_signature_type_nid(). This is not currently publicly visible and will be exposed at a later date. ok inoguchi@ tb@ | ||
| 9c9268ea | 2021-06-30 18:04:05 | Move some structs from public to private headers. Move struct ssl_cipher_st, struct ssl_method_st, struct ssl_session_st and struct ssl3_state_st from public to private headers. These are already under #ifdef LIBRESSL_INTERNAL and are no longer publicly visible. ok inoguchi@ tb@ |