openbsd, branch libressl-v2.1.4

openbsd, branch libressl-v2.1.4 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.1.4 2015-03-02T21:41:08+00:00 Update comment to match code; Caspar Schutijser 2015-03-02T21:41:08+00:00 millert 2015-03-02T21:41:08+00:00 urn:sha1:f6e9eb23339296eec0a10399b584cbdf4948b62f Fix a minor information leak that was introduced in t1_lib.c r1.71, whereby 2015-03-02T13:43:09+00:00 jsing 2015-03-02T13:43:09+00:00 urn:sha1:45ee9e335c1b859ecec006aefb1a3c604a1c8d29 an additional 28 bytes of .rodata (or .data) is provided to the network. In most cases this is a non-issue since the memory content is already public. Issue found and reported by Felix Groebert of the Google Security Team. ok bcook@ beck@ use correct formatter (int, because of type promotion after operations) 2015-03-02T07:51:25+00:00 bcook 2015-03-02T07:51:25+00:00 urn:sha1:d8491142a00ece47c5cc94cd42e8ac2c83a9ef28 ok jsing@ Reduce usage of predefined strings in manpages. 2015-02-28T21:51:56+00:00 bentley 2015-02-28T21:51:56+00:00 urn:sha1:30e0ac6ee5b9eef940ce3933389cb7cdf2596723 Predefined strings are not very portable across troff implementations, and they make the source much harder to read. Usually the intended character can be written directly. No output changes, except for two instances where the incorrect escape was used in the first place. tweaks + ok schwarze@ Prefix function parameter names with underscores in tls.h, since this makes 2015-02-26T10:36:30+00:00 jsing 2015-02-26T10:36:30+00:00 urn:sha1:edbffccc662d783a95fcd535b216b27918cb35d0 them guaranteed to not conflict per POSIX. ok espie@ guenther@ No need to use O_DIRECTORY when opening ".", O_RDONLY will suffice. 2015-02-25T20:06:28+00:00 millert 2015-02-25T20:06:28+00:00 urn:sha1:40aa50ae8657784a32c40347fda42b2639f091e7 OK guenther@ Fix CVE-2014-3570: properly calculate the square of a BIGNUM value. 2015-02-25T15:39:49+00:00 bcook 2015-02-25T15:39:49+00:00 urn:sha1:f3031aa7bff24911a8cae9bdd7cdcd88d8554f42 See https://www.openssl.org/news/secadv_20150108.txt for a more detailed discussion. Original OpenSSL patch here: https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0 The regression test is modified a little for KNF. ok miod@ Trivial fix for test progress output. 2015-02-25T15:31:25+00:00 bcook 2015-02-25T15:31:25+00:00 urn:sha1:2725a02f7a7b4932578ec02826b4501c29e21ddf Remove unneeded dangling else, compound statements on a single line. Avoid NULL pointer deref in hashinfo_free() when calling from error paths. 2015-02-25T04:56:41+00:00 doug 2015-02-25T04:56:41+00:00 urn:sha1:bea24049d6a5d18c72c68902c5594055fb7a4189 Also, nuke debugging printfs per jsing and bcook. ok bcook@, jsing@ Fix CVE-2015-0205: Do not accept client authentication with Diffie-Hellman 2015-02-25T03:49:21+00:00 bcook 2015-02-25T03:49:21+00:00 urn:sha1:07a99d742112a2ad5f56da7d83e8519f21d605b9 certificates without requiring a CertificateVerify message. From OpenSSL commit: https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3 Thanks to Karthikeyan Bhargavan for reporting this. ok miod@