openbsd/src/lib/libssl, branch libressl-v2.5.0A mirror of https://github.com/libressl/openbsd.git
https://git.lua4.win/openbsd/atom?h=libressl-v2.5.02016-09-22T12:34:59+00:00Improve on code from the previous commit.2016-09-22T12:34:59+00:00jsing2016-09-22T12:34:59+00:00urn:sha1:5aaca8e163f9816b5f3c9c1794e3e1fe045acbe7
ok bcook@
Avoid unbounded memory growth, which can be triggered by a client2016-09-22T12:33:50+00:00jsing2016-09-22T12:33:50+00:00urn:sha1:d23573ff3bd92843d23073b2f9edce30965eadf6
repeatedly renegotiating and sending OCSP Status Request TLS extensions.
Fix based on OpenSSL.
Check for packet with truncated DTLS cookie.2016-09-22T07:17:41+00:00guenther2016-09-22T07:17:41+00:00urn:sha1:28e429dc7ade584440562d4ea6b27e6a7833e946
Flip pointer comparison logic to avoid beyond-end-of-buffer pointers
to make it less likely a compiler will decide to screw you.
Based on parts of openssl commits
6f35f6deb5ca7daebe289f86477e061ce3ee5f46 and
89c2720298f875ac80777da2da88a64859775898
ok jsing@
Improve ticket validity checking when tlsext_ticket_key_cb() callback2016-09-22T06:57:40+00:00guenther2016-09-22T06:57:40+00:00urn:sha1:0a9499f5b06c96665b68f63b3a97beacf46d7f33
chooses a different HMAC algorithm.
Avert memory leaks if the callback preps the HMAC in some way.
Based on openssl commit 1bbe48ab149893a78bf99c8eb8895c928900a16f
but retaining a pre-callback length check to guarantee the callback
is provided the buffer that the API claims.
ok bcook@ jsing@
Avoid selecting weak digests for (EC)DH when using SNI.2016-09-20T04:25:09+00:00bcook2016-09-20T04:25:09+00:00urn:sha1:1dbcb54204a7b24fa96a79e4bd09dc80c94bc016
from OpenSSL:
SSL_set_SSL_CTX is normally called for SNI after ClientHello has
received and the digest to use for each certificate has been decided.
The original ssl->cert contains the negotiated digests and is now
copied to the new ssl->cert.
noted by David Benjamin and Kinichiro Inoguchi
Update ld search path for libssl/libcrypto, fixes cross-build after source moved.2016-09-19T03:25:22+00:00bcook2016-09-19T03:25:22+00:00urn:sha1:1a999a2e5f31bf8aaec9ebbb0346bfc1f51dddb6
from Patrick Wildt
Generate pkg-config files at build time like everything else. This2016-09-14T06:26:03+00:00natano2016-09-14T06:26:03+00:00urn:sha1:d38b15019a94267fb66852d97b372b090de32f83
avoids permission problems due to the build and install stages being run
by different users.
ok deraadt jasper
Sort and group functions.2016-09-04T16:12:33+00:00jsing2016-09-04T16:12:33+00:00urn:sha1:8fa59688817a0ed0d0b58366f255bc2340ff8544Expand IMPLEMENT_PEM macros.2016-09-04T16:11:47+00:00jsing2016-09-04T16:11:47+00:00urn:sha1:5cb8fa7925ebe633ab5565781922edc61500e5d4
No change in generated assembly.
only regen pkg-config files when required; ok jasper2016-09-04T09:54:25+00:00natano2016-09-04T09:54:25+00:00urn:sha1:594295005097c5fa227738f307e1b10e92615f44