summaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
* pull up fixes for leak and overrunlibressl-v2.0.6OPENBSD_5_6tedu2015-10-151-6/+4
* MFC: Fix several defects from OpenSSL.jsing2015-06-113-9/+37
* Fix several crash causing defects from OpenSSL.tedu2015-03-1913-65/+166
* backport fixes to prevent connections from being downgraded to weak keys.tedu2015-03-114-102/+56
* disable SSLv3 by default. all agreed.tedu2014-10-201-1/+4
* This commit was manufactured by cvs2git to create branch 'OPENBSD_5_6'.cvs2svn2014-08-081067-355203/+0
* Fix CVE-2014-3507, avoid allocating and then leaking a fresh fragmentguenther2014-08-082-4/+14
* Fix CVE-2014-3508, pretty printing and OID validation:guenther2014-08-084-24/+56
* Correct test reversed during merge of fix for CVE-2014-3509guenther2014-08-072-4/+4
* Fix CVE-2014-3506, DTLS handshake message size checks. Fromguenther2014-08-072-32/+44
* Oops, revert changes commited by mistake. The previous commit was supposedmiod2014-08-0713-53/+59
* When you expect a function to return a particular value, don't put a commentmiod2014-08-0715-71/+59
* Fix CVE-2014-3511; TLS downgrade, verbatim diffderaadt2014-08-072-10/+54
* merge CVE-2014-3510; Fix DTLS anonymous EC(DH) denial of servicederaadt2014-08-072-2/+18
* merge fix for CVE-2014-3509 -- basically a missing s->hit check; ok guentherderaadt2014-08-062-18/+26
* Prevent a possible use after free by mimicing the s3_srvr.c fixes contributed bymiod2014-08-062-8/+2
* Allow B64_EOF to follow a base64 padding character. This restores previousjsing2014-08-062-4/+6
* Correct error checks in EVP_read_pw_string_min(): UI_add_input_string()guenther2014-08-062-6/+6
* Add support for loading the public/private key from memory, rather thanjsing2014-08-064-13/+97
* Add $OpenBSD$ tags.jsing2014-08-058-0/+8
* Implement ressl_accept_socket, which allocates a new server connectionjsing2014-08-042-4/+45
* Return -1 on error (not 1).jsing2014-08-041-3/+3
* A ressl server needs different configuration from a ressl client - providejsing2014-08-043-0/+41
* Provide a function that returns a server connection context.jsing2014-08-042-0/+15
* Provide a utility function for loading a private/public keypair.jsing2014-08-042-0/+21
* Improve ressl_{read,write} handling of non-blocking reads/writes.jsing2014-08-042-16/+31
* Free the SSL context first and let the reference counting do its thing.jsing2014-08-041-5/+2
* In chacha_init(), allow for a NULL iv. Reported by znz on github.miod2014-08-042-4/+6
* X509_NAME_get_text_by_NID() returns -1 on error so the typejsg2014-08-031-1/+1
* Fix a usage string; the proper spelling of 'alot' is 'a lot'.blambert2014-07-291-2/+2
* Remove SRP code. It contains a bug (this should not surprise anyone), buttedu2014-07-2812-3635/+2
* The RSA, DH, and ECDH temporary key callbacks expect the number of keybitsguenther2014-07-286-18/+42
* remove non-portable __progname extern from arc4random unit test.bcook2014-07-281-2/+1
* Link dependencies on libssl and libcrypto were missing.guenther2014-07-271-2/+3
* Add missing year to copyright.jsing2014-07-254-8/+8
* BIO_free() returns immediately when the sole input is NULL.doug2014-07-2526-96/+61
* level_add_node(): if a memory allocation failure causes us to attempt to cleanmiod2014-07-232-8/+14
* Make sure PEM_def_callback() correctly handles negative buffer sizes; all usesmiod2014-07-232-20/+34
* Check the return value of the UI functions (including UI_new() which returnmiod2014-07-232-12/+22
* Now that DES_random_key() can be trusted, use it to generate DES keys in themiod2014-07-224-24/+20
* In DES_random_key(), force the generated key to the odd parity before checkingmiod2014-07-222-16/+16
* Handle failure of NETSCAPE_SPKI_b64_encode() and don't leak memoryguenther2014-07-221-6/+10
* Use Cm instead of Li for 'MASK:'guenther2014-07-221-2/+2
* Rewrite the description of the string_mask config file option to matchguenther2014-07-221-34/+30
* Kill a bunch more BUF_strdup's - these are converted to have a check forbeck2014-07-2212-30/+40
* better match proposed syscall apibcook2014-07-222-16/+4
* protect sysctl path with SYS__sysctl instead; from enh@google, ok bcookderaadt2014-07-212-12/+12
* Use explicit_bzero() instead of memset() on buffers going out of scope.guenther2014-07-216-12/+18
* cast from void * before math; enh@googlederaadt2014-07-212-4/+4
* missing newlinederaadt2014-07-211-1/+2