summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* Add a NULL test to wrterror() to avoid a NULL deref when called from ajsg2017-02-151-2/+2
| | | | | | free() error path. ok otto@
* bump to 2.5.2bcook2017-02-141-3/+3
|
* malloc does not *need* to return page-aligned objects for size >=otto2017-02-121-5/+2
| | | | | a page. This is not required by any standard and other malloc implementation do not document (or implement) this. ok deraadt@
* When netcat was started with -Uz, the exit status was always 1. Ifbluhm2017-02-091-3/+4
| | | | | | the unix connect is successful, let nc -z close the socket and exit with 0. OK jca@
* Document that -x can take an ipv6 address enclosed in square brackets.jca2017-02-091-2/+5
|
* When getaddrinfo fails, print the requested host and port.jca2017-02-091-2/+3
| | | | Should make debugging easier, especially when using -x literal_ipv6_address
* DES keys are not 7 days long. ok jsing@dtucker2017-02-092-5/+5
|
* Avoid a busy loop in netcat's tls_close(). Reuse the tls_handshake()bluhm2017-02-081-18/+8
| | | | | wrapper that calls poll(2) and handles the -w timeout. OK beck@
* Avoid double close(2) in netcat. After every call to readwrite()bluhm2017-02-081-13/+5
| | | | | there is already a close(2), so do not do it in readwrite(). OK beck@
* Due to non-blocking sockets, tls_handshake() could wait in a busybluhm2017-02-081-21/+42
| | | | | | loop. Use an additional poll(2) during the handshake and also respect the -w timeout option there. From Shuo Chen; OK beck@
* Revert previous; the implementation is incorrect since it assumes that thejsing2017-02-072-20/+7
| | | | | provided error code matches the error that is currently on the top of the error stack.
* Remove unused variable in C source to make the test compile and pass.bluhm2017-02-071-1/+0
|
* Add file and line to the LibreSSL error strings sine we are no longer inbeck2017-02-072-7/+20
| | | | | | | 1989, VMS, or MS/DOS and we all run Brobdingnagian C compilers that have can now be counted on to achieve this level of sophistication nearly everywhere. ok jsing@
* Change SSLerror() back to taking two args, with the first one being an SSL *.beck2017-02-0725-573/+841
| | | | | | | | | Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
* Define values for SSL_CTRL_SET_GROUPS{,_LIST} and wire them up to thejsing2017-02-052-15/+19
| | | | | | | | SSL_{,CTX_}ctrl() functions. As crazy as it is, some software appears to call the control functions directly rather than using the macros (or functions) provided by the library. Discussed with beck@ and sthen@
* Kill leak introduced with refactorbeck2017-02-051-3/+6
| | | | ok jsing@
* Support IPv6 proxy addressesjca2017-02-051-10/+24
| | | | ok beck@
* Don't use <sys/param.h> from userland without cause. Sort <sys/*>guenther2017-02-031-3/+4
| | | | | | before other includes per style(9) while we're here. ok florian@ bcook@ jsing@ beck@
* fix a comment and rm some dead code as a result of the previous diffotto2017-02-021-8/+5
|
* netinet/in.h should be included, and freebsd and some othersbeck2017-02-012-2/+6
| | | | | don't have EAI_NODATA, so make this easier for people from bernard spill
* Let realloc handle and produce moved pointers for allocations betweenlibressl-v2.5.1otto2017-02-011-20/+37
| | | | half a page and a page. ok jmatthew@ tb@
* tweak previous;jmc2017-01-312-12/+8
|
* Add tls_config_[add|set]keypair_ocsp functions so that ocsp staples may bebeck2017-01-316-58/+209
| | | | | | | | added associated to a keypair used for SNI, and are usable for more than just the "main" certificate. Modify httpd to use this. Bump libtls minor. ok jsing@
* Disable client-initiated renegotiation for libtls servers.jsing2017-01-311-1/+3
| | | | ok beck@ reyk@
* Provide an SSL_OP_NO_CLIENT_RENEGOTIATION option that disallowsjsing2017-01-312-2/+12
| | | | | | | client-initiated renegotiation. The current default behaviour remains unchanged. ok beck@ reyk@
* LibreSSL : regress for carry bug in mulx4x_mont and sqr8x_montinoguchi2017-01-311-1/+78
| | | | | | | | | | | | This regress bntest.c patch is originally from master branch of OpenSSL. - dca2e0e test/bntest.c: regression test for CVE-2016-7055. - 3e7a496 test/bntest.c: regression test for carry bug in bn_sqr8x_internal. These tests were added for these commit. - 2fac86d bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity). - 3f4bcf5 bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqr8x_internal. ok beck@
* LibreSSL : Truncated packet could crash via OOB readinoguchi2017-01-312-3/+10
| | | | | | | | This patch is originally from master branch of OpenSSL. - 2198b3a crypto/evp: harden AEAD ciphers. - 8e20499 crypto/evp: harden RC4_MD5 cipher. ok tom@
* Document functions returning standard moduli for DH key exchange.schwarze2017-01-312-1/+136
| | | | jsing@ confirmed that these are public and worth documenting.
* tweak previous;jmc2017-01-303-11/+11
|
* Document BN_set_flags(3) and BN_get_flags(3).schwarze2017-01-306-13/+159
| | | | jsing@ confirmed that these macros are public and worth documenting.
* Seriously warn against calling BN_init(3), BN_MONT_CTX_init(3),schwarze2017-01-293-12/+75
| | | | | | | and BN_RECP_CTX_init(3). They are not only deprecated but so dangerous that they are almost unusable. I found these scary traps while reading the code in order to document BN_set_flags(3). While here, delete ERR_get_error(3) from SEE ALSO.
* Marko Kreen contributed significantly to the ocsp stuff for libtlsbeck2017-01-291-2/+3
|
* Move the ocsp staple to being part of the keypair structure internally,beck2017-01-293-14/+32
| | | | | | | so that it does not send back bogus staples when SNI is in use. (Further change is required to be able to use staples on all keypairs and not just the main one) ok jsing@
* Send the function codes from the error functions to the bit bucket,beck2017-01-29275-3892/+2400
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Put comment back in the right place.jsing2017-01-291-9/+9
|
* Avoid clearing the mac_packet flag in the wrong place.jsing2017-01-291-2/+1
| | | | | | | | In many cases we got away with this, however if a server sends multiple handshake messages in the same record only the first message would be added to the MAC. Should fix breakage reported by various people.
* add HISTORY and AUTHORSschwarze2017-01-2812-24/+256
|
* Fix Copyright notices; ok beck@ jsing@ tedu@schwarze2017-01-2711-28/+43
|
* More s/OSCP/OCSP/ typostom2017-01-272-2/+2
| | | | ok jmc@
* oscp -> ocsp;jmc2017-01-263-7/+7
| | | | from holger mikolon, plus one more in nc;
* fix Dt;jmc2017-01-261-3/+3
|
* Use a flag to track when we need to call SSL_shutdown(). This avoids anjsing2017-01-264-5/+11
| | | | | | | | | issue where by calling tls_close() on a TLS context that has not attempted a handshake, results in an unexpected failure. Reported by Vinay Sajip. ok beck@
* Bump TLS_API due to new features being added earlier this week.jsing2017-01-261-2/+2
|
* Bump libtls minor due to symbol additions earlier this week.jsing2017-01-261-1/+1
|
* knfbeck2017-01-261-6/+11
|
* Convert ssl3_get_client_hello() to CBS.jsing2017-01-261-76/+71
| | | | ok beck@
* Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the uglybeck2017-01-2618-653/+335
| | | | line wraps that resulted
* Hide SSLerr() under #ifndef LIBRESSL_INTERNAL since we shouldn't bebeck2017-01-261-2/+4
| | | | | using it anymore ok jsing@
* Send the error function codes to rot in the depths of hell where they belongbeck2017-01-2624-798/+572
| | | | | | | We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
* Merge the single two line function from ssl_err2.c into ssl_err.c.jsing2017-01-263-76/+12
| | | | ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 06:48:20 +0000