openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
...
*	bump to 3.1.0	bcook	2020-01-14	1	-3/+3
\|
*	Document how to make getopt_long(3) process arguments in order and stop	stsp	2020-01-13	1	-2/+18
\| \| \| \| \|	at the first non-option argument. I had to read source code to figure it out.
*	Make clean should not require SUDO.	bluhm	2020-01-13	1	-3/+1
\|
*	Fix printf compiler warnings in wfp regress. Convert wchar to a	bluhm	2020-01-13	1	-9/+18
\| \| \| \|	printable error message when failing.
*	Link forgotten libc tests to the build.	bluhm	2020-01-13	2	-6/+10
\|
*	Split setjmp-fpu regress into separate tests. Use errx(3) to explain	bluhm	2020-01-13	6	-32/+69
\| \| \| \|	potential problems. Regress still failing on amd64.
*	Avoid leak in error path of PKCS5_PBE_keyivgen	inoguchi	2020-01-12	1	-1/+2
\| \| \| \|	ok jsing@ tb@
*	Set "Content-Type: application/ocsp-request" in ocspcheck(1)'s POSTs,	sthen	2020-01-11	1	-1/+2
\| \| \| \| \|	it is required by the RFC and some CAs require it (e.g. sectigo). From daharmasterkor at gmail com, ok jca@
*	Avoid leak in error path of asn1_parse2	inoguchi	2020-01-09	1	-17/+21
\| \| \| \|	ok tb@
*	If the client provides a TLS certificate and the user specifies a	bluhm	2020-01-07	1	-5/+6
\| \| \| \| \| \| \| \| \| \|	hash value on the nc(1) server command line, the netcat server must use the TLS context of the accepted socket for verification. As the listening socket was used instead, the verification was always successful. If the peer provides a certificate, there must be a hash. Make the hash verification fail safe. OK tb@
*	The unveil(2) for nc -U -u -l was wrong. The server cannot unveil	bluhm	2020-01-06	1	-4/+23
\| \| \| \| \| \| \|	the file system as it has to connect to the UNIX domain client socket. The path of the latter is determined dynamically. Instead add a restrictive pledge(2) after connect(2). OK tb@
*	When using UNIX domain sockets, always call report_sock() with the	bluhm	2020-01-06	1	-6/+10
\| \| \| \| \| \|	path name of the socket. This avoids bad errors from getnameinfo(3). Use the same error check for both calls to getnameinfo(3). OK millert@ tb@
*	Check CMS API return value in openssl(1) cms	inoguchi	2020-01-04	1	-11/+21
\| \| \| \|	ok jsing@
*	Avoid leak in error path of dh_priv_decode	inoguchi	2020-01-04	1	-1/+2
\| \| \| \|	ok jsing@ tb@
*	In ssl.h rev. 1.167 and s3_lib.c rev. 1.188, jsing@ provided	schwarze	2020-01-02	1	-4/+21
\| \| \| \| \| \| \| \|	the new function SSL_CTX_get_extra_chain_certs_only(3) and changed the semantics of the existing SSL_CTX_get_extra_chain_certs(3) API from the former OpenSSL 1.0.1 behaviour to the new, incompatible OpenSSL 1.0.2 behaviour. Adjust the documentation. OK jsing@ beck@ inoguchi@
*	Revise SSL_CTX_get_extra_chain_certs() to match OpenSSL behaviour.	jsing	2020-01-02	2	-8/+23
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	In OpenSSL, SSL_CTX_get_extra_chain_certs() really means return extra certs, unless there are none, in which case return the chain associated with the certificate. If you really just want the extra certs, including knowing if there are no extra certs, then you need to call SSL_CTX_get_extra_chain_certs_only()! And to make this even more entertaining, these functions are not documented in any OpenSSL release. Reported by sephiroth-j on github, since the difference in behaviour apparently breaks OCSP stapling with nginx. ok beck@ inoguchi@ tb@
*	Provide TLSEXT_TYPE_* aliases for TLS 1.3.	jsing	2020-01-02	1	-1/+10
\| \| \| \| \| \| \| \| \| \| \|	OpenSSL decided to use their own names for two of the TLS 1.3 extensions, rather than using the names given in the RFC. Provide aliases for these so that code written to work with OpenSSL also works with LibreSSL (otherwise everyone gets to provide their own workarounds). Issue noted by d3x0r on github. ok inoguchi@ tb@
*	drand48(3) returns values in [0.0, 1.0).	tb	2019-12-20	1	-3/+3
\| \| \| \| \| \|	From j@bitminer.ca with input from Andras Farkas, deraadt, joerg@netbsd "fix however you feel best!" jmc
*	spelling; from bryan stenson	jmc	2019-12-19	1	-3/+3
\|
*	use "Currently" in the doc for "openssl enc" when talking about default	sthen	2019-12-18	1	-2/+2
\| \| \| \| \|	md, to hint that it might not always be the case (e.g. if dealing with files from a different version of the tool). ok tb@
*	In January, the default digest used in the openssl enc command was	tb	2019-12-18	1	-7/+4
\| \| \| \| \| \| \| \|	changed from md5 to sha256. Update manual to reflect that. From Fabio Scotoni ok jmc
*	whitespace from go fmt + update a comment	tb	2019-12-14	1	-4/+4
\|
*	Run Wycheproof HMAC test vectors against libcrypto.	tb	2019-12-14	1	-1/+96
\|
*	Fix documented signatures of HMAC(3) and HMAC_Update(3). The n and len	tb	2019-12-14	1	-4/+4
\| \| \| \| \|	arguments were changed from int to size_t with the import of OpenSSL 0.9.8h in 2008.
*	The file passed to realpath(3) must exists, adjust man page to new	bluhm	2019-12-11	1	-3/+3
\| \| \| \| \|	behavior. noticed by hshoexer@; OK beck@
*	update to-do list	tb	2019-12-09	1	-2/+1
\|
*	Run Wycheproof DSA P1363 test vectors against libcrypto.	tb	2019-12-09	1	-19/+71
\|
*	Document X509_STORE_CTX_set_flags() which is a handy way to change the	claudio	2019-12-05	1	-3/+18
\| \| \| \| \| \| \|	verification param flags of a context. While this function is marked as likely to be deprecated in OpenSSL it seems that this may not happen. This is why we decided to still document it. OK and input from ingo@ tb@
*	update to-do list	tb	2019-12-03	1	-2/+2
\|
*	Run Wycheproof ECDSA P1363 test vectors against libcrypto.	tb	2019-12-03	1	-8/+8
\|
*	Add an EcPoint variant and pass it to the ECDH test runner.	tb	2019-12-03	1	-20/+31
\|
*	Annotate test vector files with an enum which we can then pass to the	tb	2019-12-03	1	-27/+48
\| \| \| \|	run*Test programs as needed.
*	Add missing RCS tag.	tb	2019-12-03	1	-0/+1
\|
*	Fix typo: ECHD -> ECDH.	tb	2019-12-03	1	-4/+4
\| \| \| \|	From Michael Forney, thanks!
*	Run additional 3004 ECDH and 1575 ECDSA test vectors against libcrypto.	tb	2019-11-28	1	-3/+12
\| \| \| \|	For now, skip 96 ECDH tests for secp224k1.
*	move the HKDF tests up a bit	tb	2019-11-28	1	-68/+68
\|
*	update to-do list	tb	2019-11-28	1	-2/+1
\|
*	go fmt	tb	2019-11-28	1	-10/+10
\|
*	no need for fallthrough	tb	2019-11-28	1	-19/+7
\|
*	Run HKDF test vectors against libcrypto.	tb	2019-11-28	1	-1/+95
\|
*	Run XChaCha20-Poly1305 test vectors against libcrypto.	tb	2019-11-28	1	-14/+43
\|
*	Add manual for openssl(1) cms	inoguchi	2019-11-28	1	-2/+518
\| \| \| \|	ok and comments jmc@
*	typo	tb	2019-11-28	1	-2/+2
\|
*	Add to do list.	tb	2019-11-27	1	-1/+7
\|
*	Only run the test vectors from x25519_test.json for now.	tb	2019-11-27	1	-2/+6
\|
*	RSASig now has the more specific name RSASSA-PKCS1-v1_5.	tb	2019-11-27	1	-10/+14
\|
*	Only print the basename of skipped test files.	tb	2019-11-27	1	-2/+3
\|
*	go fmt	tb	2019-11-27	1	-10/+9
\|
*	Run RSAES-PKCS1-v1_5 test vectors against libcrypto.	tb	2019-11-27	1	-9/+104
\|
*	Make error messages look like other test cases.	tb	2019-11-27	1	-4/+4
\|