| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | document "chunk canary corrupted" error | otto | 2016-10-07 | 1 | -2/+7 |
| | | |||||
| * | stray tab | otto | 2016-10-07 | 1 | -2/+2 |
| | | |||||
| * | Beter implementation of chunk canaries: store size in chunk meta data | otto | 2016-10-07 | 1 | -61/+63 |
| | | | | | instead of chunk itself; does not change actual allocated size; ok tedu@ | ||||
| * | typo | naddy | 2016-10-06 | 1 | -3/+3 |
| | | |||||
| * | Fix some broken .Xr links, loosely based on a diff | schwarze | 2016-10-05 | 1 | -13/+12 |
| | | | | | | | | | from Rob Pierce <rob at 2keys dot ca>. The content of this page may also need expert attention, i suspect it may be lacking modern algorithms and over-emphasizing obsolete ones, but i dare not touch the content. | ||||
| * | use the same type for buf as the return type in tls_load_file | bcook | 2016-10-03 | 1 | -2/+3 |
| | | | | | ok tedu@, noted by kinichiro | ||||
| * | Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate() | guenther | 2016-10-02 | 1 | -5/+11 |
| | | | | | | based on openssl commit a5184a6c89ff954261e73d1e8691ab73b9b4b2d4 ok bcook@ | ||||
| * | Detect zero-length encrypted session data early, instead of when malloc(0) | guenther | 2016-10-02 | 1 | -2/+2 |
| | | | | | | | | fails or the HMAC check fails. Noted independently by jsing@ and Kurt Cancemi (kurt (at) x64architecture.com) ok bcook@ | ||||
| * | In X509_cmp_time(), pass asn1_time_parse() the tag of the field being | guenther | 2016-10-02 | 1 | -2/+3 |
| | | | | | | | | | | parsed so that a malformed GeneralizedTime field is recognized as an error instead of potentially being interpreted as if it was a valid UTCTime. Reported by Theofilos Petsios (theofilos (at) cs.columbia.edu) ok beck@ tedu@ jsing@ | ||||
| * | Append to CLEANFILES instead of replacing it, so libcrypto.pc is | natano | 2016-09-23 | 1 | -2/+2 |
| | | | | | | | deleted on make clean. ok millert | ||||
| * | trim STANDARDS; ok jsinglibressl-v2.5.0 | jmc | 2016-09-22 | 1 | -13/+1 |
| | | |||||
| * | some minor cleanup; | jmc | 2016-09-22 | 1 | -47/+17 |
| | | |||||
| * | shorten x509; | jmc | 2016-09-22 | 1 | -755/+414 |
| | | |||||
| * | Improve on code from the previous commit. | jsing | 2016-09-22 | 1 | -7/+5 |
| | | | | | ok bcook@ | ||||
| * | Avoid unbounded memory growth, which can be triggered by a client | jsing | 2016-09-22 | 1 | -9/+20 |
| | | | | | | | repeatedly renegotiating and sending OCSP Status Request TLS extensions. Fix based on OpenSSL. | ||||
| * | Check for packet with truncated DTLS cookie. | guenther | 2016-09-22 | 1 | -12/+17 |
| | | | | | | | | | | | | Flip pointer comparison logic to avoid beyond-end-of-buffer pointers to make it less likely a compiler will decide to screw you. Based on parts of openssl commits 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 and 89c2720298f875ac80777da2da88a64859775898 ok jsing@ | ||||
| * | Improve ticket validity checking when tlsext_ticket_key_cb() callback | guenther | 2016-09-22 | 1 | -4/+25 |
| | | | | | | | | | | | | chooses a different HMAC algorithm. Avert memory leaks if the callback preps the HMAC in some way. Based on openssl commit 1bbe48ab149893a78bf99c8eb8895c928900a16f but retaining a pre-callback length check to guarantee the callback is provided the buffer that the API claims. ok bcook@ jsing@ | ||||
| * | revert documentation update for the clearning behavior we already reverted | bcook | 2016-09-22 | 1 | -5/+1 |
| | | |||||
| * | Delete casts to off_t and size_t that are implied by assignments | guenther | 2016-09-21 | 6 | -20/+19 |
| | | | | | | | | or prototypes. Ditto for some of the char* and void* casts too. verified no change to instructions on ILP32 (i386) and LP64 (amd64) ok natano@ abluhm@ deraadt@ millert@ | ||||
| * | shorten version; | jmc | 2016-09-20 | 1 | -17/+4 |
| | | |||||
| * | shorten the verify error list; | jmc | 2016-09-20 | 1 | -42/+41 |
| | | |||||
| * | Avoid selecting weak digests for (EC)DH when using SNI. | bcook | 2016-09-20 | 1 | -3/+12 |
| | | | | | | | | | | | | from OpenSSL: SSL_set_SSL_CTX is normally called for SNI after ClientHello has received and the digest to use for each certificate has been decided. The original ssl->cert contains the negotiated digests and is now copied to the new ssl->cert. noted by David Benjamin and Kinichiro Inoguchi | ||||
| * | put the spkac section in the right place; | jmc | 2016-09-19 | 1 | -60/+60 |
| | | |||||
| * | shorten verify; | jmc | 2016-09-19 | 1 | -154/+96 |
| | | |||||
| * | Update ld search path for libssl/libcrypto, fixes cross-build after source ↵ | bcook | 2016-09-19 | 2 | -6/+6 |
| | | | | | | | moved. from Patrick Wildt | ||||
| * | move page junking tp unmap(), right before we stick the region in the cache; | otto | 2016-09-18 | 1 | -6/+6 |
| | | | | | ok tedu@ | ||||
| * | remove comment about CMS; ok jsing | deraadt | 2016-09-17 | 1 | -3/+2 |
| | | |||||
| * | add some Xr for acme-client(1); | jmc | 2016-09-15 | 1 | -1/+2 |
| | | |||||
| * | some spkac shortening; ok beck | jmc | 2016-09-15 | 1 | -68/+13 |
| | | |||||
| * | shorten ts; | jmc | 2016-09-15 | 1 | -283/+63 |
| | | |||||
| * | Set callbacks on the right tls ctx on accept. | bcook | 2016-09-14 | 1 | -2/+2 |
| | | | | | From Tobias Pape | ||||
| * | Handle the FLUSH BIO cntl, that happens at the end of SSL handshakes. | bcook | 2016-09-14 | 1 | -1/+2 |
| | | | | | from Tobias Pape | ||||
| * | Allow callback read/write functions to set TLS_WANT_POLLOUT/POLLIN. | bcook | 2016-09-14 | 1 | -3/+21 |
| | | | | | from Tobias Pape | ||||
| * | Generate pkg-config files at build time like everything else. This | natano | 2016-09-14 | 2 | -4/+6 |
| | | | | | | | | avoids permission problems due to the build and install stages being run by different users. ok deraadt jasper | ||||
| * | add a little more typing to the first callback argument. | tedu | 2016-09-13 | 2 | -7/+7 |
| | | | | | it's always a tls context. | ||||
| * | shorten speed; | jmc | 2016-09-12 | 1 | -48/+14 |
| | | | | | help/ok guenther bcook | ||||
| * | Files in /etc/ssl belong to root. ok deraadt | natano | 2016-09-11 | 1 | -4/+4 |
| | | |||||
| * | missing space after comma | tb | 2016-09-09 | 1 | -2/+2 |
| | | | | | | | (this was apparently lost during the repo surgery) ok bcook | ||||
| * | back out calls to EVP_CIPHER_CTX_cleanup() in EVP_Cipher/Encrypt/DecryptFinal | bcook | 2016-09-09 | 1 | -4/+1 |
| | | | | | | Software that refers to ctx after calling Final breaks with these changes. revert parts of 1.31 and 1.32 | ||||
| * | shorten smime; | jmc | 2016-09-08 | 1 | -344/+83 |
| | | |||||
| * | remove a cms leftover | deraadt | 2016-09-05 | 1 | -2/+1 |
| | | |||||
| * | remove CMS manuals; beck@ agress with the general idea | schwarze | 2016-09-05 | 23 | -2347/+1 |
| | | |||||
| * | Enable mbrtowc(3) and wcrtomb(3) tests now that mbsinit(3) works. | schwarze | 2016-09-05 | 1 | -2/+2 |
| | | | | | Related to locale/multibyte_citrus.c rev. 1.7. | ||||
| * | shorten sess_id; | jmc | 2016-09-04 | 1 | -84/+44 |
| | | |||||
| * | fix Dt; | jmc | 2016-09-04 | 1 | -2/+2 |
| | | |||||
| * | Nuke one more cms tendril | beck | 2016-09-04 | 1 | -4/+1 |
| | | | | | ok jsing@ | ||||
| * | bye bye cms. send it to the attic | beck | 2016-09-04 | 2 | -1144/+2 |
| | | | | | ok jsing@ | ||||
| * | Remove cms. | jsing | 2016-09-04 | 1 | -8/+1 |
| | | |||||
| * | Remove cms. | jsing | 2016-09-04 | 15 | -7541/+0 |
| | | | | | ok beck@, guenther@, tedu@ | ||||
| * | Expand DECLARE_ASN1_.*FUNCTIONS macros. | jsing | 2016-09-04 | 5 | -69/+293 |
| | | | | | No change in preprocessed output, ignoring whitespace and line numbers. | ||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |