| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Rename internal yet public key_{un,}wrap_crypto_pro symbols by prepending a | miod | 2014-11-09 | 6 | -60/+64 |
| | | | | | | `gost_' prefix to them, so that we do not pollute the global namespace too much. | ||||
| * | Replace RAND_bytes() usage with arc4random_buf(). | miod | 2014-11-09 | 6 | -20/+6 |
| | | |||||
| * | GOST crypto algorithms (well, most of them), ported from the removed GOST | miod | 2014-11-09 | 75 | -31/+13110 |
| | | | | | | | | | | | | | engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov; libcrypto bits only for now. This is a verbatim import of Dmitry's work, and does not compile in this state; the forthcoming commits will address these issues. None of the GOST code is enabled in libcrypto yet, for it still gets compiled with OPENSSL_NO_GOST defined. However, the public header gost.h will be installed. | ||||
| * | Introduce EVP_MD_CTX_ctrl(), to allow for fine control of a given digest. | miod | 2014-11-09 | 4 | -4/+52 |
| | | | | | | | | | | This functionality was already available (and optional), and used in the bowels of the ASN.1 code. This exposes it as a public interface, which will be used by the upcoming GOST code. Crank libcrypto minor version. From Dmitry Eremin-Solenikov. | ||||
| * | Allow digest routines to provide their own HASH_FINAL routine; will be | miod | 2014-11-09 | 2 | -6/+10 |
| | | | | | | | necessary for upcoming GOST code. From Dmitry Eremin-Solenikov | ||||
| * | Clean up more SSLv2 remnants. | jsing | 2014-11-08 | 6 | -58/+30 |
| | | |||||
| * | More OPENSSL_NO_TLSEXT clean up. | jsing | 2014-11-07 | 3 | -11/+11 |
| | | |||||
| * | missing outlen in tls_write decl | tedu | 2014-11-07 | 1 | -3/+3 |
| | | |||||
| * | Document the -servername option for openssl(1) s_client. | jsing | 2014-11-07 | 1 | -2/+7 |
| | | | | | Based on a diff from Rusty (rustyl at outband dot net) and OpenSSL. | ||||
| * | TLS is pretty boring without TLS extensions... unifdef OPENSSL_NO_TLSEXT, | jsing | 2014-11-06 | 2 | -76/+2 |
| | | | | | which was already done for libssl some time back. | ||||
| * | ssl_sock_init() does nothing, so remove it... | jsing | 2014-11-06 | 1 | -17/+1 |
| | | |||||
| * | edns0 is not currently supported: confirmed by sthen and eric | jmc | 2014-11-05 | 1 | -7/+7 |
| | | | | | | diff From: Mike Burns (though my fix differs a bit) | ||||
| * | simple select() to poll() conversion; reviewed by millert and doug | deraadt | 2014-11-04 | 1 | -9/+9 |
| | | |||||
| * | only call SRTP (whatever that is) functions when the connection type is | tedu | 2014-11-03 | 2 | -10/+10 |
| | | | | | DTLS (whatever that is) instead of for TLS too. ok jsing. | ||||
| * | minor cleanup of zlib code. DSO is gone. ok jsing. | tedu | 2014-11-03 | 10 | -434/+14 |
| | | |||||
| * | Add hooks to override native arc4random_buf on FreeBSD. | bcook | 2014-11-03 | 4 | -0/+298 |
| | | | | | | | | | | | | | | | | | The FreeBSD-native arc4random_buf implementation falls back to weak sources of entropy if the sysctl fails. Remove these dangerous fallbacks by overriding locally. Unfortunately, pthread_atfork() is also broken on FreeBSD (at least 9 and 10) if a program does not link to -lthr. Callbacks registered with pthread_atfork() simply fail silently. So, it is not always possible to detect a PID wraparound. I wish we could do better. This improves arc4random_buf's safety compared to the native FreeBSD implementation. Tested on FreeBSD 9 and 10. | ||||
| * | Add a tls_connect_fds() function that allows a secure connection to be | jsing | 2014-11-02 | 3 | -6/+34 |
| | | | | | | | | | | | established using a pair of existing file descriptors. Based on a diff/request from Jan Klemkow. Rides previous libtls rename/library bump. Discussed with tedu@. | ||||
| * | Remove remnants from RC2 and SEED - there are no longer any cipher suites | jsing | 2014-11-02 | 4 | -106/+46 |
| | | | | | | | | that use these algorithms (and SEED was removed from libcrypto some time ago). ok doug@ | ||||
| * | Initial regress for libtls hostname verification. | jsing | 2014-11-01 | 3 | -2/+247 |
| | | |||||
| * | Remove ephemeral RSA key handling. | jsing | 2014-10-31 | 1 | -43/+4 |
| | | |||||
| * | Use automatic DH ephemeral parameters instead of fixed 512 bit. | jsing | 2014-10-31 | 1 | -38/+23 |
| | | | | | Based on OpenSSL. | ||||
| * | Remove an outdated comment re EDH vs DHE - DHE is now used consistently and | jsing | 2014-10-31 | 2 | -16/+2 |
| | | | | | there are backwards compatible names/aliases for EDH. | ||||
| * | Update comments for TLS ExtensionType values - many of the referenced | jsing | 2014-10-31 | 2 | -76/+92 |
| | | | | | | drafts are now RFCs. Also add the TLS extension type for ALPN and be consistent with RFC reference formatting. | ||||
| * | Crank libssl major due to recent additions, removals and changes. | jsing | 2014-10-31 | 2 | -4/+4 |
| | | |||||
| * | Remove now unused remnants from public structs. | jsing | 2014-10-31 | 4 | -14/+4 |
| | | |||||
| * | Add support for automatic DH ephemeral keys. | jsing | 2014-10-31 | 12 | -44/+194 |
| | | | | | | | | This allows an SSL server to enable DHE ciphers with a single setting, which results in an DH key being generated based on the server key length. Partly based on OpenSSL. | ||||
| * | Remove support for ephemeral/temporary RSA private keys. | jsing | 2014-10-31 | 14 | -474/+88 |
| | | | | | | | | | | The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively a standards violation) and for RSA sign-only, should only be possible if you are using an export cipher and have an RSA private key that is more than 512 bits in size (however we no longer support export ciphers). ok bcook@ miod@ | ||||
| * | Update regress for the libressl to libtls rename. | jsing | 2014-10-31 | 4 | -0/+288 |
| | | |||||
| * | Rename libressl to libtls to avoid confusion and to make it easier to | jsing | 2014-10-31 | 13 | -451/+422 |
| | | | | | | | distinguish between LibreSSL (the project) and libressl (the library). Discussed with many. | ||||
| * | clean up verbiage around the calculations; ok ingo jmc otto | deraadt | 2014-10-30 | 1 | -5/+5 |
| | | |||||
| * | Don't mention old systems where realloc(NULL, n) didn't work as we | millert | 2014-10-30 | 1 | -11/+7 |
| | | | | | | don't want to give people the idea that this is non-portable (it has been present since C89). OK deraadt@ schwarze@ | ||||
| * | my mistake. we already did increase buffers to 16k; increasing to 64k | tedu | 2014-10-30 | 1 | -2/+2 |
| | | | | | would be the next stage of embiggening. restore 16k. | ||||
| * | rework the poll loop to poll in both directions so it doesn't get stuck | tedu | 2014-10-30 | 1 | -47/+211 |
| | | | | | | if one pipe stalls out. from a diff by Arne Becker. (buffer size left alone for now) | ||||
| * | deregister; no binary change | jsg | 2014-10-28 | 100 | -460/+460 |
| | | | | | ok jsing@ miod@ | ||||
| * | Check the result of sk_*_push() operations for failure. | miod | 2014-10-28 | 18 | -88/+170 |
| | | | | | ok doug@ jsing@ | ||||
| * | POLLIN is not guaranteed to be set in revents for EOF so check for | millert | 2014-10-26 | 1 | -3/+3 |
| | | | | | POLLHUP too. OK deraadt@ | ||||
| * | Remove unnecessary include: netinet/in_systm.h is not needed by these | lteo | 2014-10-24 | 1 | -2/+1 |
| | | | | | | | programs. ok deraadt@ millert@ | ||||
| * | Save space in man page: err() -> errc() and combine vars. | doug | 2014-10-23 | 1 | -18/+11 |
| | | | | | | | Suggested by millert@ and schwarze@. OK schwarze@, millert@ | ||||
| * | In PKCS12_setup_mac(), do not assign p12->mac->salt->length until the allocation | miod | 2014-10-22 | 2 | -16/+18 |
| | | | | | | of p12->mac->salt->data has actually succeeded. In one of my trees for a long time already... | ||||
| * | Avoid a NULL pointer dereference that can be triggered by | jsing | 2014-10-22 | 2 | -4/+4 |
| | | | | | | | | | SSL3_RT_HANDSHAKE replays. Reported by Markus Stenberg <markus.stenberg at iki.fi> - thanks! ok deraadt@ | ||||
| * | #undef LIBRESSL_INTERNAL for the RAND_pseudo_bytes() test. | jsing | 2014-10-22 | 1 | -0/+2 |
| | | |||||
| * | Place most of the RAND_* functions under #ifndef LIBRESSL_INTERNAL (some | jsing | 2014-10-22 | 2 | -2/+8 |
| | | | | | are still needed for the engine). Our code should use arc4random instead. | ||||
| * | Use arc4random_buf() instead of RAND(_pseudo)?_bytes(). | jsing | 2014-10-22 | 8 | -36/+19 |
| | | | | | ok bcook@ | ||||
| * | None of these need <openssl/rand.h> | jsing | 2014-10-22 | 3 | -6/+3 |
| | | |||||
| * | Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes() (most | jsing | 2014-10-22 | 4 | -21/+15 |
| | | | | | with unchecked return values). | ||||
| * | None of these need <openssl/rand.h> | jsing | 2014-10-22 | 5 | -5/+0 |
| | | |||||
| * | Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes(). | jsing | 2014-10-22 | 54 | -260/+202 |
| | | | | | | | | | arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@ | ||||
| * | Avoid writing in second person in malloc.3 | doug | 2014-10-22 | 1 | -13/+12 |
| | | | | | ok deraadt@ | ||||
| * | List extensions in the STANDARDS section, replacing some text below CAVEATS. | schwarze | 2014-10-20 | 1 | -33/+30 |
| | | | | | | Remove excessive technicalities on zero-sized objects as suggested by deraadt@. contributions and ok deraadt@, ok jmc@ on an earlier version | ||||
| * | digests: *_LONG_LOG2 is not used, stop talking about it. | bcook | 2014-10-20 | 14 | -56/+22 |
| | | | | | | | | | Modified patch from Dmitry Eremin-Solenikov leave the sole public define in ripemd.h ok deraadt@ miod@ | ||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |