openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2016-11-06	Split ssl3_get_client_key_exchange() into separate per algorithm functions.	jsing	1	-320/+388
	ok beck@
2016-11-06	Remove pointless check - without fixed ECDH, there is only one way to reach	jsing	1	-8/+1
	this code path. ok beck@ bcook@
2016-11-06	tweak previous;	jmc	1	-3/+3

2016-11-06	simplify error handling in c2i_ASN1_OBJECT	bcook	1	-10/+12
	ok beck@, miod@
2016-11-06	Split out the DHE and ECDHE code paths from	jsing	1	-203/+221
	ssl3_send_server_key_exchange(). ok beck@ bcook@
2016-11-06	rename tlslegacy to tlsall, and better describe what it does.	beck	2	-8/+8
	ok jsing@
2016-11-06	Adjust cipher suite strengths - move MD5 to LOW, RC4 to LOW and 3DES to	jsing	1	-13/+13
	MEDIUM. ok beck@ bcook@
2016-11-06	Update regress for IDEA cipher suite removal.	jsing	1	-83/+83

2016-11-06	Remove the single IDEA cipher suite. There is no good reason to support	jsing	3	-29/+3
	this. ok beck@ bcook@
2016-11-06	unifdef -m -UOPENSSL_NO_CHACHA -UOPENSSL_NO_POLY1305	jsing	2	-6/+2
	ok beck@
2016-11-06	Add regress test script for openssl command.	inoguchi	3	-2/+966
	ok beck@
2016-11-06	Avoid compiling in an unused function.	jsing	1	-0/+2
	Spotted by guenther@
2016-11-06	adjust guards to elide unused Bi array	bcook	1	-2/+0
	ok jsing@
2016-11-06	Rework X509_verify_cert to support alt chains on certificate verification,	beck	1	-117/+265
	via boringssl. ok jsing@ miod@
2016-11-06	The upcoming x509 alt chains diff tightens the trust requirements	beck	1	-1/+17
	for certificates. This (from OpenSSL) ensures that the current "default" behaviour remains the same. We should revisit this later ok jsing@
2016-11-06	Commit a reminder that the default is not the default. This needs to	beck	1	-1/+2
	be revisited. ok jsing@
2016-11-06	remove unused variable	bcook	1	-6/+3

2016-11-06	use the correct function for free	bcook	1	-2/+2
	ok beck@
2016-11-06	add an .Xr that was missing	schwarze	1	-1/+2

2016-11-05	document BN_set_negative() and BN_is_negative();	schwarze	6	-516/+69
	feedback and OK bcook@, OK jsing@
2016-11-05	Part one of the alt chains changes, bring in newer modifications to	beck	3	-73/+411
	VERIFY_PARAMS - based on boringssl. ok jsing@ miod@
2016-11-05	Add objects for X25519, X448, Ed25519 and Ed448.	jsing	2	-0/+15
	ok miod@
2016-11-05	One of the error paths would attempt to access not-yet-initialized locals.	miod	1	-2/+2
	Simply return since there is nothing more to do. Spotted by coverity. ok jsing@ beck@
2016-11-05	Do a partial CBB conversion of ssl3_send_server_key_exchange(), which will	jsing	1	-52/+67
	make it easier to do further clean up. ok beck@ miod@
2016-11-05	fix misplaced quote by tls_peer_ocsp_this_update	bcook	1	-2/+2

2016-11-05	zap trailing whitespace, and add -o to usage() and help (-h);	jmc	2	-6/+9

2016-11-05	tweak previous;	jmc	1	-6/+6

2016-11-05	move manual pages from doc/ to man/ for consistency with other	schwarze	85	-169/+169
	libraries, in particular considering that there are unrelated files in doc/; requested by jsing@ and beck@
2016-11-05	Check BIO_new*() for failure.	miod	2	-4/+9
	ok beck@ jsing@
2016-11-05	More X509_STORE_CTX_set_*() return value checks.	miod	3	-12/+16
	ok beck@ jsing@
2016-11-05	bump minors for symbol addition for ocsp and x25519 symbol additions	beck	3	-3/+3

2016-11-05	Add support for server side OCSP stapling to libtls.	beck	9	-16/+98
	Add support for server side OCSP stapling to netcat.
2016-11-05	Add regress for X25519, converted from BoringSSL.	jsing	3	-1/+150

2016-11-05	after getting rid of the pod files, clean up the Makefiles; ok bcook@	schwarze	4	-41/+23

2016-11-05	Add support for X25519.	jsing	5	-1/+5136
	This brings in code from BoringSSL, which is mostly taken from SUPERCOP. ok beck@ bcook@
2016-11-05	rename ocsp_ctx to ocsp	beck	3	-68/+68
	ok jsing@
2016-11-05	minor mandoc -Tlint nits	schwarze	3	-9/+8

2016-11-05	add the missing content, sorry for committing an empty file	schwarze	1	-0/+69

2016-11-05	Stricter validation of inputs of OPENSSL_asc2uni() and OPENSSL_uni2asc().	miod	1	-17/+34
	While there, try to make these slightly less obfuscated. ok beck@ jsing@
2016-11-05	convert the remaining manual pages from pod to mdoc	schwarze	25	-1650/+3615

2016-11-05	X509_STORE_CTX_set_*() may fail, so check for errors.	miod	1	-4/+14
	ok beck@
2016-11-05	Do not leak the ressources possibly allocated by EVP_MD_CTX_init() in the	miod	1	-2/+3
	trivial error path of PKCS12_key_gen_uni(). ok beck@ jsing@
2016-11-05	Set PROG so that the binary correctly gets recompiled when the libraries	miod	1	-11/+5
	it is linked against change. ok beck@ jsing@
2016-11-05	Make sure PEM_SealInit() will correctly destroy the PEM_ENCODE_SEAL_CTX	miod	1	-8/+22
	upon error, as there is no way to do this outside of PEM_SealFinal(), which can only work if PEM_SealInit() succeeded... ok beck@ jsing@
2016-11-05	No need to duplicate definitions from evp.h locally.	miod	2	-14/+2
	ok bock@ jsing@
2016-11-05	Stop abusing the ternary operator to decide which function to call in a	miod	1	-3/+6
	return statement. ok beck@ jsing@
2016-11-05	further tweakage, with an improvement from joel;	jmc	1	-5/+5
	ok jsing schwarze
2016-11-05	Convert ssl3_get_server_kex_ecdhe() to CBS, simplifying tls1_check_curve()	jsing	3	-62/+41
	in the process. This also fixes a long standing bug where tls1_ec_curve_id2nid() is called with only one byte of the curve ID. ok beck@ miod@
2016-11-05	Remove generated Symbols.map on make clean.	jsing	2	-3/+5
	ok guenther@
2016-11-04	tweak previous	schwarze	1	-34/+39