| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2017-12-01 | Avoid using an uninitialized variable. | visa | 1 | -4/+6 | |
| Found by gcc. OK jca@ | |||||
| 2017-11-29 | Mixing -url with any of -host, -port, or -path should be a usage error | guenther | 1 | -7/+8 | |
| instead of trying to work and then triggering a double-free(). problem noted by trondd (trondd (at) kagu-tsuchi.com) ok beck@ | |||||
| 2017-11-29 | add -i to SYNOPSIS/usage() and sundry tweaks; | jmc | 2 | -6/+8 | |
| ok beck | |||||
| 2017-11-29 | clang doesn't propagate attributes like "asm labels" and "visibility(hidden)" | guenther | 4 | -11/+23 | |
| to builtins like mem{set,cpy,move} and __stack_smash_handler. So, when building with clang, instead mark those as protected visibility to get rid of the PLT relocations. We can't take the address of them then, but that's ok: it's a build-time error not a run-time error. ok kettenis@ | |||||
| 2017-11-28 | Add option -i to allow oscpcheck to be used to validate an on-disk staple | beck | 2 | -49/+103 | |
| ok claudio@ benno@ | |||||
| 2017-11-28 | Add the missing STANDARDS section (kettenis@ noticed that these are | schwarze | 1 | -6/+14 | |
| POSIX functions) and turn the weird DIAGNOSTICS section into a normal RETURN VALUES section while here. | |||||
| 2017-11-28 | Allow TLS ciphers and protocols to be specified for nc(1). | jsing | 2 | -41/+65 | |
| Replace the "tlscompat" and "tlsall" options with "cipher" and "protocol" options that are key/value pairs. This allows the user to specify ciphers and protocols in a form that are accepted by tls_config_set_ciphers() and tls_config_set_protocols() respectively. ok beck@ (also ok jmc@ for a previous revision of the man page). | |||||
| 2017-11-28 | Rewrite ASN1_TYPE_{get,set}_octetstring() using templated ASN.1. | jsing | 1 | -81/+78 | |
| This removes the last remaining use of the old M_ASN1_* macros (asn1_mac.h) from API that needs to continue to exist. ok beck@ inoguchi@ | |||||
| 2017-11-28 | Add regress coverage for ASN1_TYPE_{get,set}_int_octetstring() | jsing | 2 | -2/+147 | |
| 2017-11-28 | Correct TLS extensions handling when no extensions are present. | jsing | 1 | -1/+13 | |
| If no TLS extensions are present in a client hello or server hello, omit the entire extensions block, rather than including it with a length of zero. ok beck@ inoguchi@ | |||||
| 2017-11-28 | Add regress test coverage for building clienthello and serverhello | jsing | 1 | -4/+201 | |
| extensions, both with extensions being present and not present. The not present case currently fails. | |||||
| 2017-11-28 | Add regress for CBB_discard_child(). | jsing | 1 | -2/+56 | |
| Converted from BoringSSL. | |||||
| 2017-11-28 | Add CBB_discard_child(), which allows for a child CBB to be discarded. | jsing | 2 | -2/+22 | |
| Based on BoringSSL. | |||||
| 2017-11-28 | GNU ld has prefixed the contents of .gnu.warning.SYMBOL sections | tb | 8 | -19/+19 | |
| with "warning: " since 2003, so the messages themselves need not contain the prefix anymore. From Scott Cheloha ok jca, deraadt | |||||
| 2017-11-24 | Use clock_gettime and getrusage to compute real and user time. | jca | 1 | -16/+33 | |
| Better handling of clock jumps, from Scott Cheloa. | |||||
| 2017-11-04 | Revert recent changes to unbreak ports/net/samba | jca | 1 | -2/+8 | |
| While it is not clear (to me) why that ports ends up with corrupted shared libs, reverting those changes fixes the issue and should allow us to close p2k17 more smoothly. Discussed with a bunch, ok ajacoutot@ guenther@ | |||||
| 2017-11-02 | 's' should include 'f'; from Jacqueline Jolicoeur | otto | 1 | -2/+2 | |
| 2017-11-02 | openssl s_time -connect host:port needs dns promise for pledge(2) otherwise it | mestre | 1 | -2/+2 | |
| will SIGABRT Bug found by Scott Cheloha <scottcheloha at gmail.com> OK deraadt@ | |||||
| 2017-10-28 | Change pthread_cleanup_{push,pop} to macros that store the cleanup info | guenther | 1 | -8/+2 | |
| on the stack instead of mallocing the list and move the APIs from libpthread to libc so that they can be used inside libc. Note: the standard was explicitly written to permit/support this "macro with unmatched brace" style and it's what basically everyone else already does. We xor the info with random cookies with a random magic to detect/trip-up overwrites. Major bump to both libc and libpthread due to the API move. ok mpi@ | |||||
| 2017-10-24 | Use a smaller buffer size too peek the receive data. The content | bluhm | 1 | -5/+4 | |
| is discarded anyway, the plen variable is a leftover from the -j jumbo option. reported by Nan Xiao; OK deraadt@ | |||||
| 2017-10-19 | Restore a return that was inadvertently removed from freezero() in r1.234, | jsing | 1 | -1/+2 | |
| which results in an internal double free when internal functions are not in use. ok otto@ | |||||
| 2017-10-17 | add missing HISTORY; based on CVS logs and release announcements | schwarze | 1 | -2/+7 | |
| 2017-10-15 | Add a regression test for ldexp(3). | visa | 3 | -2/+82 | |
| 2017-10-12 | Rename ssl3_client_hello() to ssl3_send_client_hello() for consistency. | jsing | 2 | -5/+5 | |
| 2017-10-12 | Fold dtls1_accept() into ssl_accept(), removing a lot of duplicated code. | jsing | 4 | -556/+143 | |
| With review/feedback from inoguchi@ | |||||
| 2017-10-12 | Drop prototypes for ssl23_*() functions, which no longer exist. | jsing | 1 | -11/+1 | |
| 2017-10-12 | Add STANDARDS: denis@ spotted that it was missing. | schwarze | 1 | -2/+19 | |
| OK deraadt@ jca@ jmc@ | |||||
| 2017-10-11 | Update regress now that ssl_cipher_list_to_bytes() takes a CBB. | jsing | 1 | -3/+9 | |
| Based on a diff from doug@ | |||||
| 2017-10-11 | Convert ssl3_client_hello() to CBB. | jsing | 4 | -93/+64 | |
| As part of this, change ssl_cipher_list_to_bytes() to take a CBB argument, rather than a pointer/length. Some additional clean up/renames while here. Based on a diff from doug@ | |||||
| 2017-10-11 | Fully convert ssl3_send_server_hello() to CBB. | jsing | 3 | -53/+19 | |
| Based on a diff from doug@ | |||||
| 2017-10-10 | Revise regress now that ssl_bytes_to_cipher_list() takes a CBS. | jsing | 1 | -20/+10 | |
| 2017-10-10 | Make ssl_bytes_to_cipher_list() take a CBS, rather than a pointer and | jsing | 3 | -29/+19 | |
| length, since the caller has already been converted to CBS. A small amount of additional clean up whilst here. | |||||
| 2017-10-10 | ((remove) (some) (unnecessary) (parentheses)) | jsing | 1 | -4/+4 | |
| Part of a diff from doug@ | |||||
| 2017-10-10 | Merge dtls1_connect() into ssl3_connect(), removing a large amount of | jsing | 4 | -459/+117 | |
| duplicated code. For now this is essentially adds a diff of the two functions with 'if (SSL_IS_DTLS(s))' - further clean up and improvement will follow. ok inoguchi@ | |||||
| 2017-10-08 | Reduce non-functional differences between dtls1_accept() and | jsing | 1 | -34/+42 | |
| ssl3_accept() - synchronise comments, whitespace, line wrapping, etc. | |||||
| 2017-10-08 | Reduce non-functional differences between dtls1_connect() and | jsing | 1 | -32/+38 | |
| ssl3_connect() - synchronise comments, whitespace, line wrapping, etc. | |||||
| 2017-10-08 | Fix some style/whitespace/indentation issues in ssl3_accept(). | jsing | 1 | -25/+14 | |
| 2017-10-08 | Fix some style/whitespace/indentation issues in ssl3_connect(). | jsing | 1 | -10/+9 | |
| 2017-10-08 | Convert ssl3_send_change_cipher_spec() to use CBB and make it handle DTLS, | jsing | 6 | -57/+52 | |
| which allows us to drop dtls1_send_change_cipher_spec() entirely. ok inoguchi@ | |||||
| 2017-10-08 | hyphenate DER/PEM-encoded, for consistency; | jmc | 2 | -9/+9 | |
| 2017-10-07 | Document tls_peer_cert_chain_pem(). | jsing | 1 | -2/+13 | |
| ok beck@ | |||||
| 2017-10-07 | Fix cast-pasto's in comments | guenther | 1 | -3/+3 | |
| 2017-10-05 | do not return f() where f is a void function; loop var type fix | otto | 1 | -4/+5 | |
| 2017-10-05 | Use dprintf instead of snprintf/write | otto | 1 | -82/+36 | |
| 2017-09-26 | bump version in advance of final release | bcook | 1 | -3/+3 | |
| 2017-09-26 | bump wo 2.6.2libressl-v2.6.2 | bcook | 1 | -3/+3 | |
| 2017-09-25 | If tls_config_parse_protocols() is called with a NULL pointer, return the | jsing | 1 | -1/+4 | |
| default protocols instead of crashing - this makes the behaviour more useful and mirrors what we already do in tls_config_set_ciphers() et al. | |||||
| 2017-09-25 | Annotate some API-side memory leaks for future resolution. | jsing | 1 | -1/+3 | |
| 2017-09-25 | Fix various issues in the OCSP extension parsing code: | jsing | 1 | -20/+14 | |
| - When parsing the OCSP extension we can have multiple responder IDs - pull these out correctly. - Stop using CBS_stow() - it's unnecessary since we just need access to the data and length (which we can get via CBS_data() and CBS_len()). - Use a temporary pointer when calling d2i_*() functions, since it will increment the pointer by the number of bytes it consumed when decoding. The original code incorrectly passes the pointer allocated via CBS_stow() (using malloc()) to a d2i_*() function and then calls free() on the now incremented pointer, most likely resulting in a crash. This issue was reported by Robert Swiecki who found the issue using honggfuzz. ok beck@ | |||||
| 2017-09-25 | When building the OCSP extension, only add the length prefixed extensions | jsing | 1 | -6/+6 | |
| after we finish building the responder ID list. Otherwise adding to the responder ID list fails. ok beck@ | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |