openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2015-07-19	Fix Coverity 72742 - ret is overwritten immediately after this.	beck	2	-4/+2
	ok doug@
2015-07-19	Remove effectively unused variable.	doug	1	-4/+1
	Fixes Coverity issue 21693. ok beck@ bcook@
2015-07-19	Assign p to CBS_data since it is used later.	doug	2	-4/+6
	The p initialization was hiding this bug but Coverity 126279 saw it. ok miod@ bcook@ beck@
2015-07-19	abort when ENGINE_remove fails, fix Coverity 21656	bcook	2	-10/+4
	ok doug@, beck@
2015-07-18	Convert dtls1_get_message_header to CBS and change to int.	doug	6	-32/+74
	Changed return value from void to int. It should never return an error given that the input length is not checked yet. ok miod@
2015-07-18	rand_err doesn't exist anymore, coverity 78808	beck	2	-6/+6
	ok doug@
2015-07-18	Coverity 21651	beck	2	-6/+14
	ok doug@
2015-07-18	Convert dtls1_get_record to CBS.	doug	2	-42/+56
	ok miod@, input + ok jsing@
2015-07-18	Remove repeated code in dtls1_get_record.	doug	2	-80/+32
	The "if" is a bit ugly, but this does remove a lot of repetitive code. This will be converted to CBS later as well. ok miod@ jsing@ roughly ok with it after seeing the CBS version
2015-07-18	Set SSL_MODE_ENABLE_PARTIAL_WRITE and SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER	bluhm	1	-1/+4
	in libtls. This gives tls_write() a similar short write semantics as write(2). So implementing daemons with libevent buffers will be easier and workarounds in syslogd and httpd can be removed. OK tedu@ beck@ reyk@
2015-07-18	Dead code, Coverity 78798	beck	2	-6/+2
	ok bcook@ doug@
2015-07-18	simplify length checking in do_indefinite_convert	bcook	1	-11/+17
	Fixes Coverity 117506, 117507, 117508 ok doug@
2015-07-18	Coverity ID 78910 - Yet another stupid API designed to not show failures. do the	beck	2	-12/+16
	lease worst alternative and do nothing rather than dereference NULL, but having a function with fundamentally broken API to simply make a list of strings, sort them, and call a function with each string as an argument is really quite silly.... and of course it was exposed API that the ecosystem uses that we can't delete.. yet. ok miod@ doug@
2015-07-18	Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER workaround.	doug	10	-58/+26
	This was a hack to work around problems on IE 6 with SSLv3. ok miod@ bcook@
2015-07-18	remove mysterious, decorative comment blocklets	bcook	1	-21/+21

2015-07-18	Explicitly mark ignored BN_* return vals in tests.	bcook	1	-6/+6
	The tests will fail all the same. Fixes Coverity 78811 21659 21658 21657. Discussed with beck@
2015-07-18	check sscanf conversion, fixes Coverity 21666	bcook	1	-2/+6
	ok doug@, miod@, guenther@
2015-07-18	Check the return value of ASN1_STRING_set(), for it may fail to allocate	miod	4	-12/+28
	memory. Coverity CID 24810, 24846. ok bcook@ doug@
2015-07-18	Remove support for the SSL_OP_TLS_D5_BUG compat hack from SSLeay.	doug	6	-28/+22
	This is a 17 year old workaround from SSLeay 0.9.0b. It was for clients that send RSA client key exchange in TLS using SSLv3 format (no length prefix). ok jsing@
2015-07-18	Unbreak, add errno header	jeremy	1	-1/+2
	OK tedu@
2015-07-18	set errno in null cases, just in case.	tedu	1	-2/+3

2015-07-18	standards compliant error return (null). will make ruby happier, at least.	tedu	1	-5/+2
	ok deraadt jeremy
2015-07-18	Fix leak found by coverity, issue 78897 - which also brough to	beck	6	-50/+66
	light that the child counting was broken in the original code. this is still fugly, but this preserves all the existing goo. ok doug@
2015-07-17	delete doubled words;	schwarze	8	-8/+8
	patch from Theo Buehler <theo at math dot ethz dot ch>
2015-07-17	extenstion -> extension	miod	2	-2/+2

2015-07-17	fix leak, found by coverity, ID 78877	beck	1	-3/+3
	ok miod@ jsing@
2015-07-17	Convert ssl_parse_serverhello_use_srtp_ext to CBS.	doug	4	-24/+34
	ok miod@ jsing@
2015-07-17	Remove SSLv3 support from openssl(1) s_time.	doug	1	-13/+3
	ok miod@ bcook@ beck@
2015-07-17	Remove SSLv3 support from openssl(1) s_server.	doug	1	-7/+2
	ok miod@ bcook@ beck@
2015-07-17	Remove SSLv3 support from openssl(1) s_client.	doug	1	-4/+1
	ok miod@ bcook@ beck@
2015-07-17	Remove support for SSLv3 from openssl(1) ciphers.	doug	1	-27/+5
	ok miod@ bcook@
2015-07-17	Remove compat hack that disabled ECDHE-ECDSA on OS X.	doug	10	-208/+26
	For a few old releases, ECDHE-ECDSA was broken on OS X. This option cannot differentiate between working and broken OS X so it disabled ECDHE-ECDSA support on all OS X >= 10.6. 10.8-10.8.3 were the faulty releases but these are no longer relevant. Tested on OS X 10.10 by jsing. ok jsing@
2015-07-17	Remove workaround for TLS padding bug from SSLeay days.	doug	13	-79/+25
	OpenSSL doesn't remember which clients were impacted and the functionality has been broken in their stable releases for 2 years. Based on OpenSSL commit a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5. ok jsing@
2015-07-16	Bump LIBRESSL_VERSION defines.	bcook	2	-6/+14
	Moving forward, software should expect that LIBRESSL_VERSION_TEXT and LIBRESSL_VERSION_NUMBER will increment for each LibreSSL-portable release. ok deraadt@, beck@
2015-07-16	Enforce V_ASN1_OCTET_STRING type before accessing the object as octet string;	miod	2	-4/+8
	from OpenSSL (RT #3683) ok doug@ jsing@
2015-07-16	fix coverity leak - ID 78921	beck	1	-3/+11
	ok miod@, bcook@
2015-07-16	kill leak, found by coverity, ID 105348	beck	1	-2/+5
	ok miod@
2015-07-16	After reading a password with terminal echo off, restore the terminal to	guenther	2	-12/+10
	its original state instead of blindly turning echo on. problem reported on the openssl-dev list by William Freeman ok miod@ beck@
2015-07-16	Explicitely cast a char into unsigned long before shifting it left by 24, for	miod	2	-4/+4
	this would promote it to int for the shift, and then cast to unsigned long, sign-extending it if sizeof(long) > sizeof(int). This was not a problem because the computed value was explicitely range checked afterwards, with an upper bound way smaller than 1U<<31, but it's better practice to cast correctly. ok beck@
2015-07-16	Check return value of all used functions in OCSP_REQUEST_print(); covers	miod	2	-10/+18
	Coverity CID 78796; ok beck@
2015-07-16	Make sure the `reject negative sizes' logic introduced in 1.34 is actually	miod	2	-6/+8
	applied to all code paths. ok beck@ bcook@ doug@ guenther@
2015-07-15	check n before cbs_init, coverity - ID 125063	beck	2	-6/+18
	ok bcook@ miod@
2015-07-15	test for n<0 before use in CBS_init - mostly to shut up coverity.	beck	6	-22/+66
	reluctant ok miod@
2015-07-15	Flense out dead code, we don't do ecdhe_clnt_cert.	beck	4	-374/+150
	coverity ID's 21691 21698 ok miod@, "Fry it" jsing@
2015-07-15	Fix inverted test in previous. Commit message told what we intended, but	miod	2	-4/+4
	we did not notice my fingers slipping. Noticed by bcook@
2015-07-15	Remove dead code. Coverity CID 21688	miod	2	-8/+2
	ok beck@
2015-07-15	Fix two theoretical NULL pointer dereferences which can only happen if you	miod	2	-8/+18
	have seriously corrupted your memory; Coverity CID 21708 and 21721. While there, plug a memory leak upon error in x509_name_canon(). ok bcook@ beck@
2015-07-15	Fix possible 32 byte buffer overrun, found by coverity, CID 78869	beck	2	-4/+4
	ok miod@
2015-07-15	Memory leak; Coverity CID 78836	miod	2	-12/+16
	ok beck@
2015-07-15	Unchecked allocations, and make sure we do not leak upon error. Fixes	miod	2	-42/+72
	Coverity CID 21739 and more. ok bcook@