openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2016-09-03	add constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF.	bcook	1	-16/+55
	Patch based on OpenSSL commit d7a854c055ff22fb7da80c3b0e7cb08d248591d0 "Performance penalty varies from platform to platform, and even key length. For rsa2048 sign it was observed to reach almost 10%." CVE-2016-0702 ok beck@
2016-09-03	BN_mod_exp_mont_consttime: check for zero modulus.	bcook	1	-9/+33
	Don't dereference d when top is zero. Original patch from OpenSSL commit d46e946d2603c64df6e1e4f9db0c70baaf1c4c03 ok jsing@
2016-09-03	remove unneeded reach-around include	bcook	1	-2/+2

2016-09-03	add iOS support for getentropy	bcook	1	-1/+12
	from Jacob Berkman, ok beck@
2016-09-03	deprecate EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal()	bcook	2	-7/+23
	This switches EVP_CipherFinal() to work as EVP_EncryptFinal() and EVP_DecryptFinal() do, always clearing the cipher context on completion. Indicate that, since it is not possible to tell whether this function will clear the context (the API has changed over time in OpenSSL), it is better to use the _ex() variants and explicitly clear instead. ok beck@
2016-09-03	BN_mod_exp_mont_consttime: check for zero modulus.	bcook	1	-4/+5
	Don't dereference \|d\| when \|top\| is zero. Also test that various BIGNUM methods behave correctly on zero/even inputs. Original patch from OpenSSL commit d46e946d2603c64df6e1e4f9db0c70baaf1c4c03
2016-09-03	Avoid undefined-behavior right-shifting by a word-size # of bits.	bcook	1	-3/+2
	Found with STACK, originally from OpenSSL, ok @beck
2016-09-03	shorten s_time; help/ok bcook	jmc	1	-91/+22

2016-09-03	Make tree build again	beck	6	-12/+482

2016-09-03	remove unused variable	beck	1	-2/+1

2016-09-03	Fix some very unnecessary convoultion.	beck	1	-16/+6
	ok krw@
2016-09-03	crank minor for API addiiton of x509_email, etc. functions	beck	2	-2/+2

2016-09-03	Bring in functions used by stunnel and exim from BoringSSL - this brings	beck	2	-2/+452
	in X509_check_host, X509_check_email, X509_check_ip, and X509_check_ip_asc, with some cleanup on the way in by myself and jsing@ ok bcook@
2016-09-03	Remove the libcrypto/crypto directory	beck	41	-6330/+0

2016-09-03	Remove the libssl/ssl directory	beck	2	-54/+0

2016-09-03	Remove the libssl/src directory	beck	1190	-386114/+0

2016-09-02	Print SKIPPED if a regress test cannot be executed for some reason.	bluhm	1	-2/+3
	This allows to identify such tests by looking at their output.
2016-09-02	shorten s_server;	jmc	1	-134/+72

2016-09-02	Fix build of regress after source moves	beck	1	-2/+2

2016-09-02	Make this regress build again	beck	2	-4/+4

2016-09-01	Less lock contention by using more pools for mult-threaded programs.	otto	2	-94/+190
	tested by many (thanks!) ok tedu, guenther@
2016-09-01	black magic for sparc page size can go	tedu	1	-4/+2

2016-09-01	shorten s_client;	jmc	1	-142/+50

2016-08-31	Crank minor due to API addition	beck	1	-1/+1

2016-08-31	We don't need any VMS access tricks.	deraadt	1	-27/+4
	ok beck tedu
2016-08-30	Add OPTION_ARG_TIME for parsing a (64 bit if needed) time_t	deraadt	3	-4/+15
	prodding & ok jsing
2016-08-30	buf[][] with strange use all over the place is ridiculous, especially	deraadt	1	-15/+14
	if buf[1] is never used. ok guenther beck
2016-08-30	Fix 32-bit time handling, using time_t and make it work on systems	deraadt	2	-24/+25
	where that is long long. ok beck guenther
2016-08-30	shorten rsautl;	jmc	1	-152/+13

2016-08-28	shorten the rsa text; of note, i've also reduced the description	jmc	1	-278/+44
	for -inform/-outform/-text and removed the oft-repeated header/footer blurb;
2016-08-28	Don't call lstat() before readlink() just to see if it's a symlink,	guenther	1	-14/+17
	as readlink() will tell you that more cheaply. ok millert@
2016-08-27	shorten the req text;	jmc	1	-452/+189

2016-08-27	Enable ALPN regress now that it passes.	jsing	1	-4/+2

2016-08-27	Be more strict when parsing TLS extensions.	jsing	2	-34/+74
	Based on a diff from Kinichiro Inoguchi. ok beck@
2016-08-27	Pull in <stdio.h> for NULL	guenther	1	-1/+2
	ok deraadt@
2016-08-26	Repeated occurances of the idiom buf[5][BUFSIZ] -- ridiculous. Give each	deraadt	1	-86/+87
	buf a special name, recognize that most are PATH_MAX, and remove a few that are not needed at all. ok jsing beck
2016-08-26	Pull in <time.h> for clock_gettime()	guenther	1	-1/+2
	ok deraadt@
2016-08-25	shorten the pkeyutl text;	jmc	1	-83/+40
	help/ok guenther
2016-08-24	shorten the pkeyparam text;	jmc	1	-23/+8

2016-08-24	shorten the pkey text;	jmc	1	-73/+25

2016-08-23	shorten pkcs12;	jmc	1	-187/+42

2016-08-22	Various clean up and reorganisation of the connection info handling code.	jsing	3	-69/+97
	In particular, rename tls_free_conninfo() to tls_conninfo_free() and make it a real free function. Rename tls_get_conninfo() to tls_conninfo_populate() and have it allocate the struct tls_conninfo (after freeing any existing one). ok beck@
2016-08-22	Stick with the usual 'if NULL return NULL' idiom.	jsing	1	-10/+10
	ok beck@
2016-08-22	Bump TLS_API due to the addition of server side SNI functions.	jsing	1	-2/+2

2016-08-22	Bump libtls minor due to the addition of symbols.	jsing	1	-1/+1

2016-08-22	Provide an API that enables server side SNI support - add the ability to	jsing	5	-6/+107
	provide additional keypairs (via tls_config_add_keypair_{file,mem}()) and allow the server to determine what servername the client requested (via tls_conn_servername()). ok beck@
2016-08-22	Create contexts for server side SNI - these include the additional SSL_CTX	jsing	3	-3/+174
	that is required for certificate switching with libssl and the certificate itself so that we can match against the subject and SANs. Hook up the servername callback and switch to the appropriate SSL_CTX if we find a matching certificate. ok beck@
2016-08-22	shorten the pkcs8 text;	jmc	1	-179/+63

2016-08-22	Sorry Andrew and Luke, I'm pretty sure we deleted your IRIX and VMS code.	deraadt	1	-4/+1

2016-08-20	shorten pkcs7 text;	jmc	1	-58/+37