| Commit message (Collapse) | Author | Files | Lines |
|---|
|
pointed out by Watson Ladd (watson (at) matasano.com)
ok deraadt@
|
|
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636
with comment/whitespace style tweaks
ok bcook@ miod@
|
|
to only apply to s23_srvr.c.
|
|
saying that you expect it to return that value and compare it against zero
because it is supposedly faster, for this leads to bugs (especially given the
high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in this
library).
Instead, compare for the exact value it ought to return upon success.
ok deraadt@
|
|
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b
ok guenther miod
|
|
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049
ok bcook
|
|
|
|
Adam Langley close to three years ago, which were commited in
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e7928282d0148af5f28fa3437a625a2006af0214
ok jsing@
|
|
behaviour that allows a PEM block to be fed through the base64 decoder.
Reported by Dmitry Eremin-Solenikov on tech@
ok deraadt@ tedu@
|
|
and UI_add_verify_string() return -1 (and maybe -2?) on failure and
>=0 on success, instead of always zero on success
problem reported by Mark Patruck (mark (at) wrapped.cx)
ok miod@
|
|
directly from file.
|
|
|
|
context (if necessary) and handles the TLS/SSL handshake over the given
socket.
|
|
|
|
a specific server configuration function and call this from
ressl_configure.
|
|
|
|
|
|
|
|
|
|
ok guenther@ jsing@
|
|
the return value is stored in must be signed. Fixes a test for error.
ok jsing@ guenther@
|
|
ok bcook@
|
|
the details are under embargo. The original plan was to wait for the
embargo to lift, but we've been waiting for quite some time, and there's no
indication of when or even if it will end. No sense in dragging this out
any longer.
The SRP code has never been enabled in OpenBSD, though I understand it is
in use by some other people. However, in light of this and other issues,
we're officially saying SRP is outside the scope of libressl. (For now.)
|
|
for the key (expressed in RSA key bits, which makes *no sense* for ECDH) as
their second argument, not zero.
(jsing@ notes that the RSA callback is only invoked for 'export' ciphers,
which have been removed from LibreSSL, and for the SSL_OP_EPHEMERAL_RSA
option, which is makes the application non-compliant. More fuel for the
tedu fire...)
jasper@ noted the breakage and bisected it down to the diff that broke this
ok jsing@ miod@
|
|
ok @deraadt
|
|
OPENSSL_NO_RC5 is #defined in the #includes, so it's not needed here.
ok deraadt@
|
|
|
|
Remove unnecessary NULL check.
ok miod@
|
|
up and return failure, be sure the cleanup work does NOT free objects which
are still being referenced by other objects.
ok guenther@
|
|
within libcrypto are safe, but until we can change this function prototype to
use size_t instead of int, better be safe than sorry.
tweaks and ok guenther@
|
|
value is happily dereferenced without checking it for being non-NULL).
ok beck@
|
|
EVP_CTRL_RAND_KEY method handlers, rather than generating a random odd key and
not even checking it against the weak keys list.
ok beck@
|
|
it is not one of the weak and semi-weak keys.
Even though the probability of generating a weak key with incorrect parity is
abysmally small, there is no reason to be correct (although, if you're in a
need for fresh DES keys nowadays, you should seriously consider switching to
a stronger symmetric cipher algorithm).
ok beck@
|
|
when BIO_new_{file,fp}() fails.
inspired by a diff from logan@ ok miod@
|
|
(Overlooked among jmc@'s other suggestions)
|
|
reality, and reformatting to be readable.
formatting and wording suggestions miod@ jmc@
|
|
NULL before an intrinsic strdup.
ok miod@
|
|
|
|
|
|
Also, zero the SHA256 context.
suggested by "eric" in a comment on an opensslrampage.org post
ok miod@ deraadt@
|
|
|
|
|
|
being-standardized <endian.h>
ok deraadt@ millert@ beck@
|
|
Move <sys/mman.h> and raise(SIGKILL) calls to OS-specific headers.
On OpenBSD, move thread_private.h as well to arc4random.h.
On Windows, use TerminateProcess on getentropy failure.
ok deraadt@
|
|
It may make sense to later replace this with a Critical Section later.
ok guenther@
|
|
6.11.5 - Storage-class specifiers:
The placement of a storage-class specifier other than at the
beginning of the declaration specifiers in a declaration is
an obsolescent feature.
Diff from Jean-Philippe Ouellet (jean-philippe (at) ouellet.biz)
|
|
it shows up in libraries. Even the system call is probably not finalized.
Bit dissapointed it has turned out to be a descriptor-less read() with
EINVAL and EINTR error conditions, but we can work with it.
|
|
ok bcook@
|
|
Also correct some format strings.
From Doug Hogan (doug (at) acyclic.org)
|
|
the errno of an intervening cleanup operation like close/unlink/etc.
Diff from Doug Hogan (doug (at) acyclic.org)
|
