openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2021-04-14	factor argument to catch an alert mismatch into a helper function	tb	1	-7/+8

2021-04-13	enable test-tlsfuzzer-invalid-compression-methods.py	tb	1	-5/+10

2021-04-13	enable test-large-hello.py as a slow test	tb	1	-3/+2

2021-04-13	with new defaults, test-fuzzed-plaintext.py is no longer slow	tb	1	-3/+2

2021-04-13	move a few tests to the unsupported group and fix two comments	tb	1	-15/+15

2021-04-13	annotate test-ecdhe-rsa-key-exchange-with-bad-messages.py with expected	tb	1	-2/+3
	alerts and where to add them.
2021-04-11	Update a stale comment and fix a typo.	tb	1	-3/+3

2021-04-09	An extra internal consistency check and a missing stats adjustment. ok tb@	otto	1	-1/+4

2021-04-09	Cache implementation has changed, we do not hold on to an exact number	otto	1	-3/+4
	of pages anymore, but also cache larger regions; ok tb@
2021-04-08	Enable test-cve-2016-6309.py	tb	1	-3/+2

2021-04-07	Avoid clobbering the error code when sending an alert	tb	1	-2/+3
	In order to fail gracefully on encountering a self-signed cert, curl looks at the top-most error on the stack and needs specific SSL_R_ error codes. This mechanism was broken when the tls13_alert_sent_cb() was added after people complained about unhelpful unknown errors. Fix this by only setting the error code from a fatal alert if no error has been set previously. Issue reported by Christopher Reid ok jsing
2021-04-07	Use ERR_print_error_fp() to avoid leaking a BIO in fatal()	tb	1	-2/+2

2021-04-07	Check function return value in openssl(1) x509.c	inoguchi	1	-24/+71
	input from bcook@, ok and comments from tb@
2021-04-07	Avoid leak in error path	inoguchi	1	-3/+7
	ok and input from tb@
2021-04-06	use errx() instead of err()	tb	1	-8/+8

2021-04-06	spaces -> tabs	tb	1	-5/+5

2021-04-06	minor style tweaks	tb	1	-5/+6

2021-04-05	Don't leak param->name in x509_verify_param_zero()	tb	1	-1/+2
	For dynamically allocated verify parameters, param->name is only ever set in X509_VERIFY_set1_name() where the old one is freed and the new one is assigned via strdup(). Setting it to NULL without freeing it beforehand is a leak. looks correct to millert, ok inoguchi
2021-04-04	Add missing error check for AES_unwrap_key().	tb	1	-1/+3

2021-04-04	Fix two copy paste errors in error messages	tb	1	-3/+3

2021-04-04	Add tests for DTLSv1_2{,_client,_server}_method()	tb	1	-1/+20

2021-04-04	Use correct type for tmp in test_write_bytes()	tb	1	-2/+2

2021-04-04	Explicitly NULL pointers to avoid a double free.	tb	1	-1/+3

2021-04-04	Don't leak key and dh in the error path.	tb	1	-4/+7

2021-04-04	Clean up client and server tls{,_config} contexts in tls_test().	tb	1	-2/+11
	Leaks reported by Ilya Shipitsin.
2021-04-03	Run the CMAC tests through EVP_PKEY_new_CMAC_key().	tb	1	-10/+22

2021-04-02	Two cases of BRE involving counts and backrefs that go wrong and	otto	1	-1/+16
	similar that have no isssues. Reported by Michael Paoli. Failing cases commented out for now.
2021-04-02	Show DTLS1.2 message with openssl(1) s_server and s_client	inoguchi	1	-2/+6
	ok jsing@ tb@
2021-04-01	Compare the pointer variable explicitly with NULL in if condition	inoguchi	1	-18/+17

2021-03-31	one of the examples needs an -N (and explanation);	jmc	1	-4/+7
	diff from robert scheck discussed with and tweaked by sthen
2021-03-31	Update for DTLSv1.2 support.	tb	1	-2/+4

2021-03-31	Remove workarounds for SSL_is_dtls()	tb	2	-11/+2
	Reminded by inoguchi jsing
2021-03-31	Remove workaround for missing d2i_DSAPrivateKey_fp prototype	tb	1	-5/+1

2021-03-31	Bump minors after symbol addition	tb	3	-3/+3

2021-03-31	Expose various DTLSv1.2 specific functions and defines	tb	5	-27/+8
	ok bcook inoguchi jsing
2021-03-31	Document SSL_set_hostflags(3) and SSL_get0_peername(3)	tb	1	-18/+4
	ok bcook inoguchi jsing
2021-03-31	Expose SSL_set_hostflags(3) and SSL_get0_peername(3)	tb	2	-3/+3
	ok bcook inoguchi jsing
2021-03-31	Document SSL_use_certificate_chain_file(3)	tb	1	-11/+3
	ok bcook inoguchi jsing
2021-03-31	Expose SSL_use_certificate_chain_file(3)	tb	2	-3/+2
	ok bcook inoguchi jsing
2021-03-31	Provide missing prototype for d2i_DSAPrivateKey_fp(3)	tb	1	-1/+2
	ok bcook inoguchi jsing
2021-03-31	Document EVP_PKEY_new_CMAC_key(3)	tb	1	-16/+4
	ok bcook inoguchi jsing
2021-03-31	Provide EVP_PKEY_new_CMAC_key(3)	tb	2	-5/+2
	ok bcook inoguchi jsing
2021-03-29	whitespace nits	tb	1	-4/+4

2021-03-29	Prepare documenting EVP_PKEY_new_CMAC_key(3)	tb	1	-2/+54
	Based on some text in OpenSSL 1.1.1's EVP_PKEY_new.pod.
2021-03-29	Remove pointless assignment in SSL_get0_alpn_selected().	jsing	1	-4/+1
	ok tb@
2021-03-29	Avoid transcript initialisation when sending a TLS HelloRequest.	jsing	1	-4/+6
	When server side renegotiation is triggered, the TLSv1.2 state machine sends a HelloRequest before going to ST_SW_FLUSH and ST_OK. In this case we do not need the transcript and currently hit the sanity check in ST_OK that ensures the transcript has been freed, breaking server initiated renegotiation. We do however need the transcript in the DTLS case. ok tb@
2021-03-29	Move finished and peer finished to the handshake struct.	jsing	7	-44/+44
	This moves the finish_md and peer_finish_md from the 'tmp' struct to the handshake struct, renaming to finished and peer_finished in the process. This also allows the remaining S3I(s) references to be removed from the TLSv1.3 client and server. ok inoguchi@ tb@
2021-03-29	Add regress coverage for TLSv1.2 record number increment.	jsing	1	-8/+151

2021-03-29	Move the TLSv1.2 record number increment into the new record layer.	jsing	3	-19/+44
	This adds checks (based on the TLSv1.3 implementation) to ensure that the TLS/DTLS sequence numbers do not wrap, as required by the respective RFCs. ok inoguchi@ tb@
2021-03-29	Prepare to provide EVP_PKEY_new_CMAC_key()	tb	4	-20/+84
	sebastia ran into this when attempting to update security/hcxtools. This will be tested via wycheproof.go once the symbol is public. ok jsing, tested by sebastia