openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2017-04-22	For small allocations (chunk) freezero only validates the given	otto	1	-5/+10
	size if canaries are enabled. In that case we have the exact requested size of the allocation. But we can at least check the given size against the chunk size if C is not enabled. Plus add some braces so my brain doesn't have to scan for dangling else problems when I see this code.
2017-04-20	Fix previous.	visa	1	-2/+2

2017-04-20	Get TCB address using the RDHWR instruction instead of __get_tcb().	visa	1	-4/+5
	This gives fast access to the address on systems that implement the UserLocal register. TCB caching is still used when running in the single-threaded mode in order not to penalize old systems. The kernel counterpart of this change must be in place before using this diff! With guenther@
2017-04-18	don't forget to fill in canary bytes for posix_memalign(3); reported by	otto	1	-1/+4
	and ok jeremy@
2017-04-18	use freezero() instead of 4-line conditional explicit_bzero + free	deraadt	4	-28/+10

2017-04-17	consictently use .Dv NULL and a few other tweaks; ok schwarze@	otto	1	-20/+17

2017-04-17	whitespace fixes	otto	1	-14/+14

2017-04-16	Use INT_MAX instead of SIZE_MAX as the maximum file size we can handle.	kettenis	1	-2/+2
	Fixes this test on 64-bit architectures. ok visa@
2017-04-16	Define DEF_WEAK like we do for ld.so to fix building this with clang.	kettenis	1	-1/+2
	ok millert@, deraadt@
2017-04-16	Move comments into a block and uses {} to unconfuse reading.	deraadt	1	-12/+13

2017-04-16	Use %zu to print a size_t.	kettenis	1	-2/+2

2017-04-16	Remove unused rnd_seed variable. Upstream made the same change 4 days ago.	kettenis	1	-3/+0
	Fixes compiling this test using clang on arm64.
2017-04-16	backout previous, data_len is not always initialized	otto	1	-2/+5

2017-04-14	Use freezero(3) when cleaning up session tickets - not only does it require	jsing	1	-6/+3
	less code, but there is also a potential performance gain since they can be larger allocations.
2017-04-14	Use freezero(3) to clean up the X25519 keys - simpler, cleaner code.	jsing	1	-6/+3

2017-04-14	Use freezero(3) in the CBB clean up path, since this could hold sensitive	jsing	1	-3/+2
	information (such as master keys).
2017-04-14	Switch i2d_SSL_SESSION() back to freezero(3) now that the size constraints	jsing	1	-5/+2
	have been relaxed.
2017-04-14	Clean up server key exchange EC point handling. Encode the point directly	jsing	1	-27/+15
	into the CBB memory, rather than mallocing and memcpying, which also makes makes the code more consistent with the client. Add a missing check for the first EC_POINT_point2oct() call. ok beck@
2017-04-13	allow clearing less than allocated and document freezero(3) better	otto	2	-13/+26

2017-04-12	New strstr() implementation from musl libc by Rich Felker. This	millert	1	-44/+180
	version uses the two-way string matching algorithm and is faster than the old implementation. With this change, ports that check for strstr having linear complexity time strstr will no longer replace the libc strstr with a private version. OK deraadt@ espie@
2017-04-11	Revert ssl_asn1.c r1.50 - CBB and freezero(3) do not play nicely together.	jsing	1	-2/+5
	Back this out while we investigate and implement a solution. Found the hard way by sthen@
2017-04-10	new X25519(3) manual page;	schwarze	5	-10/+113
	from Dr. Stephen Henson <steve@openssl.org>, OpenSSL commit d218f3c3
2017-04-10	Use freezero() for the internal opaque structures, instead of the current	jsing	3	-18/+9
	explicit_bzero()/free(). Less code and potentially less overhead.
2017-04-10	Use freezero() for X25519 keys - same result with more readable code.	jsing	1	-7/+3

2017-04-10	document three additional functions;	schwarze	1	-7/+60
	from Emilia Kasper <emilia at openssl dot org>, OpenSSL commit 4ac139b4
2017-04-10	Rework and significantly extend TLS name verification tests to match	jsing	1	-99/+377
	changes in libtls.
2017-04-10	Rework name verification code so that a match is indicated via an argument,	jsing	5	-47/+76
	rather than return codes. More strictly follow RFC 6125, in particular only check the CN if there are no SAN identifiers present in the certificate (per section 6.4.4). Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>. ok beck@ jca@
2017-04-10	freezero() the key block; simpler code and less of it.	jsing	1	-7/+3

2017-04-10	Use freezero() for i2d_SSL_SESSION() - one line of code instead of three.	jsing	1	-5/+2
	In this case the memory allocated can also be significant, in which case freezero() will have less overhead than explicit_bzero() (munmap instead of touching all of the memory to write zeros).
2017-04-10	fix some .Xr errors that jmc@ found with mdoclint(1)	schwarze	3	-12/+13

2017-04-10	new manual page SSL_get_server_tmp_key(3)	schwarze	3	-2/+88
	from Matt Caswell <matt@openssl.org>, OpenSSL commit 508fafd8
2017-04-10	Additional SSL_SESSION documentation	schwarze	11	-16/+349
	from Matt Caswell <matt at openssl dot org>, OpenSSL commit b31db505. Improve crosslinking while here.
2017-04-10	for pure *_ctrl() wrapper macros, move the reference from ssl(3)	schwarze	14	-49/+54
	to SSL_CTX_ctrl(3) to make ssl(3) slightly more palatable
2017-04-10	new manual page SSL_CTX_set_tlsext_servername_callback(3) for SNI;	schwarze	2	-1/+126
	from <Jon dot Spillett at oracle dot com> via OpenSSL commit 8c55c461
2017-04-10	tweak previous;	jmc	1	-4/+4

2017-04-10	Convert various client key exchange functions to freezero(3). The memory	jsing	1	-14/+5
	contents needs to be made inaccessible - this is simpler and less error prone than the current "if not NULL, explicit_bzero(); free()" dance.
2017-04-10	Introducing freezero(3) a version of free that guarantees the process	otto	2	-36/+130
	no longer has access to the content of a memmory object. It does this by either clearing (if the object memory remains cached) or by calling munmap(2). ok millert@, deraadt@, guenther@
2017-04-10	pasto; from <Jon dot Spillett at oracle dot com> via OpenSSL commit 3aaa1bd0	schwarze	1	-3/+3

2017-04-10	typo fix; from <Jon dot Spillett at oracle dot com>	schwarze	1	-5/+5
	via OpenSSL commit 7bd27895
2017-04-09	Simplify/clean up BUF_MEM_grow_clean().	jsing	1	-17/+16
	ok beck@
2017-04-09	With recallocarray() BUF_MEM_grow() is essentially the same as	jsing	1	-28/+2
	BUF_MEM_grow_clean() (the only difference is clearing on internal down sizing), so make it a wrapper. ok beck@ deraadt@
2017-04-09	Explicitly test for NULL.	jsing	1	-4/+4
	ok beck@
2017-04-09	Improve unknown protocol version handling.	jsing	1	-2/+3

2017-04-07	In ssl.h TLS 1.0 is called TLSv1. Adapt name in test to make it pass.	bluhm	1	-1/+1
	OK jsing@
2017-04-07	Use uint8_t instead of u_int8_t - for consistency and to make things easier	jsing	1	-2/+2
	for portable. From Raphael Hittich.
2017-04-06	trailing ; on end of macro definition is wrong; ok guenther	deraadt	1	-4/+4

2017-04-06	Consistentcy between nmembers and size order. From Christopher Hettrick;	otto	1	-8/+8
	ok deraadt@
2017-04-06	bump version for new development branch	bcook	1	-3/+3

2017-04-06	first print size in meta-data then supplied arg size when an inconsistency is	otto	1	-3/+3
	detected wrt recallocarray()
2017-04-05	- -Z before -z in options list	jmc	2	-7/+9
	- add -Z to help and usage()