openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2014-07-13	Add a regress test for the ASN1 handling of SSL session tickets.	jsing	3	-1/+389

2014-07-13	The bell tolls for BUF_strdup - Start the migration to using	beck	40	-145/+155
	intrinsics. This is the easy ones, a few left to check one at a time. ok miod@ deraadt@
2014-07-13	Fix memory leak.	logan	2	-2/+4
	OK from beck@ and miod@
2014-07-13	OPENSSL_{malloc,free} -> {malloc,free}	miod	19	-27/+27

2014-07-13	Warn about the use of BUF_strdup.	miod	1	-2/+4

2014-07-13	Update BUGS section.	miod	1	-4/+6

2014-07-13	oops, i deleted the wrong word	tedu	1	-2/+2

2014-07-13	remove a lie spotted by guenther	tedu	1	-5/+4

2014-07-13	once srandomdev() is called, switch to using arc4random() but mask off the	tedu	1	-12/+10
	high bit as required by posix. wouldn't want to break any standards. idea and ok deraadt
2014-07-13	unbreak build this needed to be an and..	beck	8	-16/+16
	ok jsing@
2014-07-13	Use dl_iterate_phdr() to iterate over the segments and throw the addresses	deraadt	4	-4/+56
	into the hash; hoping the system has some ASLR or PIE. This replaces and substantially improves upon &main which proved problematic with some picky linkers. Work with kettenis, testing by beck
2014-07-13	Split out ntoh[ls] and hton[ls] into their own manpage.	guenther	3	-136/+199
	Update byteorder(3) to cover the new functions in <endian.h> ok deraadt@ millert@
2014-07-13	Provide a link to the canonical API specification.	deraadt	8	-8/+32
	ok beck
2014-07-13	Make sure all error conditions in RSA_padding_add_PKCS1_PSS_mgf1() cause	miod	2	-6/+8
	EVP_MD_CTX_cleanup() to be called.
2014-07-13	Possible PBEPARAM leak in the error path.	miod	2	-12/+16

2014-07-13	dsa_priv_decode(): only destroy the object we've created, and with the	miod	2	-6/+10
	appropriate function. Checking for privkey != NULL is not enough since privkey points to a member of ndsa if ndsa != NULL. dsa_priv_encode(): possible double free in error path.
2014-07-13	Check X509_NAME_oneline() return value when it will have to allocate memory.	miod	2	-2/+6

2014-07-13	EVP_DigestInit_ex() may be used to recycle an existing EVP_MD_CTX without having	miod	2	-6/+18
	to reinitialize all of it, especially if it is used with the same MD algorithm. However, when the MD algorithm changes, it needs to perform more cleanups. Make that code more closer to what EVP_MD_CTX_cleanup() does by: - only freeing md_data if EVP_MD_CTX_FLAG_REUSE is not set - performing an explicit_bzero of md_data before freeing it - making sure we call EVP_PKEY_CTX_free on the pctx if the allocation for the new md_data fails. ok tedu@
2014-07-13	Don't include asn1_mac.h if all you need is asn1.h.	miod	2	-4/+4

2014-07-13	Take out __bounded__ in the include files we use it in when not on OpenBSD.	beck	8	-10/+32
	while we can take it out in portable at compile time, it is still a problem when we install this header file on a system that doesn't support __bounded__ if this is unguarded. ok miod@ bcook@
2014-07-13	While we thought this would make portable life easier it actually	beck	1	-3/+1
	makes it much harder. ok bcook@ kettenis@
2014-07-13	No need to include evp_locl.h in there.	miod	12	-36/+12

2014-07-13	Take away the use of the address of main as a source of entropy. Causes	beck	6	-6/+30
	distractions to people testing and seeing link errors in some setups. This will come back in another form ok deraadt@
2014-07-13	KNF and some code cleaning.	jsing	2	-72/+92

2014-07-13	remove silly cast	deraadt	2	-4/+4

2014-07-13	Another large dose of KNF.	jsing	2	-472/+814

2014-07-12	Apply a large dose of KNF.	jsing	2	-252/+404

2014-07-12	duplicate function names in head1	miod	2	-2/+2

2014-07-12	The correct name for EDH is DHE, likewise EECDH should be ECDHE.	jsing	18	-236/+236
	Based on changes to OpenSSL trunk. ok beck@ miod@
2014-07-12	No need to include asn1_mac.h here.	miod	4	-8/+4

2014-07-12	remove double brackets. fixes build with clang.	jsg	2	-4/+4
	ok jsing@
2014-07-12	Remove this sentence:	miod	2	-6/+4
	``The probability that a randomly generated key is weak is -1/2^52, so it is not really worth checking for them.'' This kind of naively optimistic attitude is not compatible with security.
2014-07-12	more MLINKS	miod	1	-1/+56

2014-07-12	getentropy on Windows. It compiles but has not been thoroughly tested yet.	wouter	2	-0/+112
	OK: beck@
2014-07-12	Remove signed/unsigned warning, statement before declaration and	wouter	6	-58/+64
	add a function to use function pointers that does not take sizeof(fptr). OK beck@
2014-07-12	We have EVP_CIPH_FLAG_DEFAULT_ASN1 in evp.h; no need to keep constructs to	miod	2	-68/+56
	build on pre-EVP_CIPH_FLAG_DEFAULT_ASN1 codebases. ok jsing@
2014-07-12	Remove private_{Camellia,RC4}_set_key FIPS indirection tentacles, as has been	miod	19	-314/+73
	done for other symmetric algorithms recently.
2014-07-12	Provide ssl_version_string() function, which uses one of those modern C	jsing	8	-56/+62
	constructs (a switch statement) and returns the appropriate string defined by SSL_TXT_* for the given version, including support for DTLSv1 and DTLSv1-bad. Use this function in SSL_get_version() and SSL_SESSION_print(). ok beck@
2014-07-12	In openssl_startup(), call SSL_library_init() and SSL_load_error_strings().	jsing	8	-28/+10
	This allows us to remove the ERR_load_crypto_strings() call, along with the various SSL_load_error_strings() and OpenSSL_add_ssl_algorithms() calls scattered around the place. ok beck@
2014-07-12	Make the BLOCK_CIPHER_{generic,custom} macros expand to more readable struct	miod	2	-134/+204
	definitions using C99 field initializers. No functional change.
2014-07-12	Wrap "thread_private.h" with #ifdef __OpenBSD__ so that other systems	deraadt	1	-1/+3
	can copy this file (plus chacha_private.h) directly and reuse it trivially. Well, as long as they have a getentropy() as well.. ok beck
2014-07-12	Remove extra parenthesis.	jsing	2	-4/+4

2014-07-12	need_cert is now always true, so remove the variable and associated	jsing	2	-66/+42
	conditionals. ok miod@
2014-07-12	More KNF.	jsing	1	-95/+108

2014-07-12	Remove #ifndefs for OPENSSL_NO_DH, OPENSSL_NO_ECDH and	jsing	1	-41/+0
	OPENSSL_NO_X509_VERIFY. We're not going to build with these and the same removal has already been done for libssl.
2014-07-12	openssl(1) is only built as a single monolithic binary, so just call	jsing	39	-154/+47
	load_config() once when we start. ok miod@
2014-07-12	jsing and I are investigating removal of all? most? 'getenv from library'	deraadt	2	-2/+6
	instances. This one for OPENSSL_ALLOW_PROXY_CERTS gets turned off first, especially since it had this special comment: /* A hack to keep people who don't want to modify their software happy */ ok beck jsing
2014-07-12	A few fixes/improvements:	miod	2	-40/+38
	- first, BN_free == BN_clear_free in our libcrypto, so we do not need to treat CBIGNUM (crypto BN) separately from BIGNUM (regular BN). - then, in bn_i2c(), since BN_bn2bin returns BN_num_bytes(input), take advantage of this to avoid calling BN_num_bytes() a second time. BN_num_bytes() is cheap, but this not a reason to perform redundant work. - finally, in bn_c2i, if bn_new() fails, return early. Otherwise BN_bin2bn will try to create a BN too, and although this will probably fail since we were already out of memory, if we are on a threaded process and suddenly the allocation succeeds, we will leak it since it will never be stored in *pval. ok jsing@
2014-07-12	Make sure the return value of X509_NAME_oneline(, NULL,) is checked against	miod	4	-10/+26
	NULL. ok deraadt@ guenther@ jsing@
2014-07-12	if (x) FOO_free(x) -> FOO_free(x).	miod	128	-1098/+638
	Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@