openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2016-11-05	bump minors for symbol addition for ocsp and x25519 symbol additions	beck	3	-3/+3

2016-11-05	Add support for server side OCSP stapling to libtls.	beck	9	-16/+98
	Add support for server side OCSP stapling to netcat.
2016-11-05	Add regress for X25519, converted from BoringSSL.	jsing	3	-1/+150

2016-11-05	after getting rid of the pod files, clean up the Makefiles; ok bcook@	schwarze	4	-41/+23

2016-11-05	Add support for X25519.	jsing	5	-1/+5136
	This brings in code from BoringSSL, which is mostly taken from SUPERCOP. ok beck@ bcook@
2016-11-05	rename ocsp_ctx to ocsp	beck	3	-68/+68
	ok jsing@
2016-11-05	minor mandoc -Tlint nits	schwarze	3	-9/+8

2016-11-05	add the missing content, sorry for committing an empty file	schwarze	1	-0/+69

2016-11-05	Stricter validation of inputs of OPENSSL_asc2uni() and OPENSSL_uni2asc().	miod	1	-17/+34
	While there, try to make these slightly less obfuscated. ok beck@ jsing@
2016-11-05	convert the remaining manual pages from pod to mdoc	schwarze	25	-1650/+3615

2016-11-05	X509_STORE_CTX_set_*() may fail, so check for errors.	miod	1	-4/+14
	ok beck@
2016-11-05	Do not leak the ressources possibly allocated by EVP_MD_CTX_init() in the	miod	1	-2/+3
	trivial error path of PKCS12_key_gen_uni(). ok beck@ jsing@
2016-11-05	Set PROG so that the binary correctly gets recompiled when the libraries	miod	1	-11/+5
	it is linked against change. ok beck@ jsing@
2016-11-05	Make sure PEM_SealInit() will correctly destroy the PEM_ENCODE_SEAL_CTX	miod	1	-8/+22
	upon error, as there is no way to do this outside of PEM_SealFinal(), which can only work if PEM_SealInit() succeeded... ok beck@ jsing@
2016-11-05	No need to duplicate definitions from evp.h locally.	miod	2	-14/+2
	ok bock@ jsing@
2016-11-05	Stop abusing the ternary operator to decide which function to call in a	miod	1	-3/+6
	return statement. ok beck@ jsing@
2016-11-05	further tweakage, with an improvement from joel;	jmc	1	-5/+5
	ok jsing schwarze
2016-11-05	Convert ssl3_get_server_kex_ecdhe() to CBS, simplifying tls1_check_curve()	jsing	3	-62/+41
	in the process. This also fixes a long standing bug where tls1_ec_curve_id2nid() is called with only one byte of the curve ID. ok beck@ miod@
2016-11-05	Remove generated Symbols.map on make clean.	jsing	2	-3/+5
	ok guenther@
2016-11-04	tweak previous	schwarze	1	-34/+39

2016-11-04	Move pqueue regress from libcrypto to libssl, since that's where the pqueue	jsing	5	-5/+5
	code now lives. Also unbreak the regress following the symbol hiding changes in libssl.
2016-11-04	Rename ssl3_get_key_exchange() to ssl3_get_server_key_exchange(), since	jsing	3	-7/+7
	that's what it really is. ok miod@
2016-11-04	Build with WARNINGS=Yes.	jsing	1	-1/+3

2016-11-04	Avoid shadowing the socket global.	jsing	1	-3/+3
	ok miod@
2016-11-04	Make the tls_keypair_new() function a valid prototype.	jsing	1	-2/+2

2016-11-04	Avoid another signed vs unsigned comparison.	jsing	1	-2/+6
	ok miod@
2016-11-04	Tidy up the usage of peer_ecdh_tmp, following the fixed ECDH removal.	jsing	1	-13/+5
	ok beck@
2016-11-04	Kill a bunch of OLD_ASN1 usage by replacing ASN1_{d2i,i2d}_* with	jsing	7	-53/+107
	ASN1_item_{d2i,i2d}_* equivalents. ok guenther@ miod@
2016-11-04	Mark a couple local functions as static	guenther	2	-4/+4
	ok jsing@ beck@
2016-11-04	The *_method_data structures can be static	guenther	6	-21/+21
	ok jsing@
2016-11-04	Add an explict list of exported symbols with just the functions	guenther	5	-11/+289
	declared in the public headers, and use __{BEGIN,END}_HIDDEN_DECLS in the internal headers to optimize internal functions ok jsing@
2016-11-04	Add an explict list of exported symbols with just the functions declared	guenther	3	-2/+85
	in <tls.h>, and use __{BEGIN,END}_HIDDEN_DECLS in tls_internal.h to optimize internal functions ok jsing@
2016-11-04	Nuke the KRB5 ASN.1 code from orbit.	jsing	3	-984/+1
	ok beck@
2016-11-04	Ride the current major bump and enable assembler code for nist 256p curve,	miod	4	-3/+19
	on amd64 only for now. Stanzas to enable it on arm, i386 and sparc64 are provided but commented out for lack of testing due to the machine room being currently in storage. ok jsing@
2016-11-04	make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden	beck	14	-43/+133
	functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
2016-11-04	Make do_dtls1_write() static to d1_pkt.c and delete declarations for	guenther	2	-8/+6
	three functions that were removed a while ago ok jsing@
2016-11-04	Fix some linewrapping glitches	guenther	1	-7/+5
	ok jsing@
2016-11-04	Some tests require internal symbols; have them link with the static	guenther	4	-8/+10
	libssl or libtls so they can continue to see them after the shared library namespace is cleaned up ok jsing@
2016-11-04	Add assembler code for the nist 256-bit GFp curve, written initially by	miod	9	-6/+19107
	Intel. Obtained from BoringSSL, with some integration work borrowed from OpenSSL 1.0.2; assembler code for arm and sparc64 borrowed from OpenSSL 1.1.0. None of this code is enabled in libcrypto yet. ok beck@ jsing@
2016-11-04	Replace all uses of magic numbers when operating on OPENSSL_ia32_P[] by	miod	26	-146/+245
	meaningful constants in a private header file, so that reviewers can actually get a chance to figure out what the code is attempting to do without knowing all cpuid bits. While there, turn it from an array of two 32-bit ints into a properly aligned 64-bit int. Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will now always use OPENSSL_cpu_caps() and check for the proper bits in the whole 64-bit word it returns. i386 tests and ok jsing@
2016-11-04	Address some signed vs unsigned warnings and check that an integer value	jsing	1	-4/+14
	is positive before passing it to several functions as a size_t. Additionally, in tls_load_file() there is not much point using calloc(), when we're immediately reading into the buffer (having an extra byte for NUL termination seems pointless given the API). ok beck@ miod@
2016-11-04	Assign and test, as is consistent with the rest of the libtls code.	jsing	1	-7/+4

2016-11-04	Use a consistent name for struct bio_cb * variables.	jsing	1	-6/+6

2016-11-04	Rename struct bio_cb_st to struct bio_cb.	jsing	1	-8/+8

2016-11-04	Do not cast a pointer to a struct, to a char * when assigning to a void *.	jsing	1	-2/+2

2016-11-04	Use a consistent name for a BIO *, rather than having four different names	jsing	1	-49/+51
	in the same file.
2016-11-04	Avoid signed vs unsigned comparisons.	jsing	1	-3/+4
	ok miod@
2016-11-04	convert X509 manuals from pod to mdoc	schwarze	39	-1825/+2566

2016-11-04	Completely rewrite the session handling ASN.1 code using CBB and CBS. This	jsing	1	-616/+329
	addresses two 2038 related issues and also adds support for allocation in the i2d function, which will allow for simplification in the callers. ok beck@ miod@
2016-11-04	Convert ssl3_get_server_kex_dhe() to CBS.	jsing	1	-42/+19
	ok beck@