openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2016-11-04	make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden	beck	14	-43/+133
	functions.. document with a man page. bump majors on libtls, libssl, libcrypto ok jsing@ guenther@
2016-11-04	Make do_dtls1_write() static to d1_pkt.c and delete declarations for	guenther	2	-8/+6
	three functions that were removed a while ago ok jsing@
2016-11-04	Fix some linewrapping glitches	guenther	1	-7/+5
	ok jsing@
2016-11-04	Some tests require internal symbols; have them link with the static	guenther	4	-8/+10
	libssl or libtls so they can continue to see them after the shared library namespace is cleaned up ok jsing@
2016-11-04	Add assembler code for the nist 256-bit GFp curve, written initially by	miod	9	-6/+19107
	Intel. Obtained from BoringSSL, with some integration work borrowed from OpenSSL 1.0.2; assembler code for arm and sparc64 borrowed from OpenSSL 1.1.0. None of this code is enabled in libcrypto yet. ok beck@ jsing@
2016-11-04	Replace all uses of magic numbers when operating on OPENSSL_ia32_P[] by	miod	26	-146/+245
	meaningful constants in a private header file, so that reviewers can actually get a chance to figure out what the code is attempting to do without knowing all cpuid bits. While there, turn it from an array of two 32-bit ints into a properly aligned 64-bit int. Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will now always use OPENSSL_cpu_caps() and check for the proper bits in the whole 64-bit word it returns. i386 tests and ok jsing@
2016-11-04	Address some signed vs unsigned warnings and check that an integer value	jsing	1	-4/+14
	is positive before passing it to several functions as a size_t. Additionally, in tls_load_file() there is not much point using calloc(), when we're immediately reading into the buffer (having an extra byte for NUL termination seems pointless given the API). ok beck@ miod@
2016-11-04	Assign and test, as is consistent with the rest of the libtls code.	jsing	1	-7/+4

2016-11-04	Use a consistent name for struct bio_cb * variables.	jsing	1	-6/+6

2016-11-04	Rename struct bio_cb_st to struct bio_cb.	jsing	1	-8/+8

2016-11-04	Do not cast a pointer to a struct, to a char * when assigning to a void *.	jsing	1	-2/+2

2016-11-04	Use a consistent name for a BIO *, rather than having four different names	jsing	1	-49/+51
	in the same file.
2016-11-04	Avoid signed vs unsigned comparisons.	jsing	1	-3/+4
	ok miod@
2016-11-04	convert X509 manuals from pod to mdoc	schwarze	39	-1825/+2566

2016-11-04	Completely rewrite the session handling ASN.1 code using CBB and CBS. This	jsing	1	-616/+329
	addresses two 2038 related issues and also adds support for allocation in the i2d function, which will allow for simplification in the callers. ok beck@ miod@
2016-11-04	Convert ssl3_get_server_kex_dhe() to CBS.	jsing	1	-42/+19
	ok beck@
2016-11-04	No need to reach libssl private headers and to define TERMIOS anymore.	miod	1	-4/+1
	ok bcook@
2016-11-04	Remove I386_ONLY define. It was only used to prefer a	miod	18	-60/+15
	faster-on-genuine-80386-but-slower-on-80486-onwards innstruction sequence in the SHA512 code, and had not been enabled in years, if at all. ok tom@ bcook@
2016-11-04	In OPENSSL_wipe_cpu() on i386, which noone uses anyway, check the proper	miod	1	-1/+1
	flag for the presence of a FPU before deciding to wipe the fpu registers. ok jsing@
2016-11-04	There's not much point having three static functions that do a cast and	jsing	1	-33/+6
	assign a pointer, when we can just inline the three and do one cast followed by three pointer assignments.
2016-11-04	Do not mix declarations and code.	jsing	1	-3/+7

2016-11-04	Rename the internal bio related functions so that they have a common	jsing	1	-22/+22
	prefix. Makes the code more readable and removes shadowing.
2016-11-04	Add X509_up_ref, from boring	beck	2	-2/+11
	ok jsing@
2016-11-04	convert RSA manuals from pod to mdoc	schwarze	31	-1223/+1919

2016-11-04	MALLOC_STATS tweaks, by default not compiled in	otto	1	-13/+29

2016-11-04	There's not much point in casting a void * to a specific type just before	jsing	1	-4/+2
	calling free(). ok beck@ ingo@
2016-11-04	new sentence, new line, and zap trailing whitespace;	jmc	1	-3/+4

2016-11-04	bump minor for ocsp_require_stapling addition	beck	1	-1/+1

2016-11-04	Add ocsp_require_stapling config option for tls - allows a connection	beck	7	-12/+37
	to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@
2016-11-03	small tweak to also check canaries if F is in effect	otto	1	-3/+5

2016-11-03	In ssl3_read_bytes(), do not process more than three consecutive TLS	jsing	1	-4/+24
	records, otherwise a peer can potentially cause us to loop indefinately. Return with an SSL_ERROR_WANT_READ instead, so that the caller can choose when they want to handle further processing for this connection. ok beck@ miod@
2016-11-03	make OCSP_URL only show up when an OCSP url is actually present in the cert	beck	1	-2/+3

2016-11-03	Make OCSP Stapling: only appear if there is stapling info present.	beck	1	-5/+3

2016-11-03	convert RAND manuals from pod to mdoc	schwarze	11	-196/+204

2016-11-03	zap the overview manual page of the RAND subsystem	schwarze	2	-36/+1
	that contained nothing but duplicate and misleading information; OK jsing@
2016-11-03	convert PEM and PKCS manuals from pod to mdoc	schwarze	27	-1380/+2231

2016-11-03	Split ssl3_get_key_exchange() into separate functions for DHE/ECDHE.	jsing	1	-205/+256
	ok beck@ (who was struggling to keep lunch down while reviewing the diff)
2016-11-03	Don't do OCSP validation when we have disabled certificate verification	beck	2	-5/+8
	or certificate validation. ok jsing@
2016-11-03	convert configuration manuals from pod to mdoc	schwarze	9	-305/+340

2016-11-03	convert remaining ASN1 object manuals from pod to mdoc	schwarze	5	-175/+299

2016-11-03	Only set an error from libssl related code, if an error has not already	jsing	2	-7/+47
	been set by libtls code. This avoids the situation where a libtls callback has set an error, only to have it replaced by a less useful libssl based error. ok beck@
2016-11-03	convert HMAC and MD5 manuals from pod to mdoc	schwarze	5	-210/+393

2016-11-03	convert EVP manuals from pod to mdoc	schwarze	49	-2724/+4229

2016-11-03	Fix handshake failures:	beck	1	-20/+26
	split out internals of OCSP verification to allow callback to verify before TLS handshake is complete
2016-11-03	Clean up the TLS handshake digest handling - this refactors some of the	jsing	2	-30/+43
	code for improved readability, however it also address two issues. The first of these is a hard-to-hit double free that will occur if EVP_DigestInit_ex() fails. To avoid this and to be more robust, ensure that tls1_digest_cached_records() either completes successfully and sets up all of the necessary digests, or it cleans up and frees everything that was allocated. The second issue is that EVP_DigestUpdate() can fail - detect and handle this in tls1_finish_mac() and change the return type to an int so that a failure can be propagated to the caller (the callers still need to be fixed to handle this, in a later diff). The double-free was reported by Matthew Dillon. ok beck@ doug@ miod@
2016-11-02	bit more cleanup;	jmc	1	-9/+9

2016-11-02	fix shadow declaration of time in parameter list.	beck	1	-2/+2
	ok jsing@
2016-11-02	Ensure handshake is complete before processing an ocsp response for a ctx	beck	1	-0/+3
	ok jsing@
2016-11-02	tweak previous;	jmc	1	-32/+26

2016-11-02	convert ERR manuals from pod to mdoc; while reading this,	schwarze	23	-705/+963
	i wtfed, laughed, puked, and cried in more or less that order...