| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2020-01-12 | Avoid leak in error path of PKCS5_PBE_keyivgen | inoguchi | 1 | -1/+2 | |
| ok jsing@ tb@ | |||||
| 2020-01-11 | Set "Content-Type: application/ocsp-request" in ocspcheck(1)'s POSTs, | sthen | 1 | -1/+2 | |
| it is required by the RFC and some CAs require it (e.g. sectigo). From daharmasterkor at gmail com, ok jca@ | |||||
| 2020-01-09 | Avoid leak in error path of asn1_parse2 | inoguchi | 1 | -17/+21 | |
| ok tb@ | |||||
| 2020-01-07 | If the client provides a TLS certificate and the user specifies a | bluhm | 1 | -5/+6 | |
| hash value on the nc(1) server command line, the netcat server must use the TLS context of the accepted socket for verification. As the listening socket was used instead, the verification was always successful. If the peer provides a certificate, there must be a hash. Make the hash verification fail safe. OK tb@ | |||||
| 2020-01-06 | The unveil(2) for nc -U -u -l was wrong. The server cannot unveil | bluhm | 1 | -4/+23 | |
| the file system as it has to connect to the UNIX domain client socket. The path of the latter is determined dynamically. Instead add a restrictive pledge(2) after connect(2). OK tb@ | |||||
| 2020-01-06 | When using UNIX domain sockets, always call report_sock() with the | bluhm | 1 | -6/+10 | |
| path name of the socket. This avoids bad errors from getnameinfo(3). Use the same error check for both calls to getnameinfo(3). OK millert@ tb@ | |||||
| 2020-01-04 | Check CMS API return value in openssl(1) cms | inoguchi | 1 | -11/+21 | |
| ok jsing@ | |||||
| 2020-01-04 | Avoid leak in error path of dh_priv_decode | inoguchi | 1 | -1/+2 | |
| ok jsing@ tb@ | |||||
| 2020-01-02 | In ssl.h rev. 1.167 and s3_lib.c rev. 1.188, jsing@ provided | schwarze | 1 | -4/+21 | |
| the new function SSL_CTX_get_extra_chain_certs_only(3) and changed the semantics of the existing SSL_CTX_get_extra_chain_certs(3) API from the former OpenSSL 1.0.1 behaviour to the new, incompatible OpenSSL 1.0.2 behaviour. Adjust the documentation. OK jsing@ beck@ inoguchi@ | |||||
| 2020-01-02 | Revise SSL_CTX_get_extra_chain_certs() to match OpenSSL behaviour. | jsing | 2 | -8/+23 | |
| In OpenSSL, SSL_CTX_get_extra_chain_certs() really means return extra certs, unless there are none, in which case return the chain associated with the certificate. If you really just want the extra certs, including knowing if there are no extra certs, then you need to call SSL_CTX_get_extra_chain_certs_only()! And to make this even more entertaining, these functions are not documented in any OpenSSL release. Reported by sephiroth-j on github, since the difference in behaviour apparently breaks OCSP stapling with nginx. ok beck@ inoguchi@ tb@ | |||||
| 2020-01-02 | Provide TLSEXT_TYPE_* aliases for TLS 1.3. | jsing | 1 | -1/+10 | |
| OpenSSL decided to use their own names for two of the TLS 1.3 extensions, rather than using the names given in the RFC. Provide aliases for these so that code written to work with OpenSSL also works with LibreSSL (otherwise everyone gets to provide their own workarounds). Issue noted by d3x0r on github. ok inoguchi@ tb@ | |||||
| 2019-12-20 | drand48(3) returns values in [0.0, 1.0). | tb | 1 | -3/+3 | |
| From j@bitminer.ca with input from Andras Farkas, deraadt, joerg@netbsd "fix however you feel best!" jmc | |||||
| 2019-12-19 | spelling; from bryan stenson | jmc | 1 | -3/+3 | |
| 2019-12-18 | use "Currently" in the doc for "openssl enc" when talking about default | sthen | 1 | -2/+2 | |
| md, to hint that it might not always be the case (e.g. if dealing with files from a different version of the tool). ok tb@ | |||||
| 2019-12-18 | In January, the default digest used in the openssl enc command was | tb | 1 | -7/+4 | |
| changed from md5 to sha256. Update manual to reflect that. From Fabio Scotoni ok jmc | |||||
| 2019-12-14 | whitespace from go fmt + update a comment | tb | 1 | -4/+4 | |
| 2019-12-14 | Run Wycheproof HMAC test vectors against libcrypto. | tb | 1 | -1/+96 | |
| 2019-12-14 | Fix documented signatures of HMAC(3) and HMAC_Update(3). The n and len | tb | 1 | -4/+4 | |
| arguments were changed from int to size_t with the import of OpenSSL 0.9.8h in 2008. | |||||
| 2019-12-11 | The file passed to realpath(3) must exists, adjust man page to new | bluhm | 1 | -3/+3 | |
| behavior. noticed by hshoexer@; OK beck@ | |||||
| 2019-12-09 | update to-do list | tb | 1 | -2/+1 | |
| 2019-12-09 | Run Wycheproof DSA P1363 test vectors against libcrypto. | tb | 1 | -19/+71 | |
| 2019-12-05 | Document X509_STORE_CTX_set_flags() which is a handy way to change the | claudio | 1 | -3/+18 | |
| verification param flags of a context. While this function is marked as likely to be deprecated in OpenSSL it seems that this may not happen. This is why we decided to still document it. OK and input from ingo@ tb@ | |||||
| 2019-12-03 | update to-do list | tb | 1 | -2/+2 | |
| 2019-12-03 | Run Wycheproof ECDSA P1363 test vectors against libcrypto. | tb | 1 | -8/+8 | |
| 2019-12-03 | Add an EcPoint variant and pass it to the ECDH test runner. | tb | 1 | -20/+31 | |
| 2019-12-03 | Annotate test vector files with an enum which we can then pass to the | tb | 1 | -27/+48 | |
| run*Test programs as needed. | |||||
| 2019-12-03 | Add missing RCS tag. | tb | 1 | -0/+1 | |
| 2019-12-03 | Fix typo: ECHD -> ECDH. | tb | 1 | -4/+4 | |
| From Michael Forney, thanks! | |||||
| 2019-11-28 | Run additional 3004 ECDH and 1575 ECDSA test vectors against libcrypto. | tb | 1 | -3/+12 | |
| For now, skip 96 ECDH tests for secp224k1. | |||||
| 2019-11-28 | move the HKDF tests up a bit | tb | 1 | -68/+68 | |
| 2019-11-28 | update to-do list | tb | 1 | -2/+1 | |
| 2019-11-28 | go fmt | tb | 1 | -10/+10 | |
| 2019-11-28 | no need for fallthrough | tb | 1 | -19/+7 | |
| 2019-11-28 | Run HKDF test vectors against libcrypto. | tb | 1 | -1/+95 | |
| 2019-11-28 | Run XChaCha20-Poly1305 test vectors against libcrypto. | tb | 1 | -14/+43 | |
| 2019-11-28 | Add manual for openssl(1) cms | inoguchi | 1 | -2/+518 | |
| ok and comments jmc@ | |||||
| 2019-11-28 | typo | tb | 1 | -2/+2 | |
| 2019-11-27 | Add to do list. | tb | 1 | -1/+7 | |
| 2019-11-27 | Only run the test vectors from x25519_test.json for now. | tb | 1 | -2/+6 | |
| 2019-11-27 | RSASig now has the more specific name RSASSA-PKCS1-v1_5. | tb | 1 | -10/+14 | |
| 2019-11-27 | Only print the basename of skipped test files. | tb | 1 | -2/+3 | |
| 2019-11-27 | go fmt | tb | 1 | -10/+9 | |
| 2019-11-27 | Run RSAES-PKCS1-v1_5 test vectors against libcrypto. | tb | 1 | -9/+104 | |
| 2019-11-27 | Make error messages look like other test cases. | tb | 1 | -4/+4 | |
| 2019-11-27 | Add glue for new RSA-OAEP tests. | tb | 1 | -2/+158 | |
| 2019-11-27 | Skip tests with unsupported signature algorithm SHA512/224 as well. | tb | 1 | -2/+2 | |
| 2019-11-27 | The DSA test vectors were split up and more tests were added. | tb | 1 | -2/+2 | |
| Enable them, as all of them pass. | |||||
| 2019-11-27 | New failure mode for AES-CCM: "very long nonce". | tb | 1 | -2/+2 | |
| 2019-11-27 | Prepare update of wycheproof-testvectors. Skip some tests for things | tb | 1 | -2/+10 | |
| we don't support in LibreSSL and make sure we run as many tests as possible. | |||||
| 2019-11-26 | Add support for TLS 1.3 post handshake messages and key updating. | beck | 3 | -20/+217 | |
| tested against openssl 1.1's server. ok jsing@ tb@ | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |