openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2018-11-13	Just err if we can't create secrets	beck	1	-2/+2

2018-11-13	NULL out mdctx to prevent possible double free introduced in version 1.4	beck	1	-1/+2
	Spotted by maestre@, ok tb@
2018-11-13	Fix pkey_ok to be less strange, and add cuve checks required for the EC ones	beck	1	-9/+26
	ok tb@
2018-11-12	Missing initialization for pub_key. CID 184303.	tb	1	-2/+2
	ok bcook
2018-11-12	Rework the sm3 regress based on a suggestion by jsing. Zap the weird	tb	1	-30/+36
	hex_encode() function and use byte arrays instead of strings to store the expected values. Snatch and tweak hexdump() from beck's key_schedule test to pretty-print data in case of failure.
2018-11-11	Add check function to verify that pkey is usable with a sigalg.	beck	4	-7/+24
	Include check for appropriate RSA key size when used with PSS. ok tb@
2018-11-11	Add back a few missing compatibility stubs	bcook	2	-4/+37
	ok beck@
2018-11-11	quiet warning on other compilers	bcook	1	-3/+3
	ok beck@
2018-11-11	Fix a race in libssl interop regress. The success messages from	bluhm	3	-6/+9
	the server child could be delayed. In this case wait a second and check again.
2018-11-11	Hook up sm3 regress tests.	tb	1	-1/+2

2018-11-11	Add sm3 regress tests.	tb	2	-0/+101

2018-11-11	Add sm3 to the 'openssl dgst' command.	tb	1	-1/+5
	ok beck inoguchi
2018-11-11	Add EVP_sm3() to OpenSSL_add_all_digests_internal().	tb	1	-1/+4
	ok beck inoguchi
2018-11-11	bump minors after symbol addition.	tb	3	-3/+3

2018-11-11	Add SSL_set1_host(), a thin wrapper around X509_VERIFY_PARAM_set1_host().	tb	3	-2/+10
	Used by unbound's DNS over TLS implementation to do server name verification. ok jsing
2018-11-11	Add Ribose Inc's implementation of the SM3 hashing function with	tb	8	-3/+437
	tweaks from jsing and myself. The SM2/SM3/SM4 algorithms are mandatory for legal use of cryptography within China and [are] widely applied in the country, covering identification/financial cards, contactless, TPM 2.0 and PKI. ok beck inoguchi jsing
2018-11-11	Nuke trailing whitespace	beck	1	-6/+6

2018-11-11	Add automatic threading initialization for libcrypto.	bcook	8	-561/+141
	This implements automatic thread support initialization in libcrypto. This does not remove any functions from the ABI, but does turn them into no-ops. Stub implementations of pthread_mutex_(init\|lock\|unlock) are provided for ramdisks. This does not implement the new OpenSSL 1.1 thread API internally, keeping the original CRYTPO_lock / CRYPTO_add_lock functions for library locking. For -portable, crypto_lock.c can be reimplemented with OS-specific primitives as needed. ok beck@, tb@, looks sane guenther@
2018-11-11	Free the server tls transcript in case session reuse did not work.	bluhm	1	-3/+4
	Regression found by Perl module p5-IO-Socket-SSL tests. with beck@ tb@
2018-11-11	include crypto.h from the correct path, remove unused variable	bcook	1	-5/+2

2018-11-11	Add support for RSA PSS algorithims being used in sigalgs.	beck	2	-2/+29
	lightly tested, but will need sanity checks and regress test changes before being added to any sigalgs list for real ok jsing@ tb@
2018-11-11	Convert signatures and verifcation to use the EVP_DigestXXX api	beck	3	-45/+93
	to allow for adding PSS, Nuke the now unneejded guard around the PSS algorithms in the sigalgs table ok jsing@ tb@
2018-11-11	Reorganize libssl interop tests. Move netcat tests into separate	bluhm	9	-148/+197
	directory. Keep all log files for easier debugging. Name regress target names consistently.
2018-11-10	Remove dead code	beck	2	-16/+2
	ok jsing@
2018-11-10	Speling	beck	1	-2/+2

2018-11-10	Regress client and server can do session reuse now. Test this with	bluhm	6	-129/+220
	all combinations of LibreSSL, OpenSSL 1.0.2, and OpenSSL 1.1. It is currently disabled for TLS 1.3 as this needs more setup.
2018-11-10	Tweak and improve the TLSv1.3 state machine.	jsing	1	-24/+46
	- Provide a tls13_handshake_active_action() function to reduce code duplication and replace tls13_handshake_get_sender(). - Add an INVALID message_type, so we can explicitly detect invalid conditions. - Implement skeletons for the tls13_handshake_send_action() and tls13_handshake_recv_action() functions. - OR in the NEGOTIATED value at the end of recving or sending a server hello so that we switch to the next chain in the state table. ok tb@
2018-11-10	Make sure the interop test happen last (since they take a long time)	beck	2	-8/+9

2018-11-10	Clean up and free objects at the completion of the regress test.	jsing	1	-1/+13
	From Ben L <bobsayshilol at live dot co dot uk>.
2018-11-10	fix a leak reported by Ben L (bobsayshilol () live ! co ! uk)	tb	1	-1/+3

2018-11-10	Fix a leak reported by Ben L bobsayshilol () live ! co ! uk.	tb	1	-1/+3

2018-11-10	fix a leak pointed out by Ben L (bobsayshi () live ! co ! uk)	tb	1	-4/+8

2018-11-10	Avoid a double allocation and memory leak.	jsing	1	-4/+2
	Reported by Ben L <bobsayshilol at live dot co dot uk>
2018-11-10	Stop keeping track of sigalgs by guessing it from digest and pkey,	beck	8	-92/+102
	just keep the sigalg around so we can remember what we actually decided to use. ok jsing@
2018-11-10	More regress all the way to exporter_master	beck	1	-4/+44

2018-11-10	Use TLS13_HS_{CLIENT,SERVER} instead of using a redundant _SEND{,S}.	tb	1	-30/+28
	ok jsing
2018-11-10	Fix last of the empty hash nonsense	beck	2	-32/+6
	ok jsing@
2018-11-09	Update key schedule regress to match API changes.	jsing	1	-21/+12

2018-11-09	Fix the TLSv1.3 key schedule implementation.	jsing	2	-66/+95
	When the RFC refers to ("") for key derivation, it is referring to the transcript hash of an empty string, not an empty string. Rename tls13_secrets_new() to tls13_secrets_create(), make it take an EVP_MD * and calculate the hash of an empty string so that we have it available for the "derived" and other steps. Merge tls13_secrets_init() into the same function, remove the EVP_MD * from other functions and use the empty string hash at the appropriate places. ok beck@ tb@
2018-11-09	Use "send" and "recv" consistently instead of mixing them with "read"	tb	1	-98/+108
	and "write". Use self-documenting C99 initializers. ok bcook, jsing
2018-11-09	Initialize priv_key and pub_key on first use instead of at the top.	tb	1	-6/+4
	While there, eliminate a flag that was only used once. ok beck jsing mestre
2018-11-09	Initialize priv_key and pub_key on first use instead of at the top.	tb	1	-4/+4
	ok beck jsing mestre
2018-11-09	The Botan library from ports an be configured to use OpenSSL or	bluhm	2	-1/+22
	LibreSSL as crypto provider. When we run their regression tests, we are actually testing our library. This is far from perfect. A lot of LibreSSL features have not been implemented as Botan provider. Even if provider openssl is specified, botan-test runs a lot of non-openssl tests. This can be improved later.
2018-11-09	Avoid dereferencing eckey before checking it for NULL.	tb	1	-5/+6
	CID 184282 ok beck jsing mestre
2018-11-09	remove the not yet implemented "handshake" subdirectory	tb	1	-2/+1

2018-11-09	Add subdirectires with SUBDIR += instead of a single assignment with	tb	3	-67/+65
	line continuations.
2018-11-09	Remove ethers(5) YP support bits from libc as it makes it difficult to	brynet	2	-70/+8
	effectively use pledge(2) in some programs. approval from many, thanks! idea by & ok deraadt@
2018-11-09	Ensure we free the handshake transcript upon session resumption.	jsing	1	-1/+4
	Found the hard way by jmc@ ok tb@
2018-11-09	The cert subdir is testing all combinations of certificate validation.	bluhm	11	-48/+244
	Having the three libraries, client and server certificates, missing or invalid CA or certificates, and enforcing peer certificate results in 1944 new test cases.
2018-11-09	Ensure we only choose sigalgs from our prefernce list, not the whole list	beck	4	-10/+19
	ok jsing@