openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2014-06-19	Move rs_chacha and rs_buf into the same memory page and don't mark it	matthew	1	-22/+31
	MAP_INHERIT_ZERO anymore. This restores arc4random's previous behavior where fork children would mix in some randomness from the parent process. New behavior noticed by deraadt ok deraadt, tedu
2014-06-18	Always call atexit handlers as if they were registered with __cxa_atexit.	kettenis	3	-19/+13
	The extra argument doesn't hurt genuine atexit handlers and this fixes a bug where we didn't provide the argument (effectively passing garbage) for functions registered with __cxa_atexit in the main executable. Pointed out by Dmitriy Ivanov <dimitry@google.com> and Elliott Hughes <enh@google.com>. ok matthew@
2014-06-18	Add regress tests to make sure arc4random(3) is reinitialized	matthew	3	-2/+181
	correctly in fork children.
2014-06-18	In ssl3_send_newsession_ticket(), fix a memory leak in an error path.	miod	2	-4/+8

2014-06-18	Missinc calloc() return value check; ok deraadt@	miod	1	-1/+5

2014-06-18	Make sure to always invoke EVP_CIPHER_CTX_cleanup() before returning in the	miod	2	-8/+20
	error paths from tls_decrypt_ticket(). ok tedu@
2014-06-18	Use asprintf() instead of a fixed 128-byte size in SSL_CIPHER_description()	miod	2	-22/+22
	when no storage buffer is passed. ok deraadt@ tedu@
2014-06-18	In SSL_COMP_add_compression_method(), make sure error cases actually return	miod	2	-4/+4
	`error' rather than `success'. ok deraadt@
2014-06-17	ssl_session_cmp is not a sort function, can use CRYPTO_memcmp here too.	tedu	2	-4/+8

2014-06-17	Use MAP_INHERIT_ZERO in arc4random(3)	matthew	1	-37/+44
	Now instead of calling getpid() each time a user invokes arc4random(), we're able to rely on the kernel zero'ing out the RNG state if the process forks. ok deraadt, djm
2014-06-15	free iv, then cleanse. from Cyril Jouve	tedu	2	-4/+4

2014-06-15	Simplify EVP_MD_CTX_create() by just using calloc(). Also, use 0 rather	jsing	2	-18/+8
	than '\0' for several memset(). ok beck@ miod@
2014-06-15	Simplify EVP_CIPHER_CTX_new() - stop pretending that EVP_CIPHER_CTX_init()	jsing	2	-12/+4
	does something special... just use calloc() instead. ok beck@ miod@
2014-06-15	Add missing OPENSSL_cleanse() in aead_aes_gcm_cleanup().	jsing	2	-2/+4
	ok beck@ miod@
2014-06-15	The OPENSSL_cleanse() in aes_gcm_cleanup() only cleans the gcm field of the	jsing	2	-4/+4
	EVP_AES_GCM_CTX, leaving the AES key untouched - clean the entire context, rather than just part of it. ok beck@ miod@
2014-06-15	Rename ssl3_record_sequence_update() to ssl3_record_sequence_increment(),	jsing	7	-55/+28
	so that it reflects what it is actually doing. Use this function in a number of places that still have the hand rolled version. ok beck@ miod@
2014-06-15	oops, typo. James Hartley is fast at trying -current	deraadt	1	-2/+2

2014-06-15	In srandomdev(), use arc4random_buf() instead of from the kernel.	deraadt	1	-4/+3
	discussion with matthew
2014-06-14	Add more bounded attributes to the buffer and md5/sha headers in libssl	avsm	6	-38/+70
	ok miod@
2014-06-13	typo	miod	2	-4/+4

2014-06-13	For now... assume success of getentropy() just like we assumed success	deraadt	1	-3/+3
	of sysctl(). Mark it with XXX while we consider.
2014-06-13	Correctly calculate the key block length when using export ciphers.	jsing	2	-2/+10

2014-06-13	Overhaul the keyblock handling in ssl3_change_cipher_state(). Use	jsing	1	-32/+45
	meaningful variable names with use with pointer arithmitic rather than complex array indexing.
2014-06-13	Correctly calculate the key block length when used with export ciphers.	jsing	1	-17/+24
	While here, use meaningful variable names and simplify the calculation.
2014-06-13	Remove deprecated RFC2292 ancillary data convenience functions.	chrisz	2	-488/+2
	They are obsoleted by the RFC3542 api. ok mpi@
2014-06-13	use getgentropy() call. If it fails, things are pretty bad --	deraadt	1	-8/+3
	call abort(). this direction discussed at length with miod beck tedu matthew etc
2014-06-13	use getentropy; from matthew	deraadt	1	-5/+2

2014-06-13	Use meaningful variable names, rather than i, j, k and cl.	jsing	1	-23/+27

2014-06-13	Do not bother trying to work out of we can reuse a cipher context - just	jsing	1	-22/+12
	throw it away and create a new one. This simplifies the code and also allows ASR to do its thing.
2014-06-13	Separate the comression handling from the cipher/message digest handling in	jsing	1	-43/+47
	ssl3_change_cipher_state().
2014-06-13	Swap compress/expand around so they are in the correct order - these ended	jsing	2	-28/+28
	up in the wrong order when the code was refactored.
2014-06-13	The export_key/export_iv variables are only used in the is_export case.	jsing	1	-7/+10
	Also use c rather than &c[0].
2014-06-13	Rename a bunch of variables in ssl3_change_cipher_state() for readability.	jsing	1	-38/+40
	This also brings it inline with tls1_change_cipher_state_cipher().
2014-06-13	Add ChaCha20-Poly1305 based ciphersuites.	jsing	10	-14/+162
	Based on Adam Langley's chromium patches. Tested by and ok sthen@
2014-06-13	Switch the AES-GCM cipher suites to SSL_CIPHER_ALGORITHM2_AEAD.	jsing	2	-42/+136

2014-06-13	Combine the MAC handling for both !EVP_CIPH_FLAG_AEAD_CIPHER and	jsing	2	-28/+22
	EVP_CIPH_FLAG_AEAD_CIPHER into the same if/else block.
2014-06-13	Use SSL3_SEQUENCE_SIZE and if we're going to preincrement we may as well	jsing	1	-4/+3
	do it properly.
2014-06-13	Add support for handling SSL_CIPHER_ALGORITHM2_AEAD ciphers, which are	jsing	8	-66/+498
	those that use EVP_AEAD instead ov EVP_CIPHER. This means being able to change cipher state with an EVP_AEAD and being able to encrypt/decrypt TLS using the EVP_AEAD. This has no change on existing non-SSL_CIPHER_ALGORITHM2_AEAD ciphers. Based on Adam Langley's chromium patches. Rides the recent libssl bump. Tested by sthen@
2014-06-13	Add an SSL_AEAD_CTX to enable the use of EVP_AEAD with an SSL cipher.	jsing	8	-8/+98
	Read and write contexts are also added to the SSL_CTX, along with supporting code. Based on Adam Langley's chromium diffs. Rides the recent SSL library bump.
2014-06-13	Remove support for the `opaque PRF input' extension, which draft has expired	miod	24	-700/+29
	7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
2014-06-13	Add timingsafe_memcmp().	matthew	6	-38/+153
	ok deraadt, jmc, tedu
2014-06-13	Add regress tests for timingsafe_bcmp and timingsafe_memcmp.	matthew	3	-2/+86
	timingsafe_memcmp tests are disabled for now, pending its addition to libc.
2014-06-12	Add regress test for explicit_bzero.	matthew	3	-2/+145

2014-06-12	replace atoi() calls with strtol(). Follow the idiomatic pattern in our	deraadt	6	-80/+194
	manual page strictly. Return -2 if the strings are not strict numbers. The numbers remain in the range of "int". Range checking for these parameters is done later in the pkey_*_ctl() functions, or sometimes in functions much further downstream... but not always!!! ok millert miod mikeb
2014-06-12	tags as requested by miod and tedu	deraadt	1537	-1373/+1553

2014-06-12	Disable the "switch to insertion sort" optimization to avoid quadratic	millert	1	-13/+2
	behavior for certain inputs. From NetBSD. OK tedu@
2014-06-11	Really remove the obsolete manpages left by earlier commit	chrisz	2	-0/+0
	which just emptied the file but didn't remove it.
2014-06-11	Remove manpages about deprecated RFC2292 ancillary data convenience functions.	chrisz	4	-769/+4
	They are obsoleted by the RFC3542 api. ok mpi@
2014-06-11	Stop setting the EVP_MD_CTX_FLAG_NON_FIPS_ALLOW - it has been ignored since	jsing	9	-17/+0
	OpenSSL 1.0.0. ok miod@ (a little while back)
2014-06-11	Tsk. Tsk. Someone forgot to compile test the other half.	jsing	2	-4/+4