openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2015-09-13	Factor out setup_up / destroy_ui functions.	bcook	4	-58/+58
	This pulls out and renames setup_ui/destroy_ui so we have something that can be replaced as-needed, moving the the console setup code for Windows to app_win.c in -portable, instead of needing a local patch to enable binary console mode ui_read/write are also simplified.
2015-09-13	Use ECDH_size() instead of rolling our own.	jsing	4	-24/+22
	ok beck@
2015-09-13	document extra algorithms available with openssl speed command	bcook	1	-1/+4
	ok jmc@
2015-09-13	Switch to miod's shiny new OPENSSL_cpu_caps() and we can now also enable	jsing	2	-6/+6
	the AES acceleration checking for i386. ok beck@ miod@
2015-09-13	Merge ech_ossl.c into ech_key.c - not much point having one file with a	jsing	5	-432/+294
	four line function and a tonne of license text. ok beck@
2015-09-13	Nuke openssl/e_os2.h, since nothing should be using it.	jsing	2	-86/+1
	ok deraadt@ "hurray! finally!" miod@ "Yay!" sthen@
2015-09-13	Provide ECDH_size().	jsing	6	-8/+22
	"jajaja" miod@
2015-09-13	Check ECDH output buffer length and avoid truncation.	jsing	6	-12/+32
	Currently, if you call ECDH_compute_key() it will silently truncate the resulting key if the output buffer is less than the key size. Instead, detect this condition and return an error. If the buffer provided is larger than the key length, zero the remainder. ok beck@ miod@ "+ shivers"
2015-09-13	Add Certplus CA root certificate:	sthen	1	-0/+86
	C=FR, O=Certplus, CN=Class 2 Primary CA req by beck@, ok miod@ beck@
2015-09-13	display negotiated TLS version and cipher suite in verbose mode.	beck	1	-2/+3
	ok jsing@
2015-09-13	Lob a style(9) grenade in here.	jsing	12	-362/+352

2015-09-13	Mechanical minor bump to follow libcrypto.	miod	3	-3/+3

2015-09-13	add visibility of ciper and connection version strings	beck	4	-6/+56
	ok jsing@
2015-09-13	Add a new interface, OPENSSL_cpu_caps(), to return the currently running	miod	6	-6/+36
	cpu's specific hardware capabilities users of libcrypto might be interested in, as an integer value. This deprecates the existing OPENSSL_ia32cap() macro and the OPENSSL_ia32cap_loc() function (which returns the pointer so that you can mess with stuff you shouldn't mess with). Interpreting the value returned by OPENSSL_cpu_caps() is, of course, machine-dependent. Minor version bump for libcrypto. ok beck@ jsing@
2015-09-13	The *_accept() functions increment in_handshake at the start of the function,	jsing	4	-38/+60
	then decrement it and call a callback on exit from the function. As such, these functions should not return in the middle, otherwise in_handshake is never decremented and the callback never called. ok beck@ "with many sighs" miod@
2015-09-13	If we have hardware acceleration for AES, prefer AES as a symmetric cipher	jsing	2	-14/+60
	over CHACHA20. Otherwise, prefer CHACHA20 with AES second. ok beck@ miod@
2015-09-13	Wrap <stdlib.h> so that calls go direct and the symbols not in the	guenther	22	-26/+54
	C standard are all weak. Apply __{BEGIN,END}_HIDDEN_DECLS to gdtoa{,imp}.h, hiding the arch-specific __strtorx, __ULtox_D2A, __strtorQ, __ULtoQ_D2A symbols.
2015-09-13	tweak STANDARDS;	jmc	1	-3/+3

2015-09-12	Adapt to just committed libtls api change	beck	1	-21/+14

2015-09-12	Move connection info into it's own private structure allocated and filled in	beck	7	-120/+208
	at handshake time. change accessors to return const char * to remove need for caller to free memory. ok jsing@
2015-09-12	Split ssl3_send_client_key_exchange() (387 lines of code) into five	jsing	2	-654/+702
	functions. The original was written as a huge if/else if chain - split out the handling for each key exchange type. This allows us to reduce two levels of indentation, make the code far more readable and have single return paths so that we can simplify clean up. ok beck@
2015-09-12	Fix function name.	jsing	2	-4/+4

2015-09-12	Sync handling of cached record digests with s3_srvr.c.	jsing	2	-2/+46

2015-09-12	explicit_bzero() the GOST premaster secret.	jsing	2	-4/+14
	ok miod@
2015-09-12	Ensure that we clear the libssl error stack before we make a function call	jsing	3	-5/+12
	that we will pass the result through tls_ssl_error() on failure. Otherwise we can end up reporting spurious errors due to their being unrelated errors already on the error stack. Spotted by Marko Kreen. ok beck@
2015-09-12	Unwrap a bunch of lines.	jsing	2	-74/+38

2015-09-12	Nuke SSLEAY_CONF -- a backwards compatibility environment variable that	lteo	4	-14/+5
	has been superseded by OPENSSL_CONF and discouraged from use for almost 16 years. "Definately ok" jsing@ "burn it" deraadt@ "Kill it with fire" miod@ "KILL IT WITH FIRE!!! BURN!!!!" beck@
2015-09-12	__strsignal() is now declared in hidden/signal.h	guenther	1	-2/+0

2015-09-12	Put tls_peer_cert* functions in the same place.	jsing	1	-6/+6

2015-09-12	Wrap <inttypes.h> and finish wrapping of <wchar.h> so that calls go direct	guenther	24	-24/+51
	and the symbols not in the C standard are weak
2015-09-12	Remove most of the SSLv3 version checks and a few TLS v1.0.	doug	14	-236/+114
	We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and DTLS1_BAD_VER support was removed. "reads ok" miod@
2015-09-12	Add openssl(1) speed support for AEAD algorithms.	bcook	1	-17/+96
	This adds aes-128-gcm aes-256-gcm chacha20-poly1305 from Adam Langley's original patch for OpenSSL ok beck@ jsing@
2015-09-12	Cleanup enginetest a bit.	bcook	1	-104/+84
	It was the only thing preventing -Werror from building on some systems due to the unchecked asprintf's.
2015-09-12	Uncopy and unpaste dtls1_send_newsession_ticket() - another 111 lines of	jsing	4	-222/+6
	code deduped.
2015-09-12	Fix the openssl(1) prime command: When checking a decimal number for	lteo	1	-3/+2
	primality, do not unnecessarily convert the original decimal number to hex in the output. Hex numbers explicitly specified with -hex remain unchanged. ok beck@ deraadt@ jsing@ miod@
2015-09-12	Move handshake message header length determination into a separate	jsing	8	-46/+54
	ssl3_handshake_msg_hdr_len() function. Use this to correct several places that have magic numbers with header lengths hardcoded as '4'. ok beck@
2015-09-12	Wrap <unistd.h> so that internal calls go direct and they're all weak symbols	guenther	6	-4/+12
	Delete unused 'fd' argument from internal function oldttyname()
2015-09-12	Wrap <getopt.h> to make the functions weak and make access to the initialized	guenther	1	-1/+6
	variables go direct. (Common variables cannot be aliased.)
2015-09-12	Uncopy and unpaste dtls1_send_certificate_request() - removes another 80	jsing	4	-160/+6
	lines of code, while gaining SIGALGs support.
2015-09-12	Uncopy and unpaste dtls1_send_server_key_exchange(). Removes another 329	jsing	4	-658/+6
	lines of code, while gaining bug fixes and SIGALGs support.
2015-09-12	Uncopy and unpaste dtls1_send_server_done().	jsing	4	-36/+6

2015-09-12	Uncopy and unpaste dtls1_send_server_hello().	jsing	4	-136/+6

2015-09-12	Uncopy and unpaste dtls1_send_hello_request().	jsing	4	-36/+6

2015-09-12	Convert the rest of the server handshake functions to ssl3_handshake_msg_*.	jsing	2	-88/+70
	ok beck@
2015-09-12	Uncopy and unpaste dtls1_send_client_verify() - the	jsing	4	-148/+6
	ssl3_send_client_verify() is different, but it correctly supports things like SIGALGS. Another 74 lines of code bites the dust.
2015-09-12	Uncopy and unpaste dtls1_send_client_key_exchange() - the	jsing	4	-538/+10
	ssl3_send_client_key_exchange() is effectively identical, in fact it has a number of bug fixes and improvements that never got merged into the DTLS copy of the code. Flenses another 264 lines of code. ok beck@
2015-09-12	Use explicit_bzero() instead of memset() when clearing private keys.	jsing	2	-6/+8
	ok bcook@ beck@ miod@
2015-09-12	Pull variable assignment out from function call, fix indentation and set	jsing	2	-16/+14
	state after calling ssl3_handshake_msg_finish().
2015-09-12	style(9) and whitespace cleanups.	jsing	2	-58/+50

2015-09-12	Remove workaround for old SIMICS toolchain.	miod	2	-90/+2