openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2020-01-02	Revise SSL_CTX_get_extra_chain_certs() to match OpenSSL behaviour.	jsing	2	-8/+23
	In OpenSSL, SSL_CTX_get_extra_chain_certs() really means return extra certs, unless there are none, in which case return the chain associated with the certificate. If you really just want the extra certs, including knowing if there are no extra certs, then you need to call SSL_CTX_get_extra_chain_certs_only()! And to make this even more entertaining, these functions are not documented in any OpenSSL release. Reported by sephiroth-j on github, since the difference in behaviour apparently breaks OCSP stapling with nginx. ok beck@ inoguchi@ tb@
2020-01-02	Provide TLSEXT_TYPE_* aliases for TLS 1.3.	jsing	1	-1/+10
	OpenSSL decided to use their own names for two of the TLS 1.3 extensions, rather than using the names given in the RFC. Provide aliases for these so that code written to work with OpenSSL also works with LibreSSL (otherwise everyone gets to provide their own workarounds). Issue noted by d3x0r on github. ok inoguchi@ tb@
2019-12-20	drand48(3) returns values in [0.0, 1.0).	tb	1	-3/+3
	From j@bitminer.ca with input from Andras Farkas, deraadt, joerg@netbsd "fix however you feel best!" jmc
2019-12-19	spelling; from bryan stenson	jmc	1	-3/+3

2019-12-18	use "Currently" in the doc for "openssl enc" when talking about default	sthen	1	-2/+2
	md, to hint that it might not always be the case (e.g. if dealing with files from a different version of the tool). ok tb@
2019-12-18	In January, the default digest used in the openssl enc command was	tb	1	-7/+4
	changed from md5 to sha256. Update manual to reflect that. From Fabio Scotoni ok jmc
2019-12-14	whitespace from go fmt + update a comment	tb	1	-4/+4

2019-12-14	Run Wycheproof HMAC test vectors against libcrypto.	tb	1	-1/+96

2019-12-14	Fix documented signatures of HMAC(3) and HMAC_Update(3). The n and len	tb	1	-4/+4
	arguments were changed from int to size_t with the import of OpenSSL 0.9.8h in 2008.
2019-12-11	The file passed to realpath(3) must exists, adjust man page to new	bluhm	1	-3/+3
	behavior. noticed by hshoexer@; OK beck@
2019-12-09	update to-do list	tb	1	-2/+1

2019-12-09	Run Wycheproof DSA P1363 test vectors against libcrypto.	tb	1	-19/+71

2019-12-05	Document X509_STORE_CTX_set_flags() which is a handy way to change the	claudio	1	-3/+18
	verification param flags of a context. While this function is marked as likely to be deprecated in OpenSSL it seems that this may not happen. This is why we decided to still document it. OK and input from ingo@ tb@
2019-12-03	update to-do list	tb	1	-2/+2

2019-12-03	Run Wycheproof ECDSA P1363 test vectors against libcrypto.	tb	1	-8/+8

2019-12-03	Add an EcPoint variant and pass it to the ECDH test runner.	tb	1	-20/+31

2019-12-03	Annotate test vector files with an enum which we can then pass to the	tb	1	-27/+48
	run*Test programs as needed.
2019-12-03	Add missing RCS tag.	tb	1	-0/+1

2019-12-03	Fix typo: ECHD -> ECDH.	tb	1	-4/+4
	From Michael Forney, thanks!
2019-11-28	Run additional 3004 ECDH and 1575 ECDSA test vectors against libcrypto.	tb	1	-3/+12
	For now, skip 96 ECDH tests for secp224k1.
2019-11-28	move the HKDF tests up a bit	tb	1	-68/+68

2019-11-28	update to-do list	tb	1	-2/+1

2019-11-28	go fmt	tb	1	-10/+10

2019-11-28	no need for fallthrough	tb	1	-19/+7

2019-11-28	Run HKDF test vectors against libcrypto.	tb	1	-1/+95

2019-11-28	Run XChaCha20-Poly1305 test vectors against libcrypto.	tb	1	-14/+43

2019-11-28	Add manual for openssl(1) cms	inoguchi	1	-2/+518
	ok and comments jmc@
2019-11-28	typo	tb	1	-2/+2

2019-11-27	Add to do list.	tb	1	-1/+7

2019-11-27	Only run the test vectors from x25519_test.json for now.	tb	1	-2/+6

2019-11-27	RSASig now has the more specific name RSASSA-PKCS1-v1_5.	tb	1	-10/+14

2019-11-27	Only print the basename of skipped test files.	tb	1	-2/+3

2019-11-27	go fmt	tb	1	-10/+9

2019-11-27	Run RSAES-PKCS1-v1_5 test vectors against libcrypto.	tb	1	-9/+104

2019-11-27	Make error messages look like other test cases.	tb	1	-4/+4

2019-11-27	Add glue for new RSA-OAEP tests.	tb	1	-2/+158

2019-11-27	Skip tests with unsupported signature algorithm SHA512/224 as well.	tb	1	-2/+2

2019-11-27	The DSA test vectors were split up and more tests were added.	tb	1	-2/+2
	Enable them, as all of them pass.
2019-11-27	New failure mode for AES-CCM: "very long nonce".	tb	1	-2/+2

2019-11-27	Prepare update of wycheproof-testvectors. Skip some tests for things	tb	1	-2/+10
	we don't support in LibreSSL and make sure we run as many tests as possible.
2019-11-26	Add support for TLS 1.3 post handshake messages and key updating.	beck	3	-20/+217
	tested against openssl 1.1's server. ok jsing@ tb@
2019-11-26	Nuke trailing whitespace that is annoying before changing things in here	beck	1	-6/+6

2019-11-25	gcc3, like clang and unlike our gcc4, doesn't support redirecting builtins	guenther	1	-6/+12
	like mem{set,cpy,move} or __stack_smash_handler using asm() renaming. So treat gcc3 like clang and mark such functions as protected instead. ok ayoma@
2019-11-25	Add option for cms test in appstest.sh	inoguchi	1	-2/+2

2019-11-24	Add test for cms operations in appstest.sh	inoguchi	1	-2/+100

2019-11-22	Sync tests with current NetBSD. Enable t_mkfifo test.	bluhm	6	-27/+44
	from Moritz Buhl
2019-11-21	A touch of style(9)	tim	1	-6/+6
	OK tb@ tedu@
2019-11-21	Use explicit_bzero() to clear key material	tim	1	-1/+2
	OK tb@ tedu@
2019-11-20	Add accessors to change the buffer in a handshake message.	beck	3	-3/+20
	Needed for doing TLS 1.3 Post Handshake Handshake messages. ok jsing@
2019-11-20	Add test for cms -keyopt in appstest.sh	inoguchi	1	-2/+4