openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2014-07-12	Place comments in a block above the if statement, rather than attempting	jsing	4	-94/+126
	to interleave them within the conditions. Also fix wrapping and indentation.
2014-07-12	Make disabling last cipher work.	guenther	2	-18/+18
	From Thijs Alkemade via OpenSSL trunk ok miod@
2014-07-12	-DOPENSSL_NO_KRB5 is no longer needed	deraadt	1	-2/+2
	ok guenther
2014-07-12	odds are that some ABI change occured today, no matter how careful everyone	deraadt	2	-2/+2
	is
2014-07-12	enough churn, a crank is advised by guenther..	deraadt	2	-2/+2

2014-07-12	Initial version of libressl - a library that provides a clean, simple,	jsing	9	-0/+847
	consistent and secure-by-default API for SSL clients (and soon servers). This is a long way from complete and the interface will likely change substantially - committing now so that further work can happen in the tree. Initiated by tedu@ and inspired by discussions with tedu@, beck@ and other developers.
2014-07-11	As reported by David Ramos, most consumer of ssl_get_message() perform late	miod	6	-106/+296
	bounds check, after reading the 2-, 3- or 4-byte size of the next chunk to process. But the size fields themselves are not checked for being entirely contained in the buffer. Since reading past your bounds is bad practice, and may not possible if you are using a secure memory allocator, we need to add the necessary bounds check, at the expense of some readability. As a bonus, a wrong size GOST session key will now trigger an error instead of a printf to stderr and it being handled as if it had the correct size. Creating this diff made my eyes bleed (in the real sense); reviewing it made guenther@'s and beck@'s eyes bleed too (in the literal sense). ok guenther@ beck@
2014-07-11	Provide LIBRESSL_VERSION_NUMBER for people who use such things to	beck	2	-2/+4
	detect versions distinct from OPENSSL_BLAH_WOOF.. ok jsing@ tedu@ deraadt@
2014-07-11	Another regress test for OpenSSL PR #3397 (Joyent 7704), from agl via OpenSSL	miod	1	-0/+57
	RT.
2014-07-11	Regression test for PKCS5_PBKDF2_HMAC(), written by Christian Heimes ; from	miod	3	-1/+224
	OpenSSL trunk
2014-07-11	missing \	deraadt	1	-2/+2

2014-07-11	formatting	beck	1	-4/+6
	ok bcook@
2014-07-11	add comment about format requirements	beck	1	-1/+3
	ok miod@
2014-07-11	Modify formatting to make portable's life a lot easier.	beck	1	-7/+6
	ok miod@ bcook@
2014-07-11	adapt addapt spelling to adapt; request from miod	deraadt	2	-6/+6

2014-07-11	Huge documentation update for libcrypto and libssl, mostly from Matt Caswell,	miod	100	-283/+2781
	Jeff Trawick, Jean-Paul Calderone, Michal Bozon, Jeffrey Walton and Rich Salz, via OpenSSL trunk (with some parts not applying to us, such as SSLv2 support, at least partially removed).
2014-07-11	If the application uses tls_session_secret_cb for session resumption, set	miod	2	-4/+6
	the CCS_OK flag. From OpenSSL trunk.
2014-07-11	Avoid invoking EVP_CIPHER_CTX_cleanup() on uninitialized memory; from	miod	2	-4/+4
	Coverity via OpenSSL trunk
2014-07-11	Fix a memory leak in BIO_free() which no current BIO can trigger; OpenSSL	miod	2	-8/+6
	PR #3439 via OpenSSL trunk
2014-07-11	Prevent infinite loop during configuration file parsing; OpenSSL PR #2985	miod	2	-4/+4
	via OpenSSL trunk.
2014-07-11	Missing bounds check in do_PVK_body(); OpenSSL RT #2277, from OpenSSL trunk,	miod	2	-8/+20
	but without a memory leak.
2014-07-11	OPENSSL_ALGORITHM_DEFINES has been removed from conf.h, no need for it now	tedu	2	-16/+4

2014-07-11	In RSA_eay_private_encrypt(), correctly return the smaller BN; OpenSSL	miod	2	-4/+4
	PR #3418 via OpenSSL trunk
2014-07-11	In ssl3_get_cert_verify(), allow for larger messages to accomodate keys	miod	2	-6/+4
	larger than 4096-bit RSA which the most paranoid of us are using; OpenSSL PR #319 via OpenSSL trunk.
2014-07-11	it has been 4888 days since the transient feature to define short macros	tedu	2	-116/+2
	for apps that haven't had time to make the appropriate changes was added. time's up.
2014-07-11	Apparently better fix for OpenSSL PR #3397 (Joyent bug #7704), from OpenSSL	miod	2	-4/+4
	trunk
2014-07-11	Also make these files parsable by pod2man..	beck	1	-6/+6
	ok bcook@
2014-07-11	Make this file parsable by pod2man without errors.	beck	1	-6/+6
	ok bcook@
2014-07-11	In ASN1_get_object(), reject primitive encodings using the indefinite length	miod	2	-2/+8
	constructed form. OpenSSL PR #2438 via OpenSSL trunk
2014-07-11	Fix copy for CCM, GCM and XTS.	miod	2	-24/+140
	Internal pointers in CCM, GCM and XTS contexts should either be NULL or set to point to the appropriate key schedule. This needs to be adjusted when copying contexts. OpenSSL PR #3272 with further fixes, from OpenSSL trunk
2014-07-11	i'm a dumbdumb. fix build.	tedu	28	-30/+30

2014-07-11	In asn1_get_length(), tolerate leading zeroes in BER encoding.	miod	2	-10/+16
	OpenSSL PR #2746 via OpenSSL trunk
2014-07-11	In EVP_PBE_alg_add don't use the underlying NID for the cipher	miod	2	-4/+4
	as it may have a non-standard key size; OpenSSL PR #3206 via OpenSSL trunk.
2014-07-11	additional features: no buffer freelists and no heartbleed	tedu	2	-0/+6

2014-07-11	no compression is also a feature of libressl	tedu	2	-0/+8

2014-07-11	move all the feature settings to a common header.	tedu	31	-1875/+176
	probably ok beck jsing miod
2014-07-11	Tolerate critical AKID in CRLs; OpenSSL PR #3014 via OpenSSL trunk, and	miod	2	-14/+16
	also update the comments to reflect what the code now does.
2014-07-11	Fix OID encoding for single components. OpenSSL PR #2556 via OpenSSL trunk.	miod	2	-2/+2
	(be sure to make cleandir and make includes before building)
2014-07-11	More memory leaks and unchecked allocations; OpenSSL PR #3403 via OpenSSL	miod	8	-14/+38
	trunk. (note we had already fixed some of the issues in that PR independently)
2014-07-11	Fix incorrect duplicate mlinks	beck	1	-8/+1
	ok bcook@
2014-07-11	Make sure BN_sqr never returns negative numbers.	miod	2	-2/+4
	OpenSSL PR #3400 via OpenSSL trunk.
2014-07-11	Accept CCS again after `finished' has been sent by the client; at this point	miod	2	-10/+12
	keys have been correctly set up so it is ok to accept CCS from the server. Without renegotiation can sometimes fail. OpenSSL PR #3400 via OpenSSL trunk.
2014-07-11	Correct incorrect mlinks	beck	1	-5/+1
	ok bcook@
2014-07-11	In dtls1_clear_queues(), free buffered_add_data.q correctly, it's made of	miod	2	-8/+8
	DTLS1_RECORD_DATA, not hm_fragment. OpenSSL PR #3286 via OpenSSL trunk.
2014-07-11	Fix incorrect mlinks	beck	1	-3/+1
	ok bcook@
2014-07-11	Fix version number processing in cms_sd_set_version(); OpenSSL PR #3249 via	miod	2	-6/+6
	OpenSSL trunk.
2014-07-11	Remove duplicate 0x for salt len in output; Martin Kaiser via OpenSSL trunk.	miod	2	-4/+4

2014-07-11	When looking for the issuer of a certificate, if the current candidate is	miod	6	-26/+194
	expired or not valid yet, continue looking; only return an expired certificate if no valid certificates have been found. OpenSSL PR #3359 via OpenSSL trunk.
2014-07-11	In ssl3_get_client_key_exchange() parsing a GOST session key, invoke the	miod	2	-26/+16
	regular ASN.1 parser rather than trying to handroll one and potentially misbehave; OpenSSL PR #3335 via OpenSSL trunk.
2014-07-11	Missing calloc() return value check in dgram_sctp_ctrl(); from Kurt Roeckx via	miod	2	-22/+42
	OpenSSL trunk