openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2019-11-02	Document tls_conn_cipher_strength().	jsing	1	-2/+14
	ok schwarze@
2019-11-02	Enable CMS in LibreSSL.	jsing	3	-2/+135
	ok bcook@ deraadt@ inoguchi@ job@ tb@
2019-11-02	Provide tls_conn_cipher_strength().	jsing	4	-3/+15
	This returns the strength in bits of the symmetric cipher used for the connection. Diff from gilles@ ok tb@
2019-11-01	In evp/pmeth_lib.c rev. 1.16, jsing@ enabled EVP_PKEY_RSA_PSS.	schwarze	1	-3/+5
	Document it.
2019-11-01	In rsa.h rev. 1.45, jsing@ provided	schwarze	1	-8/+16
	the three macro constants RSA_PSS_SALTLEN_*; document them. The wording is a combination of our existing text and the wording in the OpenSSL 1.1.1 branch, which is still under a free license.
2019-11-01	Add DSA CMS support.	jsing	1	-1/+25
	From OpenSSL 1.1.1d. ok tb@
2019-11-01	Add RSA CMS support.	jsing	3	-5/+262
	From OpenSSL 1.1.1d. ok tb@
2019-11-01	Provide NID for pSpecified.	jsing	2	-0/+2
	ok tb@
2019-11-01	Wire up PKEY methods for RSA-PSS.	jsing	1	-2/+6
	ok tb@
2019-11-01	Wire up ASN.1 methods for RSA-PSS.	jsing	1	-1/+5
	ok tb@
2019-11-01	In rsa.h rev. 1.45, jsing@ provided the three	schwarze	2	-6/+64
	macros EVP_PKEY_CTX_set_rsa_pss_keygen_*(3); document them. Text mostly taken from the OpenSSL 1.1.1 branch, which is still under a free license, but rearranged to fit the structure of our manual pages.
2019-11-01	move the PSS macros to the end in preparation for adding more macros,	schwarze	1	-50/+45
	reduce text duplication by forming subsections, and some minor corrections
2019-11-01	The EVP_PKEY_CTX_ctrl(3) manual page requires additions for RSA-PSS	schwarze	4	-267/+358
	but it is growing to excessive size, so split out RSA_pkey_ctx_ctrl(3).
2019-11-01	Update RSA ASN.1 code to handle RSA-PSS.	jsing	4	-302/+389
	From OpenSSL 1.1.1d. ok tb@
2019-11-01	Clean up RSA_new_method().	jsing	1	-40/+24
	Use calloc() instead of malloc() for initialisation and remove explicit zero initialisation of members. This ensures that new members always get initialised. Also use a single error return path, simplifying code. ok tb@
2019-10-31	Add RSA OAEP test for pkeyutl in appstest.sh	inoguchi	1	-1/+21

2019-10-31	In rsa_pmeth.c rev. 1.30, jsing@ set the minimum RSA key length	schwarze	1	-2/+3
	for RSA key generation to 512 bits. Document that minimum.
2019-10-31	Add CMS controls for RSA.	jsing	1	-1/+8

2019-10-31	Add support for RSA-PSS.	jsing	5	-65/+370
	From OpenSSL 1.1.1d. ok inoguchi@
2019-10-31	Move RSA min modulus to a define and increase from 256 to 512 bits.	jsing	2	-4/+6
	From OpenSSL 1.1.1d. ok inoguchi@
2019-10-31	Fix indent and indent before labels.	jsing	1	-5/+5

2019-10-31	Use braces where a statement has both multi-line and single-line blocks.	jsing	1	-8/+13
	Makes code more robust and reduces differences with OpenSSL. ok inoguchi@
2019-10-31	Add additional validation of key size, message digest size and public	jsing	1	-3/+17
	exponent. From OpenSSL 1.1.1d. ok inoguchi@
2019-10-31	Clean up some code.	jsing	1	-11/+13
	Assign and test, explicitly test against NULL and use calloc() rather than malloc. ok inoguchi@
2019-10-31	Avoid potentially leaking pub_exp in pkey_rsa_copy().	jsing	1	-4/+4
	ok inoguchi@
2019-10-29	In rsa.h rev. 1.41, jsing@ provided RSA_pkey_ctx_ctrl(3).	schwarze	1	-1/+26
	Write the documentation from scratch.
2019-10-29	merge documentation for several macros EVP_PKEY_CTX__rsa_oaep_(3)	schwarze	1	-4/+239
	and EVP_PKEY_CTX__ecdh_(3); from Antoine Salon <asalon at vmware dot com> via OpenSSL commit 87103969 Oct 1 14:11:57 2018 -0700 from the OpenSSL 1.1.1 branch, which is still under a free license
2019-10-29	merge documentation for EVP_PKEY_CTX_set1_id(3), EVP_PKEY_CTX_get1_id(3),	schwarze	1	-2/+57
	and EVP_PKEY_CTX_get1_id_len(3), but make it sound more like English text; from Paul Yang via OpenSSL commit f922dac8 Sep 6 10:36:11 2018 +0800 from the OpenSSL 1.1.1 branch, which is still under a free license
2019-10-29	merge documentation of EVP_PKEY_CTX_set_ec_param_enc(3)	schwarze	1	-6/+23
	from Stephen Henson via OpenSSL commit 146ca72c Feb 19 14:35:43 2015 +0000
2019-10-29	correct HISTORY of some RSA control macros	schwarze	1	-5/+26

2019-10-29	list supported algorithm ids and clarify how the engine argument is used	schwarze	1	-10/+50

2019-10-29	Add two controls that were missed in the previous commit.	jsing	1	-1/+13

2019-10-29	Update RSA OAEP code.	jsing	2	-21/+124
	This syncs the RSA OAEP code with OpenSSL 1.1.1d, correctly handling OAEP padding and providing various OAEP related controls. ok inoguchi@ tb@
2019-10-29	Provide EVP_PKEY_CTX_md().	jsing	2	-8/+18
	This handles controls with a message digest by name, looks up the message digest and then proxies the control through with the EVP_MD *. This is internal only for now and will be used in upcoming RSA related changes. Based on OpenSSL 1.1.1d. ok inoguchi@ tb@
2019-10-25	Free maskHash when RSA_PSS_PARAMS is freed.	jsing	1	-3/+23
	ok tb@
2019-10-24	Service names are still resolved with -n	kn	1	-4/+4
	Just like pfctl(8)'s -N, this flag only avoid DNS; "nc -vz ::1 socks" still works. Fix documentation by copying pfctl's wording. OK deraadt
2019-10-24	Provide ASN1_TYPE_{,un}pack_sequence().	jsing	2	-2/+36
	These are internal only for now. Based on OpenSSL 1.1.1d. ok inoguchi@
2019-10-24	Provide RSA_OAEP_PARAMS along with ASN.1 encoding/decoding.	jsing	2	-2/+97
	For now these are internal only. From OpenSSL 1.1.1d. ok inoguchi@
2019-10-24	Bump libcrypto, libssl and libtls majors due to changes in struct sizes	jsing	3	-6/+6
	and symbol addition.
2019-10-24	Add RSA_PSS_PARAMS pointer to RSA struct.	jsing	1	-1/+8
	This will be used by upcoming RSA-PSS code. ok tb@
2019-10-24	Add maskHash field to RSA_PSS_PARAMS.	jsing	1	-1/+4
	This will be soon used as an optimisation and reduces the differences between OpenSSL. ok tb@
2019-10-24	Provide RSA_pkey_ctx_ctrl().	jsing	3	-2/+20
	This is a wrapper around EVP_PKEY_CTX_ctrl() which requires the key to be either RSA or RSA-PSS. From OpenSSL 1.1.1d. ok tb@
2019-10-24	Add EVP_PKEY_RSA_PSS.	jsing	1	-1/+2
	ok tb@
2019-10-24	Print IP address in verbose mode	job	1	-12/+34
	OK kn@
2019-10-23	Revert previous, which works for -N case but causes regress failures	beck	1	-18/+1
	for tls, since the socket is shut down without calling tls_close(). Since nc appears to have a problem with this in other shutdown() cases I am simply going to bake a new diff for this. noticed by bluhm@.
2019-10-17	Sync RSA_padding_check_PKCS1_OAEP_mgf1().	jsing	1	-64/+111
	Update RSA_padding_check_PKCS1_OAEP_mgf1() with code from OpenSSL 1.1.1d (with some improvements/corrections to comments). This brings in code to make the padding check constant time. ok inoguchi@ tb@
2019-10-17	Fix -N flag to actually shut down the (entire) socket when the input	beck	1	-1/+18
	goes away. This allows for using nc in cases where the network server will no longer expect anything after eof, instead of hanging waiting for more input from our end. Additionaly, shut down if tls is in use if either side of the socket goes away, since we higher level TLS operations (tls_read and write) will require the socket to be both readable and writable as we can get TLS_WANT_POLLIN or TLS_WANT_POLLOUT on either operation. deraadt@ buying it. found by sthen@
2019-10-17	Provide err_clear_last_constant_time() as a way of clearing an error from	jsing	2	-1/+24
	the top of the error stack in constant time. This will be used by upcoming RSA changes. From OpenSSL 1.1.1d. ok inoguchi@ tb@
2019-10-10	bump internal version to 3.0.2	bcook	1	-2/+2

2019-10-10	bump to 3.0.2	bcook	1	-2/+2