openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2019-06-05	provide getters and setters for the RSA_METHOD interface	gilles	6	-5/+246
	ok tb@, jsing@, sthen@
2019-06-05	Fix bogus cross reference: EVP_SignDigest* -> EVP_DigestSign*	tb	1	-3/+3

2019-06-04	OPENSSL_realloc(3) is no longer used, we now use reallocarray(3)	schwarze	1	-3/+3

2019-06-04	Readability tweak in a comment.	tb	1	-2/+2

2019-06-04	Remove the blinding later to avoid leaking information on the length	tb	1	-3/+3
	of ckinv. Pointed out and fix suggested by David Schrammel and Samuel Weiser ok jsing
2019-06-04	Readability tweaks for comments that explain the blinding.	tb	1	-5/+5

2019-06-04	Remove the blinding later to avoid leaking information on the length	tb	1	-3/+3
	of kinv. Pointed out and fix suggested by David Schrammel and Samuel Weiser ok jsing
2019-06-04	.In openssl/x509_vfy.h	schwarze	1	-3/+4
	for consistency with all the other X509_STORE_*(3) manual pages
2019-06-04	Add several missing .In lines	schwarze	1	-3/+13
	and add a sentence pointing to the detailed description in RSA_get_ex_new_index(3), worded like in DH_get_ex_new_index(3).
2019-06-04	Move to env var, likelky the possibility to set malloc options from	otto	2	-19/+8
	main is going away.
2019-06-03	add missing .In lines	schwarze	2	-4/+6

2019-06-03	add missing .In line	schwarze	1	-2/+3

2019-06-02	Complete the ld.so boot cleanup: move most libc initialization from	guenther	2	-8/+5
	_csu_finish() to _libc_preinit(), which is an .init_array function in shared libc (and mark it INITFIRST) or a .preinit_array function in static libc, grabbing the _dl_cb callback there from ld.so. Then in _csu_finish(), invoke the dl_clean_boot() callback to free ld.so's startup bits before main() gets control. Other cleanups this permits: - move various startup structures into .data.rel.ro - the dl* stubs in libc can be strong and call the callbacks provided via _dl_cb - no longer need to conditionalize dlctl() calls on presence of _DYNAMIC original concept and full diff ok kettenis@ ok deraadt@
2019-05-30	__realpath(2) appears to have improved, so re-enable the code that	deraadt	1	-3/+136
	checks userland-parsing vs kernel parsing, we are hoping to spot another bug..
2019-05-29	Relax parsing of TLS key share extensions on the server.	jsing	1	-5/+2
	The RFC does not require X25519 and it also allows clients to send an empty key share when the want the server to select a group. The current behaviour results in handshake failures where the client supports TLS 1.3 and sends a TLS key share extension that does not contain X25519. Issue reported by Hubert Kario via github. ok tb@
2019-05-29	Do not send an SNI extension when resuming a session that contains a server	jsing	1	-1/+4
	name (which means the client sent SNI during the initial handshake). Issue reported by Renaud Allard. ok tb@
2019-05-29	There are some bugs in __realpath(2) -- it isn't quite ready so disable	deraadt	1	-136/+3
	calling it until those are fixed.
2019-05-28	Fix typo and label indent.	jsing	1	-3/+3

2019-05-28	Tidy up some names/structures following the renaming of TLS extension	jsing	1	-35/+35
	functions based on message type (clienthello/serverhello), to which side is handling the processing. No intended functional change. ok beck@
2019-05-28	Enable the use of the kernel __realpath() system call in the libc wrapper.	beck	1	-3/+136
	For now, this also still uses the existing realpath implmentation and emits a syslog if we see differening results. Once we have run with that for a little while we will remove the old code ok deraadt@
2019-05-23	Throw malloc_conceal and freezero into the mix.	otto	1	-3/+8

2019-05-23	Only override size of chunk if we're not given the actual length.	otto	1	-2/+3
	Fixes malloc_conceal...freezero with malloc options C and/or G.
2019-05-23	bump to LibreSSL 3.0.0	bcook	1	-3/+3
	ok tb@
2019-05-23	add stdlib.h for reallocarray	bcook	1	-1/+2

2019-05-20	an RSA;	jmc	3	-9/+9

2019-05-19	clarify that later flags modify earlier flags;	schwarze	1	-2/+4
	triggered by a question from Jan Stary <hans at stare dot cz> on misc@; OK otto@
2019-05-16	More consistently put remarks about the less useful LC_* categoties,	schwarze	2	-14/+26
	i.e. those other than LC_CTYPE, into the CAVEATS section, and standardize wording somewhat. OK jmc@
2019-05-15	delete two stray blank lines	schwarze	1	-4/+2

2019-05-15	check result of ftruncate() as we do write() below	bcook	1	-2/+4
	ok beck@
2019-05-15	s3 is never NULL since s2 (formerly used for SSLv2) does not exist, so there is	bcook	3	-29/+20
	no need to check for it. Fixes COV-165788, identified with help from Alex Bumstead. ok jsing@
2019-05-14	Correct missing test to determine if length is in bytes or in bits.	beck	1	-1/+3
	Issue found by Guido Vranken <guidovranken@gmail.com> ok tedu@ tb@
2019-05-14	Use propper regress target to integrate better into test framework.	bluhm	1	-2/+4

2019-05-13	Remove unused pad check, which is handled by tls1_cbc_remove_padding() now.	bcook	1	-4/+2
	Fixes COV-174858 ok tb@
2019-05-13	Acquire mutex before incrementing the refcount. Fixes COV-186144	bcook	1	-1/+3
	ok tb@
2019-05-13	Move 'how this works' details from namespace.h to DETAILS	guenther	2	-112/+136

2019-05-13	explicitly mention that RES_NOALIASES has no effect;	schwarze	1	-3/+4
	jmc@ noticed that the text wasn't completely clear; OK jmc@
2019-05-13	Mention introduction of *_conceal.	otto	1	-2/+8

2019-05-13	The call to fseek(fp, -1, SEEK_END) also sets the reported size to	bluhm	1	-10/+10
	this value. To match the expectation of the test again, move this line before the the code that sets the final position. OK yasuoka@
2019-05-12	Fix signed overflow in X509_CRL_print().	tb	1	-1/+4
	fixes oss-fuzz #14558 ok beck jsing
2019-05-12	Revert the other hunk of r1.36 as well: in the case of CCM, ccm.key is	tb	1	-1/+11
	assigned from aesni_ccm_init_key() via CRYPTO_ccm128_init(), so it needs to be copied over... Pointed out by Guido Vranken. ok jsing
2019-05-12	Stop the eyebleed in here and just use calloc	beck	1	-31/+8

2019-05-11	$OpenBSD$	tb	4	-0/+4

2019-05-11	Remove commented out rc5 bits	tb	7	-20/+6

2019-05-10	Initialize EC_KEY_METHOD before use.	bcook	1	-2/+2
	Fixes COV-186146 ok tb, beck
2019-05-10	Revert part of r1.36: in the case of GCM, gcm.key is assigned from	tb	1	-1/+7
	aesni_gcm_init_key() via CRYPTO_gcm128_init(), so it needs to be copied over... Fixes cryptofuzz issue #14352 and likely also #14374. ok beck jsing
2019-05-10	Inroduce malloc_conceal() and calloc_conceal(). Similar to their	otto	2	-199/+219
	counterparts but return memory in pages marked MAP_CONCEAL and on free() freezero() is actually called.
2019-05-09	Add a test vector for Streebog 512 from Guido Vranken	tb	1	-1/+2

2019-05-09	Fix incorrect carry operation in 512 bit addition: in the case	tb	1	-6/+8
	that there is already a carry and Sigma[i-1] == -1, the carry must be kept. From Dmitry Eremin-Solenik. Fixes incorrect Streebog result reported by Guido Vranken.
2019-05-09	Proper prototype for main(). Make sparc64 happier.	claudio	1	-2/+4

2019-05-08	In DTLS, use_srtp is part of the extended server hello while in TLSv1.3,	tb	1	-2/+3
	it is an encrypted extension. Include it in the server hello for now. This will have to be revisited once TLSv1.3 gets there. Fixes SRTP negotiation. Problem found by two rust-openssl regress failures reported by mikeb. with & ok beck