| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2021-09-11 | merge the description of SSL_get_tlsext_status_type(3) | schwarze | 1 | -3/+35 | |
| from the OpenSSL 1.1.1 branch, which is still under a free license | |||||
| 2021-09-11 | Merge documentation of EC_GROUP_order_bits(3) from the OpenSSL 1.1.1 | schwarze | 1 | -26/+70 | |
| branch, which is still under a free license. While here, also merge a few other improvements, mostly regarding EC_GROUP_get_order(3) and EC_GROUP_get_cofactor(3); in particular, some statements below RETURN VALUES were outright wrong. This patch includes a few minor tweaks and an addition to HISTORY by me. Feedback and OK tb@. | |||||
| 2021-09-11 | Add BGPSec Router (RFC 8209) Key Purpose OID | job | 2 | -0/+2 | |
| OK tb@ | |||||
| 2021-09-11 | Merge documentation for BN_bn2binpad(3), BN_bn2lebinpad(3), | schwarze | 1 | -13/+77 | |
| and BN_lebin2bn(3) from the OpenSSL 1.1.1 branch, which is still under a free license. While here, tweak a number of details for clarity. OK tb@ | |||||
| 2021-09-10 | Calling OpenSSL_add_all_digests() is no longer needed since the library | millert | 1 | -7/+2 | |
| automatically initializes itself. OK tb@ | |||||
| 2021-09-10 | crank major for libcrypto as well | tb | 1 | -2/+2 | |
| 'may as well' deraadt | |||||
| 2021-09-10 | major bump (same type of crank as libssl) | tb | 1 | -1/+1 | |
| 2021-09-10 | bump major after symbol addition and struct removal, struct visibility | tb | 1 | -1/+1 | |
| changes | |||||
| 2021-09-10 | Update Symbols.list after API additions | tb | 1 | -0/+18 | |
| 2021-09-10 | Bump minor after symbol addition | tb | 1 | -1/+1 | |
| 2021-09-10 | Add BN_bn2{,le}binpad(), BN_lebin2bn(), EC_GROUP_order_bits to Symbols.list | tb | 1 | -0/+4 | |
| ok beck inoguchi jsing | |||||
| 2021-09-10 | Move SSL_set0_rbio() outside of LIBRESSL_HAS_TLS1_3 | tb | 1 | -3/+1 | |
| ok inoguchi jsing | |||||
| 2021-09-10 | Expose SSL_get_tlext_status_type() in tls1.h | tb | 1 | -3/+1 | |
| ok beck jsing | |||||
| 2021-09-10 | Expose SSL_R_NO_APPLICATION_PROTOCOL in ssl.h | tb | 1 | -3/+1 | |
| ok beck jsing | |||||
| 2021-09-10 | Expose SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE in ssl.h | tb | 1 | -3/+1 | |
| ok beck jsing | |||||
| 2021-09-10 | Expose SSL_CTX_get0_privatekey() in ssl.h | tb | 1 | -3/+1 | |
| ok beck | |||||
| 2021-09-10 | Remove TLS1_get_{,client_}version() | tb | 1 | -9/+1 | |
| ok jsing | |||||
| 2021-09-10 | Remove SSL3_RECORD and SSL3_BUFFER | tb | 1 | -25/+1 | |
| with/ok jsing | |||||
| 2021-09-10 | Remove TLS1_RT_HEARTBEAT | tb | 1 | -2/+1 | |
| ok jsing | |||||
| 2021-09-10 | Make SSL opaque | tb | 1 | -2/+4 | |
| with/ok jsing | |||||
| 2021-09-10 | Remove struct tls_session_ticket_ext_st and TLS_SESSION_TICKET_EXT | tb | 2 | -2/+6 | |
| from public visibility. with/ok jsing | |||||
| 2021-09-10 | Uncomment LIBRESSL_HAS_{TLS1_3,DTLS1_2} in opensslfeatures.h | tb | 1 | -2/+2 | |
| 2021-09-10 | Use BN_RAND_* instead of mysterious values in the documentation of | tb | 1 | -7/+19 | |
| BN_rand_range() From OpenSSL 1.1.1l ok beck jsing | |||||
| 2021-09-10 | Expose EC_GROUP_order_bits() in <openssl/ec.h> | tb | 1 | -3/+1 | |
| ok beck jsing | |||||
| 2021-09-10 | Expose BN_bn2{,le}binpad() and BN_lebin2bn() in <openssl/bn.h> | tb | 1 | -3/+1 | |
| ok beck inoguchi | |||||
| 2021-09-10 | Expose BN_RAND_* in <openssl/bn.h> | tb | 1 | -3/+1 | |
| ok beck jsing | |||||
| 2021-09-10 | Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback | tb | 4 | -7/+31 | |
| As reported by Jeremy Harris, we inherited a strange behavior from OpenSSL, in that we ignore the SSL_TLSEXT_ERR_FATAL return from the ALPN callback. RFC 7301, 3.2 states: 'In the event that the server supports no protocols that the client advertises, then the server SHALL respond with a fatal "no_application_protocol" alert.' Honor this requirement and succeed only on SSL_TLSEXT_ERR_{OK,NOACK} which is the current behavior of OpenSSL. The documentation change is taken from OpenSSL 1.1.1 as well. As pointed out by jsing, there is more to be fixed here: - ensure that the same protocol is selected on session resumption - should the callback be called even if no ALPN extension was sent? - ensure for TLSv1.2 and earlier that the SNI has already been processed ok beck jsing | |||||
| 2021-09-10 | Prepare to provide BN_RAND_* flags for BN_rand_range() | tb | 1 | -1/+12 | |
| ok beck jsing | |||||
| 2021-09-10 | Prepare to provide SSL_CTX_get0_privatekey() | tb | 2 | -2/+14 | |
| ok beck | |||||
| 2021-09-09 | Ensure that the kill signal undergoing testing is not ignored. | anton | 1 | -1/+15 | |
| ok bluhm@ | |||||
| 2021-09-09 | When calling the legacy callback, ensure we catch the case where it | beck | 1 | -2/+5 | |
| has decided to change a succeess to a failure and change the error code. Fixes a regression in the openssl-ruby tests which expect to test this functionality. ok tb@ | |||||
| 2021-09-09 | Rework openssl-ruby-tests to run all passing tests first, then | tb | 1 | -4/+12 | |
| run the one failing test as a separate regress test. This way, all regressions should be caught with REGRESS_FAIL_EARLY=yes or on bluhm's regress webpage. This needs an up-to-date openssl-ruby-tests package and an upcoming commit by beck in x509_verify.c to work. ok beck bluhm | |||||
| 2021-09-09 | zap trailing whitespace | tb | 2 | -14/+14 | |
| 2021-09-08 | Prepare to provide EC_GROUP_order_bits() | tb | 11 | -18/+45 | |
| ok jsing | |||||
| 2021-09-08 | Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs | tb | 3 | -3/+24 | |
| ok jsing | |||||
| 2021-09-08 | Prepare to provide API stubs for PHA | tb | 2 | -2/+27 | |
| ok bcook jsing | |||||
| 2021-09-08 | Fix leak in cms_RecipientInfo_kekri_decrypt() | tb | 1 | -1/+2 | |
| Free ec->key before reassigning it. From OpenSSL 1.1.1, 58e1e397 ok inoguchi | |||||
| 2021-09-08 | Prepare to provide SSL_get_tlsext_status_type() | tb | 3 | -3/+20 | |
| Needed for nginx-lua to build with opaque SSL. ok inoguchi jsing | |||||
| 2021-09-08 | Prepare to provide SSL_set0_rbio() | tb | 2 | -2/+12 | |
| This is needed for telephony/coturn and telephony/resiprocate to compile without opaque SSL. ok inoguchi jsing | |||||
| 2021-09-08 | Prepare to provide BN_bn2{,le}binpad() and BN_lebin2bn() | tb | 2 | -9/+137 | |
| As found by jsg and patrick, this is needed for newer uboot and will also be used in upcoming elliptic curve work. This is from OpenSSL 1.1.1l with minor style tweaks. ok beck inoguchi | |||||
| 2021-09-08 | Replace bare ; with continue; | job | 1 | -7/+7 | |
| OK tb@ | |||||
| 2021-09-08 | Fix indentation of comments and labels | job | 2 | -165/+167 | |
| OK tb@ | |||||
| 2021-09-07 | Replace (&(x)) pattern with &x | job | 2 | -32/+32 | |
| No functional changes. OK tb@ | |||||
| 2021-09-07 | KNF | job | 2 | -1478/+1548 | |
| OK tb@ jsing@ beck@ | |||||
| 2021-09-06 | The default Ruby has switched to 3.0 | tb | 1 | -2/+2 | |
| 2021-09-05 | new sentence, new line, and tweak wording of previous; | jmc | 1 | -2/+3 | |
| 2021-09-05 | Remove unused variable tmptm in do_body of openssl(1) ca | inoguchi | 1 | -8/+2 | |
| 2021-09-05 | Using serial number instead as subject if it is empty in openssl(1) ca | inoguchi | 2 | -3/+36 | |
| This allows multiple entries without a subject even if unique_subject == yes. Referred to OpenSSL commit 5af88441 and arranged for our codebase. ok tb@ | |||||
| 2021-09-05 | Check extensions before setting version to v3 | inoguchi | 1 | -5/+10 | |
| Referred to OpenSSL commit 4881d849 and arranged for our codebase. comment and ok from tb@ | |||||
| 2021-09-05 | Use accessor method rather than direct X509 structure access | inoguchi | 1 | -20/+10 | |
| Referred to OpenSSL commit a8d8e06b and arranged for our codebase. comment and ok from tb@ | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |