| Commit message (Expand) | Author | Files | Lines |
|---|
| 2017-01-07 | Bump for LibreSSL 2.4.5libressl-v2.4.5 | bcook | 1 | -3/+3 |
| 2017-01-05 | MFC: Avoid a side-channel cache-timing attack that can leak the ECDSA | jsing | 1 | -1/+3 |
| 2016-11-03 | MFC: In ssl3_read_bytes(), do not process more than three consecutive TLSlibressl-v2.4.4 | jsing | 1 | -4/+24 |
| 2016-10-03 | Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate() | bcook | 1 | -5/+11 |
| 2016-10-03 | Detect zero-length encrypted session data early, instead of when malloc(0) | bcook | 1 | -2/+2 |
| 2016-10-03 | Check for packet with truncated DTLS cookie. | bcook | 1 | -12/+17 |
| 2016-10-03 | Improve ticket validity checking when tlsext_ticket_key_cb() callback | bcook | 1 | -4/+25 |
| 2016-10-03 | In X509_cmp_time(), pass asn1_time_parse() the tag of the field being | bcook | 1 | -2/+3 |
| 2016-10-02 | bump to 2.4.4 | bcook | 1 | -3/+3 |
| 2016-09-22 | MFC: Avoid falling back to a weak digest for (EC)DH when using SNI withlibressl-v2.4.3 | jsing | 1 | -3/+10 |
| 2016-09-22 | MFC: Avoid unbounded memory growth in libssl, which can be triggered by a | jsing | 1 | -9/+20 |
| 2016-09-22 | bump version for 2.4.3 | bcook | 1 | -3/+3 |
| 2016-09-22 | back out calls to EVP_CIPHER_CTX_cleanup() in EVP_Encrypt/DecryptFinal | bcook | 1 | -3/+1 |
| 2016-07-23 | This commit was manufactured by cvs2git to create branch 'OPENBSD_6_0'.libressl-v2.4.2 | cvs2svn | 1187 | -380610/+0 |
| 2016-07-23 | rework crl2pkcs7; with help from jsing | jmc | 1 | -57/+18 |
| 2016-07-21 | rework DESCRIPTION a little: no-command seems clearer than no-XXX; | jmc | 1 | -17/+12 |
| 2016-07-21 | rename NOTES to COMMON SYNTAX (explains itself better); rework the | jmc | 1 | -43/+44 |
| 2016-07-21 | strip back openssl crl somewhat: remove the examples | jmc | 1 | -41/+21 |
| 2016-07-20 | strip back openssl ciphers: | jmc | 1 | -106/+60 |
| 2016-07-19 | strip back openssl ca: in particular remove some excessively wordy sections, | jmc | 1 | -337/+120 |
| 2016-07-18 | don't mix code and decls, ok tedu@ | bcook | 2 | -4/+6 |
| 2016-07-17 | use memset to initialize the union | bcook | 2 | -4/+8 |
| 2016-07-17 | remove unused OPENSSL_NO_OBJECT case | bcook | 2 | -28/+2 |
| 2016-07-17 | Initialize buffers before use, noted by Kinichiro Inoguchi. | bcook | 2 | -14/+14 |
| 2016-07-17 | strip back asn1parse; ok beck jsing | jmc | 1 | -108/+27 |
| 2016-07-16 | Clean up OCSP_check_validity() a bit more. | beck | 2 | -22/+20 |
| 2016-07-16 | since we no longer pull source directly from openssl, the time is | jmc | 1 | -427/+57 |
| 2016-07-16 | Limit the support of the "backward compatible" ssl2 handshake to only be | beck | 2 | -2/+18 |
| 2016-07-13 | Adjust existing tls_config_set_cipher() callers for TLS cipher group | jsing | 1 | -2/+2 |
| 2016-07-13 | Split the existing TLS cipher suite groups into four: | jsing | 3 | -11/+22 |
| 2016-07-13 | Fix usage() output and getopt sorting | guenther | 1 | -6/+6 |
| 2016-07-10 | zero the read buffer after copying data to user so it doesn't linger. | tedu | 2 | -2/+4 |
| 2016-07-07 | Revert previous since the libtls change has been reverted. | jsing | 1 | -16/+24 |
| 2016-07-07 | Revert previous - it introduces problems with a common privsep use case. | jsing | 3 | -72/+35 |
| 2016-07-07 | add ca cert error check and make the path configurable | bcook | 1 | -1/+9 |
| 2016-07-07 | call BN_init on temporaries to avoid use-before-set warnings | bcook | 6 | -6/+28 |
| 2016-07-06 | J/j is a three valued option, document and fix code to actuall support that | otto | 1 | -3/+5 |
| 2016-07-06 | Check that the given ciphers string is syntactically valid and results in | jsing | 1 | -1/+17 |
| 2016-07-06 | Remove manual file loading (now that libtls does this for us) and adjust | jsing | 1 | -24/+16 |
| 2016-07-06 | Always load CA, key and certificate files at the time the configuration | jsing | 3 | -35/+72 |
| 2016-07-06 | Correctly handle an EOF that occurs prior to the TLS handshake completing. | jsing | 1 | -3/+6 |
| 2016-07-05 | remove extra assignment of s from 1.11, fix regression test | bcook | 1 | -2/+1 |
| 2016-07-05 | remove unneeded duplicate call - spotted by jsing@ | beck | 2 | -6/+2 |
| 2016-07-05 | On systems where we do not have BN_ULLONG defined (most 64-bit systems), | bcook | 8 | -26/+111 |
| 2016-07-05 | Add several fixes from OpenSSL to make OCSP work with intermediate | beck | 2 | -20/+48 |
| 2016-07-05 | make less awful.. test against cloudflare too | beck | 2 | -9/+19 |
| 2016-07-04 | Add a nasty little ocsp regress test in the hope pedants will make it better. | beck | 3 | -1/+140 |
| 2016-07-02 | do not uppercase "hop limit"; | jmc | 1 | -4/+4 |
| 2016-07-01 | Simplify IP proto-specific sockopt error handling. | bcook | 1 | -34/+26 |
| 2016-06-30 | Tighten behavior of _rs_allocate failure for portable arc4random implementati... | bcook | 14 | -14/+28 |
