openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2015-07-16	After reading a password with terminal echo off, restore the terminal to	guenther	2	-12/+10
	its original state instead of blindly turning echo on. problem reported on the openssl-dev list by William Freeman ok miod@ beck@
2015-07-16	Explicitely cast a char into unsigned long before shifting it left by 24, for	miod	2	-4/+4
	this would promote it to int for the shift, and then cast to unsigned long, sign-extending it if sizeof(long) > sizeof(int). This was not a problem because the computed value was explicitely range checked afterwards, with an upper bound way smaller than 1U<<31, but it's better practice to cast correctly. ok beck@
2015-07-16	Check return value of all used functions in OCSP_REQUEST_print(); covers	miod	2	-10/+18
	Coverity CID 78796; ok beck@
2015-07-16	Make sure the `reject negative sizes' logic introduced in 1.34 is actually	miod	2	-6/+8
	applied to all code paths. ok beck@ bcook@ doug@ guenther@
2015-07-15	check n before cbs_init, coverity - ID 125063	beck	2	-6/+18
	ok bcook@ miod@
2015-07-15	test for n<0 before use in CBS_init - mostly to shut up coverity.	beck	6	-22/+66
	reluctant ok miod@
2015-07-15	Flense out dead code, we don't do ecdhe_clnt_cert.	beck	4	-374/+150
	coverity ID's 21691 21698 ok miod@, "Fry it" jsing@
2015-07-15	Fix inverted test in previous. Commit message told what we intended, but	miod	2	-4/+4
	we did not notice my fingers slipping. Noticed by bcook@
2015-07-15	Remove dead code. Coverity CID 21688	miod	2	-8/+2
	ok beck@
2015-07-15	Fix two theoretical NULL pointer dereferences which can only happen if you	miod	2	-8/+18
	have seriously corrupted your memory; Coverity CID 21708 and 21721. While there, plug a memory leak upon error in x509_name_canon(). ok bcook@ beck@
2015-07-15	Fix possible 32 byte buffer overrun, found by coverity, CID 78869	beck	2	-4/+4
	ok miod@
2015-07-15	Memory leak; Coverity CID 78836	miod	2	-12/+16
	ok beck@
2015-07-15	Unchecked allocations, and make sure we do not leak upon error. Fixes	miod	2	-42/+72
	Coverity CID 21739 and more. ok bcook@
2015-07-15	Avoid leaking objects upon error; tweaks & ok doug@	miod	2	-36/+36

2015-07-15	Do not allow TS_check_signer_name() with signer == NULL from	miod	2	-2/+8
	int_TS_RESP_verify_token(). Coverity CID 21710. Looking further, int_TS_RESP_verify_token() will only initialize signer to something non-NULL if TS_VFY_SIGNATURE is set in ctx->flags. But guess what? TS_REQ_to_TS_VERIFY_CTX() in ts/ts_verify_ctx.c, which is the TS_VERIFY_CTX constructor, explicitely clears this bit, with: ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME \| TS_VFY_SIGNATURE); followed by more conditional flag clears. Of course, nothing prevents the user to fiddle with ctx->flags afterwards. This is exactly what ts.c in usr.bin/openssl does. This is gross, mistakes will happen. ok beck@
2015-07-15	Previous fix for Coverity CID 21785 did not cope correctly with seed_len != 0,	miod	2	-2/+6
	seed_in == NULL case. Since this situation is an error anyway, bail out early. with and ok beck@
2015-07-15	Add OPTION_ARG_LONG for handling of options with a long type.	jsing	2	-3/+16
	ok doug@
2015-07-15	Make 'openssl pkeyutl -verify' return exit code 0 on success.	bcook	1	-4/+5
	Previously, it returned '1' regardless of whether is succeeded or failed. This is now fixed in the OpenSSL master branch as well. Thanks to Kinichiro Inoguchi for pointing it out. ok @deraadt
2015-07-14	Partially convert ssl3_get_message to CBS.	doug	2	-12/+30
	Unlike the other conversions, this only partially converts the function for now. This is the second to last function which still uses the n2l3 macro. That macro is deprecated since we're using CBS. ok miod@ jsing@
2015-07-14	Convert dtls1_get_hello_verify to CBS.	doug	2	-34/+46
	ok miod@ jsing@
2015-07-14	Convert ssl3_get_cipher_by_char to CBS.	doug	2	-4/+16
	ok miod@ jsing@
2015-07-14	Convert ssl3_get_client_certificate to CBS.	doug	2	-30/+38
	ok miod@ jsing@
2015-07-14	Convert ssl3_get_finished to CBS.	doug	2	-12/+18
	ok miod@ jsing@
2015-07-14	Convert ssl_parse_clienthello_use_srtp_ext to CBS.	doug	4	-84/+50
	ok miod@ jsing@
2015-07-14	Convert ssl3_get_cert_status to CBS.	doug	2	-34/+52
	ok miod@ jsing@
2015-07-14	Convert ssl3_get_server_certificate to CBS.	doug	2	-34/+36
	ok miod@
2015-07-13	Unhook tls_ext_alpn test until the code passes it.	doug	1	-2/+5

2015-07-12	Convert openssl(1) dh to the new option handling.	doug	1	-98/+111
	ok jsing@
2015-07-12	Convert openssl(1) dsa to the new option handling.	doug	1	-154/+208
	ok jsing@
2015-07-12	Convert openssl(1) ec to the new option handling.	doug	1	-170/+247
	ok jsing@
2015-07-12	Convert gendh.c to the new option handling.	doug	1	-54/+79
	ok jsing@
2015-07-12	Convert openssl(1) dsaparam to the new option handling.	doug	1	-154/+123
	This also removes support for -timebomb related code which was only enabled for GENCB_TEST. ok jsing@
2015-07-12	Convert openssl(1) crl2pkcs7 to the new option handling.	doug	1	-95/+110
	input + ok jsing@
2015-07-11	Convert openssl(1) dhparam to new option handling.	jsing	1	-121/+160
	ok doug@
2015-07-09	Add tests for parsing TLS extension ALPN (RFC 7301).	doug	2	-2/+446
	The current libssl code does not pass these tests yet.
2015-07-08	switch "openssl dhparam" default from 512 to 2048 bits, ok jsing@	sthen	2	-6/+6

2015-07-07	add setlocale test	semarie	1	-1/+3

2015-07-07	add regress test for setlocale(3) and some related	semarie	2	-0/+140
	functions (MB_CUR_MAX, isalpha() for ctype. some tips from stsp@
2015-07-03	Repair algorithm name array after 1.6.	miod	1	-4/+4

2015-07-01	specify the array initializer valuelibressl-v2.2.1	bcook	1	-2/+2
	noted by kinichiro from github
2015-06-29	fix the build on arm after the recent addition of -Wundef	jsg	2	-4/+4
	ok doug@ deraadt@
2015-06-28	Convert ssl_bytes_to_cipher_list to CBS.	doug	6	-23/+59
	Link in the new 'unit' regress and expand the invalid tests to include some that would fail before the CBS conversion. input + ok miod@ jsing@
2015-06-27	Add unit tests for LibreSSL.	doug	3	-0/+256
	cipher_list.c is based on code from jsing@. Discussed with jsing@
2015-06-27	Fix pointer to unsigned long conversion.	doug	4	-10/+14
	bcook@ notes that this check really only impacted 64-bit Windows. Also, changed the check to be unsigned for consistency. ok bcook@
2015-06-24	Put BUF_memdup() and BUF_reverse() under #ifndef LIBRESSL_INTERNAL.	jsing	2	-6/+4

2015-06-24	Stop using BUF_memdup() within the LibreSSL code base - it is correctly	jsing	4	-12/+14
	spelt malloc+memcpy, which is what is used in all except two places. ok deraadt@ doug@
2015-06-23	Change CBS_dup() to also sync the offset.	doug	3	-3/+41
	Previously, CBS_dup() had its own offset. However, it is more consistent to copy everything. ok miod@ jsing@
2015-06-23	Convert bytestringtest to individual checks and don't short circuit.	doug	1	-321/+337
	The statements were chained together with OR which makes it more annoying to debug. Also, it was short circuiting all tests as soon as one function failed. Since the functions are independent, they should each run until error. Discussed with miod@ and jsing@
2015-06-23	Remove unnecessary regress target.	doug	1	-7/+2

2015-06-21	Check for failure with CBB_init() in bs_ber.c.	doug	2	-4/+6
	From BoringSSL commit 3fa65f0f05f67615d9daf48940e07f84d094ac6e.