openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2017-01-29	Marko Kreen contributed significantly to the ocsp stuff for libtls	beck	1	-2/+3

2017-01-29	Move the ocsp staple to being part of the keypair structure internally,	beck	3	-14/+32
	so that it does not send back bogus staples when SNI is in use. (Further change is required to be able to use staples on all keypairs and not just the main one) ok jsing@
2017-01-29	Send the function codes from the error functions to the bit bucket,	beck	275	-3892/+2400
	as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
2017-01-29	Put comment back in the right place.	jsing	1	-9/+9

2017-01-29	Avoid clearing the mac_packet flag in the wrong place.	jsing	1	-2/+1
	In many cases we got away with this, however if a server sends multiple handshake messages in the same record only the first message would be added to the MAC. Should fix breakage reported by various people.
2017-01-28	add HISTORY and AUTHORS	schwarze	12	-24/+256

2017-01-27	Fix Copyright notices; ok beck@ jsing@ tedu@	schwarze	11	-28/+43

2017-01-27	More s/OSCP/OCSP/ typos	tom	2	-2/+2
	ok jmc@
2017-01-26	oscp -> ocsp;	jmc	3	-7/+7
	from holger mikolon, plus one more in nc;
2017-01-26	fix Dt;	jmc	1	-3/+3

2017-01-26	Use a flag to track when we need to call SSL_shutdown(). This avoids an	jsing	4	-5/+11
	issue where by calling tls_close() on a TLS context that has not attempted a handshake, results in an unexpected failure. Reported by Vinay Sajip. ok beck@
2017-01-26	Bump TLS_API due to new features being added earlier this week.	jsing	1	-2/+2

2017-01-26	Bump libtls minor due to symbol additions earlier this week.	jsing	1	-1/+1

2017-01-26	knf	beck	1	-6/+11

2017-01-26	Convert ssl3_get_client_hello() to CBS.	jsing	1	-76/+71
	ok beck@
2017-01-26	Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly	beck	18	-653/+335
	line wraps that resulted
2017-01-26	Hide SSLerr() under #ifndef LIBRESSL_INTERNAL since we shouldn't be	beck	1	-2/+4
	using it anymore ok jsing@
2017-01-26	Send the error function codes to rot in the depths of hell where they belong	beck	24	-798/+572
	We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
2017-01-26	Merge the single two line function from ssl_err2.c into ssl_err.c.	jsing	3	-76/+12
	ok beck@
2017-01-26	english is hard.	beck	1	-2/+2

2017-01-26	Limit the number of sequential empty records that we will process	beck	4	-7/+30
	before yielding, and fail if we exceed a maximum. loosely based on what boring and openssl are doing ok jsing@
2017-01-26	Refactor the code to generate a WANT_READ into a function, as we are	beck	1	-18/+20
	using it more and more to avoid spins. ok jsing@
2017-01-26	Remove most of SSL3_ENC_METHOD - we can just inline the function calls	jsing	11	-135/+63
	and defines since they are the same everywhere. ok beck@
2017-01-26	Move relatively new version range code from ssl_lib.c into a separate	jsing	3	-158/+175
	ssl_versions.c file. ok beck@
2017-01-26	Rename s3_{both,clnt,pkt_srvr}.c to have an ssl_ prefix since they are no	jsing	5	-6/+6
	longer SSLv3 code. ok beck@
2017-01-26	Merge the client/server version negotiation into the existing (currently	jsing	16	-1229/+395
	fixed version) client/server code. ok beck@
2017-01-26	Document ERR_load_BN_strings(3).	schwarze	1	-11/+47
	jsing@ confirmed that this function is public and worth documenting. This page needs much more work, it is outrageously incomplete and unclear. For example, it remains unexplained what error strings are, what "registering" means and what the benefit for the application is, what happens if it is not done, or what happens if an error occurs after calling ERR_free_strings(3). I tried to read the code, but it is so contorted that i postponed that work. For example, it looks like there are hooks for applications to replace the functions used for registering strings by other, application-supplied functions, and, of course, there are many levels of macro and function wrappers. For now, i only documented the most obvious BUGS.
2017-01-26	Use numeric exit codes consistently rather than a mix	beck	1	-11/+11
	ok jsing@
2017-01-26	style	beck	1	-1/+1

2017-01-26	Fix the structure initialzation to compile. bad inioguchi and millert :)	beck	1	-1/+1
	ok jsing@ rpe@
2017-01-26	Remove ssl3_undef_enc_method - if we have internal bugs we want to segfault	jsing	5	-36/+8
	so that we can debug it, rather than adding a "should not be called" error to the stack. Discussed with beck@
2017-01-26	Remove a sess_cert reference from a comment in the public header.	jsing	1	-5/+2
	Noted by zhuk@
2017-01-25	split the tls_init(3) that had grown fat to allow healthy future growth;	schwarze	15	-888/+1474
	suggested by jsing@; "i would just chuck it in" jmc@
2017-01-25	Fix array initialization syntax for ocspcheck.c	inoguchi	1	-1/+1
	Conformance to C99, and avoiding build break on VisualStudio and HP-UX. OK millert@
2017-01-25	document BN_asc2bn(3);	schwarze	1	-3/+27
	jsing@ confirmed that it is a public function worth documenting
2017-01-25	remove __BEGIN_DECLS and __END_DECLS from http.h	inoguchi	1	-5/+1
	sync with ocspcheck and acme-client ok benno@
2017-01-25	bring changes from acme-client over here.	benno	1	-56/+54
	ok beck@
2017-01-25	Update ssl versions regress to handle min/max configured versions and	jsing	1	-47/+201
	the cover the ssl_supported_version_range() function.
2017-01-25	Limit enabled version range by the versions configured on the SSL_CTX/SSL,	jsing	3	-23/+84
	provide an ssl_supported_versions_range() function which also limits the versions to those supported by the current method. ok beck@
2017-01-25	Add start of a regress for cert gen and validation. not clean, won't	beck	5	-0/+394
	hook it up yet
2017-01-25	link in rsa test	beck	1	-1/+2

2017-01-25	Add rsa test from openssl, since it has a license now	beck	2	-0/+344

2017-01-25	Change the SSL_IS_DTLS() macro to check the version, rather than using a	jsing	2	-7/+4
	flag in the encryption methods. We can do this since there is currently only one DTLS version. This makes upcoming changes easier. ok beck@
2017-01-25	Construct a BN_gcd_nonct, based on BN_mod_inverse_no_branch, as suggested	beck	6	-10/+170
	by Alejandro Cabrera <aldaya@gmail.com> to avoid the possibility of a sidechannel timing attack during RSA private key generation. Modify BN_gcd to become not visible under LIBRESSL_INTERNAL and force the use of the _ct or _nonct versions of the function only within the library. ok jsing@
2017-01-25	Provide ssl3_packet_read() and ssl3_packet_extend() functions that improve	jsing	3	-35/+59
	the awkward API provided by ssl3_read_n(). Call these when we need to read or extend a packet. ok beck@
2017-01-25	Provide defines for SSL_CTRL_SET_CURVES/SSL_CTRL_SET_CURVES_LIST for things	jsing	1	-1/+15
	that are conditioning on these. From BoringSSL. ok beck@
2017-01-24	fix make clean and warnings	otto	2	-1/+3

2017-01-24	make sure realloc preserves data	otto	1	-17/+45

2017-01-24	use ${.OBJDIR}	otto	1	-8/+8

2017-01-24	BUF_MEM_free(), X509_STORE_free() and X509_VERIFY_PARAM_free() all check	jsing	2	-18/+10
	for NULL, as does lh_free() - do not do the same from the caller.