openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2018-02-08	Update regress to use tlsext_serverhello_parse().	jsing	1	-5/+3

2018-02-08	Complete the TLS extension rewrite on the client-side.	jsing	4	-156/+93
	The RI logic gets pulled up into ssl3_get_server_hello() and ssl_parse_serverhello_tlsext() gets replaced by tlsext_client_parse(), which allows a CBS to be passed all the way down. This also deduplicates the tlsext_client_build() and tlsext_server_build() code. ok beck@
2018-02-08	Convert option handling for openssl(1) genpkey.	jsing	1	-110/+177
	ok beck@ inoguchi@
2018-02-08	Update regress to match change to tls_keypair_pubkey_hash().	jsing	1	-3/+4

2018-02-08	Have tls_keypair_pubkey_hash() call tls_keypair_load_cert() instead of	jsing	3	-14/+11
	rolling its own certificate loading. This also means we get better error reporting on failure.
2018-02-08	Add a regress test that covers libtls keypairs.	jsing	3	-1/+248

2018-02-08	Tweak compiler flags to include -DLIBRESSL_INTERNAL and make more warnings	jsing	1	-2/+2
	fatal.
2018-02-08	Ensure that tls_keypair_clear() clears the OCSP staple and pubkey hash.	jsing	1	-6/+5

2018-02-08	Do not bother NULLing pointers in a struct that is about to be freed.	jsing	1	-10/+1

2018-02-08	Move tls_keypair_pubkey_hash() to the keypair file.	jsing	3	-43/+43

2018-02-08	Avoid a memory leak that results when the same tls_config is reused.	jsing	1	-1/+4
	Reported by and fix from Nate Bessette <openbsd at nate dot sh> - thanks.
2018-02-08	Assert tedu's copyright since some of the code moved here is his.	jsing	1	-1/+2

2018-02-08	Split keypair handling out into its own file - it had already appeared	jsing	6	-166/+215
	in multiple locations. ok beck@
2018-02-07	use consistent style for for loop in unmap(), no functional change	otto	1	-4/+2

2018-02-07	Restore a check before BN_free() that needs to exist and write it such that	jsing	1	-2/+3
	the intent is more obvious.
2018-02-07	Nuke some more free NULL guards.	jsing	1	-9/+5

2018-02-07	Indent labels with a single space so that diff prototypes are more useful.	jsing	45	-190/+190

2018-02-07	Add more free functions for NULL checks.	jsing	1	-16/+67

2018-02-07	Remove guards around *_free() calls since these functions handle NULL.	jsing	18	-114/+67

2018-02-07	Remove guards around *_free() calls since these functions handle NULL.	jsing	1	-27/+15

2018-02-07	Add more functions (based on those used in OpenSSH) to the free NULL test.	jsing	1	-1/+19

2018-02-07	Restore the old behavior when a port number without a host name is	bluhm	1	-10/+12
	passed to BIO_get_accept_socket(). This is part of the API and it fixes "openssl ocsp -port 12345" in server mode. from markus@; OK jsing@ beck@
2018-02-06	Do not call freeaddrinfo() with a NULL parameter.	bluhm	1	-2/+3
	OK jsing@
2018-02-06	Remove manual shutdown and close of the socket since in this case	tb	1	-7/+1
	SSL_free will do this a second time. ok jsing
2018-02-06	Respect the OPENSSL make variable everywhere so that	tb	7	-20/+22
	make OPENSSL=/usr/src/usr.bin/openssl/obj/openssl actually does the expected thing instead of running a mixture of both the openssl below /usr/obj and the one below /usr/bin. Found the hard way via backtraces that made no sense whatsoever. ok jsing
2018-02-05	Do not bother NULLing pointers in memory that is freed immediately after.	jsing	1	-3/+1

2018-02-05	Be consistent with the goto label names used in libtls code.	jsing	4	-51/+52
	No change to generated assembly.
2018-01-30	keep in sync with ld.so malloc.c	otto	1	-2/+3

2018-01-30	word fix; from edgar pettijohn	jmc	1	-3/+3

2018-01-28	typo	otto	1	-2/+2

2018-01-28	add malloc_threaderr	otto	1	-1/+2

2018-01-28	- An error in the multithreaded case could print the wrong function name	otto	1	-12/+23
	- Start with a full page of struct region_info's - Save an mprotect in the init code: allocate 3 pages with none and make the middle page r/w instead of a r/w allocation and two calls to make the guard pages none
2018-01-28	Test for correct error when on thread allocates, and another does a double free	otto	2	-0/+71

2018-01-28	Initialize variables to avoid compiler warnings	inoguchi	3	-6/+6
	ok jsing@
2018-01-27	Update regress to match removal of ssl_parse_clienthello_tlsext().	jsing	1	-5/+8

2018-01-27	Complete the TLS extension handling rewrite for the server-side.	jsing	5	-98/+86
	This removes ssl_parse_clienthello_tlsext() and allows the CBS to be passed all the way through from ssl3_get_client_hello(). The renegotation check gets pulled up into ssl3_get_client_hello() which is where other such checks exist. The TLS extension parsing now also ensures that we do not get duplicates of any known extensions (the old pre-rewrite code only did this for some extensions). ok inoguchi@
2018-01-27	Clarify the comment re the F5 EC curves extension bug.	jsing	1	-5/+6
	Also reference the knowledge base article instead of a discussion thread.
2018-01-27	Convert ssl3_put_cipher_by_char() to CBB.	jsing	1	-9/+26
	While here make the CBS usage in ssl3_get_cipher_by_char() more consistent with other code. ok inoguchi@
2018-01-26	- do not junk pages returned by free_bytes(), all freed chunks are already	otto	1	-19/+19
	junked - freezero(): only clear requested size
2018-01-24	Make the NEON codepaths conditional on __STRICT_ALIGNMENT not being	kettenis	3	-5/+5
	defined as they rely on unaligned access. ok joel@
2018-01-18	Zap the rotor, it was a wrong idea. Cluebat applied by kshe who	otto	1	-6/+3
	came also up with this diff. Simple, no bias and benchmarks show the extra random calls disappear in te measurement noise.
2018-01-18	Move to ffs(3) for bitmask scanning. I played with this earlier,	otto	1	-21/+11
	but at that time ffs function calls were generated instead of the compiler inlining the code. Now that ffs is marked protected in libc this is handled better. Thanks to kshe who prompted me to look at this again.
2018-01-18	Instead of trying to handle ffs() with the normal rename-mark-hidden-and-alias	guenther	2	-4/+6
	dance, mark it protected. This works better for both gcc and clang: gcc blocks overriding of internal calls, while clang permits inlining again. ok otto@
2018-01-15	Add s_server and s_client -tlsextdebug messages	inoguchi	1	-1/+9
	ok sthen@ jsing@
2018-01-12	Adjust references for sysctl(3) to sysctl(2)	deraadt	1	-4/+4

2018-01-08	optimization and some cleanup; mostly from kshe (except the unmap() part)	otto	1	-67/+51

2018-01-07	On OpenBSD/armv7 we deliberately trap unaligned access. Unfortunately	kettenis	5	-12/+16
	the assembly code in libcrypto assumes unaligned access is allowed for ARMv7. Make these paths conditional on __STRICT_ALIGNMENT not being defined and define __STRICT_ALIGNMENT in arm_arch.h for OpenBSD. ok tom@
2018-01-07	Remove unused extern variable in openssl(1) s_time	inoguchi	1	-2/+1
	This extern variable appears not to be used. And it is overridden by local variable in doConnection(). This causes MSVC warning C4459 "declaration of 'verify_error' hides global declaration". OK millert@
2018-01-01	Only init chunk_info once, plus some moving of code to group related functions.	otto	1	-273/+267

2017-12-28	Initialise new_cipher in the serverhello TLS extensions test, to avoid a	jsing	1	-3/+14
	NULL pointer dereference in ssl_using_ecc_cipher(). Some compilers avoid triggering this, likely due to the EC formats list also being NULL. While here, setup the EC formats list so that we actually include the EC points format extension in the server hello extensions. Found the hard way by bcook@