openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2018-11-11	Add support for RSA PSS algorithims being used in sigalgs.	beck	2	-2/+29
	lightly tested, but will need sanity checks and regress test changes before being added to any sigalgs list for real ok jsing@ tb@
2018-11-11	Convert signatures and verifcation to use the EVP_DigestXXX api	beck	3	-45/+93
	to allow for adding PSS, Nuke the now unneejded guard around the PSS algorithms in the sigalgs table ok jsing@ tb@
2018-11-11	Reorganize libssl interop tests. Move netcat tests into separate	bluhm	9	-148/+197
	directory. Keep all log files for easier debugging. Name regress target names consistently.
2018-11-10	Remove dead code	beck	2	-16/+2
	ok jsing@
2018-11-10	Speling	beck	1	-2/+2

2018-11-10	Regress client and server can do session reuse now. Test this with	bluhm	6	-129/+220
	all combinations of LibreSSL, OpenSSL 1.0.2, and OpenSSL 1.1. It is currently disabled for TLS 1.3 as this needs more setup.
2018-11-10	Tweak and improve the TLSv1.3 state machine.	jsing	1	-24/+46
	- Provide a tls13_handshake_active_action() function to reduce code duplication and replace tls13_handshake_get_sender(). - Add an INVALID message_type, so we can explicitly detect invalid conditions. - Implement skeletons for the tls13_handshake_send_action() and tls13_handshake_recv_action() functions. - OR in the NEGOTIATED value at the end of recving or sending a server hello so that we switch to the next chain in the state table. ok tb@
2018-11-10	Make sure the interop test happen last (since they take a long time)	beck	2	-8/+9

2018-11-10	Clean up and free objects at the completion of the regress test.	jsing	1	-1/+13
	From Ben L <bobsayshilol at live dot co dot uk>.
2018-11-10	fix a leak reported by Ben L (bobsayshilol () live ! co ! uk)	tb	1	-1/+3

2018-11-10	Fix a leak reported by Ben L bobsayshilol () live ! co ! uk.	tb	1	-1/+3

2018-11-10	fix a leak pointed out by Ben L (bobsayshi () live ! co ! uk)	tb	1	-4/+8

2018-11-10	Avoid a double allocation and memory leak.	jsing	1	-4/+2
	Reported by Ben L <bobsayshilol at live dot co dot uk>
2018-11-10	Stop keeping track of sigalgs by guessing it from digest and pkey,	beck	8	-92/+102
	just keep the sigalg around so we can remember what we actually decided to use. ok jsing@
2018-11-10	More regress all the way to exporter_master	beck	1	-4/+44

2018-11-10	Use TLS13_HS_{CLIENT,SERVER} instead of using a redundant _SEND{,S}.	tb	1	-30/+28
	ok jsing
2018-11-10	Fix last of the empty hash nonsense	beck	2	-32/+6
	ok jsing@
2018-11-09	Update key schedule regress to match API changes.	jsing	1	-21/+12

2018-11-09	Fix the TLSv1.3 key schedule implementation.	jsing	2	-66/+95
	When the RFC refers to ("") for key derivation, it is referring to the transcript hash of an empty string, not an empty string. Rename tls13_secrets_new() to tls13_secrets_create(), make it take an EVP_MD * and calculate the hash of an empty string so that we have it available for the "derived" and other steps. Merge tls13_secrets_init() into the same function, remove the EVP_MD * from other functions and use the empty string hash at the appropriate places. ok beck@ tb@
2018-11-09	Use "send" and "recv" consistently instead of mixing them with "read"	tb	1	-98/+108
	and "write". Use self-documenting C99 initializers. ok bcook, jsing
2018-11-09	Initialize priv_key and pub_key on first use instead of at the top.	tb	1	-6/+4
	While there, eliminate a flag that was only used once. ok beck jsing mestre
2018-11-09	Initialize priv_key and pub_key on first use instead of at the top.	tb	1	-4/+4
	ok beck jsing mestre
2018-11-09	The Botan library from ports an be configured to use OpenSSL or	bluhm	2	-1/+22
	LibreSSL as crypto provider. When we run their regression tests, we are actually testing our library. This is far from perfect. A lot of LibreSSL features have not been implemented as Botan provider. Even if provider openssl is specified, botan-test runs a lot of non-openssl tests. This can be improved later.
2018-11-09	Avoid dereferencing eckey before checking it for NULL.	tb	1	-5/+6
	CID 184282 ok beck jsing mestre
2018-11-09	remove the not yet implemented "handshake" subdirectory	tb	1	-2/+1

2018-11-09	Add subdirectires with SUBDIR += instead of a single assignment with	tb	3	-67/+65
	line continuations.
2018-11-09	Remove ethers(5) YP support bits from libc as it makes it difficult to	brynet	2	-70/+8
	effectively use pledge(2) in some programs. approval from many, thanks! idea by & ok deraadt@
2018-11-09	Ensure we free the handshake transcript upon session resumption.	jsing	1	-1/+4
	Found the hard way by jmc@ ok tb@
2018-11-09	The cert subdir is testing all combinations of certificate validation.	bluhm	11	-48/+244
	Having the three libraries, client and server certificates, missing or invalid CA or certificates, and enforcing peer certificate results in 1944 new test cases.
2018-11-09	Ensure we only choose sigalgs from our prefernce list, not the whole list	beck	4	-10/+19
	ok jsing@
2018-11-09	Add the ability to have a separate priority list for sigalgs.	beck	4	-12/+43
	Add a priority list for tls 1.2 ok jsing@
2018-11-09	Correct defines for writer tests in connect/accept loops.	jsing	1	-3/+3
	ok tb@
2018-11-09	Correct function naming for tls13_handshake_advance_state_machine().	jsing	1	-4/+2
	ok tb@
2018-11-09	Avoid leak: free existing SRTP connection profiles before	tb	1	-1/+2
	setting it. From Ben L <bobsayshilol () live ! co ! uk>.
2018-11-09	Avoid leaking memory that was already allocated in ASN1_item_new().	tb	1	-5/+1
	From Ben L <bobsayshilol () live ! co ! uk>
2018-11-09	Fix a buffer overrun in asn1_parse2().	tb	1	-4/+7
	From Ben L bobsayshilol () live ! co ! uk Similar fixes in BoringSSL and OpensSSL.
2018-11-09	In verbose mode netcat reports to stderr when the listen system	bluhm	1	-16/+29
	call has finished. This allows to write race free scripts as they can check that the server is up and running. OK sthen@ tb@
2018-11-09	Add const to the data argument of ASN1_set{,_int}_octetstring().	tb	2	-6/+6
	From Ben L bobsayshilol () live ! co ! uk ok jsing
2018-11-09	Add header guards and hidden declarations.	jsing	2	-2/+19

2018-11-09	Add header guards and hidden declarations.	jsing	1	-1/+10

2018-11-09	Reimplement the sigalgs processing code into a new implementation	beck	9	-253/+340
	that will be usable with TLS 1.3 with less eye bleed. ok jsing@ tb@
2018-11-08	First skeleton of the TLS 1.3 state machine. Based on RFC 8446 and	tb	3	-4/+607
	inspired by s2n's state machine. Lots of help and input from jsing. ok beck, jsing
2018-11-08	KNF	beck	1	-3/+4

2018-11-08	Clean up and simplify the handshake transcript code.	jsing	10	-166/+144
	This provides a cleaner, simpler and more readable API, with code that uses a BUF_MEM instead of a BIO. ok beck@ ("hurry up") and tb@.
2018-11-08	Add missing NULL checks on allocation, style(9) and consistently use	jsing	1	-35/+34
	goto err instead of handrolling.
2018-11-08	Add missing BN_free() calls.	jsing	1	-1/+3
	From Ben L <bobsayshilol at live dot co dot uk>.
2018-11-08	Use ASN1_TYPE_new()/ASN1_TYPE_free() to avoid leaking memory.	jsing	1	-12/+17
	From Ben L <bobsayshilol at live dot co dot uk>.
2018-11-08	Stop pretending that a cert member in a SSL and SSL_CTX can be NULL.	jsing	8	-121/+18
	ok beck@ tb@
2018-11-08	Move #include <openssl/evp.h> to the header.	tb	2	-3/+4
	discussed with beck and jsing
2018-11-08	Ensure the handshake transcript is cleaned up.	jsing	2	-3/+20
	Add a check at the completion of the client/server handshake to ensure that the handshake transcript has been freed. Fix the case where a server asks the client for a certificate, but it does not have one, resulting in the handshake transcript being left around post-handshake. ok bcook@ tb@