| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Bump for LibreSSL 2.4.5libressl-v2.4.5 | bcook | 2017-01-07 | 1 | -3/+3 |
| * | MFC: Avoid a side-channel cache-timing attack that can leak the ECDSA | jsing | 2017-01-05 | 1 | -1/+3 |
| * | MFC: In ssl3_read_bytes(), do not process more than three consecutive TLSlibressl-v2.4.4 | jsing | 2016-11-03 | 1 | -4/+24 |
| * | Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate() | bcook | 2016-10-03 | 1 | -5/+11 |
| * | Detect zero-length encrypted session data early, instead of when malloc(0) | bcook | 2016-10-03 | 1 | -2/+2 |
| * | Check for packet with truncated DTLS cookie. | bcook | 2016-10-03 | 1 | -12/+17 |
| * | Improve ticket validity checking when tlsext_ticket_key_cb() callback | bcook | 2016-10-03 | 1 | -4/+25 |
| * | In X509_cmp_time(), pass asn1_time_parse() the tag of the field being | bcook | 2016-10-03 | 1 | -2/+3 |
| * | bump to 2.4.4 | bcook | 2016-10-02 | 1 | -3/+3 |
| * | MFC: Avoid falling back to a weak digest for (EC)DH when using SNI withlibressl-v2.4.3 | jsing | 2016-09-22 | 1 | -3/+10 |
| * | MFC: Avoid unbounded memory growth in libssl, which can be triggered by a | jsing | 2016-09-22 | 1 | -9/+20 |
| * | bump version for 2.4.3 | bcook | 2016-09-22 | 1 | -3/+3 |
| * | back out calls to EVP_CIPHER_CTX_cleanup() in EVP_Encrypt/DecryptFinal | bcook | 2016-09-22 | 1 | -3/+1 |
| * | This commit was manufactured by cvs2git to create branch 'OPENBSD_6_0'.libressl-v2.4.2 | cvs2svn | 2016-07-23 | 1187 | -380610/+0 |
| * | don't mix code and decls, ok tedu@ | bcook | 2016-07-18 | 2 | -4/+6 |
| * | use memset to initialize the union | bcook | 2016-07-17 | 2 | -4/+8 |
| * | remove unused OPENSSL_NO_OBJECT case | bcook | 2016-07-17 | 2 | -28/+2 |
| * | Initialize buffers before use, noted by Kinichiro Inoguchi. | bcook | 2016-07-17 | 2 | -14/+14 |
| * | Clean up OCSP_check_validity() a bit more. | beck | 2016-07-16 | 2 | -22/+20 |
| * | Limit the support of the "backward compatible" ssl2 handshake to only be | beck | 2016-07-16 | 2 | -2/+18 |
| * | Split the existing TLS cipher suite groups into four: | jsing | 2016-07-13 | 3 | -11/+22 |
| * | zero the read buffer after copying data to user so it doesn't linger. | tedu | 2016-07-10 | 2 | -2/+4 |
| * | Revert previous - it introduces problems with a common privsep use case. | jsing | 2016-07-07 | 3 | -72/+35 |
| * | call BN_init on temporaries to avoid use-before-set warnings | bcook | 2016-07-07 | 6 | -6/+28 |
| * | J/j is a three valued option, document and fix code to actuall support that | otto | 2016-07-06 | 1 | -3/+5 |
| * | Check that the given ciphers string is syntactically valid and results in | jsing | 2016-07-06 | 1 | -1/+17 |
| * | Always load CA, key and certificate files at the time the configuration | jsing | 2016-07-06 | 3 | -35/+72 |
| * | Correctly handle an EOF that occurs prior to the TLS handshake completing. | jsing | 2016-07-06 | 1 | -3/+6 |
| * | remove unneeded duplicate call - spotted by jsing@ | beck | 2016-07-05 | 2 | -6/+2 |
| * | On systems where we do not have BN_ULLONG defined (most 64-bit systems), | bcook | 2016-07-05 | 7 | -22/+87 |
| * | Add several fixes from OpenSSL to make OCSP work with intermediate | beck | 2016-07-05 | 2 | -20/+48 |
| * | Tighten behavior of _rs_allocate failure for portable arc4random implementati... | bcook | 2016-06-30 | 14 | -14/+28 |
| * | Tighten behavior of _rs_allocate on Windows. | bcook | 2016-06-30 | 2 | -8/+14 |
| * | bump to 2.4.2 | bcook | 2016-06-30 | 2 | -6/+6 |
| * | adapt S option: add C, rm F (not relevant with 0 cache and disables | otto | 2016-06-30 | 1 | -3/+3 |
| * | Remove flags for disabling constant-time operations. | bcook | 2016-06-30 | 16 | -354/+174 |
| * | Back out previous; otto saw a potential race that could lead to a | tb | 2016-06-28 | 1 | -32/+23 |
| * | defer munmap to after unlocking malloc. this can (unfortunately) be an | tedu | 2016-06-27 | 1 | -23/+32 |
| * | increase the minimum for auto rounds to 6. that was the previous low bound | tedu | 2016-06-26 | 1 | -2/+2 |
| * | Fix from kinichiro.inoguchi@gmail.com to ensure that OCSP uses | beck | 2016-06-25 | 2 | -4/+4 |
| * | Fix the ocsp code to actually check for errors when comparing time values | beck | 2016-06-25 | 2 | -14/+62 |
| * | Disable DSA_FLAG_NO_EXP_CONSTTIME, always enable constant-time behavior. | bcook | 2016-06-21 | 6 | -176/+92 |
| * | Set BN_FLG_CONSTTIME on the correct variable. beck committed wrong fix.libressl-v2.4.1 | tedu | 2016-06-06 | 2 | -4/+4 |
| * | Correct a problem that prevents the DSA signing algorithm from running | beck | 2016-06-06 | 2 | -8/+12 |
| * | LibreSSL 2.4.1 | bcook | 2016-06-06 | 2 | -6/+6 |
| * | Fix typo; the period should be outside the parens. From Michael McConville | millert | 2016-06-02 | 1 | -3/+3 |
| * | deprecate internal use of EVP_[Cipher|Encrypt|Decrypt]_Final. | beck | 2016-05-30 | 8 | -24/+40 |
| * | The icdb magic number doesn't need to be visible to static links | guenther | 2016-05-30 | 1 | -2/+2 |
| * | Remove dead support for changing BDB hash algorithm and cache of alternatives | guenther | 2016-05-29 | 1 | -5/+4 |
| * | Prefer AF_* over PF_* and 'address family' over 'protocol family' | guenther | 2016-05-29 | 1 | -9/+9 |
