| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | Append to CLEANFILES instead of replacing it, so libcrypto.pc is | natano | 2016-09-23 | 1 | -2/+2 | |
| | | | | | | | deleted on make clean. ok millert | |||||
| * | Improve on code from the previous commit. | jsing | 2016-09-22 | 1 | -7/+5 | |
| | | | | | ok bcook@ | |||||
| * | Avoid unbounded memory growth, which can be triggered by a client | jsing | 2016-09-22 | 1 | -9/+20 | |
| | | | | | | | repeatedly renegotiating and sending OCSP Status Request TLS extensions. Fix based on OpenSSL. | |||||
| * | Check for packet with truncated DTLS cookie. | guenther | 2016-09-22 | 1 | -12/+17 | |
| | | | | | | | | | | | | Flip pointer comparison logic to avoid beyond-end-of-buffer pointers to make it less likely a compiler will decide to screw you. Based on parts of openssl commits 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 and 89c2720298f875ac80777da2da88a64859775898 ok jsing@ | |||||
| * | Improve ticket validity checking when tlsext_ticket_key_cb() callback | guenther | 2016-09-22 | 1 | -4/+25 | |
| | | | | | | | | | | | | chooses a different HMAC algorithm. Avert memory leaks if the callback preps the HMAC in some way. Based on openssl commit 1bbe48ab149893a78bf99c8eb8895c928900a16f but retaining a pre-callback length check to guarantee the callback is provided the buffer that the API claims. ok bcook@ jsing@ | |||||
| * | revert documentation update for the clearning behavior we already reverted | bcook | 2016-09-22 | 1 | -5/+1 | |
| | | ||||||
| * | Delete casts to off_t and size_t that are implied by assignments | guenther | 2016-09-21 | 6 | -20/+19 | |
| | | | | | | | | or prototypes. Ditto for some of the char* and void* casts too. verified no change to instructions on ILP32 (i386) and LP64 (amd64) ok natano@ abluhm@ deraadt@ millert@ | |||||
| * | Avoid selecting weak digests for (EC)DH when using SNI. | bcook | 2016-09-20 | 1 | -3/+12 | |
| | | | | | | | | | | | | from OpenSSL: SSL_set_SSL_CTX is normally called for SNI after ClientHello has received and the digest to use for each certificate has been decided. The original ssl->cert contains the negotiated digests and is now copied to the new ssl->cert. noted by David Benjamin and Kinichiro Inoguchi | |||||
| * | Update ld search path for libssl/libcrypto, fixes cross-build after source ↵ | bcook | 2016-09-19 | 2 | -6/+6 | |
| | | | | | | | moved. from Patrick Wildt | |||||
| * | move page junking tp unmap(), right before we stick the region in the cache; | otto | 2016-09-18 | 1 | -6/+6 | |
| | | | | | ok tedu@ | |||||
| * | Set callbacks on the right tls ctx on accept. | bcook | 2016-09-14 | 1 | -2/+2 | |
| | | | | | From Tobias Pape | |||||
| * | Handle the FLUSH BIO cntl, that happens at the end of SSL handshakes. | bcook | 2016-09-14 | 1 | -1/+2 | |
| | | | | | from Tobias Pape | |||||
| * | Allow callback read/write functions to set TLS_WANT_POLLOUT/POLLIN. | bcook | 2016-09-14 | 1 | -3/+21 | |
| | | | | | from Tobias Pape | |||||
| * | Generate pkg-config files at build time like everything else. This | natano | 2016-09-14 | 2 | -4/+6 | |
| | | | | | | | | avoids permission problems due to the build and install stages being run by different users. ok deraadt jasper | |||||
| * | add a little more typing to the first callback argument. | tedu | 2016-09-13 | 2 | -7/+7 | |
| | | | | | it's always a tls context. | |||||
| * | Files in /etc/ssl belong to root. ok deraadt | natano | 2016-09-11 | 1 | -4/+4 | |
| | | ||||||
| * | missing space after comma | tb | 2016-09-09 | 1 | -2/+2 | |
| | | | | | | | (this was apparently lost during the repo surgery) ok bcook | |||||
| * | back out calls to EVP_CIPHER_CTX_cleanup() in EVP_Cipher/Encrypt/DecryptFinal | bcook | 2016-09-09 | 1 | -4/+1 | |
| | | | | | | Software that refers to ctx after calling Final breaks with these changes. revert parts of 1.31 and 1.32 | |||||
| * | remove CMS manuals; beck@ agress with the general idea | schwarze | 2016-09-05 | 23 | -2347/+1 | |
| | | ||||||
| * | fix Dt; | jmc | 2016-09-04 | 1 | -2/+2 | |
| | | ||||||
| * | Remove cms. | jsing | 2016-09-04 | 1 | -8/+1 | |
| | | ||||||
| * | Remove cms. | jsing | 2016-09-04 | 15 | -7541/+0 | |
| | | | | | ok beck@, guenther@, tedu@ | |||||
| * | Expand DECLARE_ASN1_.*FUNCTIONS macros. | jsing | 2016-09-04 | 5 | -69/+293 | |
| | | | | | No change in preprocessed output, ignoring whitespace and line numbers. | |||||
| * | Expand DECLARE_ASN1_.*FUNCTIONS macros. | jsing | 2016-09-04 | 2 | -7/+27 | |
| | | | | | No change in preprocessed output, ignoring whitespace and line numbers. | |||||
| * | Set errno more consistently, and fix a warning, ok tedu | nicm | 2016-09-04 | 1 | -21/+29 | |
| | | ||||||
| * | Expand DECLARE_ASN1_.*FUNCTIONS macros. | jsing | 2016-09-04 | 1 | -33/+133 | |
| | | | | | No change in preprocessed output, ignoring whitespace. | |||||
| * | minor tweaks; | jmc | 2016-09-04 | 1 | -7/+7 | |
| | | ||||||
| * | rm | tedu | 2016-09-04 | 1 | -68/+0 | |
| | | ||||||
| * | oops, name file after main function | tedu | 2016-09-04 | 1 | -0/+68 | |
| | | ||||||
| * | it doesn't say anything yet, but start adding a man page | tedu | 2016-09-04 | 1 | -0/+68 | |
| | | ||||||
| * | Place IMPLEMENT_PEM macros under #ifndef LIBRESSL_INTERNAL. | jsing | 2016-09-04 | 1 | -2/+4 | |
| | | ||||||
| * | Sort and group functions. | jsing | 2016-09-04 | 5 | -250/+226 | |
| | | ||||||
| * | Expand IMPLEMENT_PEM macros. | jsing | 2016-09-04 | 1 | -2/+29 | |
| | | | | | No change in generated assembly. | |||||
| * | Expand IMPLEMENT_PEM macros. | jsing | 2016-09-04 | 4 | -30/+545 | |
| | | | | | No change in generated assembly. | |||||
| * | Make the key sizes and offsets arrays const, ok tedu | nicm | 2016-09-04 | 1 | -2/+2 | |
| | | ||||||
| * | Less S390. | jsing | 2016-09-04 | 12 | -4596/+2 | |
| | | | | | ok deraadt@ | |||||
| * | Bump TLS_API for addition of callbacks. | jsing | 2016-09-04 | 1 | -2/+2 | |
| | | ||||||
| * | Less IA64. | jsing | 2016-09-04 | 10 | -6846/+1 | |
| | | | | | ok deraadt@ | |||||
| * | Less vax. | jsing | 2016-09-04 | 4 | -617/+1 | |
| | | | | | ok deraadt@ | |||||
| * | Maintain consistency with function naming. | jsing | 2016-09-04 | 2 | -8/+8 | |
| | | ||||||
| * | Sort headers and use the installed tls.h, rather than the local one. | jsing | 2016-09-04 | 1 | -5/+5 | |
| | | ||||||
| * | $OpenBSD$ tag | jsing | 2016-09-04 | 1 | -1/+1 | |
| | | ||||||
| * | New sentence, new line. Also wrap at 80 chars. | jsing | 2016-09-04 | 1 | -3/+7 | |
| | | ||||||
| * | include <sys/types.h> to get <sys/cdefs.h> instead (for __warn_references) | bcook | 2016-09-04 | 1 | -2/+2 | |
| | | | | | corrected by deraadt@ / guenther@ | |||||
| * | Add callback-based interface to libtls. | bcook | 2016-09-04 | 10 | -37/+371 | |
| | | | | | | | | This allows working with buffers and callback functions instead of directly on sockets or file descriptors. Original patch from Tobias Pape <tobias_at_netshed.de>. ok beck@ | |||||
| * | include <sys/cdefs.h> for portable | bcook | 2016-09-04 | 1 | -1/+3 | |
| | | ||||||
| * | State that libtls functions apply to both clients and servers, unless | jsing | 2016-09-04 | 1 | -47/+16 | |
| | | | | | | | | | | | noted otherwise. Remove all of the now redundant "client and server" notations and change the client and server notations to "client only" and "server only". With input from jmc@. ok beck@ jmc@ | |||||
| * | Add ISRG Root X1, the letsencrypt CA root. This is now included in its own | sthen | 2016-09-04 | 1 | -1/+55 | |
| | | | | | | right in Mozilla's CA list, rather than relying on IdenTrust cross-signing. ok beck@ jca@ | |||||
| * | only regen pkg-config files when required; ok jasper | natano | 2016-09-04 | 2 | -8/+10 | |
| | | ||||||
| * | switch to a constant-time gather procedure for amd64 mont5 asm | bcook | 2016-09-03 | 1 | -199/+314 | |
| | | | | | | | | from OpenSSL commit 7f98aa7403a1244cf17d1aa489f5bb0f39bae431 CVE-2016-0702 ok beck@ | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |