| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2015-09-21 | remove vestigial bits of sha-0 and md2 from openssl(1) | bcook | 5 | -23/+17 | |
| Noted by kinichiro on github. We probably need a better way to indicate the list of message digests that are allowed, as the current ones are nowhere near exhaustive (sigh - guenther@) OK guenther@ jmc@ | |||||
| 2015-09-20 | Pack the algorithm numbers, to avoid printing a useless (null) 0 0 0 0 | miod | 1 | -34/+34 | |
| line in the summary. | |||||
| 2015-09-19 | Don't wrap initialized variables: binutils appears to be mishandling them | guenther | 1 | -1/+3 | |
| on arm and m88k problems with optind observed by jsg@ | |||||
| 2015-09-18 | avoid void * pointer arithmetic | bcook | 2 | -4/+4 | |
| ok miod@ | |||||
| 2015-09-18 | Revert bn_print.c:r1.25 ("handle negative-zero in BN_bn2dec() too") for | sthen | 2 | -62/+44 | |
| now, it has a NULL deref. Segfault reported by Mikolaj Kucharski, ok bcook | |||||
| 2015-09-17 | Remove more EVP_sha() SHA-0 references. | bcook | 3 | -6/+5 | |
| 2015-09-17 | Re-add missing comma from SHA-0 removal which breaks mlinks generation. | sthen | 2 | -2/+2 | |
| Worked out by bcook@ | |||||
| 2015-09-17 | include stdint.h for uint64_t | bcook | 2 | -2/+4 | |
| noted by Bernard Spil | |||||
| 2015-09-16 | Zap RANDFILE. | lteo | 2 | -5/+3 | |
| 2015-09-14 | tweak previous; | jmc | 1 | -2/+2 | |
| 2015-09-14 | Provide tls_config_insecure_noverifytime() in order to be able to disable | jsing | 6 | -6/+29 | |
| certificate validity checking. ok beck@ | |||||
| 2015-09-14 | Add support for disabling certificate and CRL validity checking. | jsing | 4 | -22/+30 | |
| Loosely based on changes in OpenSSL. ok beck@ | |||||
| 2015-09-14 | delete bogus trailing .Ns from SYNOPSIS .Ft macros | schwarze | 2 | -12/+12 | |
| 2015-09-14 | fix formatting by adding the required quotes to .Fa in the SYNOPSIS | schwarze | 4 | -22/+22 | |
| 2015-09-14 | Remove useless quoting from .Fo and .Fn function names, to prevent | schwarze | 3 | -10/+10 | |
| development of a cargo cult in case people look at existing files for examples. This achieves a consistent .Fo and .Fn quoting style across the whole tree. | |||||
| 2015-09-14 | some conn_version and conn_cipher bits; | jmc | 2 | -9/+10 | |
| 2015-09-14 | Only two of the *rand48.c files need <math.h>, so just #include it in them | guenther | 3 | -4/+5 | |
| 2015-09-14 | use .Va for global variables, and .Vt where the type is included | schwarze | 1 | -4/+3 | |
| 2015-09-14 | Expose EOF without close-notify via tls_close(). | jsing | 2 | -6/+14 | |
| Make tls_read(3)/tls_write(3) follow read(2)/write(2) like semantics and return 0 on EOF with and without close-notify. However, if we saw an EOF from the underlying file descriptors without getting a close-notify, save this and make it visible when tls_close(3) is called. This keeps the semantics we want, but makes it possible to detect truncation at higher layers, if necessary. ok beck@ guenther@ | |||||
| 2015-09-14 | Return an error if tls_handshake() or tls_close() is called on a context | jsing | 1 | -2/+13 | |
| for which they are not valid operations. ok beck@ | |||||
| 2015-09-14 | add missing function return types | schwarze | 1 | -2/+3 | |
| 2015-09-14 | Wrap <ifaddrs.h>, <netinet/in.h>, and <netinet/if_ether.h> so internal | guenther | 3 | -3/+7 | |
| calls go direct and all the symbols are weak | |||||
| 2015-09-14 | Wrap <net/if.h> and <net/if_dl.h> so internal calls go direct and all the | guenther | 2 | -2/+4 | |
| symbols are weak | |||||
| 2015-09-14 | Remove cast of int* to int* | guenther | 1 | -2/+2 | |
| 2015-09-14 | Finish wrapping <netdb.h> so that calls go direct and the symbols are all weak | guenther | 9 | -9/+24 | |
| 2015-09-14 | Test the exported strsignal() API, not the (now hidden) internal API | guenther | 1 | -8/+2 | |
| noted by daniel@ | |||||
| 2015-09-14 | Temporarily revive MD4 for MS CHAP support. | doug | 35 | -59/+1505 | |
| 2015-09-13 | Crank major version due to removal of SHA-0 and MD4 from libcrypto. | doug | 5 | -10/+10 | |
| 2015-09-13 | Remove MD4 support from LibreSSL. | doug | 35 | -1504/+58 | |
| MD4 should have been removed a long time ago. Also, RFC 6150 moved it to historic in 2011. Rides the major crank from removing SHA-0. Discussed with many including beck@, millert@, djm@, sthen@ ok jsing@, input + ok bcook@ | |||||
| 2015-09-13 | Wrap <arpa/inet.h> and <arpa/nameser.h> so that calls go direct and the | guenther | 5 | -5/+11 | |
| symbols without underbar prefix are all weak | |||||
| 2015-09-13 | Another style(9) grenade. | jsing | 1 | -550/+825 | |
| 2015-09-13 | Remove SHA-0 support. | doug | 25 | -825/+36 | |
| SHA-0 was withdrawn shortly after publication 20 years ago and replaced with SHA-1. This will require a major crank. ok bcook@, jsing@ | |||||
| 2015-09-13 | For now, permit overriding of the malloc family, to make emacs happy | guenther | 1 | -6/+6 | |
| 2015-09-13 | Revise regression test so that it works correctly with AES taking priority | jsing | 1 | -34/+191 | |
| if hardware acceleration is available. | |||||
| 2015-09-13 | nc(1) seems worth an Xr in SEE ALSO now; | jmc | 1 | -1/+2 | |
| 2015-09-13 | Since a major bump of libcrypto is coming, remove OPENSSL_ia32cap and | miod | 4 | -34/+4 | |
| OPENSSL_ia32cap_loc; nothing in ports uses them besides embedded copies of OpenSSL. This opens the `all hell gets loose' window. | |||||
| 2015-09-13 | Handle negative-zero in BN_bn2dec() too, just like in BN_print(). | deraadt | 2 | -44/+62 | |
| ok miod | |||||
| 2015-09-13 | Reorder functions for readability/consistency. | jsing | 2 | -470/+456 | |
| 2015-09-13 | BN does support negative-zero -- BN_print() sets the standard here. | deraadt | 2 | -6/+6 | |
| BN_bn2hex() had a 1-byte overflow when creating "-0\0". Reported to me a while back by unknown person -- did not have enough experience to push this through then. advice from jsing, ok miod | |||||
| 2015-09-13 | work around the stupid semantics of SSL_read and SSL_write to make sure | beck | 1 | -3/+3 | |
| we can indicate an EOF properly on tls_read and tls_write ok jsing@ | |||||
| 2015-09-13 | Wrap <pwd.h> so that calls go direct and the symbols are all weak. | guenther | 2 | -7/+8 | |
| Hide bcrypt_autorounds(), prefixing with an underbar for static builds. | |||||
| 2015-09-13 | Overshot w/PROTO_DEPRECATED: seed48_deterministic() is used internally | guenther | 1 | -1/+2 | |
| 2015-09-13 | Remove explicit NULL checks before *_free() calls and tidy some code. | jsing | 1 | -28/+22 | |
| 2015-09-13 | Use ECDH_size() and do some other clean up. | jsing | 1 | -7/+6 | |
| 2015-09-13 | Only check for key truncation if no KDF function is being used. | jsing | 2 | -8/+8 | |
| ok beck@ miod@ | |||||
| 2015-09-13 | remove e_os2.h includes | bcook | 2 | -2/+0 | |
| ok jsing@ | |||||
| 2015-09-13 | Wrap long lines. | jsing | 1 | -16/+32 | |
| 2015-09-13 | style(9) grenade. | jsing | 1 | -153/+178 | |
| 2015-09-13 | Don't leak conninfo - spotted by marko kreen. | beck | 1 | -2/+3 | |
| ok jsing@ | |||||
| 2015-09-13 | Stop generating private keys in a network buffer. | jsing | 2 | -58/+58 | |
| The current client key exchange code generates DH and ECDH keys into the same buffer that we use to send data to the network - stop doing this and malloc() a new buffer, which we explicit_bzero() and free() on return. This also benefits from ASLR and means that the keys are no longer generated in a well known location. ok beck@ | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |