openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
...
*	Flense out dead code, we don't do ecdhe_clnt_cert.	beck	2015-07-15	4	-374/+150
\| \| \| \| \|	coverity ID's 21691 21698 ok miod@, "Fry it" jsing@
*	Fix inverted test in previous. Commit message told what we intended, but	miod	2015-07-15	2	-4/+4
\| \| \| \|	we did not notice my fingers slipping. Noticed by bcook@
*	Remove dead code. Coverity CID 21688	miod	2015-07-15	2	-8/+2
\| \| \| \|	ok beck@
*	Fix two theoretical NULL pointer dereferences which can only happen if you	miod	2015-07-15	2	-8/+18
\| \| \| \| \| \| \| \|	have seriously corrupted your memory; Coverity CID 21708 and 21721. While there, plug a memory leak upon error in x509_name_canon(). ok bcook@ beck@
*	Fix possible 32 byte buffer overrun, found by coverity, CID 78869	beck	2015-07-15	2	-4/+4
\| \| \| \|	ok miod@
*	Memory leak; Coverity CID 78836	miod	2015-07-15	2	-12/+16
\| \| \| \|	ok beck@
*	Unchecked allocations, and make sure we do not leak upon error. Fixes	miod	2015-07-15	2	-42/+72
\| \| \| \| \|	Coverity CID 21739 and more. ok bcook@
*	Avoid leaking objects upon error; tweaks & ok doug@	miod	2015-07-15	2	-36/+36
\|
*	Do not allow TS_check_signer_name() with signer == NULL from	miod	2015-07-15	2	-2/+8
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	int_TS_RESP_verify_token(). Coverity CID 21710. Looking further, int_TS_RESP_verify_token() will only initialize signer to something non-NULL if TS_VFY_SIGNATURE is set in ctx->flags. But guess what? TS_REQ_to_TS_VERIFY_CTX() in ts/ts_verify_ctx.c, which is the TS_VERIFY_CTX constructor, explicitely clears this bit, with: ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME \| TS_VFY_SIGNATURE); followed by more conditional flag clears. Of course, nothing prevents the user to fiddle with ctx->flags afterwards. This is exactly what ts.c in usr.bin/openssl does. This is gross, mistakes will happen. ok beck@
*	Previous fix for Coverity CID 21785 did not cope correctly with seed_len != 0,	miod	2015-07-15	2	-2/+6
\| \| \| \| \| \|	seed_in == NULL case. Since this situation is an error anyway, bail out early. with and ok beck@
*	Add OPTION_ARG_LONG for handling of options with a long type.	jsing	2015-07-15	2	-3/+16
\| \| \| \|	ok doug@
*	Make 'openssl pkeyutl -verify' return exit code 0 on success.	bcook	2015-07-15	1	-4/+5
\| \| \| \| \| \|	Previously, it returned '1' regardless of whether is succeeded or failed. This is now fixed in the OpenSSL master branch as well. Thanks to Kinichiro Inoguchi for pointing it out. ok @deraadt
*	Partially convert ssl3_get_message to CBS.	doug	2015-07-14	2	-12/+30
\| \| \| \| \| \| \| \|	Unlike the other conversions, this only partially converts the function for now. This is the second to last function which still uses the n2l3 macro. That macro is deprecated since we're using CBS. ok miod@ jsing@
*	Convert dtls1_get_hello_verify to CBS.	doug	2015-07-14	2	-34/+46
\| \| \| \|	ok miod@ jsing@
*	Convert ssl3_get_cipher_by_char to CBS.	doug	2015-07-14	2	-4/+16
\| \| \| \|	ok miod@ jsing@
*	Convert ssl3_get_client_certificate to CBS.	doug	2015-07-14	2	-30/+38
\| \| \| \|	ok miod@ jsing@
*	Convert ssl3_get_finished to CBS.	doug	2015-07-14	2	-12/+18
\| \| \| \|	ok miod@ jsing@
*	Convert ssl_parse_clienthello_use_srtp_ext to CBS.	doug	2015-07-14	4	-84/+50
\| \| \| \|	ok miod@ jsing@
*	Convert ssl3_get_cert_status to CBS.	doug	2015-07-14	2	-34/+52
\| \| \| \|	ok miod@ jsing@
*	Convert ssl3_get_server_certificate to CBS.	doug	2015-07-14	2	-34/+36
\| \| \| \|	ok miod@
*	Unhook tls_ext_alpn test until the code passes it.	doug	2015-07-13	1	-2/+5
\|
*	Convert openssl(1) dh to the new option handling.	doug	2015-07-12	1	-98/+111
\| \| \| \|	ok jsing@
*	Convert openssl(1) dsa to the new option handling.	doug	2015-07-12	1	-154/+208
\| \| \| \|	ok jsing@
*	Convert openssl(1) ec to the new option handling.	doug	2015-07-12	1	-170/+247
\| \| \| \|	ok jsing@
*	Convert gendh.c to the new option handling.	doug	2015-07-12	1	-54/+79
\| \| \| \|	ok jsing@
*	Convert openssl(1) dsaparam to the new option handling.	doug	2015-07-12	1	-154/+123
\| \| \| \| \| \| \|	This also removes support for -timebomb related code which was only enabled for GENCB_TEST. ok jsing@
*	Convert openssl(1) crl2pkcs7 to the new option handling.	doug	2015-07-12	1	-95/+110
\| \| \| \|	input + ok jsing@
*	Convert openssl(1) dhparam to new option handling.	jsing	2015-07-11	1	-121/+160
\| \| \| \|	ok doug@
*	Add tests for parsing TLS extension ALPN (RFC 7301).	doug	2015-07-09	2	-2/+446
\| \| \| \|	The current libssl code does not pass these tests yet.
*	switch "openssl dhparam" default from 512 to 2048 bits, ok jsing@	sthen	2015-07-08	2	-6/+6
\|
*	add setlocale test	semarie	2015-07-07	1	-1/+3
\|
*	add regress test for setlocale(3) and some related	semarie	2015-07-07	2	-0/+140
\| \| \| \| \| \|	functions (MB_CUR_MAX, isalpha() for ctype. some tips from stsp@
*	Repair algorithm name array after 1.6.	miod	2015-07-03	1	-4/+4
\|
*	specify the array initializer valuelibressl-v2.2.1	bcook	2015-07-01	1	-2/+2
\| \| \| \|	noted by kinichiro from github
*	fix the build on arm after the recent addition of -Wundef	jsg	2015-06-29	2	-4/+4
\| \| \| \|	ok doug@ deraadt@
*	Convert ssl_bytes_to_cipher_list to CBS.	doug	2015-06-28	6	-23/+59
\| \| \| \| \| \| \|	Link in the new 'unit' regress and expand the invalid tests to include some that would fail before the CBS conversion. input + ok miod@ jsing@
*	Add unit tests for LibreSSL.	doug	2015-06-27	3	-0/+256
\| \| \| \| \| \|	cipher_list.c is based on code from jsing@. Discussed with jsing@
*	Fix pointer to unsigned long conversion.	doug	2015-06-27	4	-10/+14
\| \| \| \| \| \| \|	bcook@ notes that this check really only impacted 64-bit Windows. Also, changed the check to be unsigned for consistency. ok bcook@
*	Put BUF_memdup() and BUF_reverse() under #ifndef LIBRESSL_INTERNAL.	jsing	2015-06-24	2	-6/+4
\|
*	Stop using BUF_memdup() within the LibreSSL code base - it is correctly	jsing	2015-06-24	4	-12/+14
\| \| \| \| \| \|	spelt malloc+memcpy, which is what is used in all except two places. ok deraadt@ doug@
*	Change CBS_dup() to also sync the offset.	doug	2015-06-23	3	-3/+41
\| \| \| \| \| \| \|	Previously, CBS_dup() had its own offset. However, it is more consistent to copy everything. ok miod@ jsing@
*	Convert bytestringtest to individual checks and don't short circuit.	doug	2015-06-23	1	-321/+337
\| \| \| \| \| \| \| \| \|	The statements were chained together with OR which makes it more annoying to debug. Also, it was short circuiting all tests as soon as one function failed. Since the functions are independent, they should each run until error. Discussed with miod@ and jsing@
*	Remove unnecessary regress target.	doug	2015-06-23	1	-7/+2
\|
*	Check for failure with CBB_init() in bs_ber.c.	doug	2015-06-21	2	-4/+6
\| \| \| \|	From BoringSSL commit 3fa65f0f05f67615d9daf48940e07f84d094ac6e.
*	Just return if nmemb is 0. Avoids a NULL dereference and is	millert	2015-06-21	1	-1/+4
\| \| \| \| \|	consistent with the behavior of the other libc sort functions. OK deraadt@
*	Convert ssl3_get_new_session_ticket to CBS.	doug	2015-06-20	2	-48/+48
\| \| \| \|	tweak + ok miod@ jsing@
*	Convert ssl3_get_next_proto to CBS.	doug	2015-06-20	2	-28/+38
\| \| \| \|	tweak + ok miod@ jsing@
*	Convert ssl_parse_serverhello_renegotiate_ext to CBS.	doug	2015-06-20	4	-38/+42
\| \| \| \|	ok miod@ jsing@
*	Handle NIST curve names in openssl(1) ecparam.	jsing	2015-06-20	1	-1/+4
\| \| \| \|	From OpenSSL.
*	Handle NIST curve names.	jsing	2015-06-20	2	-4/+8
\| \| \| \| \| \|	From OpenSSL. ok miod@ (a while ago)