summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Wrap some >80 char lines.jsing2016-11-021-9/+9
|
* convert DES and DH manuals from pod to mdocschwarze2016-11-0215-715/+1244
|
* remove some old option letters and also make P non-settable. It hasotto2016-10-311-24/+6
| | | | | been the default for ages, and I see no valid reason to be able to disable it. ok natano@
* bump to LibreSSL 2.5.1bcook2016-10-311-3/+3
|
* Pages in the malloc cache are either reused quickly or unmappedotto2016-10-281-14/+1
| | | | | | quickly. In both cases it does not make sense to set hints on them. So remove that option, which is just a remainder of old times when malloc used to hold on to pages. ok stefan@
* $OpenBSD$tb2016-10-223-0/+3
|
* - fix MALLOC_STATS compileotto2016-10-221-3/+6
| | | | - redundant cast is redundant
* fix some void * arithmetic by castingotto2016-10-211-4/+4
|
* and recommit with fixed GCotto2016-10-211-103/+112
|
* backout for now; flag combination GC is not okotto2016-10-201-110/+103
|
* avoid sentence splicing;jmc2016-10-201-2/+2
|
* canary corruption message changed a bitotto2016-10-201-5/+5
|
* Also place canaries in > page sized objects (if C is in effect); ok tb@otto2016-10-201-103/+110
|
* unifdef OPENSSL_NO_CMSjsing2016-10-198-123/+8
|
* Update client hello messages to follow the removal of fixed ECDH.jsing2016-10-191-89/+65
|
* Remove support for fixed ECDH cipher suites - these is not widely supportedjsing2016-10-197-466/+42
| | | | | | | | | and more importantly they do not provide PFS (if you want to use ECDH, use ECDHE instead). With input from guenther@. ok deraadt@ guenther@
* Remove the save_errno dance inside strerror_r(3). It is from thebluhm2016-10-191-5/+3
| | | | | time when we had national language support. OK millert@
* If BN_div_word() fails (by returning (BN_ULONG)-1) or if the divisionguenther2016-10-171-4/+8
| | | | | | | | | | fails to reduce the input in the expected space then fail out instead of overflowing the allocated buffer. combines openssl commits 28a89639da50b1caed4ff3015508f23173bf3e49 and 3612ff6fcec0e3d1f2a598135fe12177c0419582 ok doug@ beck@
* Move libcrypto, librpcsvc and gnu/usr.bin/cc/include from RDIRS to PRDIRS,tb2016-10-161-2/+4
| | | | | | | | | | | | | | and add prereq targets, so some header files are generated by BUILDUSER during 'make prereq' instead of by root during 'make includes'. Switch the order of 'make cleandir' and 'make includes' during 'make build' so we don't generate many files twice. Except for some machine@ symlinks from ${MACHINE}/stand, /usr/obj is now clean from files generated by root during 'make build'. Those will be cleaned up in a second step. help, testing & ok deraadt, input from natano, further testing rpe
* Roll back uintptr_t cast changes after discussions with tedu, otto anddtucker2016-10-163-24/+7
| | | | | | | | | | | | | others. C11 6.5.6.9 says: When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. In these cases the objects are arrays of char so the result is defined, and we believe that the report is based on a compiler incorrectly trapping on defined behaviour.
* Wrap _malloc_init() so internal calls go directlyguenther2016-10-152-2/+6
| | | | | prodded by otto@ ok kettenis@ otto@
* Cast pointers to uintptr_t to avoid potential signedness errors.dtucker2016-10-143-7/+24
| | | | | Based on patch from yuanjie.huang at windriver.com via OpenSSH bz#2608, with & ok millert, ok deraadt.
* 0xd0 -> 0xdb; ok deraadt@ millert@ tedu@otto2016-10-141-3/+3
|
* optimize canary code a bit by storing offset of sizes table instead ofotto2016-10-121-5/+7
| | | | recomputing it all the time
* make clear the length printed is the requested lengthotto2016-10-081-3/+3
|
* grammar fix previous;jmc2016-10-071-2/+2
|
* document "chunk canary corrupted" errorotto2016-10-071-2/+7
|
* stray tabotto2016-10-071-2/+2
|
* Beter implementation of chunk canaries: store size in chunk meta dataotto2016-10-071-61/+63
| | | | instead of chunk itself; does not change actual allocated size; ok tedu@
* typonaddy2016-10-061-3/+3
|
* Fix some broken .Xr links, loosely based on a diffschwarze2016-10-051-13/+12
| | | | | | | | from Rob Pierce <rob at 2keys dot ca>. The content of this page may also need expert attention, i suspect it may be lacking modern algorithms and over-emphasizing obsolete ones, but i dare not touch the content.
* use the same type for buf as the return type in tls_load_filebcook2016-10-031-2/+3
| | | | ok tedu@, noted by kinichiro
* Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate()guenther2016-10-021-5/+11
| | | | | based on openssl commit a5184a6c89ff954261e73d1e8691ab73b9b4b2d4 ok bcook@
* Detect zero-length encrypted session data early, instead of when malloc(0)guenther2016-10-021-2/+2
| | | | | | | fails or the HMAC check fails. Noted independently by jsing@ and Kurt Cancemi (kurt (at) x64architecture.com) ok bcook@
* In X509_cmp_time(), pass asn1_time_parse() the tag of the field beingguenther2016-10-021-2/+3
| | | | | | | | | parsed so that a malformed GeneralizedTime field is recognized as an error instead of potentially being interpreted as if it was a valid UTCTime. Reported by Theofilos Petsios (theofilos (at) cs.columbia.edu) ok beck@ tedu@ jsing@
* Append to CLEANFILES instead of replacing it, so libcrypto.pc isnatano2016-09-231-2/+2
| | | | | | deleted on make clean. ok millert
* trim STANDARDS; ok jsinglibressl-v2.5.0jmc2016-09-221-13/+1
|
* some minor cleanup;jmc2016-09-221-47/+17
|
* shorten x509;jmc2016-09-221-755/+414
|
* Improve on code from the previous commit.jsing2016-09-221-7/+5
| | | | ok bcook@
* Avoid unbounded memory growth, which can be triggered by a clientjsing2016-09-221-9/+20
| | | | | | repeatedly renegotiating and sending OCSP Status Request TLS extensions. Fix based on OpenSSL.
* Check for packet with truncated DTLS cookie.guenther2016-09-221-12/+17
| | | | | | | | | | | Flip pointer comparison logic to avoid beyond-end-of-buffer pointers to make it less likely a compiler will decide to screw you. Based on parts of openssl commits 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 and 89c2720298f875ac80777da2da88a64859775898 ok jsing@
* Improve ticket validity checking when tlsext_ticket_key_cb() callbackguenther2016-09-221-4/+25
| | | | | | | | | | | chooses a different HMAC algorithm. Avert memory leaks if the callback preps the HMAC in some way. Based on openssl commit 1bbe48ab149893a78bf99c8eb8895c928900a16f but retaining a pre-callback length check to guarantee the callback is provided the buffer that the API claims. ok bcook@ jsing@
* revert documentation update for the clearning behavior we already revertedbcook2016-09-221-5/+1
|
* Delete casts to off_t and size_t that are implied by assignmentsguenther2016-09-216-20/+19
| | | | | | | or prototypes. Ditto for some of the char* and void* casts too. verified no change to instructions on ILP32 (i386) and LP64 (amd64) ok natano@ abluhm@ deraadt@ millert@
* shorten version;jmc2016-09-201-17/+4
|
* shorten the verify error list;jmc2016-09-201-42/+41
|
* Avoid selecting weak digests for (EC)DH when using SNI.bcook2016-09-201-3/+12
| | | | | | | | | | | from OpenSSL: SSL_set_SSL_CTX is normally called for SNI after ClientHello has received and the digest to use for each certificate has been decided. The original ssl->cert contains the negotiated digests and is now copied to the new ssl->cert. noted by David Benjamin and Kinichiro Inoguchi
* put the spkac section in the right place;jmc2016-09-191-60/+60
|
* shorten verify;jmc2016-09-191-154/+96
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-27 20:13:41 +0000