src - OpenBSD base system

Age	Commit message (Collapse)	Author
2018-11-10	Tweak and improve the TLSv1.3 state machine.	Joel Sing
	- Provide a tls13_handshake_active_action() function to reduce code duplication and replace tls13_handshake_get_sender(). - Add an INVALID message_type, so we can explicitly detect invalid conditions. - Implement skeletons for the tls13_handshake_send_action() and tls13_handshake_recv_action() functions. - OR in the NEGOTIATED value at the end of recving or sending a server hello so that we switch to the next chain in the state table. ok tb@
2018-11-10	Make sure the interop test happen last (since they take a long time)	Bob Beck

2018-11-10	add support for setting the traffic class on ipv6 packets.	David Gwynne
	it reuses the toskeyword handling that ipv4 uses for setting the tos field, which is equiavlent to traffic class. ok florian@ denis@
2018-11-10	Clean up and free objects at the completion of the regress test.	Joel Sing
	From Ben L <bobsayshilol at live dot co dot uk>.
2018-11-10	fix a leak reported by Ben L (bobsayshilol () live ! co ! uk)	Theo Buehler

2018-11-10	Fix a leak reported by Ben L bobsayshilol () live ! co ! uk.	Theo Buehler

2018-11-10	fix a leak pointed out by Ben L (bobsayshi () live ! co ! uk)	Theo Buehler

2018-11-10	Avoid a double allocation and memory leak.	Joel Sing
	Reported by Ben L <bobsayshilol at live dot co dot uk>
2018-11-10	Stop keeping track of sigalgs by guessing it from digest and pkey,	Bob Beck
	just keep the sigalg around so we can remember what we actually decided to use. ok jsing@
2018-11-10	More regress all the way to exporter_master	Bob Beck

2018-11-10	Use TLS13_HS_{CLIENT,SERVER} instead of using a redundant _SEND{,S}.	Theo Buehler
	ok jsing
2018-11-10	Fix last of the empty hash nonsense	Bob Beck
	ok jsing@
2018-11-09	Update key schedule regress to match API changes.	Joel Sing

2018-11-09	Fix the TLSv1.3 key schedule implementation.	Joel Sing
	When the RFC refers to ("") for key derivation, it is referring to the transcript hash of an empty string, not an empty string. Rename tls13_secrets_new() to tls13_secrets_create(), make it take an EVP_MD * and calculate the hash of an empty string so that we have it available for the "derived" and other steps. Merge tls13_secrets_init() into the same function, remove the EVP_MD * from other functions and use the empty string hash at the appropriate places. ok beck@ tb@
2018-11-09	Use "send" and "recv" consistently instead of mixing them with "read"	Theo Buehler
	and "write". Use self-documenting C99 initializers. ok bcook, jsing
2018-11-09	Initialize priv_key and pub_key on first use instead of at the top.	Theo Buehler
	While there, eliminate a flag that was only used once. ok beck jsing mestre
2018-11-09	Initialize priv_key and pub_key on first use instead of at the top.	Theo Buehler
	ok beck jsing mestre
2018-11-09	The Botan library from ports an be configured to use OpenSSL or	Alexander Bluhm
	LibreSSL as crypto provider. When we run their regression tests, we are actually testing our library. This is far from perfect. A lot of LibreSSL features have not been implemented as Botan provider. Even if provider openssl is specified, botan-test runs a lot of non-openssl tests. This can be improved later.
2018-11-09	Avoid dereferencing eckey before checking it for NULL.	Theo Buehler
	CID 184282 ok beck jsing mestre
2018-11-09	Document interactions of rad(8), carp(4), and SOII:	Stefan Sperling
	When running rad(8) on top of carp(4), ifconfig carp0 -soii is a good idea. ok florian@ jmc@
2018-11-09	fix a typo	denis
	OK jca@ (from a long time ago...)
2018-11-09	remove the not yet implemented "handshake" subdirectory	Theo Buehler

2018-11-09	Add subdirectires with SUBDIR += instead of a single assignment with	Theo Buehler
	line continuations.
2018-11-09	retuned -> returned;	Jason McIntyre

2018-11-09	The 'recvfd' and 'inet' promises are no longer required by tcpdump(8)	Bryan Steele
	This reduces the remaining runtime pledge(2) in the privsep monitor process to "stdio rpath dns bpf": - 'rpath' for /etc/{ethers,rpc}, also unveil(2)'d thanks to mestre@! - 'dns' for DNS lookups - 'bpf' BIOCGSTATS on ^C The unprivileged packet parser process remains pledged just "stdio" This depends on the previous commit that removed YP support from ethers(5). ok mestre@
2018-11-09	Remove ethers(5) YP support bits from libc as it makes it difficult to	Bryan Steele
	effectively use pledge(2) in some programs. approval from many, thanks! idea by & ok deraadt@
2018-11-09	Ensure we free the handshake transcript upon session resumption.	Joel Sing
	Found the hard way by jmc@ ok tb@
2018-11-09	Abstract a separate function to scan the list provided by getifaddrs()	Kenneth R Westerback
	for the interface's link information. Makes the code easier to follow. Suggestions and ok kn@
2018-11-09	Document m_leadingspace() and m_trailingspace() instead of the makros which	Claudio Jeker
	got removed. Also fix documentation of m_prepend and M_PREPEND. They are the same quite some time and there is no longer the need to warn about not using m_prepend directly. OK krw@, mpi@
2018-11-09	M_LEADINGSPACE() and M_TRAILINGSPACE() are just wrappers for	Claudio Jeker
	m_leadingspace() and m_trailingspace(). Convert all callers to call directly the functions and remove the defines. OK krw@, mpi@
2018-11-09	Remove the last few XXX rdomain markers. Even those functions respect the	Claudio Jeker
	rdomain now and are therefor rdomain save. OK mpi@
2018-11-09	Delete superfluous libc reach-around variables, left over from the	Philip Guenther
	old syscall stubs. Prompted by miod@'s poke on m88k ok visa@
2018-11-09	The cert subdir is testing all combinations of certificate validation.	Alexander Bluhm
	Having the three libraries, client and server certificates, missing or invalid CA or certificates, and enforcing peer certificate results in 1944 new test cases.
2018-11-09	Delete superfluous libc reacharounds.	Philip Guenther
	Replace magic numbers with symbolic constants in ldasm.S Let the kernel do the cacheflush optimization. from miod@
2018-11-09	Ensure we only choose sigalgs from our prefernce list, not the whole list	Bob Beck
	ok jsing@
2018-11-09	Delete support for obsolete BSS PLT format, which was last known to be	Philip Guenther
	used by the dearly departed editors/emacs21 port. Per naddy@, we'll keep an eye out for issues in the next ports bulk build
2018-11-09	Add the ability to have a separate priority list for sigalgs.	Bob Beck
	Add a priority list for tls 1.2 ok jsing@
2018-11-09	Correct defines for writer tests in connect/accept loops.	Joel Sing
	ok tb@
2018-11-09	Correct function naming for tls13_handshake_advance_state_machine().	Joel Sing
	ok tb@
2018-11-09	Avoid leak: free existing SRTP connection profiles before	Theo Buehler
	setting it. From Ben L <bobsayshilol () live ! co ! uk>.
2018-11-09	Avoid leaking memory that was already allocated in ASN1_item_new().	Theo Buehler
	From Ben L <bobsayshilol () live ! co ! uk>
2018-11-09	Fix a buffer overrun in asn1_parse2().	Theo Buehler
	From Ben L bobsayshilol () live ! co ! uk Similar fixes in BoringSSL and OpensSSL.
2018-11-09	In verbose mode netcat reports to stderr when the listen system	Alexander Bluhm
	call has finished. This allows to write race free scripts as they can check that the server is up and running. OK sthen@ tb@
2018-11-09	Add const to the data argument of ASN1_set{,_int}_octetstring().	Theo Buehler
	From Ben L bobsayshilol () live ! co ! uk ok jsing
2018-11-09	Add header guards and hidden declarations.	Joel Sing

2018-11-09	Add header guards and hidden declarations.	Joel Sing

2018-11-09	typo in error message; caught by Debian lintian, via Colin Watson	Damien Miller

2018-11-09	correct local variable name; from yawang AT microsoft.com	Damien Miller

2018-11-09	Reimplement the sigalgs processing code into a new implementation	Bob Beck
	that will be usable with TLS 1.3 with less eye bleed. ok jsing@ tb@
2018-11-08	First skeleton of the TLS 1.3 state machine. Based on RFC 8446 and	Theo Buehler
	inspired by s2n's state machine. Lots of help and input from jsing. ok beck, jsing