src - OpenBSD base system

Age	Commit message (Collapse)	Author
2015-08-27	Change AEAD out_len argument to size_t instead of ssize_t - while here,	Joel Sing
	rename it to out_len so that its purpose is more obvious. Also, drop two checks that are no longer possible (and have not been for a long time). Spotted by and ok doug@
2015-08-27	Crank major version for libssl and libtls due to SSLv3 removal.	Doug Hogan

2015-08-27	Remove SSLv3 support from LibreSSL.	Doug Hogan
	This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support. Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@. ok jsing@, beck@
2015-08-19	Properly handle missing TLS extensions in client hello as a non-failure.	Brent Cook
	Noticed by @Ligushka from github. ok miod@, doug@
2015-07-31	Fix SRTP parsing.	Doug Hogan
	jsing@ noticed that during the CBS conversion, an extra CBS_len comparison was introduced. It should be 0 after extracting MKI. ok jsing@ bcook@ deraadt@
2015-07-29	Add linker warnings in case SSLv3_{,client,server}_method are referenced.	Miod Vallat
	Use of this symbols proves the existence of a code path willingly using SSLv3, even with OPENSSL_NO_SSL3 being defined, which hints that it needs fixing. Discussed with the LibreSSL cabal during c2k15; ok deraadt@
2015-07-24	an TLS -> a TLS; from thanos tsouanas	Jason McIntyre

2015-07-24	Convert tls1_process_ticket to CBS.	Doug Hogan
	ok miod@ jsing@
2015-07-24	Convert tls1_process_sigalgs to CBS.	Doug Hogan
	ok miod@ jsing@
2015-07-24	Convert ssl3_get_record to CBS.	Doug Hogan
	ok miod@ jsing@
2015-07-21	Remove duplicate check in libssl.	Doug Hogan
	If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687. ok bcook@
2015-07-19	Remove OpenSSL engine RSAX.	Doug Hogan
	OpenSSL stopped building it last year and removed it this year. Based on OpenSSL commit c436e05bdc7f49985a750df64122c960240b3ae1. Also cranked major version in libcrypto, libssl and libtls. "fine with me" bcook@ miod@
2015-07-19	Allow *_free() functions in libssl to handle NULL input.	Doug Hogan
	This mimics free()'s behavior which makes error handling simpler. ok bcook@ miod@
2015-07-19	Convert ssl3_get_certificate_request to CBS.	Doug Hogan
	ok miod@
2015-07-19	Fix symbol collision with libtls.	Doug Hogan
	Pointed out by guenther. ok guenther@
2015-07-19	Add TLS_method, TLS_client_method and TLS_server_method.	Doug Hogan
	Use these instead of SSLv23_method when you want to make sure TLS is used. By default, we disable SSLv3 but it's still possible for the user to re-enable it. TLS_method does not allow SSLv3. Both BoringSSL and (next version of) OpenSSL have these methods. However, they have changed the implementation significantly. We will as well, but not right now. Riding the libssl major bump. ok miod@ bcook@
2015-07-19	Crank major and remove legacy variables.	Doug Hogan
	Libtls is riding this crank. ok miod@ bcook@
2015-07-19	Assign p to CBS_data since it is used later.	Doug Hogan
	The p initialization was hiding this bug but Coverity 126279 saw it. ok miod@ bcook@ beck@
2015-07-18	Convert dtls1_get_message_header to CBS and change to int.	Doug Hogan
	Changed return value from void to int. It should never return an error given that the input length is not checked yet. ok miod@
2015-07-18	Convert dtls1_get_record to CBS.	Doug Hogan
	ok miod@, input + ok jsing@
2015-07-18	Remove repeated code in dtls1_get_record.	Doug Hogan
	The "if" is a bit ugly, but this does remove a lot of repetitive code. This will be converted to CBS later as well. ok miod@ jsing@ roughly ok with it after seeing the CBS version
2015-07-18	Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER workaround.	Doug Hogan
	This was a hack to work around problems on IE 6 with SSLv3. ok miod@ bcook@
2015-07-18	Remove support for the SSL_OP_TLS_D5_BUG compat hack from SSLeay.	Doug Hogan
	This is a 17 year old workaround from SSLeay 0.9.0b. It was for clients that send RSA client key exchange in TLS using SSLv3 format (no length prefix). ok jsing@
2015-07-17	Convert ssl_parse_serverhello_use_srtp_ext to CBS.	Doug Hogan
	ok miod@ jsing@
2015-07-17	Remove compat hack that disabled ECDHE-ECDSA on OS X.	Doug Hogan
	For a few old releases, ECDHE-ECDSA was broken on OS X. This option cannot differentiate between working and broken OS X so it disabled ECDHE-ECDSA support on all OS X >= 10.6. 10.8-10.8.3 were the faulty releases but these are no longer relevant. Tested on OS X 10.10 by jsing. ok jsing@
2015-07-17	Remove workaround for TLS padding bug from SSLeay days.	Doug Hogan
	OpenSSL doesn't remember which clients were impacted and the functionality has been broken in their stable releases for 2 years. Based on OpenSSL commit a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5. ok jsing@
2015-07-15	check n before cbs_init, coverity - ID 125063	Bob Beck
	ok bcook@ miod@
2015-07-15	test for n<0 before use in CBS_init - mostly to shut up coverity.	Bob Beck
	reluctant ok miod@
2015-07-15	Flense out dead code, we don't do ecdhe_clnt_cert.	Bob Beck
	coverity ID's 21691 21698 ok miod@, "Fry it" jsing@
2015-07-14	Partially convert ssl3_get_message to CBS.	Doug Hogan
	Unlike the other conversions, this only partially converts the function for now. This is the second to last function which still uses the n2l3 macro. That macro is deprecated since we're using CBS. ok miod@ jsing@
2015-07-14	Convert dtls1_get_hello_verify to CBS.	Doug Hogan
	ok miod@ jsing@
2015-07-14	Convert ssl3_get_cipher_by_char to CBS.	Doug Hogan
	ok miod@ jsing@
2015-07-14	Convert ssl3_get_client_certificate to CBS.	Doug Hogan
	ok miod@ jsing@
2015-07-14	Convert ssl3_get_finished to CBS.	Doug Hogan
	ok miod@ jsing@
2015-07-14	Convert ssl_parse_clienthello_use_srtp_ext to CBS.	Doug Hogan
	ok miod@ jsing@
2015-07-14	Convert ssl3_get_cert_status to CBS.	Doug Hogan
	ok miod@ jsing@
2015-07-14	Convert ssl3_get_server_certificate to CBS.	Doug Hogan
	ok miod@
2015-06-28	Convert ssl_bytes_to_cipher_list to CBS.	Doug Hogan
	Link in the new 'unit' regress and expand the invalid tests to include some that would fail before the CBS conversion. input + ok miod@ jsing@
2015-06-24	Stop using BUF_memdup() within the LibreSSL code base - it is correctly	Joel Sing
	spelt malloc+memcpy, which is what is used in all except two places. ok deraadt@ doug@
2015-06-23	Change CBS_dup() to also sync the offset.	Doug Hogan
	Previously, CBS_dup() had its own offset. However, it is more consistent to copy everything. ok miod@ jsing@
2015-06-21	Check for failure with CBB_init() in bs_ber.c.	Doug Hogan
	From BoringSSL commit 3fa65f0f05f67615d9daf48940e07f84d094ac6e.
2015-06-20	Convert ssl3_get_new_session_ticket to CBS.	Doug Hogan
	tweak + ok miod@ jsing@
2015-06-20	Convert ssl3_get_next_proto to CBS.	Doug Hogan
	tweak + ok miod@ jsing@
2015-06-20	Convert ssl_parse_serverhello_renegotiate_ext to CBS.	Doug Hogan
	ok miod@ jsing@
2015-06-20	Make SSL_OP_ALL readable.	Joel Sing
	ok deraadt@ doug@ millert@ miod@ sthen@
2015-06-20	Convert ssl_parse_clienthello_renegotiate_ext to CBS.	Doug Hogan
	ok miod@, tweak + ok jsing@
2015-06-20	Replace internal call to CRYPTO_memcmp with timingsafe_memcmp.	Doug Hogan
	Suggested by jsing@. ok jsing@ miod@
2015-06-20	Crank major for libcrypto, ssl and tls due to MDC-2DES removal.	Doug Hogan
	ok miod@ jsing@
2015-06-19	Convert tls1_alpn_handle_client_hello() to CBS.	Doug Hogan
	tweak + ok miod@ jsing@
2015-06-19	Add CBS_dup() to initialize a new CBS with the same values.	Doug Hogan
	This is useful for when you need to check the data ahead and then continue on from the same spot. input + ok jsing@ miod@