src - OpenBSD base system

Age	Commit message (Collapse)	Author
2014-06-24	Some KNF.	Joel Sing

2014-06-24	Replace 48 lines of code with a single inet_pton() call. The previous	Joel Sing
	handrolled version could not even make use of sscanf(), since that would not work with a certain antiquated compiler. It is worth noting that there is a tiny change in behaviour - previously calling BIO_get_host_ip() with something that looked like it might be a valid IP address (for example, "1." or even ".") would result in it returning failure rather than trying a BIO_gethostbyname() - now we'll always try a BIO_gethostbyname() if it was not a valid IPv4 address. ok beck@ miod@ deraadt@
2014-06-24	Actually make BIO_set_tcp_ndelay() work - TCP_NODELAY will not magically	Joel Sing
	appear by itself. ok beck@ miod@
2014-06-24	Fix memory leak.	Loganaden Velvindron
	Thanks to Brenk Cook. OK from miod@
2014-06-23	Since this is a library, place issetugid() before every getenv()	Theo de Raadt
	ok miod
2014-06-22	KNF, particularly wrapped lines of calls to PEM_read_bio_FOO() and	Philip Guenther
	multiline comments ok jsing@
2014-06-22	BIO_sock_init() no longer does anything, so stop calling it.	Joel Sing

2014-06-22	Just use SOMAXCONN and IPPROTO_TCP, since we know we have them.	Joel Sing

2014-06-22	In BIO_get_port(), use strol() with appropriate range checks rather than	Joel Sing
	an atoi() followed by an unsigned short cast. This stops things like "-1" and "66536" from being considered to be "valid" port numbers. ok beck@ deraadt@
2014-06-22	nuke unused test programs; ok jsing	Theo de Raadt

2014-06-22	More KNF.	Joel Sing

2014-06-22	KNF.	Joel Sing

2014-06-22	KNF.	Joel Sing

2014-06-22	More KNF.	Joel Sing

2014-06-21	always compare memcmp against 0, for clarity.	Ted Unangst

2014-06-21	Pull the code that builds a DTLS sequence number out into its own function	Joel Sing
	to avoid duplication. Also use fewer magic numbers. ok miod@
2014-06-21	Specify the correct strength bits for 3DES cipher suites.	Joel Sing
	From OpenSSL. ok miod@
2014-06-21	Switch to the ISC licensed versions of these files, which Google has made	Joel Sing
	available via boringssl. ok deraadt@
2014-06-21	Pull out the sequence number selection and handle this up front. Also, the	Joel Sing
	correct record is already known, so avoid reassignment.
2014-06-21	More KNF and clean up.	Joel Sing

2014-06-21	More KNF.	Joel Sing

2014-06-21	More KNF.	Joel Sing

2014-06-21	KNF	Miod Vallat

2014-06-21	KNF	Miod Vallat

2014-06-21	Fix memory leak in error path.	Loganaden Velvindron
	OK from miod@
2014-06-20	Remove the OPENSSL_*cap getenv's. A program should not be able to	Theo de Raadt
	change the behaviour of the library in such a complicated fashion. ok miod
2014-06-20	wrap getenv OPENSSL_ALLOW_PROXY_CERTS in an issetugid check, to protect	Theo de Raadt
	setuid applications from being fooled. ok miod
2014-06-20	Remove OPENSSL_instrument_halt and OPENSSL_far_spin, which both might	Miod Vallat
	have been used under DJGPP in the previous century (if at all).
2014-06-20	Fix incorrect bounds check in amd64 assembly version of bn_mul_mont();	Miod Vallat
	noticed and fix by Fedor Indutny of Joyent ( https://github.com/joyent/node/issues/7704 )
2012-10-13	import OpenSSL-1.0.1c	Damien Miller

2014-06-19	convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring	Ted Unangst
	libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
2014-06-19	check stack push return and make some effort to clean up. ok beck miod	Ted Unangst

2014-06-19	improve error checking. set error code on error, and check malloc return.	Ted Unangst
	add missing unlock in one case. ok lteo miod
2014-06-18	In ssl3_send_newsession_ticket(), fix a memory leak in an error path.	Miod Vallat

2014-06-18	Missinc calloc() return value check; ok deraadt@	Miod Vallat

2014-06-18	Make sure to always invoke EVP_CIPHER_CTX_cleanup() before returning in the	Miod Vallat
	error paths from tls_decrypt_ticket(). ok tedu@
2014-06-18	Use asprintf() instead of a fixed 128-byte size in SSL_CIPHER_description()	Miod Vallat
	when no storage buffer is passed. ok deraadt@ tedu@
2014-06-18	In SSL_COMP_add_compression_method(), make sure error cases actually return	Miod Vallat
	`error' rather than `success'. ok deraadt@
2014-06-17	ssl_session_cmp is not a sort function, can use CRYPTO_memcmp here too.	Ted Unangst

2014-06-15	free iv, then cleanse. from Cyril Jouve	Ted Unangst

2014-06-15	Simplify EVP_MD_CTX_create() by just using calloc(). Also, use 0 rather	Joel Sing
	than '\0' for several memset(). ok beck@ miod@
2014-06-15	Simplify EVP_CIPHER_CTX_new() - stop pretending that EVP_CIPHER_CTX_init()	Joel Sing
	does something special... just use calloc() instead. ok beck@ miod@
2014-06-15	Add missing OPENSSL_cleanse() in aead_aes_gcm_cleanup().	Joel Sing
	ok beck@ miod@
2014-06-15	The OPENSSL_cleanse() in aes_gcm_cleanup() only cleans the gcm field of the	Joel Sing
	EVP_AES_GCM_CTX, leaving the AES key untouched - clean the entire context, rather than just part of it. ok beck@ miod@
2014-06-15	Rename ssl3_record_sequence_update() to ssl3_record_sequence_increment(),	Joel Sing
	so that it reflects what it is actually doing. Use this function in a number of places that still have the hand rolled version. ok beck@ miod@
2014-06-14	Add more bounded attributes to the buffer and md5/sha headers in libssl	Anil Madhavapeddy
	ok miod@
2014-06-13	typo	Miod Vallat

2014-06-13	Correctly calculate the key block length when using export ciphers.	Joel Sing

2014-06-13	Overhaul the keyblock handling in ssl3_change_cipher_state(). Use	Joel Sing
	meaningful variable names with use with pointer arithmitic rather than complex array indexing.
2014-06-13	Correctly calculate the key block length when used with export ciphers.	Joel Sing
	While here, use meaningful variable names and simplify the calculation.