| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-10-25 | Check for NULL before dereferencing untrusted pointers. | Martin Pieuchot | |
| from Helg Bredow. | |||
| 2017-10-24 | Add more sanity checks to prevent a segfault and a NULL-dereference | Martin Pieuchot | |
| when manipulating callers probided pointers. From Helg Bredow. | |||
| 2017-10-23 | Don't let close(2) clobber errno. Some calls were already protected | Todd C. Miller | |
| but not all. From Peter J. Philipp. | |||
| 2017-10-22 | Removed duplicated line. | Tobias Stoeckmann | |
| ok jmc@ | |||
| 2017-10-19 | Restore a return that was inadvertently removed from freezero() in r1.234, | Joel Sing | |
| which results in an internal double free when internal functions are not in use. ok otto@ | |||
| 2017-10-17 | add missing HISTORY; based on CVS logs and release announcements | Ingo Schwarze | |
| 2017-10-17 | remove the remaining references to .depend files since nothing creates them | Christian Weisgerber | |
| any longer; ok espie@ deraadt@ | |||
| 2017-10-16 | draft-ietf-tcpm-initcwnd was published as rfc 6928 | Mike Belopuhov | |
| 2017-10-15 | Move the thread-related .h files to /usr/src/include/, since the | Philip Guenther | |
| implementation is now spread between libc and librthread. No changes to the content ok mpi@ | |||
| 2017-10-15 | Do not use an uninitialized value when determining the sign | Visa Hankala | |
| of a denormal result of ldexp(3). The bug was found when investigating why denormal results of pow(3) can have an incorrect sign on loongson. pow(3) misbehaviour reported and fix tested by juanfra@ No objection from deraadt@ | |||
| 2017-10-12 | Rename ssl3_client_hello() to ssl3_send_client_hello() for consistency. | Joel Sing | |
| 2017-10-12 | Fold dtls1_accept() into ssl_accept(), removing a lot of duplicated code. | Joel Sing | |
| With review/feedback from inoguchi@ | |||
| 2017-10-12 | Drop prototypes for ssl23_*() functions, which no longer exist. | Joel Sing | |
| 2017-10-12 | Add STANDARDS: denis@ spotted that it was missing. | Ingo Schwarze | |
| OK deraadt@ jca@ jmc@ | |||
| 2017-10-11 | Convert ssl3_client_hello() to CBB. | Joel Sing | |
| As part of this, change ssl_cipher_list_to_bytes() to take a CBB argument, rather than a pointer/length. Some additional clean up/renames while here. Based on a diff from doug@ | |||
| 2017-10-11 | Fully convert ssl3_send_server_hello() to CBB. | Joel Sing | |
| Based on a diff from doug@ | |||
| 2017-10-10 | Make ssl_bytes_to_cipher_list() take a CBS, rather than a pointer and | Joel Sing | |
| length, since the caller has already been converted to CBS. A small amount of additional clean up whilst here. | |||
| 2017-10-10 | ((remove) (some) (unnecessary) (parentheses)) | Joel Sing | |
| Part of a diff from doug@ | |||
| 2017-10-10 | Merge dtls1_connect() into ssl3_connect(), removing a large amount of | Joel Sing | |
| duplicated code. For now this is essentially adds a diff of the two functions with 'if (SSL_IS_DTLS(s))' - further clean up and improvement will follow. ok inoguchi@ | |||
| 2017-10-08 | Document fktrace(2) more completely, including separation of errors. | Philip Guenther | |
| Add a few errors that were previously undocumented. ok jmc@ | |||
| 2017-10-08 | Reduce non-functional differences between dtls1_accept() and | Joel Sing | |
| ssl3_accept() - synchronise comments, whitespace, line wrapping, etc. | |||
| 2017-10-08 | Reduce non-functional differences between dtls1_connect() and | Joel Sing | |
| ssl3_connect() - synchronise comments, whitespace, line wrapping, etc. | |||
| 2017-10-08 | Fix some style/whitespace/indentation issues in ssl3_accept(). | Joel Sing | |
| 2017-10-08 | Fix some style/whitespace/indentation issues in ssl3_connect(). | Joel Sing | |
| 2017-10-08 | Convert ssl3_send_change_cipher_spec() to use CBB and make it handle DTLS, | Joel Sing | |
| which allows us to drop dtls1_send_change_cipher_spec() entirely. ok inoguchi@ | |||
| 2017-10-08 | Make cacheflush(3) and get_fpc_csr(3) manual pages available on octeon. | Visa Hankala | |
| OK deraadt@ | |||
| 2017-10-08 | Fix typo. | Visa Hankala | |
| 2017-10-08 | hyphenate DER/PEM-encoded, for consistency; | Jason McIntyre | |
| 2017-10-07 | Document tls_peer_cert_chain_pem(). | Joel Sing | |
| ok beck@ | |||
| 2017-10-07 | Add fktrace to the NAME section | Philip Guenther | |
| ok jmc@ | |||
| 2017-10-05 | Document that connect(2) and sendto(2) may return with errno | Alexander Bluhm | |
| EADDRNOTAVAIL if local address is not available. OK deraadt@ millert@ | |||
| 2017-10-05 | do not return f() where f is a void function; loop var type fix | Otto Moerbeek | |
| 2017-10-05 | Use dprintf instead of snprintf/write | Otto Moerbeek | |
| 2017-10-04 | iscntrl(0) is != 0 at least since Version 7 AT&T UNIX, and POSIX | Ingo Schwarze | |
| requires that, too (in XBD 7.3.1), even though the C standard leaves it implementation-defined; found during my kcgi audit on behalf of CAPEM; OK deraadt (stupid me forgot to commit before lock). | |||
| 2017-10-04 | pasto in function name in the SYNOPSIS; from semarie@ | Ingo Schwarze | |
| 2017-09-27 | Document how ioctl(2) LIOCSFD on /dev/klog registers a socket pair | Alexander Bluhm | |
| to receive sendsyslog(2) messages. discussed with martijn@; OK jmc@ deraadt@ | |||
| 2017-09-27 | Xr; from jan stary | Jason McIntyre | |
| 2017-09-26 | bump version in advance of final release | Brent Cook | |
| 2017-09-26 | bump wo 2.6.2 | Brent Cook | |
| 2017-09-25 | sendsyslog should take a const char * everywhere. | Marc Espie | |
| okay bluhm@, deraadt@ | |||
| 2017-09-25 | If tls_config_parse_protocols() is called with a NULL pointer, return the | Joel Sing | |
| default protocols instead of crashing - this makes the behaviour more useful and mirrors what we already do in tls_config_set_ciphers() et al. | |||
| 2017-09-25 | Annotate some API-side memory leaks for future resolution. | Joel Sing | |
| 2017-09-25 | Fix various issues in the OCSP extension parsing code: | Joel Sing | |
| - When parsing the OCSP extension we can have multiple responder IDs - pull these out correctly. - Stop using CBS_stow() - it's unnecessary since we just need access to the data and length (which we can get via CBS_data() and CBS_len()). - Use a temporary pointer when calling d2i_*() functions, since it will increment the pointer by the number of bytes it consumed when decoding. The original code incorrectly passes the pointer allocated via CBS_stow() (using malloc()) to a d2i_*() function and then calls free() on the now incremented pointer, most likely resulting in a crash. This issue was reported by Robert Swiecki who found the issue using honggfuzz. ok beck@ | |||
| 2017-09-25 | When building the OCSP extension, only add the length prefixed extensions | Joel Sing | |
| after we finish building the responder ID list. Otherwise adding to the responder ID list fails. ok beck@ | |||
| 2017-09-23 | Kill unused function | Jeremie Courreges-Anglas | |
| Spotted by krw@ | |||
| 2017-09-23 | Make delayed free non-optional and make F do an extensive double free check. | Otto Moerbeek | |
| ok tb@ tedu@ | |||
| 2017-09-21 | tweak previous: remove trailing blank and improve a wording; | Ingo Schwarze | |
| requested by jmc@ | |||
| 2017-09-20 | Properly document the typical write(2) loop, | Ingo Schwarze | |
| and delete misleading parts from the CAVEATS; issue reported by <ScottCheloha at gmail dot com> on bugs@; OK espie@ millert@ | |||
| 2017-09-20 | Keep track of which keypair is in use by a TLS context. | Joel Sing | |
| This fixes a bug where by a TLS server with SNI would always only return the OCSP staple for the default keypair, rather than returning the OCSP staple associated with the keypair that was selected via SNI. Issue reported by William Graeber and confirmed by Andreas Bartelt. Fix tested by William Graeber and Andreas Bartelt - thanks! | |||
| 2017-09-20 | Slightly restructure tls_ocsp_verify_cb() to make it more like libtls code. | Joel Sing | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |