| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-12-06 | replace links to uvm(9) to uvm_init(9); ok mpi | Jason McIntyre | |
| 2019-12-06 | Explicitly say that *permissions can be "". | Ingo Schwarze | |
| Potential for misunderstanding noticed by Chris Rawnsley <chris at puny dot agency>, wording proposed by deraadt@, patch sent by Chris Rawnsley, OK deraadt@. | |||
| 2019-12-05 | - fix some Xr; from martin | Jason McIntyre | |
| - minor tweaks while here | |||
| 2019-12-05 | Document IP6_SOIIKEY_LEN | kn | |
| OK florian jmc | |||
| 2019-12-05 | Document X509_STORE_CTX_set_flags() which is a handy way to change the | Claudio Jeker | |
| verification param flags of a context. While this function is marked as likely to be deprecated in OpenSSL it seems that this may not happen. This is why we decided to still document it. OK and input from ingo@ tb@ | |||
| 2019-12-04 | some minor tweaks; | Jason McIntyre | |
| 2019-12-04 | I accidentally smashed wrong contents into this file. | Theo de Raadt | |
| Repair from Martin @ academicsolutions.ch | |||
| 2019-12-04 | libc's authentication privsep layer performed insufficient username | Theo de Raadt | |
| validation. Repair work mostly by markus and millert, first of all solving the primary problem, then adding some additional validation points. And then futher validation in login and su. This will be 6.5/021_libcauth.patch.sig and 6.6/010_libcauth.patch.sig Reported by Qualys | |||
| 2019-12-04 | libc's authentication privsep layer performed insufficient username | Theo de Raadt | |
| validation. Repair work mostly by markus and millert, first of all solving the primary problem, then adding some additional validation points. And then futher validation in login and su. This will be 6.5/021_libcauth.patch.sig and 6.6/010_libcauth.patch.sig Reported by Qualys | |||
| 2019-12-03 | Add missing RCS tag. | Theo Buehler | |
| 2019-12-03 | Fix typo: ECHD -> ECDH. | Theo Buehler | |
| From Michael Forney, thanks! | |||
| 2019-12-03 | fwide() does not unlock if error was occurred. | asou | |
| ok guenther@ and deraadt | |||
| 2019-12-01 | comply with POSIX and make execve() return EACCES for directories | Christian Weisgerber | |
| ok millert@ deraadt@ | |||
| 2019-12-01 | crank libelf major for exec_elf.h changes | Jonathan Gray | |
| 2019-11-28 | bump libcbor after symbol addition; ok deraadt@ | Christian Weisgerber | |
| 2019-11-28 | Fix typo in comment in struct pcap_pkthdr | akoshibe | |
| 2019-11-28 | update to libcbor rev 56a43b1e799; this includes a number of fixes | Damien Miller | |
| for unaligned accesses, requested by miod@ ok deraadt@ | |||
| 2019-11-27 | tweak previous: add missing name after .Fn, delete stray .Pp, | Ingo Schwarze | |
| and drop NetBSD RCS tag apparently left over from copy & paste | |||
| 2019-11-27 | Document msyscall(2): ld.so can use this (once only) to tell the kernel | Theo de Raadt | |
| where libc.so's text segment is, thereby allowing invocation of system calls from that region. An upcoming change will kill the process if a system call is invoked from addresses not explicitly permitted. ok guenther kettenis mortimer | |||
| 2019-11-27 | sync upstream commit with manpage fixes from jmc@ | Damien Miller | |
| > commit 437896dcafc67d9596774c3bb9f97bfdb4810bb1 > Author: pedro martelletto <pedro@yubico.com> > Date: Wed Nov 20 09:38:22 2019 +0100 > > man: mop up dangling .Xr's; Jason McIntyre <jmc@openbsd.org> | |||
| 2019-11-26 | Add support for TLS 1.3 post handshake messages and key updating. | Bob Beck | |
| tested against openssl 1.1's server. ok jsing@ tb@ | |||
| 2019-11-25 | gcc3, like clang and unlike our gcc4, doesn't support redirecting builtins | Philip Guenther | |
| like mem{set,cpy,move} or __stack_smash_handler using asm() renaming. So treat gcc3 like clang and mark such functions as protected instead. ok ayoma@ | |||
| 2019-11-21 | A touch of style(9) | Tim van der Molen | |
| OK tb@ tedu@ | |||
| 2019-11-21 | Use explicit_bzero() to clear key material | Tim van der Molen | |
| OK tb@ tedu@ | |||
| 2019-11-21 | zero tmpout too. reminded by related diff from tim | Ted Unangst | |
| 2019-11-21 | overwrite the key in failure modes in case the caller doesn't check. | Ted Unangst | |
| ok deraadt | |||
| 2019-11-20 | Add accessors to change the buffer in a handshake message. | Bob Beck | |
| Needed for doing TLS 1.3 Post Handshake Handshake messages. ok jsing@ | |||
| 2019-11-20 | Fix rsa key output format | Kinichiro Inoguchi | |
| This fixes openssl(1) rsa -text output format ok tb@ | |||
| 2019-11-19 | Sync documentation fixes from upstream: | Damien Miller | |
| commit 99c4cb00b50b846e4ba2492f67d44171de8c7066 Author: pedro martelletto <pedro@yubico.com> Date: Mon Nov 18 16:55:37 2019 +0100 documentation fixes ensure man pages are named after existing functions; pointed out by Jason McIntyre <jmc@openbsd.org>; thanks! | |||
| 2019-11-18 | Add prototypes for the functions that update application secrets | Bob Beck | |
| so that the regress tests will work for them | |||
| 2019-11-18 | Provide a clean interface for sending TLSv1.3 alerts. | Joel Sing | |
| ok beck@ | |||
| 2019-11-17 | Change tls13_record_layer_phh() to take a CBS as this avoids ownership | Joel Sing | |
| issues and makes call sites cleaner. ok beck@ | |||
| 2019-11-17 | Correct update of application traffic secrets to use an empty context | Bob Beck | |
| rather than the hash of an empty context ok jsing@ | |||
| 2019-11-17 | Bring back the ssl_shutdown internal method pointer. | Joel Sing | |
| For now ssl3_shutdown() is called in all cases, however TLSv1.3 will soon get its own version. ok beck@ | |||
| 2019-11-17 | Add a reference for the non-standard post-handshake handshake (PHH). | Theo Buehler | |
| ok beck, jsing | |||
| 2019-11-17 | Ensure that we are never operating in plaintext mode once the handshake | Joel Sing | |
| is complete, which should never occur. ok beck@ | |||
| 2019-11-17 | Provide framework for sending alerts and post-handshake handshake messages. | Joel Sing | |
| Discussed at length with beck@ ok beck@ tb@ | |||
| 2019-11-17 | indent with a tab instead of 8 spaces | Theo Buehler | |
| 2019-11-17 | Move the TLSv1.3 server message handling stubs. | Joel Sing | |
| 2019-11-17 | Add the initial framework for the TLSv1.3 server. | Joel Sing | |
| ok beck@ | |||
| 2019-11-17 | tls13_connect() should be static. | Joel Sing | |
| 2019-11-17 | Fix backoff to legacy when in client auth mode. | Bob Beck | |
| ok jsing@ | |||
| 2019-11-17 | Drop back to the legacy tls method if we are doing client authenticaiton | Bob Beck | |
| from a tls 1.3 connection, for now. ok jsing@ | |||
| 2019-11-17 | Separate the callbacks for recieved and completed post handshake messages | Bob Beck | |
| from the record layer ok jsing@ | |||
| 2019-11-16 | Allow 1.3 ciphers in libtls. | Bob Beck | |
| ok jsing@ | |||
| 2019-11-16 | Revert previous deduplication diff, I broke portable in a strange way. | Bob Beck | |
| I'll figure it out a bit later. Found and diagnosed by inoguchi@ | |||
| 2019-11-16 | Allow portable to override the default CA bundle location | Bob Beck | |
| ok kinichiro@ jsing@ | |||
| 2019-11-15 | Deduplicate some extension processing code. | Bob Beck | |
| ok tb@ inoguchi@ | |||
| 2019-11-15 | Fix a segmentation fault in ncurses. | Frederic Cambus | |
| This is a backported patch [1] from ncurses-5.7-20100501. It takes begx and begy values into account when calculating lengths, in order to avoid writing data past the end of the buffer when calling memset in wredrawln(). From upstream NEWS file: 20100501 + correct limit-check in wredrawln, accounting for begy/begx values (patch by David Benjamin). [1] https://lists.gnu.org/archive/html/bug-ncurses/2010-04/msg00017.html OK nicm@ | |||
| 2019-11-15 | our older gcc requires forced -std=c99 | Theo de Raadt | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |