src - OpenBSD base system

Age	Commit message (Collapse)	Author
2018-11-13	Fix pkey_ok to be less strange, and add cuve checks required for the EC ones	Bob Beck
	ok tb@
2018-11-12	Missing initialization for pub_key. CID 184303.	Theo Buehler
	ok bcook
2018-11-11	Add check function to verify that pkey is usable with a sigalg.	Bob Beck
	Include check for appropriate RSA key size when used with PSS. ok tb@
2018-11-11	Add back a few missing compatibility stubs	Brent Cook
	ok beck@
2018-11-11	quiet warning on other compilers	Brent Cook
	ok beck@
2018-11-11	Add EVP_sm3() to OpenSSL_add_all_digests_internal().	Theo Buehler
	ok beck inoguchi
2018-11-11	bump minors after symbol addition.	Theo Buehler

2018-11-11	Add SSL_set1_host(), a thin wrapper around X509_VERIFY_PARAM_set1_host().	Theo Buehler
	Used by unbound's DNS over TLS implementation to do server name verification. ok jsing
2018-11-11	Add Ribose Inc's implementation of the SM3 hashing function with	Theo Buehler
	tweaks from jsing and myself. The SM2/SM3/SM4 algorithms are mandatory for legal use of cryptography within China and [are] widely applied in the country, covering identification/financial cards, contactless, TPM 2.0 and PKI. ok beck inoguchi jsing
2018-11-11	Nuke trailing whitespace	Bob Beck

2018-11-11	Add automatic threading initialization for libcrypto.	Brent Cook
	This implements automatic thread support initialization in libcrypto. This does not remove any functions from the ABI, but does turn them into no-ops. Stub implementations of pthread_mutex_(init\|lock\|unlock) are provided for ramdisks. This does not implement the new OpenSSL 1.1 thread API internally, keeping the original CRYTPO_lock / CRYPTO_add_lock functions for library locking. For -portable, crypto_lock.c can be reimplemented with OS-specific primitives as needed. ok beck@, tb@, looks sane guenther@
2018-11-11	Free the server tls transcript in case session reuse did not work.	Alexander Bluhm
	Regression found by Perl module p5-IO-Socket-SSL tests. with beck@ tb@
2018-11-11	include crypto.h from the correct path, remove unused variable	Brent Cook

2018-11-11	Add support for RSA PSS algorithims being used in sigalgs.	Bob Beck
	lightly tested, but will need sanity checks and regress test changes before being added to any sigalgs list for real ok jsing@ tb@
2018-11-11	Convert signatures and verifcation to use the EVP_DigestXXX api	Bob Beck
	to allow for adding PSS, Nuke the now unneejded guard around the PSS algorithms in the sigalgs table ok jsing@ tb@
2018-11-10	Do not translate the EACCES error from pf(4) to EHOSTUNREACH anymore.	Alexander Bluhm
	It also translated a documented send(2) EACCES case erroneously. This was too much magic and always prone to errors. from Jan Klemkow; man page jmc@; OK claudio@
2018-11-10	Conform to POSIX-2001 in which the behavior of passing a negative length using	anton
	posix file locks is defined. Also, detect overflows when dealing with positive lengths. ok millert@ visa@
2018-11-10	unbreak VLAN filtering	denis
	OK dlg@
2018-11-10	Remove dead code	Bob Beck
	ok jsing@
2018-11-10	Tweak and improve the TLSv1.3 state machine.	Joel Sing
	- Provide a tls13_handshake_active_action() function to reduce code duplication and replace tls13_handshake_get_sender(). - Add an INVALID message_type, so we can explicitly detect invalid conditions. - Implement skeletons for the tls13_handshake_send_action() and tls13_handshake_recv_action() functions. - OR in the NEGOTIATED value at the end of recving or sending a server hello so that we switch to the next chain in the state table. ok tb@
2018-11-10	Avoid a double allocation and memory leak.	Joel Sing
	Reported by Ben L <bobsayshilol at live dot co dot uk>
2018-11-10	Stop keeping track of sigalgs by guessing it from digest and pkey,	Bob Beck
	just keep the sigalg around so we can remember what we actually decided to use. ok jsing@
2018-11-10	Use TLS13_HS_{CLIENT,SERVER} instead of using a redundant _SEND{,S}.	Theo Buehler
	ok jsing
2018-11-10	Fix last of the empty hash nonsense	Bob Beck
	ok jsing@
2018-11-09	Fix the TLSv1.3 key schedule implementation.	Joel Sing
	When the RFC refers to ("") for key derivation, it is referring to the transcript hash of an empty string, not an empty string. Rename tls13_secrets_new() to tls13_secrets_create(), make it take an EVP_MD * and calculate the hash of an empty string so that we have it available for the "derived" and other steps. Merge tls13_secrets_init() into the same function, remove the EVP_MD * from other functions and use the empty string hash at the appropriate places. ok beck@ tb@
2018-11-09	Use "send" and "recv" consistently instead of mixing them with "read"	Theo Buehler
	and "write". Use self-documenting C99 initializers. ok bcook, jsing
2018-11-09	Initialize priv_key and pub_key on first use instead of at the top.	Theo Buehler
	While there, eliminate a flag that was only used once. ok beck jsing mestre
2018-11-09	Initialize priv_key and pub_key on first use instead of at the top.	Theo Buehler
	ok beck jsing mestre
2018-11-09	Avoid dereferencing eckey before checking it for NULL.	Theo Buehler
	CID 184282 ok beck jsing mestre
2018-11-09	fix a typo	denis
	OK jca@ (from a long time ago...)
2018-11-09	Remove ethers(5) YP support bits from libc as it makes it difficult to	Bryan Steele
	effectively use pledge(2) in some programs. approval from many, thanks! idea by & ok deraadt@
2018-11-09	Ensure we free the handshake transcript upon session resumption.	Joel Sing
	Found the hard way by jmc@ ok tb@
2018-11-09	Ensure we only choose sigalgs from our prefernce list, not the whole list	Bob Beck
	ok jsing@
2018-11-09	Add the ability to have a separate priority list for sigalgs.	Bob Beck
	Add a priority list for tls 1.2 ok jsing@
2018-11-09	Correct defines for writer tests in connect/accept loops.	Joel Sing
	ok tb@
2018-11-09	Correct function naming for tls13_handshake_advance_state_machine().	Joel Sing
	ok tb@
2018-11-09	Avoid leak: free existing SRTP connection profiles before	Theo Buehler
	setting it. From Ben L <bobsayshilol () live ! co ! uk>.
2018-11-09	Avoid leaking memory that was already allocated in ASN1_item_new().	Theo Buehler
	From Ben L <bobsayshilol () live ! co ! uk>
2018-11-09	Fix a buffer overrun in asn1_parse2().	Theo Buehler
	From Ben L bobsayshilol () live ! co ! uk Similar fixes in BoringSSL and OpensSSL.
2018-11-09	Add const to the data argument of ASN1_set{,_int}_octetstring().	Theo Buehler
	From Ben L bobsayshilol () live ! co ! uk ok jsing
2018-11-09	Add header guards and hidden declarations.	Joel Sing

2018-11-09	Add header guards and hidden declarations.	Joel Sing

2018-11-09	Reimplement the sigalgs processing code into a new implementation	Bob Beck
	that will be usable with TLS 1.3 with less eye bleed. ok jsing@ tb@
2018-11-08	First skeleton of the TLS 1.3 state machine. Based on RFC 8446 and	Theo Buehler
	inspired by s2n's state machine. Lots of help and input from jsing. ok beck, jsing
2018-11-08	KNF	Bob Beck

2018-11-08	Clean up and simplify the handshake transcript code.	Joel Sing
	This provides a cleaner, simpler and more readable API, with code that uses a BUF_MEM instead of a BIO. ok beck@ ("hurry up") and tb@.
2018-11-08	Stop pretending that a cert member in a SSL and SSL_CTX can be NULL.	Joel Sing
	ok beck@ tb@
2018-11-08	Move #include <openssl/evp.h> to the header.	Theo Buehler
	discussed with beck and jsing
2018-11-08	Ensure the handshake transcript is cleaned up.	Joel Sing
	Add a check at the completion of the client/server handshake to ensure that the handshake transcript has been freed. Fix the case where a server asks the client for a certificate, but it does not have one, resulting in the handshake transcript being left around post-handshake. ok bcook@ tb@
2018-11-08	Remove some function prototypes that should have been removed in the	Joel Sing
	previous clean up. Spotted by bcook@