This switches libcrypto and libssl to use endian.h over
machine/endian.h, easing some portability contortions. The Austin group
works in mysterious ways, but endian.h also might be a POSIX
standard in the wings, whatever 'Applied' means.
https://www.austingroupbugs.net/view.php?id=162
ok?
diff
On Fri, Mar 26, 2021 at 1:56 PM Alexander Bluhm wrote:
>
> On Mon, Mar 22, 2021 at 08:38:23PM -0500, Brent Cook wrote:
> > In the next version of Linux glibc, SIGSTKSZ is defined at runtime if
> > source is built with _GNU_SOURCE. On LibreSSL-portable, this is set to
>
In the next version of Linux glibc, SIGSTKSZ is defined at runtime if
source is built with _GNU_SOURCE. On LibreSSL-portable, this is set to
bring in asprintf/vasprintf, which causes the explicit_bzero test to
fail to compile since the size of SIGSTKSZ is no longer known at compile
time. This
This updates the getentropy implementation for Windows to use the newer
"Cryptography Next Generation APIs", replacing CryptGenRandom, which
already has been removed from applications built for the Windows Store.
Tested with libressl-portable, it passes all regression tests. Details
of the API
ok bcook@
On Thu, Nov 5, 2020 at 6:16 AM Claudio Jeker wrote:
>
> Since newer compilers default to -fno-common fix bgpd to not depend on
> common symbols. The last few ones can just be converted to static symbols
> since these are only used in the RDE or SE main code.
> With the previous diffs
Sure, looks fine in this micro context so maybe someone copying code from
here as an example will do better. Though note that wider-scoped key/iv
still contain the key material after EVP_CipherInit_ex and so on.
Doesn't appear we've sprinkled many explicit_bzero's into openssl(1) in
general given
Hi,
I haven’t looked deeply into this, but there was a reported issue with OCSP
stapling with Nginx between the LibreSSL portable releases 2.9.0 and 2.9.1
(which would have been between December 15th, 2018 and April 21st, 2019)
Reposting here for visibility:
On Thu, Feb 14, 2019 at 4:21 PM Ted Unangst wrote:
> Alexander Bluhm wrote:
> > GNU dd has the conv=fsync feature which does an fsync(2) after final
> > write to output. I find this useful for write performance measurement
> > through the file system without buffer cache optimization. Others
>
This makes sense, ok bcook@
On Wed, Oct 17, 2018 at 6:28 PM Theo Buehler wrote:
> The spec, https://tools.ietf.org/html/rfc3394, section 2, states that
> we need at least two 64 bit blocks for wrapping and, accordingly, three
> 64 bit blocks for unwrapping. That is: we need at least 16 bytes
a
> compiler define like -D HAVE_CLOCK_GETTIME in the linking project to avoid
> a conflict.
>
> > On 29 May 2018, at 12:48, Brent Cook wrote:
> >
> > On Thu, May 24, 2018 at 10:10:58AM +, Cameron Palmer wrote:
> >> It is beneficial for projects that
ok bcook@
On Mon, May 28, 2018 at 3:23 PM, Theo Buehler wrote:
> This is the first trivial part of the last batch of diffs catching up
> with OpenSSL's const additions.
>
> As usual, sthen kindly ran the whole diff through a ports bulk build.
>
> Only this small change caused some fallout,
On Mon, Feb 12, 2018 at 09:27:16AM -0600, ed...@pettijohn-web.com wrote:
> Has there been any discussion of packaging libtls separately from libressl
> for portable use? With my limited skills I was able to write a program to
> talk to smtpd and starttls using nothing but the manuals. I
On Thu, May 24, 2018 at 10:10:58AM +, Cameron Palmer wrote:
> It is beneficial for projects that depend on LibreSSL libraries and are built
> with CMake to use target_link_libraries and automatically receive the PUBLIC
> or INTERFACE headers without needing to specify include_directories.
ok bcook@
On Wed, May 23, 2018 at 2:11 AM, Theo Buehler wrote:
> Very minor polishing, really:
>
> Since we converted EVP_PKEY_asn1_new() to using calloc(), there's no
> need to set the structure to zero manually with an odd spelling of NULL.
> Besides, the list of zeroed
ok bcook@
On Fri, May 18, 2018 at 9:13 AM, Theo Buehler wrote:
> On Fri, May 18, 2018 at 04:03:16PM +0200, Theo Buehler wrote:
> > Simple diff that adds const qualifiers to the X509_CRL *x and
> > ASN1_OBJECT *obj arguments of X509_CRL_get_ext_count(3),
> >
Looks good, ok bcook@
On Wed, Apr 25, 2018 at 3:22 AM, Theo Buehler wrote:
> This is the second, larger part of the diff that was part of sthen's
> i386 bulk and it had no fallout. It adds const like OpenSSL to most of
> the public API exposed in asn1.h and needs some
Nice to see the "const unsigned char *p = d;" hackery going away. ok bcook@
On Tue, Apr 24, 2018 at 2:50 PM, Theo Buehler wrote:
> OpenSSL started adding const to functions all over the place. The patch
> below makes all our libssl functions match theirs wrt const, except for
OK bcook@
On Mon, Apr 23, 2018 at 3:27 AM, Theo Buehler wrote:
> This is a practically unused function (both in our tree and globally),
> but it is the only remaining public *_free() function in libcrypto that
> segfaults on being passed NULL. I'll of course add it to the
ok bcook@
On Thu, Apr 5, 2018 at 12:06 PM, Theo Buehler wrote:
> If EVP_Digest() fails, str is leaked.
>
> This is part of the combo-diff 83b4049ab75e9da1815e9c854a9297bca3d4af6b
> some more of which may also apply to us, but I'm still disentangling it.
> See also
Thanks guys. This will make enabling this on the odder platforms in
portable easier.
On Fri, Nov 24, 2017 at 7:03 AM, Scott Cheloha
wrote:
> > On Nov 24, 2017, at 6:58 AM, Jeremie Courreges-Anglas
> wrote:
> >
> > On Wed, Nov 22 2017, Scott Cheloha
Thank you Jan. This is a good thing to fix, but I had a hard time envisioning a
security issue with it. Will see about backporting it though.
Regards
- Brent
> On Oct 26, 2017, at 6:50 PM, Jan Engelhardt wrote:
>
>
> libressl-2.6.2 is susceptible to an out-of-bounds read:
>
OPENSSL_NO_EC_NISTP_64_GCC_128 has been defined in opensslfeatures.h for a
long time, which effectively means that ecp_nistp* are all empty files. So,
there is no reason to build them in the first place. OK?
Index: Makefile
===
RCS
We have made two new portable OpenNTPD releases today. These should be
arriving soon in the OpenNTPD directory of an OpenBSD mirror near you.
OpenNTPD 6.1p1 represents the version shipped with OpenBSD 6.1. It
provides a number of new features and reliability improvements.
OpenNTPD 6.2p1 is the
announce at openbsd.org
Thu, 13 Jul 2017 10:41:48 -0500
On Wed, Jan 4, 2017 at 5:12 AM, Mark Kettenis
wrote:
> > Date: Wed, 4 Jan 2017 11:04:43 +0100
> > From: Patrick Wildt
> >
> > On Tue, Jan 03, 2017 at 02:16:25PM -0500, Ted Unangst wrote:
> > > Patrick Wildt wrote:
> > > >
> > > > Maybe they want to
Looks good to me, ok bcook@
On Sat, Dec 31, 2016 at 2:45 PM, Stuart Henderson
wrote:
> Since there wasn't much interest in that (which unbreaks e.g.
> https://www.nginx.com),
> here's a longer diff that syncs with Mozilla's release branch for those CA
> organisations
>
OK bcook@
On Fri, Dec 2, 2016 at 10:29 AM, Rafael Zalamena
wrote:
> On Sat, Oct 01, 2016 at 07:05:51PM +0200, Rafael Zalamena wrote:
> > The ntpd(8) constraint fork+exec diff changed the way the constraint
> > processes are created, but then it introduced new calloc()s to
OK bcook@, looks fine for portable too.
> On Nov 4, 2016, at 11:02 AM, Tom Cosgrove
> wrote:
>
Miod Vallat 4-Nov-16 08:53 >>>
>>
>> I386_ONLY was used to prefer a different assembler sequence in the
>> sha512 code, which would be faster on 80386
On Sat, Oct 1, 2016 at 7:12 PM, Ted Unangst wrote:
> Kinichiro Inoguchi wrote:
> > I would like to cast the return variable explicitly in tls_load_file().
> > This fix also avoiding Intel C++ compiler "assertion failed" described
> here.
> >
ok
On Sun, Oct 2, 2016 at 12:34 AM, David Gwynne wrote:
> this gets rid of a linker warning.
>
> the impression i get is that EVP_CipherFinal_ex explicitely does
> not do cleanup of the cipher context thing, while EVP_CipherFinal
> could if it wanted to.
>
> ok?
>
> Index:
Looks fine to me. Shall I commit it?
On Thu, Sep 15, 2016 at 2:32 AM, Kinichiro Inoguchi <
kinichiro.inogu...@gmail.com> wrote:
> Sorry, I attached wrong patch file.
> I re-post the patch file again.
>
> On Thu, Sep 15, 2016 at 04:10:55PM +0900, Kinichiro Inoguchi wrote:
> > Hi,
> >
> > I would
On Wed, Sep 14, 2016 at 6:41 AM, Tobias Pape <tob...@netshed.de> wrote:
> Hi
>
> On 14.09.2016, at 13:37, Brent Cook <bust...@gmail.com> wrote:
>
> >
> > Once the expectations of the callbacks are finalized, this needs a good
> explanation in the manual.
Thanks!
On Wed, Sep 14, 2016 at 4:48 AM, wrote:
> Hi again,
>
> On 07.09.2016, at 18:08, tob...@netshed.de wrote:
> [..]
> >> On 05.09.2016, at 15:50, bust...@gmail.com wrote:
> >>
> >>> Hey, the typedef came in handy :) Ok bcook@
> >>>
> >>> On Sep 5, 2016, at 11:52 AM,
On Sun, Sep 04, 2016 at 05:57:54AM -0400, Ted Unangst wrote:
> Brent Cook wrote:
> > @@ -246,14 +252,18 @@ An already existing socket can be upgrad
> > .Fn tls_connect_socket .
> > Alternatively, a secure connection can be established over a pair of
> > existing
>
On Sun, Jul 17, 2016 at 01:32:43PM +0200, Tobias Pape wrote:
> Hi all,
>
> I'm Tobias and fond of using libtls.
> I have a certain use case, where I want to do TLS/SSL but
> can only work with buffers/callbacks and not sockets or FDs.
> In p(l)ain openssl, this is doable, but not nice. Libtls
>
No objection here. Anyone else?
> On Aug 25, 2016, at 8:54 AM, Guenther Niess wrote:
>
> Hi,
>
> is there a reason why the Camellia cipher suits with SHA2 HMAC is not
> supported?
>
> I added them and tested the result with an Nginx server and the s_client
> command.
>
> I
We have released LibreSSL 2.4.2 and 2.3.7, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
LibreSSL 2.4.2 is based on the new OpenBSD 6.0 release branch, and is
now the current stable version. LibreSSL 2.3.7 is based on the previous
OpenBSD 5.9 release, and
I didn't notice it at first, because the patch wasn't inline, but the union
here needed to be initialized with memset or use a different kind of
initializer.
I went with the memset on top of your patch:
--- bn_nist.c 17 Jul 2016 21:21:40 - 1.16
+++ bn_nist.c 17 Jul 2016 22:00:45
On Tue, Jul 12, 2016 at 6:41 AM, Miod Vallat wrote:
> >> Noted by VS2013, const values should be initialized (though I think
> >> the 'static' should also implicitly zero).
> >
> > this sounds like the compiler doesn't know C?
>
> He is talking about Visual Studio. The C part of
Noted by VS2013, const values should be initialized (though I think
the 'static' should also implicitly zero).
This also removes some unused code that also contained uninitialized
static consts.
ok?
Index: evp/e_chacha20poly1305.c
sure, this makes it easier to patch in the right path in portable as well
On Thu, Jul 7, 2016 at 7:23 AM, Kinichiro Inoguchi <
kinichiro.inogu...@gmail.com> wrote:
> Hi,
>
> I would like to add error check for CAfile loading
> since some OS doesn't have /etc/ssl/cert.pem.
>
> Best regards,
>
I copied some of the commit text here from BoringSSL, but it's wrong for
LibreSSL it seems.
BN_ULLONG is not defined on all 64-bit systems as far as I can tell. So, this
fix is more widely applicable than Win64 for LibreSSL.
Any comments?
- Brent
> On Jun 30, 2016, at 8:40 AM, Brent C
On systems where we do not have BN_ULLONG (notably Win64), BN_mod_word()
can return incorrect results if the supplied modulus is too big.
Note now that BN_mod_word may fail, like BN_div_word. Handle this
properly and document in the man page.
Thanks to Brian Smith for pointing out these fixes
As a precedent, nc has a conversational, specific style of error
reporting when a socketopt fails. With the IPv4/6-specific options, we
refactored the code to the point that the error messages are less
specific and maybe misleading (e.g. setting ToS on an IPv6 socket).
This patch makes the
This is something I noticed while reviewing this report:
https://github.com/libressl-portable/portable/issues/200
In the event of a failure in _rs_allocate for rsx, we still return the
freed memory for rs. Not a huge deal since we subsequently abort in
_rs_init, but it looks strange on its own.
On Sun, Jun 26, 2016 at 12:22 PM, Brent Cook <bust...@gmail.com> wrote:
> On Sun, Jun 26, 2016 at 06:26:36AM +, César Pereida wrote:
> >
> > On Sun, Jun 26, 2016, 8:19 AM Brent Cook <bust...@gmail.com> wrote:
> >
> > > Hmm, on second review, someth
On Sun, Jun 26, 2016 at 06:26:36AM +, César Pereida wrote:
>
> On Sun, Jun 26, 2016, 8:19 AM Brent Cook <bust...@gmail.com> wrote:
>
> > Hmm, on second review, something seems odd.
> >
> > César, why does this patch also replace all of the stack-allocated
>
On Sun, Jun 26, 2016 at 12:00:51AM -0500, Brent Cook wrote:
> On Sat, Jun 25, 2016 at 07:19:09PM -0600, Bob Beck wrote:
> > If we are going to delete it, lets just do so
> >
> > IMO we can commit this removing the define. bets are we see nothing in
> > ports for fallou
On Sat, Jun 25, 2016 at 07:19:09PM -0600, Bob Beck wrote:
> If we are going to delete it, lets just do so
>
> IMO we can commit this removing the define. bets are we see nothing in
> ports for fallout so lets just blow it away
>
Sounds good, I'll commit this:
Index: src/crypto/dh/dh.h
can probably #ifndef
> LIBRESSL_INTERNAL - and failing that should
> we nuke them and bump majors?
>
>
> On Wed, Jun 22, 2016 at 7:44 AM, Brent Cook <bust...@gmail.com> wrote:
> > This is another patch from César Pereida that disables the DH and RSA
> > non-constant-time f
This is another patch from César Pereida that disables the DH and RSA
non-constant-time flags as well.
ok?
Index: src/crypto/dh/dh.h
===
RCS file: /cvs/src/lib/libssl/src/crypto/dh/dh.h,v
retrieving revision 1.16
diff -u -p -u -p
No problem, I undid that bit.
Thanks all.
On Mon, Jun 20, 2016 at 11:32 AM, Ted Unangst <t...@tedunangst.com> wrote:
> Brent Cook wrote:
> > diff --git a/src/lib/libssl/src/crypto/dsa/dsa_key.c
> b/src/lib/libssl/src/crypto/dsa/dsa_key.c
> > index 2968fa2..e01bacb
This fixes a bug where the default certificate path locations would only
be loaded if the CAfile or CApath locations were succesfully loaded
first. Original patch from OpenSSL:
https://github.com/openssl/openssl/commit/fe9b85c3cb79f1e29e61f01de105b34ce8177190
Noted here on the LibreSSL-portable
Hi,
This is a patch from Cesar Pereida, removing support for
DSA_FLAG_NO_EXP_CONSTTIME by making DSA always operate in constant time.
See https://github.com/libressl-portable/openbsd/pull/61 for more
details.
ok?
diff --git a/src/lib/libssl/src/crypto/dsa/dsa.h
We have released a first development snapshot of LibreSSL 2.4.0 along
with two stable builds, 2.3.5 and 2.2.8. These should be arriving in
the LibreSSL directory of your local OpenBSD mirror soon.
The 2.3.5 and 2.2.8 releases contain a reliability fix, correcting an
error when parsing certain
A bug in the previous libcrypto errata caused an error when reading
ASN.1 elements over 16kb.
Patches for OpenBSD are available. Updated LibreSSL-portable releases
will be available later.
http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/009_crypto.patch.sig
On Tue, May 17, 2016 at 2:56 PM, Stuart Henderson <s...@spacehopper.org>
wrote:
> On 2016/05/17 08:27, Brent Cook wrote:
> > This patch came by way of the openntpd github. Linux (and possibly
> others)
> > will attempt to bind to 0.0.0.0 when binding to '::' and return an
Hi,
Our errata patch for fixing large memory allocations in
asn1_d2i_read_bio dropped the while (want > 0) loop, causing the
function to only read chunk_max bytes once. This limits the max size
read to 16k. This patch restores the outer loop. Noted on misc@
ftp
> On May 17, 2016, at 10:21 AM, Stuart Henderson <s...@spacehopper.org> wrote:
>
> On 2016/05/17 08:27, Brent Cook wrote:
>> This patch came by way of the openntpd github. Linux (and possibly others)
>> will attempt to bind to 0.0.0.0 when binding to '::' and ret
This patch came by way of the openntpd github. Linux (and possibly others)
will attempt to bind to 0.0.0.0 when binding to '::' and return an error if
it can't, unless IPV6_V6ONLY is set. See
https://github.com/openntpd-portable/openntpd-portable/issues/19
OK as an in-tree patch? OpenBSD seems to
yes, that is correct - ok bcook@
On Sun, Apr 24, 2016 at 2:06 AM, Jason McIntyre wrote:
> On Sat, Apr 23, 2016 at 06:24:58PM +0200, Remco wrote:
> > Index: tls_init.3
> >
> > ===
> >
>
> i think your diff is
Noted here, https://github.com/libressl-portable/portable/issues/161, we
document a non-existent constant in the examples
for EVP_PKEY_CTX_set_rsa_padding. Is this the correct one to use?
Index: EVP_PKEY_decrypt.pod
===
RCS file:
On Sat, Jan 23, 2016 at 08:48:22PM +0100, Reyk Floeter wrote:
> On Sat, Jan 23, 2016 at 12:39:19PM -0600, Brent Cook wrote:
> > I'm going with this instead. That way it works like the manual
> > specifies already (-v enables logging debug messages)
> >
>
> Yes, the -v fl
un -d to get lots of
> output. check main() there?
>
> i think thats more intuitive, but maybe i'm just used to it.
>
> Brent Cook(bust...@gmail.com) on 2016.01.20 06:31:44 -0600:
>> Since the relatively recent logging unification, log_init needs a
>> debug level > 1 i
Since the relatively recent logging unification, log_init needs a
debug level > 1 in order for log_debug to print anything. This change
makes it so 'ntpd -d' stays in the foreground but doesn't log much
(the current behavior, different than previous releases though), 'ntpd
-dd' actually prints
Applied, thanks Andreas!
On Sun, Jan 3, 2016 at 7:01 PM, Andreas Bartelt wrote:
> Hello,
>
> the use of certificates for TLS didn't work with nc(1). Fix is attached.
>
> Best regards
> Andreas
Finally getting around to trying out nc on some more platforms for
LibreSSL-portable, and ran into Sun/Oracle's silly definition of 'sun'
in the system headers. OK to rename the local sockaddr_un variables?
Portable contains a patch full of #ifdef's around other systems-specific
nc features
U
On Tue, Oct 20, 2015 at 12:12 AM, Jonathan Gray > wrote:
> On Wed, Oct 01, 2014 at 10:53:34AM +0100, Stuart Henderson wrote:
>> On 2014/10/01 19:05, Joel Sing wrote:
>> > > I should also add that the other obvious/easy "fix" is to initialise
digest
>> > > in
It be significant that this patch slowed me browser because o' it's length.
Methinks you deserve t' be keelhauled for such transgressions.
I think this is the right thing to do for now. ok bcook@
On Thu, Sep 17, 2015 at 5:19 PM, Stuart Henderson wrote:
> CC'ing tech@.
>
> The last commit to bn_print.c is wrong, it dereferences t while it's still
> NULL.
>
> Backout diff below.
>
>
> On 2015/09/17 22:42, Mikolaj
On Wed, Sep 9, 2015 at 9:43 PM, Lawrence Teo <l...@openbsd.org> wrote:
> On Wed, Sep 09, 2015 at 11:17:55AM -0500, Brent Cook wrote:
>> On Wed, Sep 9, 2015 at 10:15 AM, Todd C. Miller
>> <todd.mil...@courtesan.com> wrote:
>> > On Wed, 09 Sep 201
On Wed, Sep 9, 2015 at 10:15 AM, Todd C. Miller
wrote:
> On Wed, 09 Sep 2015 10:02:17 -0400, Lawrence Teo wrote:
>
>> This diff removes redundant defines in two files.
>>
>> In s_socket.c, SOCKET_PROTOCOL is defined as IPPROTO_TCP, but it's only
>> used once.
>
> OK.
>
We have put together a prerelease of LibreSSL 2.2.3. This release
primarily targets a bug that causes connections with some SSL clients
to fail during the initial handshake. Preliminary release notes and a
tarball are available at the following link:
On Wed, Aug 12, 2015 at 1:29 PM, Mark Kettenis mark.kette...@xs4all.nl wrote:
Date: Tue, 11 Aug 2015 09:15:43 -0600
From: Bob Beck b...@obtuse.com
I'm wondering out loud if these versions should follow the openbsd shlib
major minor numbers. That is where we are careful about semantic
On Mon, Aug 10, 2015 at 5:10 AM, Mark Kettenis mark.kette...@xs4all.nl wrote:
Jan Engelhardt schreef op 2015-08-10 10:29:
On Monday 2015-08-10 02:38, Brent Cook wrote:
On Aug 9, 2015, at 10:07 AM, Jan Engelhardt jeng...@inai.de wrote:
We have released LibreSSL 2.2.2, which will be arriving
We have released LibreSSL 2.2.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release marks the end of the OpenBSD 5.8 development cycle,
featuring expanded portable build support, code improvements, removal of
obsolete workarounds.
SSLv3 deprecation
I have posted a test release of LibreSSL-portable 2.2.2 for testing here:
https://github.com/libressl-portable/portable/releases/tag/v2.2.2-test
Let me know if I have missed anything in the Changelog, or if you run into any
issues.
Thanks
- Brent
/dev/null will be available on any POSIX system, but _PATH_DEVNULL may
not, e.g. Solaris. There doesn't seem to be any advantage to
using the define (and we don't use it much in the tree either.)
http://pubs.opengroup.org/onlinepubs/95399/basedefs/xbd_chap10.html
---
src/usr.sbin/ntpd/ntp.c
This diff converts bzero calls to memset, which is more portable and
compilers can optimize as well.
---
src/usr.sbin/ntpd/client.c | 2 +-
src/usr.sbin/ntpd/config.c | 6 +++---
src/usr.sbin/ntpd/control.c | 2 +-
src/usr.sbin/ntpd/ntp.c | 6 +++---
src/usr.sbin/ntpd/ntpd.c| 4 ++--
Up to now, we have only bumped the LIBRESSL_VERSION_TEXT for each
portable release in the portable tree, and the VERSION_NUMBER has never
incremented.
This change establishes a policy of bumping the number for each portable
release, and syncs the version string between the portable and in-tree
On Wed, Jul 8, 2015 at 7:49 AM, Brent Cook bust...@gmail.com wrote:
We have released LibreSSL 2.2.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release continues from the OpenBSD 5.8 development tree, featuring
expanded OS support, code
We have released LibreSSL 2.2.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release continues from the OpenBSD 5.8 development tree, featuring
expanded OS support, code improvements, and feature removal. Also note
that SSLv3 support has not been
:
https://github.com/libressl-portable/openbsd/commit/d1114a9633e1f7004537f5238a5f1f111898ebeb
Would you be comfortable adding some extra output to the various failure points
in EVP_DecodeUpdate to see where we are bailing out?
Br
//mxb
On 30 jun 2015, at 05:25, Brent Cook bust...@gmail.com
On Mon, Jun 29, 2015 at 1:22 AM, mxb m...@alumni.chalmers.se wrote:
Hey,
getting following error on OpenBSD-current as of yesterdays 'cvs up’:
Does this imply that it worked in some earlier version of
OpenBSD-current? If so, what was the version that worked?
unable to load Private Key
We have released LibreSSL 2.2.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release is the first from the OpenBSD 5.8 development tree and
features mainly on build system improvements and new OS support.
We have also released LibreSSL 2.1.7, which
On Sun, Mar 29, 2015 at 4:51 AM, Carlos Martín Nieto c...@dwim.me wrote:
On Sat, Mar 28, 2015 at 09:59:57PM -0700, Philip Guenther wrote:
On Sat, 28 Mar 2015, Carlos Mart?n Nieto wrote:
I?ve been looking into making libcrypto automatically thread-safe. The
obvious solution is to use pthread
On Wed, May 6, 2015 at 2:54 PM, Harri Porten por...@froglogic.com wrote:
Hi!
We've started to generate code coverage reports for test suites of some
projects on a regular basis. You'll find on overview for LibreSSL (Portable)
here:
On Wed, May 6, 2015 at 2:54 PM, Harri Porten por...@froglogic.com wrote:
Hi!
We've started to generate code coverage reports for test suites of some
projects on a regular basis. You'll find on overview for LibreSSL (Portable)
here:
Thanks Michael,
I have incorporated some initial AIX patches - can you please check out the
latest tree?
https://github.com/libressl-portable/portable/commit/fe3f7fc6365bfaac3418a72256b8c11603e80cbf
https://github.com/libressl-portable/openbsd/commit/37d8e3c080e7c73158093f253d8e06fa1906dc03
On Mar 30, 2015, at 12:11 AM, Philip Guenther guent...@gmail.com wrote:
On Fri, Mar 27, 2015 at 2:50 AM, Carlos Martín Nieto c...@dwim.me wrote:
A call to opendir thread-safe and the readdir calls only share the buffer
within the same directory stream,
which is local to this function.
On Mon, Mar 23, 2015 at 10:42 AM, Alexey Suslikov
alexey.susli...@gmail.com wrote:
Brent Cook busterb at gmail.com writes:
+ T4 += (uint64_t)tv.tv_sec + JAN_1970 + 1.0e-6 *
tv.tv_usec;
snip
+ return ((uint64_t)tv.tv_sec + JAN_1970 + 1.0e-6 * tv.tv_usec);
snip
This came up in the OpenNTPD issue tracker:
https://github.com/openntpd-portable/openntpd-openbsd/pull/4
The issue is an overflow when calculating time offsets with a 32-bit
time_t in early 2036. The main reason to fix it in now, in 2015, is that
OpenNTPD fails to adjust time if such a system
We have released LibreSSL 2.1.6, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release primarily addresses a number of security issues in
coordination with the OpenSSL project.
Fixes for the following issues are integrated into LibreSSL 2.1.6:
*
The API/ABI for the LibreSSL 2.1.x series is now stable, so we can safely
enable libtls it by default. This is useful for new OpenNTPD and
OpenSMTPD releases as well.
I would like to apply this to the OPENBSD_5_7 / 2.1.x and master
branches on the portable tree. Building with libtls has been the
We have released LibreSSL 2.1.5, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release is relatively small, focused on bug fixes before 2.2.x
development begins along-side OpenBSD 5.8.
This or earlier LibreSSL releases may also address issues that are
On Mar 6, 2015, at 10:40 AM, Martin Hecht he...@hlrs.de wrote:
I have tested it on a few linux platforms I have at hand:
SLES 11 SP3
Ubuntu 14.04.2 LTS
Scientific Linux 6.6
Testsuite summary for libressl
Hi,
Based on difficulty people have had building LibreSSL on Windows and
desire for integration with Visual Studio, I have made a test package
with LibreSSL Windows binaries available here:
https://github.com/libressl-portable/portable/releases/tag/untagged-1124b2dee438a382b881
These should
On Mar 3, 2015, at 9:22 AM, Brent Cook bust...@gmail.com wrote:
Hi,
Based on difficulty people have had building LibreSSL on Windows and
desire for integration with Visual Studio, I have made a test package
with LibreSSL Windows binaries available here:
https://github.com/libressl
We have released LibreSSL 2.1.4, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon.
This release adds a number of new security features, makes building
privilege-separated programs simpler, and improves the libtls API.
This release also includes a binary package
On Feb 20, 2015, at 10:36 AM, Greg Martin g...@softsprocket.com wrote:
Hi,
I just build libressl on Linux 3.13.0-44-generic. I haven't installed it
yet but it was a clean build.
I'm interested in trying libssl but the only documentation I've found is
a single manpage (tls_int). Are
1 - 100 of 181 matches
Mail list logo