CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2017/08/29 13:20:13
Modified files:
lib/libssl : ssl_tlsext.c
Log message:
When OCSP status type is unknown, ignore the extension.
This needs to skip past the CBS data or it will be treated as a decode
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2017/08/26 20:58:04
Modified files:
lib/libssl : d1_srtp.c ssl_locl.h ssl_tlsext.c ssl_tlsext.h
t1_lib.c
regress/lib/libssl/tlsext: tlsexttest.c
Log message:
Rewrite SR
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2017/08/26 14:23:46
Modified files:
lib/libssl : ssl_locl.h ssl_tlsext.c ssl_tlsext.h t1_lib.c
regress/lib/libssl/tlsext: tlsexttest.c
Log message:
Rewrite ALPN extension using CBB/CBS and the n
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2017/08/23 09:39:38
Modified files:
lib/libssl : ssl_tlsext.c
Log message:
Work around bug in F5's handling of the supported elliptic curves extension.
RFC 4492 only defines elliptic_curves for ClientHe
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2017/08/13 13:42:33
Modified files:
lib/libcrypto : Makefile
lib/libssl : Makefile
lib/libtls : Makefile
usr.bin/openssl: Makefile
Log message:
Switch to -Werror with clan
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2017/08/13 11:04:36
Modified files:
lib/libssl : ssl_lib.c
Log message:
Make SSL{,_CTX}_set_alpn_protos() do atomic updates and handle NULL.
Previously, the code would accept NULL and 0 length and try t
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2017/08/12 15:17:03
Modified files:
lib/libssl : ssl_tlsext.c ssl_tlsext.h t1_lib.c
regress/lib/libssl/tlsext: tlsexttest.c
Log message:
Rewrite session ticket TLS extension handling using CBB/C
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2017/08/11 14:14:13
Modified files:
lib/libssl : ssl_locl.h ssl_tlsext.c ssl_tlsext.h t1_lib.c
regress/lib/libssl/tlsext: tlsexttest.c
Log message:
Rewrite EllipticCurves TLS extension handling
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2017/08/10 23:06:34
Modified files:
lib/libssl : ssl_locl.h ssl_tlsext.c ssl_tlsext.h t1_lib.c
regress/lib/libssl/tlsext: tlsexttest.c
Log message:
Rewrite the ECPointFormats TLS extension handl
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2016/03/04 09:06:38
Modified files:
lib/libssl/src/crypto/bn: bn.h
Log message:
Revert bn_expand until there's consensus on a fix.
CVSROOT:/cvs
Module name:www
Changes by: d...@cvs.openbsd.org2016/03/02 09:12:00
Modified files:
. : 59.html
Log message:
Fix the function name: EVP_aead_chacha20_poly1305_ietf() for RFC 7539.
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2016/03/01 23:16:11
Modified files:
lib/libssl/src/crypto/bn: bn.h bn_print.c
Log message:
Add bounds checking for BN_hex2bn/BN_dec2bn.
Need to make sure i * 4 won't overflow. Based on OpenSSL:
commit 99b
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2016/03/01 00:04:41
Modified files:
lib/libssl/src/crypto/dsa: dsa_ameth.c
Log message:
Remove support for ancient, broken DSA implementations.
Based on a few OpenSSL commits:
Remove ancient DSA workaround
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/12/11 10:41:37
Modified files:
usr.bin/ssh: ssh-agent.c
Log message:
Add "id" to ssh-agent pledge for subprocess support.
Found the hard way by Jan Johansson when using ssh-agent with X. Also,
rea
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/12/02 01:30:51
Modified files:
usr.bin/ssh: ssh-agent.c
Log message:
Add "cpath" to the ssh-agent pledge so the cleanup handler can unlink().
ok djm@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/27 01:58:00
Modified files:
usr.sbin/nsd : nsd-control.c remote.c
usr.sbin/unbound/daemon: remote.c
usr.sbin/unbound/smallapp: unbound-control.c
usr.sbin/unbound/util: net_
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/25 14:15:06
Modified files:
regress/lib/libssl/bytestring: bytestringtest.c
Log message:
Change test to use length 128 (shortest long-form encoding).
>From BoringSSL commit: d13a5e15d4e4eb51513be665
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/25 10:07:04
Modified files:
lib/libssl/src/ssl: ssl.h
Log message:
Sort the obsolete flags.
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/25 09:58:57
Modified files:
lib/libssl/src/ssl: ssl.h
Log message:
Mark SSL_OP_NO_{COMPRESSION,SSLv2,SSLv3} as obsolete.
For backward compatibility, the flags are redefined as 0.
ok jsing@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/25 09:52:49
Modified files:
lib/libssl/src/ssl: ssl_lib.c
Log message:
Remove last vestige of SSL_OP_NO_SSLv3 support.
No part of LibreSSL checks for this flag any longer.
ok jsing@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/25 09:49:04
Modified files:
lib/libssl/src/ssl: s23_srvr.c
Log message:
Simplify ssl23_get_client_hello error handling.
ssl23_get_client_hello sets type=1 on error and continues processing.
It shoul
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/21 23:28:42
Modified files:
games/hangman : main.c
Log message:
Pledge "stdio rpath tty" for hangman(6).
Patch submitted by Ricardo Mestre
ok semarie@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/21 00:37:25
Modified files:
etc: moduli
usr.bin/ssh/moduli-gen: Makefile
Removed files:
usr.bin/ssh/moduli-gen: moduli.1536
Log message:
Remove Diffie-Hellman moduli ent
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/18 05:27:17
Modified files:
regress/bin/systrace/id: id.policy
Log message:
Need native-pledge for id.
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/17 19:07:19
Modified files:
sys/kern : kern_pledge.c
Log message:
Allow read/write access to /dev/tty when using "tty" pledge.
Without this change, you need "rpath" and "wpath" to open /dev/tt
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/17 09:00:11
Modified files:
usr.bin/openssl: asn1pars.c ca.c certhash.c ciphers.c cms.c
crl.c crl2p7.c dgst.c dh.c dhparam.c dsa.c
dsaparam.c ec.c ec
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/16 00:40:53
Modified files:
sys/kern : kern_pledge.c
Log message:
Add TIOCCBRK and TIOCSDTR to the whitelist for pledge ioctl.
cu(1) uses these.
ok deraadt@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/15 23:55:23
Modified files:
usr.sbin/identd: identd.c
Log message:
Pledge support for the parent/resolver in identd(8).
This limits the resolver to just "stdio getpw" or "stdio getpw rpath"
dependin
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/15 23:35:19
Modified files:
usr.bin/ftp: main.c
Log message:
Pledge for ftp(1) in non-interactive mode.
We will iterate and remove some of the pledges in the future. This is
conservative for no
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/14 02:12:12
Modified files:
games/banner : banner.c
games/bcd : bcd.c
games/caesar : caesar.c
games/factor : factor.c
games/morse: morse.c
ga
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/13 01:10:38
Modified files:
sbin/nologin : nologin.c
Log message:
Pledge "stdio rpath" requests for nologin.
ok deraadt@
"reads ok" semarie@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/13 01:03:26
Modified files:
usr.bin/yes: yes.c
Log message:
Obvious pledge "stdio" for yes.
ok deraadt@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/12 18:03:42
Modified files:
sys/kern : kern_pledge.c
Log message:
Pledge "fattr" request should allow fchflags().
"add it" deraadt@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/11 13:00:40
Modified files:
sbin/ncheck_ffs: ncheck_ffs.c
Log message:
Pledge that ncheck_ffs only uses "stdio" after opening the device.
ok deraadt@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/10 16:36:46
Modified files:
bin/ln : ln.c
Log message:
Pledge that ln only needs "stdio rpath cpath".
ok deraadt@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/10 16:32:55
Modified files:
games/arithmetic: arithmetic.c
Log message:
Pledge that arithmetic only takes "stdio".
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/10 16:28:51
Modified files:
usr.bin/openssl: apps.h asn1pars.c ca.c certhash.c ciphers.c
cms.c crl.c crl2p7.c dgst.c dh.c dhparam.c
dsa.c dsaparam.c
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/10 15:50:05
Modified files:
usr.bin/getent : getent.c
Log message:
Fix YP user and group support in getent(1).
These should have been "stdio getpw" before, but they worked for non-YP
environments.
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/10 15:15:25
Modified files:
bin/kill : kill.c
Log message:
Kill pledges to only use "stdio proc".
deraadt@ notes that kill now works because of improved kernel semantics.
For full kill(1) func
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/10 12:14:20
Modified files:
usr.bin/encrypt: encrypt.c
Log message:
encrypt(1) also needs to pledge "wpath" for getpass().
getpass() opens /dev/tty RW so it can write the prompt.
ok deraadt@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/10 14:04:28
Modified files:
usr.bin/awk: main.c
Log message:
Add pledge support in awk and make awk -safe actually safe.
awk -safe was introduced back in 1997 to stop awk from doing file output,
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/09 23:35:22
Modified files:
usr.bin/cmp: cmp.c
Log message:
Add pledge support to cmp(1).
This is a simple case of using "stdio rpath" until all files are opened and
then dropping down to "stdio
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/09 23:26:57
Modified files:
usr.bin/getent : getent.c
Log message:
Add pledge support to getent(1).
This pledges the superset of all requests for the various getent databases
and then drops to the m
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/03 00:47:32
Modified files:
lib/libssl/src/ssl: ssl_lib.c
Log message:
SSL_new(): fix ref counting and memory leak in error path.
Rather than a half-hearted attempt to free up resources and fix
ref
CVSROOT:/cvs
Module name:www
Changes by: d...@cvs.openbsd.org2015/10/02 04:05:48
Modified files:
libressl : papers.html
Log message:
Add Bob's FSec 2015 presentation.
CVSROOT:/cvs
Module name:www
Changes by: d...@cvs.openbsd.org2015/10/02 03:54:49
Modified files:
libressl : patches.html
Log message:
Fix a few typos.
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/10/01 17:50:37
Modified files:
sys/kern : kern_tame.c
Log message:
Fix tame(2) setsockopt check for TCP level.
ok deraadt@, semarie@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/09/29 22:10:07
Modified files:
lib/libssl/src/crypto: ossl_typ.h
Log message:
Remove support for NO_ASN1_TYPEDEFS.
This ifdef was introduced 15 years ago and was known to cause problems
with STACK_OF()
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/09/28 19:07:56
Modified files:
regress/lib/libcrypto/sha2: Makefile
Log message:
Fix sha2 regression test for libcrypto.
By default, "openssl sha" used SHA-0. However, it was possible to use
the form
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/09/13 19:45:03
Modified files:
lib/libcrypto/crypto: Makefile
lib/libcrypto/man: Makefile
lib/libssl/src/crypto: opensslfeatures.h
lib/libssl/src/crypto/evp: c_all.c evp.h
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/09/13 17:42:29
Modified files:
lib/libcrypto/crypto: shlib_version
lib/libssl/ssl : shlib_version
lib/libtls : shlib_version
Log message:
Crank major version due to removal of SHA-
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/09/13 17:36:21
Modified files:
lib/libcrypto/crypto: Makefile
lib/libcrypto/man: Makefile
lib/libssl/src/crypto: opensslfeatures.h
lib/libssl/src/crypto/evp: c_all.c evp.h
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/09/13 15:09:56
Modified files:
lib/libcrypto/crypto: Makefile
lib/libssl/src/crypto: opensslfeatures.h
lib/libssl/src/crypto/evp: c_all.c evp.h
lib/libssl/src/crypto/sha: sha.h
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/09/12 10:10:08
Modified files:
lib/libssl/src/ssl: d1_clnt.c s3_clnt.c s3_lib.c s3_pkt.c
s3_srvr.c ssl_lib.c t1_lib.c
Log message:
Remove most of the SSLv3 version checks an
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/08/29 11:15:52
Modified files:
lib/libssl/src/ssl: s23_clnt.c s23_meth.c s23_srvr.c ssl_locl.h
Log message:
Now that SSLv3 is going away, TLS_* and SSLv23 are equivalent.
Remove the TLS method data and
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/08/29 10:53:23
Removed files:
lib/libssl/src/ssl: s3_meth.c
Log message:
Delete s3_meth.c since it was only for SSLv3 support.
ok jsing@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/08/29 10:51:17
Modified files:
lib/libssl/src/ssl: s3_clnt.c s3_srvr.c
lib/libssl/ssl : Makefile
Log message:
Remove SSLv3 method data structs and unlink s3_meth.c from the build.
ok jsing@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/08/27 01:19:17
Modified files:
regress/lib/libssl/ciphers: cipherstest.c
regress/lib/libssl/ssl: ssltest.c testssl
Log message:
Remove SSLv3 support from LibreSSL regression tests.
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/08/27 00:22:56
Modified files:
lib/libssl/ssl : shlib_version
lib/libtls : shlib_version
Log message:
Crank major version for libssl and libtls due to SSLv3 removal.
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/08/27 00:21:15
Modified files:
lib/libssl/src/crypto: opensslfeatures.h
lib/libssl/src/ssl: s23_clnt.c s23_meth.c s23_srvr.c s3_clnt.c
s3_lib.c s3_meth.c s3_srvr.c ss
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/08/25 23:55:53
Modified files:
lib/libc/sys : tame.2
sys/kern : kern_tame.c
Log message:
Add TIOCGETA to the tame list for TAME_IOCTL.
This is used by readpassphrase() and curses.
ok
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/08/25 23:40:40
Modified files:
sys/sys: syscall.h syscallargs.h
sys/kern : init_sysent.c syscalls.c
Log message:
regen
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/08/25 23:20:06
Modified files:
lib/libc/sys : tame.2
sys/kern : kern_tame.c syscalls.master
sys/sys: syscallargs.h tame.h
Log message:
Convert paths argument of tame(2)
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/08/24 00:17:48
Modified files:
sys/kern : kern_tame.c
Log message:
Initialize cwdpath so free() is properly handled.
ok deraadt@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/08/22 10:01:05
Modified files:
usr.bin/doas : doas.c
Log message:
Add cwd context to syslog entry.
input + ok tedu@, ok benno@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/08/21 01:26:09
Modified files:
lib/libc/sys : tame.2
sys/kern : kern_tame.c
Log message:
Whitelist TIOCGPGRP (for tcgetpgrp()) in TAME_IOCTL.
Requested by Sunil Nimmagadda to help tame
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/30 18:35:06
Modified files:
lib/libssl/src/ssl: d1_srtp.c
Log message:
Fix SRTP parsing.
jsing@ noticed that during the CBS conversion, an extra CBS_len
comparison was introduced. It should be 0 af
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/24 01:57:48
Modified files:
lib/libssl/src/ssl: ssl_locl.h t1_lib.c
Log message:
Convert tls1_process_ticket to CBS.
ok miod@ jsing@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/23 21:50:12
Modified files:
lib/libssl/src/ssl: t1_lib.c
Log message:
Convert tls1_process_sigalgs to CBS.
ok miod@ jsing@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/23 20:39:43
Modified files:
lib/libssl/src/ssl: s3_pkt.c
Log message:
Convert ssl3_get_record to CBS.
ok miod@ jsing@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/22 23:44:40
Modified files:
lib/libc/sys : tame.2
Log message:
Sync with kernel TIOCGWINSZ change.
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/22 20:57:51
Modified files:
sys/kern : kern_tame.c
Log message:
Replace TIOCSWINSZ with TIOCGWINSZ in tame(2).
ok deraadt@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/20 21:34:38
Modified files:
lib/libssl/src/ssl: ssl_sess.c
Log message:
Remove duplicate check in libssl.
If len == 0, it already set try_session_cache so there's no need to
check len again. Fixes
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/20 17:15:28
Modified files:
lib/libssl/src/crypto/bio: bss_dgram.c
Log message:
Correct #if/else logic in BIO's dgram_ctrl.
Coverity issue 72741 noticed that ret is being overwritten before use.
The
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/20 15:56:47
Modified files:
usr.bin/openssl: ecparam.c
Log message:
No need to recheck for NULL in openssl(1) ecparam.
Fixes Coverity issue 78802.
ok bcook@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/20 15:55:13
Modified files:
usr.bin/openssl: speed.c
Log message:
Don't try to run ECDH if ecdh_checks fails in openssl(1) speed.
Coverity 72744 noticed that rsa_count was overwitten. The underlyin
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/20 15:52:07
Modified files:
usr.bin/openssl: s_cb.c
Log message:
Avoid NULL deref in openssl(1) s_cb.
Fixes Coverity issue 24956.
ok bcook@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/20 12:31:01
Modified files:
usr.bin/openssl: s_server.c
Log message:
Avoid possible NULL deref in openssl(1) s_server.
Fixes Coverity issue 78873.
ok miod@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/20 11:10:45
Modified files:
usr.bin/openssl: dgst.c
Log message:
Avoid dereferencing a NULL.
Move NULL check before use. Fixes Coverity issue 21746.
ok miod@ jsing@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/20 10:48:11
Modified files:
usr.bin/openssl: pkcs7.c
Log message:
Remove condition that never happens and fix error handling.
There were two issues here:
1) in == NULL is never true because it's ch
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/19 21:28:04
Modified files:
usr.bin/openssl: apps.c
Log message:
Check return value for ENGINE_ctrl and ENGINE_ctrl_cmd.
Fixes Coverity issue 21645.
ok bcook@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/19 21:22:25
Modified files:
usr.bin/openssl: s_socket.c
Log message:
Check return value in openssl(1) s_socket.
Fixes Coverity issue 21655.
ok bcook@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/19 21:02:46
Modified files:
usr.bin/openssl: ecparam.c
Log message:
Remove check that is never true.
Fixes coverity issue 78799 as group == NULL was already an error
condition above here.
ok beck@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/19 20:41:10
Modified files:
usr.bin/openssl: apps.c
Log message:
Warn when rename() fails in openssl(1) apps.
Fixes Coverity issues 78795 and 78803.
ok bcook@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/19 16:34:27
Modified files:
lib/libcrypto/crypto: Makefile shlib_version
lib/libssl/src/crypto: opensslfeatures.h
lib/libssl/src/crypto/engine: eng_all.c engine.h
lib/libssl/
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/19 14:32:19
Modified files:
lib/libssl/src/ssl: d1_both.c d1_lib.c s3_enc.c ssl_lib.c
t1_lib.c
Log message:
Allow *_free() functions in libssl to handle NULL input.
This
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/19 01:34:52
Modified files:
lib/libssl/src/ssl: s3_clnt.c
Log message:
Convert ssl3_get_certificate_request to CBS.
ok miod@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/19 01:30:06
Modified files:
lib/libssl/src/ssl: s23_clnt.c s23_meth.c s23_srvr.c ssl_locl.h
Log message:
Fix symbol collision with libtls.
Pointed out by guenther.
ok guenther@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/19 00:31:32
Modified files:
lib/libssl/src/ssl: s23_clnt.c s23_meth.c s23_srvr.c ssl.h
ssl_locl.h
Log message:
Add TLS_method, TLS_client_method and TLS_server_method.
U
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/19 00:23:51
Modified files:
lib/libssl/src/ssl: s3_lib.c ssl3.h
lib/libssl/ssl : shlib_version
Log message:
Crank major and remove legacy variables.
Libtls is riding this crank.
ok miod@ b
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/18 23:50:47
Modified files:
usr.bin/openssl: ca.c
Log message:
Free memory when finished.
Fixes coverity 78835.
ok bcook@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/18 23:49:27
Modified files:
lib/libtls : tls_init.3
Log message:
Add documentation on how to use TLS_{READ,WRITE}_AGAIN.
ok beck@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/18 21:28:26
Modified files:
usr.bin/openssl: s_socket.c
Log message:
Only close descriptor if not already closed.
Fixes coverity 78916.
ok miod@ bcook@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/18 21:18:10
Modified files:
usr.bin/openssl: x509.c
Log message:
Free variable before potentially reusing.
Fixes coverity 78824.
ok bcook@ miod@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/18 21:14:09
Modified files:
usr.bin/openssl: rsautl.c
Log message:
Free passin on error.
Fixes coverity 78826.
ok miod@ bcook@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/18 19:44:16
Modified files:
lib/libssl/src/crypto/x509: x509_vfy.c
Log message:
Simplify X509_STORE_CTX_init and make it safe with stack variables.
The current version is not safe with stack variabl
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/18 19:20:32
Modified files:
lib/libssl/src/crypto/x509v3: v3_pci.c
Log message:
Remove case that can never happen.
It's a little convoluted due to gotos, but at that point, pci is always
NULL. Spot
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/18 19:10:25
Modified files:
usr.bin/openssl: ca.c
Log message:
Remove effectively unused variable.
Fixes Coverity issue 21693.
ok beck@ bcook@
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/18 19:07:40
Modified files:
lib/libssl/src/ssl: d1_pkt.c
Log message:
Assign p to CBS_data since it is used later.
The p initialization was hiding this bug but Coverity 126279 saw it.
ok miod@ bcoo
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2015/07/18 17:00:23
Modified files:
lib/libssl/src/ssl: d1_both.c d1_pkt.c ssl_locl.h
Log message:
Convert dtls1_get_message_header to CBS and change to int.
Changed return value from void to int. It shoul
1 - 100 of 319 matches
Mail list logo
