This switches libcrypto and libssl to use endian.h over
machine/endian.h, easing some portability contortions. The Austin group
works in mysterious ways, but endian.h also might be a POSIX
standard in the wings, whatever 'Applied' means.
https://www.austingroupbugs.net/view.php?id=162
ok?
diff --
On Fri, Mar 26, 2021 at 1:56 PM Alexander Bluhm wrote:
>
> On Mon, Mar 22, 2021 at 08:38:23PM -0500, Brent Cook wrote:
> > In the next version of Linux glibc, SIGSTKSZ is defined at runtime if
> > source is built with _GNU_SOURCE. On LibreSSL-portable, this is set to
>
In the next version of Linux glibc, SIGSTKSZ is defined at runtime if
source is built with _GNU_SOURCE. On LibreSSL-portable, this is set to
bring in asprintf/vasprintf, which causes the explicit_bzero test to
fail to compile since the size of SIGSTKSZ is no longer known at compile
time. This adjus
This updates the getentropy implementation for Windows to use the newer
"Cryptography Next Generation APIs", replacing CryptGenRandom, which
already has been removed from applications built for the Windows Store.
Tested with libressl-portable, it passes all regression tests. Details
of the API a
ok bcook@
On Thu, Nov 5, 2020 at 6:16 AM Claudio Jeker wrote:
>
> Since newer compilers default to -fno-common fix bgpd to not depend on
> common symbols. The last few ones can just be converted to static symbols
> since these are only used in the RDE or SE main code.
> With the previous diffs an
Sure, looks fine in this micro context so maybe someone copying code from
here as an example will do better. Though note that wider-scoped key/iv
still contain the key material after EVP_CipherInit_ex and so on.
Doesn't appear we've sprinkled many explicit_bzero's into openssl(1) in
general given
Hi,
I haven’t looked deeply into this, but there was a reported issue with OCSP
stapling with Nginx between the LibreSSL portable releases 2.9.0 and 2.9.1
(which would have been between December 15th, 2018 and April 21st, 2019)
Reposting here for visibility:
https://github.com/libressl-portabl
On Thu, Feb 14, 2019 at 4:21 PM Ted Unangst wrote:
> Alexander Bluhm wrote:
> > GNU dd has the conv=fsync feature which does an fsync(2) after final
> > write to output. I find this useful for write performance measurement
> > through the file system without buffer cache optimization. Others
>
This makes sense, ok bcook@
On Wed, Oct 17, 2018 at 6:28 PM Theo Buehler wrote:
> The spec, https://tools.ietf.org/html/rfc3394, section 2, states that
> we need at least two 64 bit blocks for wrapping and, accordingly, three
> 64 bit blocks for unwrapping. That is: we need at least 16 bytes for
add a
> compiler define like -D HAVE_CLOCK_GETTIME in the linking project to avoid
> a conflict.
>
> > On 29 May 2018, at 12:48, Brent Cook wrote:
> >
> > On Thu, May 24, 2018 at 10:10:58AM +, Cameron Palmer wrote:
> >> It is beneficial for projects
ok bcook@
On Mon, May 28, 2018 at 3:23 PM, Theo Buehler wrote:
> This is the first trivial part of the last batch of diffs catching up
> with OpenSSL's const additions.
>
> As usual, sthen kindly ran the whole diff through a ports bulk build.
>
> Only this small change caused some fallout, namel
On Mon, Feb 12, 2018 at 09:27:16AM -0600, ed...@pettijohn-web.com wrote:
> Has there been any discussion of packaging libtls separately from libressl
> for portable use? With my limited skills I was able to write a program to
> talk to smtpd and starttls using nothing but the manuals. I seriously
On Thu, May 24, 2018 at 10:10:58AM +, Cameron Palmer wrote:
> It is beneficial for projects that depend on LibreSSL libraries and are built
> with CMake to use target_link_libraries and automatically receive the PUBLIC
> or INTERFACE headers without needing to specify include_directories. Thi
ok bcook@
On Wed, May 23, 2018 at 2:11 AM, Theo Buehler wrote:
> Very minor polishing, really:
>
> Since we converted EVP_PKEY_asn1_new() to using calloc(), there's no
> need to set the structure to zero manually with an odd spelling of NULL.
> Besides, the list of zeroed members is incomplete:
ok bcook@
On Fri, May 18, 2018 at 9:13 AM, Theo Buehler wrote:
> On Fri, May 18, 2018 at 04:03:16PM +0200, Theo Buehler wrote:
> > Simple diff that adds const qualifiers to the X509_CRL *x and
> > ASN1_OBJECT *obj arguments of X509_CRL_get_ext_count(3),
> > X509_CRL_get_ext_by_NID(3), X509_CRL_g
Looks good, ok bcook@
On Wed, Apr 25, 2018 at 3:22 AM, Theo Buehler wrote:
> This is the second, larger part of the diff that was part of sthen's
> i386 bulk and it had no fallout. It adds const like OpenSSL to most of
> the public API exposed in asn1.h and needs some adjustments in internal
> f
Nice to see the "const unsigned char *p = d;" hackery going away. ok bcook@
On Tue, Apr 24, 2018 at 2:50 PM, Theo Buehler wrote:
> OpenSSL started adding const to functions all over the place. The patch
> below makes all our libssl functions match theirs wrt const, except for
> BIO_f_ssl(3). I p
OK bcook@
On Mon, Apr 23, 2018 at 3:27 AM, Theo Buehler wrote:
> This is a practically unused function (both in our tree and globally),
> but it is the only remaining public *_free() function in libcrypto that
> segfaults on being passed NULL. I'll of course add it to the regress
> tests should
ok bcook@
On Thu, Apr 5, 2018 at 12:06 PM, Theo Buehler wrote:
> If EVP_Digest() fails, str is leaked.
>
> This is part of the combo-diff 83b4049ab75e9da1815e9c854a9297bca3d4af6b
> some more of which may also apply to us, but I'm still disentangling it.
> See also https://github.com/openssl/open
Thanks guys. This will make enabling this on the odder platforms in
portable easier.
On Fri, Nov 24, 2017 at 7:03 AM, Scott Cheloha
wrote:
> > On Nov 24, 2017, at 6:58 AM, Jeremie Courreges-Anglas
> wrote:
> >
> > On Wed, Nov 22 2017, Scott Cheloha wrote:
> >> Whoops, ignore that last patch, i
Thank you Jan. This is a good thing to fix, but I had a hard time envisioning a
security issue with it. Will see about backporting it though.
Regards
- Brent
> On Oct 26, 2017, at 6:50 PM, Jan Engelhardt wrote:
>
>
> libressl-2.6.2 is susceptible to an out-of-bounds read:
>
> #include
> in
OPENSSL_NO_EC_NISTP_64_GCC_128 has been defined in opensslfeatures.h for a
long time, which effectively means that ecp_nistp* are all empty files. So,
there is no reason to build them in the first place. OK?
Index: Makefile
===
RCS fi
We have made two new portable OpenNTPD releases today. These should be
arriving soon in the OpenNTPD directory of an OpenBSD mirror near you.
OpenNTPD 6.1p1 represents the version shipped with OpenBSD 6.1. It
provides a number of new features and reliability improvements.
OpenNTPD 6.2p1 is the fi
announce at openbsd.org
Thu, 13 Jul 2017 10:41:48 -0500
On Wed, Jan 4, 2017 at 5:12 AM, Mark Kettenis
wrote:
> > Date: Wed, 4 Jan 2017 11:04:43 +0100
> > From: Patrick Wildt
> >
> > On Tue, Jan 03, 2017 at 02:16:25PM -0500, Ted Unangst wrote:
> > > Patrick Wildt wrote:
> > > >
> > > > Maybe they want to support older binutils that do not support the
Looks good to me, ok bcook@
On Sat, Dec 31, 2016 at 2:45 PM, Stuart Henderson
wrote:
> Since there wasn't much interest in that (which unbreaks e.g.
> https://www.nginx.com),
> here's a longer diff that syncs with Mozilla's release branch for those CA
> organisations
> which we currently carry.
OK bcook@
On Fri, Dec 2, 2016 at 10:29 AM, Rafael Zalamena
wrote:
> On Sat, Oct 01, 2016 at 07:05:51PM +0200, Rafael Zalamena wrote:
> > The ntpd(8) constraint fork+exec diff changed the way the constraint
> > processes are created, but then it introduced new calloc()s to avoid
> > increasing di
OK bcook@, looks fine for portable too.
> On Nov 4, 2016, at 11:02 AM, Tom Cosgrove
> wrote:
>
Miod Vallat 4-Nov-16 08:53 >>>
>>
>> I386_ONLY was used to prefer a different assembler sequence in the
>> sha512 code, which would be faster on 80386 processors, but slower on
>> 80486 and abov
> On Oct 7, 2016, at 2:52 PM, Otto Moerbeek wrote:
>
> On Fri, Oct 07, 2016 at 02:33:13PM -0500, Brent Cook wrote:
>
>>
>>> On Oct 7, 2016, at 12:18 PM, Ted Unangst wrote:
>>>
>>> Kinichiro Inoguchi wrote:
>>>> I think this 16 bytes
> On Oct 7, 2016, at 12:18 PM, Ted Unangst wrote:
>
> Kinichiro Inoguchi wrote:
>> I think this 16 bytes string assignment has boundary issue.
>>
>>static const char sigma[16] = "expand 32-byte k";
>>
>> I found this when I tried to build libressl-portable with MSVC on Windows.
>
> anothe
On Sun, Oct 02, 2016 at 08:50:39AM -0500, Brent Cook wrote:
> On Sat, Oct 1, 2016 at 7:12 PM, Ted Unangst wrote:
>
> > Kinichiro Inoguchi wrote:
> > > I would like to cast the return variable explicitly in tls_load_file().
> > > This fix also avoiding Intel
On Sat, Oct 1, 2016 at 7:12 PM, Ted Unangst wrote:
> Kinichiro Inoguchi wrote:
> > I would like to cast the return variable explicitly in tls_load_file().
> > This fix also avoiding Intel C++ compiler "assertion failed" described
> here.
> > https://github.com/libressl-portable/portable/issues/20
ok
On Sun, Oct 2, 2016 at 12:34 AM, David Gwynne wrote:
> this gets rid of a linker warning.
>
> the impression i get is that EVP_CipherFinal_ex explicitely does
> not do cleanup of the cipher context thing, while EVP_CipherFinal
> could if it wanted to.
>
> ok?
>
> Index: usm.c
> ==
Looks fine to me. Shall I commit it?
On Thu, Sep 15, 2016 at 2:32 AM, Kinichiro Inoguchi <
kinichiro.inogu...@gmail.com> wrote:
> Sorry, I attached wrong patch file.
> I re-post the patch file again.
>
> On Thu, Sep 15, 2016 at 04:10:55PM +0900, Kinichiro Inoguchi wrote:
> > Hi,
> >
> > I would l
On Wed, Sep 14, 2016 at 6:41 AM, Tobias Pape wrote:
> Hi
>
> On 14.09.2016, at 13:37, Brent Cook wrote:
>
> >
> > Once the expectations of the callbacks are finalized, this needs a good
> explanation in the manual.
>
>
> Ok, how would I do that best?
>
Thanks!
On Wed, Sep 14, 2016 at 4:48 AM, wrote:
> Hi again,
>
> On 07.09.2016, at 18:08, tob...@netshed.de wrote:
> [..]
> >> On 05.09.2016, at 15:50, bust...@gmail.com wrote:
> >>
> >>> Hey, the typedef came in handy :) Ok bcook@
> >>>
> >>> On Sep 5, 2016, at 11:52 AM, Bob Beck wrote:
> >>>
On Sun, Sep 04, 2016 at 05:57:54AM -0400, Ted Unangst wrote:
> Brent Cook wrote:
> > @@ -246,14 +252,18 @@ An already existing socket can be upgrad
> > .Fn tls_connect_socket .
> > Alternatively, a secure connection can be established over a pair of
> > existing
>
On Sun, Jul 17, 2016 at 01:32:43PM +0200, Tobias Pape wrote:
> Hi all,
>
> I'm Tobias and fond of using libtls.
> I have a certain use case, where I want to do TLS/SSL but
> can only work with buffers/callbacks and not sockets or FDs.
> In p(l)ain openssl, this is doable, but not nice. Libtls
> doe
No objection here. Anyone else?
> On Aug 25, 2016, at 8:54 AM, Guenther Niess wrote:
>
> Hi,
>
> is there a reason why the Camellia cipher suits with SHA2 HMAC is not
> supported?
>
> I added them and tested the result with an Nginx server and the s_client
> command.
>
> I would like to have
We have released LibreSSL 2.4.2 and 2.3.7, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
LibreSSL 2.4.2 is based on the new OpenBSD 6.0 release branch, and is
now the current stable version. LibreSSL 2.3.7 is based on the previous
OpenBSD 5.9 release, and will
I didn't notice it at first, because the patch wasn't inline, but the union
here needed to be initialized with memset or use a different kind of
initializer.
I went with the memset on top of your patch:
--- bn_nist.c 17 Jul 2016 21:21:40 - 1.16
+++ bn_nist.c 17 Jul 2016 22:00:45 -000
On Tue, Jul 12, 2016 at 6:41 AM, Miod Vallat wrote:
> >> Noted by VS2013, const values should be initialized (though I think
> >> the 'static' should also implicitly zero).
> >
> > this sounds like the compiler doesn't know C?
>
> He is talking about Visual Studio. The C part of that piece of shi
Noted by VS2013, const values should be initialized (though I think
the 'static' should also implicitly zero).
This also removes some unused code that also contained uninitialized
static consts.
ok?
Index: evp/e_chacha20poly1305.c
=
sure, this makes it easier to patch in the right path in portable as well
On Thu, Jul 7, 2016 at 7:23 AM, Kinichiro Inoguchi <
kinichiro.inogu...@gmail.com> wrote:
> Hi,
>
> I would like to add error check for CAfile loading
> since some OS doesn't have /etc/ssl/cert.pem.
>
> Best regards,
> Kini
I copied some of the commit text here from BoringSSL, but it's wrong for
LibreSSL it seems.
BN_ULLONG is not defined on all 64-bit systems as far as I can tell. So, this
fix is more widely applicable than Win64 for LibreSSL.
Any comments?
- Brent
> On Jun 30, 2016, at 8:40 AM, Br
On systems where we do not have BN_ULLONG (notably Win64), BN_mod_word()
can return incorrect results if the supplied modulus is too big.
Note now that BN_mod_word may fail, like BN_div_word. Handle this
properly and document in the man page.
Thanks to Brian Smith for pointing out these fixes fro
As a precedent, nc has a conversational, specific style of error
reporting when a socketopt fails. With the IPv4/6-specific options, we
refactored the code to the point that the error messages are less
specific and maybe misleading (e.g. setting ToS on an IPv6 socket).
This patch makes the per-add
This is something I noticed while reviewing this report:
https://github.com/libressl-portable/portable/issues/200
In the event of a failure in _rs_allocate for rsx, we still return the
freed memory for rs. Not a huge deal since we subsequently abort in
_rs_init, but it looks strange on its own.
On Sun, Jun 26, 2016 at 12:22 PM, Brent Cook wrote:
> On Sun, Jun 26, 2016 at 06:26:36AM +, César Pereida wrote:
> >
> > On Sun, Jun 26, 2016, 8:19 AM Brent Cook wrote:
> >
> > > Hmm, on second review, something seems odd.
> > >
> > > César, w
On Sun, Jun 26, 2016 at 06:26:36AM +, César Pereida wrote:
>
> On Sun, Jun 26, 2016, 8:19 AM Brent Cook wrote:
>
> > Hmm, on second review, something seems odd.
> >
> > César, why does this patch also replace all of the stack-allocated
> > BIGNUM'
On Sun, Jun 26, 2016 at 12:00:51AM -0500, Brent Cook wrote:
> On Sat, Jun 25, 2016 at 07:19:09PM -0600, Bob Beck wrote:
> > If we are going to delete it, lets just do so
> >
> > IMO we can commit this removing the define. bets are we see nothing in
> > ports for fallou
On Sat, Jun 25, 2016 at 07:19:09PM -0600, Bob Beck wrote:
> If we are going to delete it, lets just do so
>
> IMO we can commit this removing the define. bets are we see nothing in
> ports for fallout so lets just blow it away
>
Sounds good, I'll commit this:
Index: src/crypto/dh/dh.h
=
obably #ifndef
> LIBRESSL_INTERNAL - and failing that should
> we nuke them and bump majors?
>
>
> On Wed, Jun 22, 2016 at 7:44 AM, Brent Cook wrote:
> > This is another patch from César Pereida that disables the DH and RSA
> > non-constan
This is another patch from César Pereida that disables the DH and RSA
non-constant-time flags as well.
ok?
Index: src/crypto/dh/dh.h
===
RCS file: /cvs/src/lib/libssl/src/crypto/dh/dh.h,v
retrieving revision 1.16
diff -u -p -u -p -r1
No problem, I undid that bit.
Thanks all.
On Mon, Jun 20, 2016 at 11:32 AM, Ted Unangst wrote:
> Brent Cook wrote:
> > diff --git a/src/lib/libssl/src/crypto/dsa/dsa_key.c
> b/src/lib/libssl/src/crypto/dsa/dsa_key.c
> > index 2968fa2..e01bacb 100644
> > --- a/src/l
This fixes a bug where the default certificate path locations would only
be loaded if the CAfile or CApath locations were succesfully loaded
first. Original patch from OpenSSL:
https://github.com/openssl/openssl/commit/fe9b85c3cb79f1e29e61f01de105b34ce8177190
Noted here on the LibreSSL-portable
Hi,
This is a patch from Cesar Pereida, removing support for
DSA_FLAG_NO_EXP_CONSTTIME by making DSA always operate in constant time.
See https://github.com/libressl-portable/openbsd/pull/61 for more
details.
ok?
diff --git a/src/lib/libssl/src/crypto/dsa/dsa.h
b/src/lib/libssl/src/crypto/dsa/
We have released a first development snapshot of LibreSSL 2.4.0 along
with two stable builds, 2.3.5 and 2.2.8. These should be arriving in
the LibreSSL directory of your local OpenBSD mirror soon.
The 2.3.5 and 2.2.8 releases contain a reliability fix, correcting an
error when parsing certain ASN.
A bug in the previous libcrypto errata caused an error when reading
ASN.1 elements over 16kb.
Patches for OpenBSD are available. Updated LibreSSL-portable releases
will be available later.
http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/009_crypto.patch.sig
http://ftp.openbsd.org/pub/OpenB
On Tue, May 17, 2016 at 2:56 PM, Stuart Henderson
wrote:
> On 2016/05/17 08:27, Brent Cook wrote:
> > This patch came by way of the openntpd github. Linux (and possibly
> others)
> > will attempt to bind to 0.0.0.0 when binding to '::' and return an error
> if
>
Hi,
Our errata patch for fixing large memory allocations in
asn1_d2i_read_bio dropped the while (want > 0) loop, causing the
function to only read chunk_max bytes once. This limits the max size
read to 16k. This patch restores the outer loop. Noted on misc@
ftp http://ccd.serpro.gov.br/lcr/ac
> On May 17, 2016, at 10:21 AM, Stuart Henderson wrote:
>
> On 2016/05/17 08:27, Brent Cook wrote:
>> This patch came by way of the openntpd github. Linux (and possibly others)
>> will attempt to bind to 0.0.0.0 when binding to '::' and return an error if
>>
This patch came by way of the openntpd github. Linux (and possibly others)
will attempt to bind to 0.0.0.0 when binding to '::' and return an error if
it can't, unless IPV6_V6ONLY is set. See
https://github.com/openntpd-portable/openntpd-portable/issues/19
OK as an in-tree patch? OpenBSD seems to
yes, that is correct - ok bcook@
On Sun, Apr 24, 2016 at 2:06 AM, Jason McIntyre wrote:
> On Sat, Apr 23, 2016 at 06:24:58PM +0200, Remco wrote:
> > Index: tls_init.3
> >
> > ===
> >
>
> i think your diff is correct - in -r1.33 beck
Noted here, https://github.com/libressl-portable/portable/issues/161, we
document a non-existent constant in the examples
for EVP_PKEY_CTX_set_rsa_padding. Is this the correct one to use?
Index: EVP_PKEY_decrypt.pod
===
RCS file: /cvs
On Sat, Jan 23, 2016 at 08:48:22PM +0100, Reyk Floeter wrote:
> On Sat, Jan 23, 2016 at 12:39:19PM -0600, Brent Cook wrote:
> > I'm going with this instead. That way it works like the manual
> > specifies already (-v enables logging debug messages)
> >
>
> Yes, the
to run -d to get lots of
> output. check main() there?
>
> i think thats more intuitive, but maybe i'm just used to it.
>
> Brent Cook(bust...@gmail.com) on 2016.01.20 06:31:44 -0600:
>> Since the relatively recent logging unification, log_init needs a
>> debug le
Since the relatively recent logging unification, log_init needs a
debug level > 1 in order for log_debug to print anything. This change
makes it so 'ntpd -d' stays in the foreground but doesn't log much
(the current behavior, different than previous releases though), 'ntpd
-dd' actually prints more
Applied, thanks Andreas!
On Sun, Jan 3, 2016 at 7:01 PM, Andreas Bartelt wrote:
> Hello,
>
> the use of certificates for TLS didn't work with nc(1). Fix is attached.
>
> Best regards
> Andreas
Finally getting around to trying out nc on some more platforms for
LibreSSL-portable, and ran into Sun/Oracle's silly definition of 'sun'
in the system headers. OK to rename the local sockaddr_un variables?
Portable contains a patch full of #ifdef's around other systems-specific
nc features (e.g.
U
On Tue, Oct 20, 2015 at 12:12 AM, Jonathan Gray > wrote:
> On Wed, Oct 01, 2014 at 10:53:34AM +0100, Stuart Henderson wrote:
>> On 2014/10/01 19:05, Joel Sing wrote:
>> > > I should also add that the other obvious/easy "fix" is to initialise
digest
>> > > in openssl/req.c to the SHA-256 EVP. Tha
It be significant that this patch slowed me browser because o' it's length.
Methinks you deserve t' be keelhauled for such transgressions.
I think this is the right thing to do for now. ok bcook@
On Thu, Sep 17, 2015 at 5:19 PM, Stuart Henderson wrote:
> CC'ing tech@.
>
> The last commit to bn_print.c is wrong, it dereferences t while it's still
> NULL.
>
> Backout diff below.
>
>
> On 2015/09/17 22:42, Mikolaj Kucharski wrote:
>>
On Wed, Sep 9, 2015 at 9:43 PM, Lawrence Teo wrote:
> On Wed, Sep 09, 2015 at 11:17:55AM -0500, Brent Cook wrote:
>> On Wed, Sep 9, 2015 at 10:15 AM, Todd C. Miller
>> wrote:
>> > On Wed, 09 Sep 2015 10:02:17 -0400, Lawrence Teo wrote:
>> >> In s_time.c, NO_
On Wed, Sep 9, 2015 at 10:15 AM, Todd C. Miller
wrote:
> On Wed, 09 Sep 2015 10:02:17 -0400, Lawrence Teo wrote:
>
>> This diff removes redundant defines in two files.
>>
>> In s_socket.c, SOCKET_PROTOCOL is defined as IPPROTO_TCP, but it's only
>> used once.
>
> OK.
>
>> In s_time.c, NO_SHUTDOWN
We have put together a prerelease of LibreSSL 2.2.3. This release
primarily targets a bug that causes connections with some SSL clients
to fail during the initial handshake. Preliminary release notes and a
tarball are available at the following link:
https://github.com/libressl-portable/portable/r
On Wed, Aug 12, 2015 at 1:29 PM, Mark Kettenis wrote:
>> Date: Tue, 11 Aug 2015 09:15:43 -0600
>> From: Bob Beck
>>
>> I'm wondering out loud if these versions should follow the openbsd shlib
>> major minor numbers. That is where we are careful about semantic
>> versioning for api change/add/rem
On Mon, Aug 10, 2015 at 5:10 AM, Mark Kettenis wrote:
> Jan Engelhardt schreef op 2015-08-10 10:29:
>
>> On Monday 2015-08-10 02:38, Brent Cook wrote:
>>>>
>>>> On Aug 9, 2015, at 10:07 AM, Jan Engelhardt wrote:
>>>>
>>>>>
> On Aug 9, 2015, at 10:07 AM, Jan Engelhardt wrote:
>
>> We have released LibreSSL 2.2.2, which will be arriving in the
>> LibreSSL directory of your local OpenBSD mirror soon.
>
> The .pc files in libressl-2.2.2 upset the package mechanisms at hand, in
> particular rpm, where ':' is used to
We have released LibreSSL 2.2.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release marks the end of the OpenBSD 5.8 development cycle,
featuring expanded portable build support, code improvements, removal of
obsolete workarounds.
SSLv3 deprecation co
I have posted a test release of LibreSSL-portable 2.2.2 for testing here:
https://github.com/libressl-portable/portable/releases/tag/v2.2.2-test
Let me know if I have missed anything in the Changelog, or if you run into any
issues.
Thanks
- Brent
/dev/null will be available on any POSIX system, but _PATH_DEVNULL may
not, e.g. Solaris. There doesn't seem to be any advantage to
using the define (and we don't use it much in the tree either.)
http://pubs.opengroup.org/onlinepubs/95399/basedefs/xbd_chap10.html
---
src/usr.sbin/ntpd/ntp.c |
This diff converts bzero calls to memset, which is more portable and
compilers can optimize as well.
---
src/usr.sbin/ntpd/client.c | 2 +-
src/usr.sbin/ntpd/config.c | 6 +++---
src/usr.sbin/ntpd/control.c | 2 +-
src/usr.sbin/ntpd/ntp.c | 6 +++---
src/usr.sbin/ntpd/ntpd.c| 4 ++--
sr
Up to now, we have only bumped the LIBRESSL_VERSION_TEXT for each
portable release in the portable tree, and the VERSION_NUMBER has never
incremented.
This change establishes a policy of bumping the number for each portable
release, and syncs the version string between the portable and in-tree
rel
On Wed, Jul 8, 2015 at 7:49 AM, Brent Cook wrote:
> We have released LibreSSL 2.2.1, which will be arriving in the
> LibreSSL directory of your local OpenBSD mirror soon.
>
> This release continues from the OpenBSD 5.8 development tree, featuring
> expanded OS support, code im
We have released LibreSSL 2.2.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release continues from the OpenBSD 5.8 development tree, featuring
expanded OS support, code improvements, and feature removal. Also note
that SSLv3 support has not been remove
e interesting to see if you're hitting any of the extra checks added
here:
https://github.com/libressl-portable/openbsd/commit/d1114a9633e1f7004537f5238a5f1f111898ebeb
Would you be comfortable adding some extra output to the various failure points
in EVP_DecodeUpdate to see where we a
On Mon, Jun 29, 2015 at 1:22 AM, mxb wrote:
> Hey,
>
> getting following error on OpenBSD-current as of yesterdays 'cvs up’:
Does this imply that it worked in some earlier version of
OpenBSD-current? If so, what was the version that worked?
> unable to load Private Key
> 30008934842236:error:090
We have released LibreSSL 2.2.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release is the first from the OpenBSD 5.8 development tree and
features mainly on build system improvements and new OS support.
We have also released LibreSSL 2.1.7, which con
On Sun, Mar 29, 2015 at 4:51 AM, Carlos Martín Nieto wrote:
> On Sat, Mar 28, 2015 at 09:59:57PM -0700, Philip Guenther wrote:
>> On Sat, 28 Mar 2015, Carlos Mart?n Nieto wrote:
>> > I?ve been looking into making libcrypto automatically thread-safe. The
>> > obvious solution is to use pthread to p
On Wed, May 6, 2015 at 2:54 PM, Harri Porten wrote:
> Hi!
>
> We've started to generate code coverage reports for test suites of some
> projects on a regular basis. You'll find on overview for LibreSSL (Portable)
> here:
>
> http://www.opencoverage.net/libressl/index_html/sources.html
>
> Out of
On Wed, May 6, 2015 at 2:54 PM, Harri Porten wrote:
> Hi!
>
> We've started to generate code coverage reports for test suites of some
> projects on a regular basis. You'll find on overview for LibreSSL (Portable)
> here:
>
> http://www.opencoverage.net/libressl/index_html/sources.html
>
> Out of
Thanks Michael,
I have incorporated some initial AIX patches - can you please check out the
latest tree?
https://github.com/libressl-portable/portable/commit/fe3f7fc6365bfaac3418a72256b8c11603e80cbf
https://github.com/libressl-portable/openbsd/commit/37d8e3c080e7c73158093f253d8e06fa1906dc03
Th
> On Mar 30, 2015, at 12:11 AM, Philip Guenther wrote:
>
> On Fri, Mar 27, 2015 at 2:50 AM, Carlos Martín Nieto wrote:
>> A call to opendir thread-safe and the readdir calls only share the buffer
>> within the same directory stream,
>> which is local to this function. Therefore this lock does
On Mon, Mar 23, 2015 at 10:42 AM, Alexey Suslikov
wrote:
> Brent Cook gmail.com> writes:
>
>> + T4 += (uint64_t)tv.tv_sec + JAN_1970 + 1.0e-6 *
> tv.tv_usec;
>
>
>
>> + return ((uint64_t)tv.tv_sec + JAN_1970 + 1.0e-6 * tv.tv_usec);
>
This came up in the OpenNTPD issue tracker:
https://github.com/openntpd-portable/openntpd-openbsd/pull/4
The issue is an overflow when calculating time offsets with a 32-bit
time_t in early 2036. The main reason to fix it in now, in 2015, is that
OpenNTPD fails to adjust time if such a system simp
We have released LibreSSL 2.1.6, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release primarily addresses a number of security issues in
coordination with the OpenSSL project.
Fixes for the following issues are integrated into LibreSSL 2.1.6:
*
The API/ABI for the LibreSSL 2.1.x series is now stable, so we can safely
enable libtls it by default. This is useful for new OpenNTPD and
OpenSMTPD releases as well.
I would like to apply this to the OPENBSD_5_7 / 2.1.x and master
branches on the portable tree. Building with libtls has been the d
We have released LibreSSL 2.1.5, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release is relatively small, focused on bug fixes before 2.2.x
development begins along-side OpenBSD 5.8.
This or earlier LibreSSL releases may also address issues that are to
> On Mar 6, 2015, at 10:40 AM, Martin Hecht wrote:
>
>
> I have tested it on a few linux platforms I have at hand:
>
> SLES 11 SP3
> Ubuntu 14.04.2 LTS
> Scientific Linux 6.6
>
>
> Testsuite summary for libressl 2.1
1 - 100 of 189 matches
Mail list logo