the bitrig marco_libssl branch has been created by marco. it is 0 commits behind master, and 17 commits ahead.
commit 3b37a47035ea89ec47e13eeba6016f441ffd720d diff: https://github.com/bitrig/bitrig/commit/3b37a47 author: tedu <t...@openbsd.org> date: Tue May 3 12:38:53 2016 +0000 patch from openssl for multiple issues: missing padding check in aesni functions overflow in evp encode functions use of invalid negative asn.1 types ok beck M lib/libssl/src/crypto/asn1/a_d2i_fp.c M lib/libssl/src/crypto/asn1/a_type.c M lib/libssl/src/crypto/asn1/tasn_dec.c M lib/libssl/src/crypto/asn1/tasn_enc.c A lib/libssl/src/crypto/constant_time_locl.h M lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c M lib/libssl/src/crypto/evp/encode.c M lib/libssl/src/crypto/evp/evp_enc.c commit f70d3f106dc1d22bb7ff9374dbd3d186227148e0 diff: https://github.com/bitrig/bitrig/commit/f70d3f1 author: jsing <js...@openbsd.org> date: Thu Apr 28 17:07:06 2016 +0000 Crank majors for lib{crypto,ssl,tls} due to symbol removals, symbol additions and functionality changes. M lib/libcrypto/crypto/shlib_version M lib/libssl/ssl/shlib_version M lib/libtls/shlib_version commit ac9297cde283f90e149abb4afbd1c016059f3873 diff: https://github.com/bitrig/bitrig/commit/ac9297c author: tedu <t...@openbsd.org> date: Thu Apr 28 16:42:28 2016 +0000 don't go into an unbreakable infinite loop during operations such as reading passwords. allow ^C to break. the pain was mine, the fix is miod's. M lib/libssl/src/crypto/ui/ui_lib.c commit 9bea825ed4cc30e2a2338370b1bdaa23ca41c9aa diff: https://github.com/bitrig/bitrig/commit/9bea825 author: jsing <js...@openbsd.org> date: Thu Apr 28 16:39:45 2016 +0000 Implement the IETF ChaCha20-Poly1305 cipher suites. Rename the existing ChaCha20-Poly1305 cipher suites with an "-OLD" suffix, effectively replaces the original Google implementation. We continue to support both the IETF and Google versions, however the existing names now refer to the ciphers from draft-ietf-tls-chacha20-poly1305-04. Feedback from doug@ M lib/libssl/src/ssl/s3_lib.c M lib/libssl/src/ssl/ssl_ciph.c M lib/libssl/src/ssl/ssl_locl.h M lib/libssl/src/ssl/t1_enc.c M lib/libssl/src/ssl/tls1.h commit caea866a25755461f783a96e2178c1ccedccdea2 diff: https://github.com/bitrig/bitrig/commit/caea866 author: jsing <js...@openbsd.org> date: Thu Apr 28 16:06:53 2016 +0000 Rename EVP_aead_chacha20_poly1305() to EVP_aead_chacha20_poly1305_old() and replace with EVP_aead_chacha20_poly1305_ietf(). The IETF version will become the standard version. Discussed with many. M lib/libssl/src/crypto/evp/e_chacha20poly1305.c M lib/libssl/src/crypto/evp/evp.h M lib/libssl/src/ssl/ssl_ciph.c commit 727cc444df3dee8218b12c730bafbcd25e6bdfaa diff: https://github.com/bitrig/bitrig/commit/727cc44 author: jsing <js...@openbsd.org> date: Wed Apr 13 13:25:05 2016 +0000 Use the correct iv and counter when decrypting the ciphertext for EVP_aead_chacha20_poly1305_ietf(). M lib/libssl/src/crypto/evp/e_chacha20poly1305.c commit 02eb80f56aa79d88a3038dfad5896729fe4ab6f7 diff: https://github.com/bitrig/bitrig/commit/02eb80f author: mmcc <m...@openbsd.org> date: Sun Mar 27 00:55:38 2016 +0000 Merge a memleak fix from BoringSSL 6b6e0b2: https://boringssl.googlesource.com/boringssl/+/6b6e0b20893e2be0e68af605a60ffa2cbb0ffa64%5E!/#F0 ok millert@, beck@ M lib/libssl/src/ssl/s3_clnt.c commit 258e585743eb32c138ccb3c8bc771e8652445173 diff: https://github.com/bitrig/bitrig/commit/258e585 author: mmcc <m...@openbsd.org> date: Mon Mar 21 04:05:33 2016 +0000 Return zero from two functions on allocation failure instead of always returning one (indicating success). Each function has only a single usage, and both usages check the return value. Merged from BoringSSL 0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c: https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!/#F0 ok beck@ M lib/libssl/src/crypto/x509/x509_att.c M lib/libssl/src/crypto/x509/x509_v3.c commit 72ef64e97540f37803bf48230c5cd17125931ba5 diff: https://github.com/bitrig/bitrig/commit/72ef64e author: krw <k...@openbsd.org> date: Sun Mar 20 16:50:29 2016 +0000 " the the " -> " the ", or in a couple of cases replace the superfluous "the" with the obviously intended word. Started with a "the the" spotted by Mihal Mazurek. M lib/libexpat/doc/reference.html M lib/libssl/src/crypto/des/asm/des_enc.m4 M lib/libssl/src/crypto/ec/ec_asn1.c M lib/libssl/src/doc/apps/ca.pod M lib/libssl/src/doc/apps/dgst.pod M lib/libssl/src/doc/apps/x509.pod M lib/libssl/src/ssl/s3_cbc.c M sys/lib/libkern/arch/amd64/strlen.S M usr.bin/mandoc/term.c commit 36bf4f8450dbc7b3b71c6c9180809fb8a927e47c diff: https://github.com/bitrig/bitrig/commit/36bf4f8 author: beck <b...@openbsd.org> date: Thu Mar 17 03:51:49 2016 +0000 explicit_bzero for asn1 objects on free. Too often these contain sensitive information and they should not be a performance bottleneck ok miod@ krw@ M lib/libssl/src/crypto/asn1/a_object.c commit 7f055937e32f4efcf30d92074f9b4eee491d8ee6 diff: https://github.com/bitrig/bitrig/commit/7f05593 author: krw <k...@openbsd.org> date: Tue Mar 15 20:50:22 2016 +0000 'accomodate' -> 'accommodate' in comments. Started by diff from Mical Mazurek. M lib/libssl/src/crypto/bn/bn_lib.c M lib/libssl/src/crypto/dso/dso.h M lib/libssl/src/crypto/sha/asm/sha1-mips.pl M lib/libssl/src/crypto/sha/sha_locl.h M lib/libssl/src/crypto/whrlpool/wp_block.c M sys/arch/amd64/amd64/vmm_support.S M sys/dev/ic/aic79xx.c M sys/dev/ic/atw.c M sys/dev/ic/lm78var.h M sys/uvm/uvm_map.c M usr.bin/mandoc/mandocdb.c commit d56cd2d6ca8d3605da5a188abc3a963345dbdaa8 diff: https://github.com/bitrig/bitrig/commit/d56cd2d author: bcook <bc...@openbsd.org> date: Sun Mar 13 18:06:47 2016 +0000 Fix examples for EVP_PKEY_CTX_set_rsa_padding. Noted here, https://github.com/libressl-portable/portable/issues/161, we document a non-existent constant in the examples for EVP_PKEY_CTX_set_rsa_padding. ok deraadt@ M lib/libssl/src/doc/crypto/EVP_PKEY_decrypt.pod M lib/libssl/src/doc/crypto/EVP_PKEY_encrypt.pod commit 681324167e7aa3f706a5e4b16dab156c3ee372ee diff: https://github.com/bitrig/bitrig/commit/6813241 author: bcook <bc...@openbsd.org> date: Sat Mar 12 21:44:11 2016 +0000 Add error handling to the remaining calls to bn_wexpand(). Noticed by pascal-cuoq from Github: https://github.com/libressl-portable/openbsd/issues/56 ok beck@ M lib/libssl/src/crypto/bn/bn_gf2m.c M lib/libssl/src/crypto/ec/ec2_mult.c commit fc56c59f0ce0b765e1f9b78fa36360b5f0fdf46b diff: https://github.com/bitrig/bitrig/commit/fc56c59 author: mmcc <m...@openbsd.org> date: Sat Mar 12 21:31:22 2016 +0000 Remove sentences in RETURN VALUES sections saying that functions with void return types 'return no value'. This is obvious and therefore unneccessary to mention. We spare rewind(3)'s sentence because espie@ pointed out that it's a warning - the function masks a potential error. This commit also adds a sentence to X509_free clarifying that it's NULL-safe. This bit was discussed with doug@. ok martijn@, sentiment supported by schwarze@ M lib/libc/stdlib/hcreate.3 M lib/libc/stdlib/malloc.3 M lib/libc/stdlib/qsort.3 M lib/libc/stdlib/tsearch.3 M lib/libcrypto/man/ASN1_OBJECT_new.3 M lib/libcrypto/man/BUF_MEM_new.3 M lib/libssl/src/doc/crypto/DH_new.pod M lib/libssl/src/doc/crypto/DH_set_method.pod M lib/libssl/src/doc/crypto/DSA_SIG_new.pod M lib/libssl/src/doc/crypto/DSA_new.pod M lib/libssl/src/doc/crypto/DSA_set_method.pod M lib/libssl/src/doc/crypto/ERR_load_strings.pod M lib/libssl/src/doc/crypto/RAND_cleanup.pod M lib/libssl/src/doc/crypto/RSA_blinding_on.pod M lib/libssl/src/doc/crypto/RSA_new.pod M lib/libssl/src/doc/crypto/RSA_set_method.pod M lib/libssl/src/doc/crypto/X509_new.pod commit 0f3d284adfbf1834ab700ab8cdedad84a0cfbc2c diff: https://github.com/bitrig/bitrig/commit/0f3d284 author: bcook <bc...@openbsd.org> date: Sat Mar 12 21:01:53 2016 +0000 Bump for LibreSSL 2.4.0 M lib/libssl/src/crypto/opensslv.h commit 391dd57a568610202b4cd7b01b302240a4de2e63 diff: https://github.com/bitrig/bitrig/commit/391dd57 author: mmcc <m...@openbsd.org> date: Fri Mar 11 07:08:44 2016 +0000 X509_free(3) is NULL-safe, so remove NULL checks before its calls. ok doug@ M lib/libssl/src/crypto/asn1/x_info.c M lib/libssl/src/crypto/cms/cms_asn1.c M lib/libssl/src/crypto/cms/cms_sd.c M lib/libssl/src/crypto/pkcs12/p12_kiss.c M lib/libssl/src/crypto/ts/ts_rsp_sign.c M lib/libssl/src/crypto/x509/by_file.c M lib/libssl/src/crypto/x509/x509_vfy.c M lib/libssl/src/crypto/x509v3/pcy_tree.c M lib/libssl/src/ssl/d1_clnt.c M lib/libssl/src/ssl/s3_clnt.c M lib/libssl/src/ssl/s3_srvr.c M lib/libssl/src/ssl/ssl_asn1.c M lib/libssl/src/ssl/ssl_cert.c M lib/libssl/src/ssl/ssl_rsa.c M lib/libssl/src/ssl/ssl_sess.c commit a39ef37267121439944541fc755e5a63ef59f953 diff: https://github.com/bitrig/bitrig/commit/a39ef37 author: mmcc <m...@openbsd.org> date: Thu Mar 10 23:21:46 2016 +0000 http -> https for a few more IETF URLs in comments or man pages M lib/libssl/src/crypto/ec/ec_curve.c M lib/libssl/src/doc/ssl/SSL_CTX_set_max_cert_list.3 M lib/libssl/src/ssl/t1_lib.c
