openbsd/src/lib/libcrypto/crypto, branch OPENBSD_5_9

openbsd/src/lib/libcrypto/crypto, branch OPENBSD_5_9_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_5_9_BASE 2016-01-04T02:04:56+00:00 Calling clone(2) with CLONE_NEWPID yields multiple processes with pid=1. 2016-01-04T02:04:56+00:00 bcook 2016-01-04T02:04:56+00:00 urn:sha1:0f894628446dec0db2f00dac168dac6bcb7dd705 Work around this particular case by reseeding whenever pid=1, but as guenther@ notes, directly calling clone(2), and then forking to match another pid, provides other ways to bypass new process detection on Linux. Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and does not invent a corresponding mechanism to subvert it. Noted by Sebastian Krahmer and the opmsg team. See http://stealth.openwall.net/crypto/randup.c for a test program. ok beck@ bump the major for libcrypto/ssl/tls for a CRYPTO_chacha_20 ABI change 2015-12-09T14:11:03+00:00 bcook 2015-12-09T14:11:03+00:00 urn:sha1:362a098a9defa7a18d8f5b3336d4810a11db94ec ok jsing@, deraadt@, beck@ bump minors after adding EVP_aead_chacha20_poly1305_ietf() 2015-11-02T15:41:59+00:00 reyk 2015-11-02T15:41:59+00:00 urn:sha1:9b531b26eeeea735265af970dfaa4b2ecc207f35 OK jsing@ Stop supporing "legcay" time formats that OpenSSL supports. Rewrite the 2015-10-19T16:32:37+00:00 beck 2015-10-19T16:32:37+00:00 urn:sha1:6f20e3b7bc4e6801abfde111c397198fb23a59ec utctime and gentime wrappers accordingly. Along with some other cleanup. this also removes the need for timegm. ok bcook@ sthen@ jsing@ Flense the greasy black guts of unreadble string parsing code out of three areas 2015-10-02T15:04:45+00:00 beck 2015-10-02T15:04:45+00:00 urn:sha1:0fdba47b730ef7a8d2107e42c5db7b2a3e008a8f in asn1 and x509 code, all dealing with an ASN1_TIME. This brings the parsing together in one function that converts into a struct tm. While we are at it this also brings us into conformance with RFC 5280 for times allowed in an X509 cert, as OpenSSL is very liberal with what it allows. input and fixes from deraadt@ jsing@ guethther@ and others. ok krw@, guenther@, jsing@ Temporarily revive MD4 for MS CHAP support. 2015-09-14T01:45:03+00:00 doug 2015-09-14T01:45:03+00:00 urn:sha1:ea990ff7851a189e7a61b56357a6d6e0de88a040 Crank major version due to removal of SHA-0 and MD4 from libcrypto. 2015-09-13T23:42:29+00:00 doug 2015-09-13T23:42:29+00:00 urn:sha1:da36d6a18c187f8d3c2e38a0e5940d8073110b10 Remove MD4 support from LibreSSL. 2015-09-13T23:36:21+00:00 doug 2015-09-13T23:36:21+00:00 urn:sha1:785c6ad9250acc090d76964e9c21e550856a22f3 MD4 should have been removed a long time ago. Also, RFC 6150 moved it to historic in 2011. Rides the major crank from removing SHA-0. Discussed with many including beck@, millert@, djm@, sthen@ ok jsing@, input + ok bcook@ Remove SHA-0 support. 2015-09-13T21:09:56+00:00 doug 2015-09-13T21:09:56+00:00 urn:sha1:f84194ca116d8e28c7eb7098c2c8d88f43bd56ac SHA-0 was withdrawn shortly after publication 20 years ago and replaced with SHA-1. This will require a major crank. ok bcook@, jsing@ Merge ech_ossl.c into ech_key.c - not much point having one file with a 2015-09-13T12:27:14+00:00 jsing 2015-09-13T12:27:14+00:00 urn:sha1:7aad11835631635218a8c6cff256232a97116994 four line function and a tonne of license text. ok beck@