summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Revert revision 1.12 commit. Although *pval looks like a C pointer,bluhm2018-04-061-2/+5
| | | | | | | | it may be something else. For primitive types it is possible that a boolean int has been casted to an ASN1_VALUE pointer. Then the 64 bit read access to *pval may crash due to alignent or 32 bit size. bug report Anton Borowka; OK tedu@ jsing@ miod@
* Avoid leaking str if EVP_Digest() fails.tb2018-04-061-3/+6
| | | | | | | Found and fixed by Bernd Edlinger as part of OpenSSL commit 83b4049ab75e9da1815e9c854a9297bca3d4af6b ok jsing, deraadt, bcook
* poison for X509_VERIFY_PARAM'sbeck2018-04-064-45/+107
| | | | | | | | | | | | Tighten up checks for various X509_VERIFY_PARAM functions, and allow for the verify param to be poisoned (preculding future successful cert validation) if the setting of host, ip, or email for certificate validation fails. (since many callers do not check the return code in the wild and blunder along anyway) Inspired by some discussions with Adam Langley. ok jsing@
* Fix two bugs in X509_NAME_add_entry(3):schwarze2018-04-041-7/+4
| | | | | | | | | | | | | | | | | | | | | | | | (1) Evaluate the "set" argument, which says whether to create a new RDN or to prepend or append to an existing one, before reusing it for a different purpose, i.e. for the "set" field of the new X509_NAME_ENTRY structure. (2) When incrementing of some "set" fields is needed, increment the correct ones: All those to the right of the newly inserted entry, but not the one of that entry itself. These two bugs caused wrong results whenever using loc != -1, i.e. whenever inserting rather than appending entries, even when using set == 0 only, that is, even when using single-values RDNs only. Both bugs have been continuously present since at least SSLeay-0.8.1 (released July 18, 1997) and the second one since at least SSLeay-0.8.0 (released June 25, 1997), so both are over twenty years old. I found these bugs by code inspection while trying to document the function X509_NAME_ENTRY_set(3), which is public, but undocumented in OpenSSL. OK beck@, jsing@
* KNF: move two opening curly braces of function bodies to their own linestb2018-04-032-4/+6
|
* Typo: typdef -> typedef.tb2018-04-031-3/+3
| | | | From Edgar Pettijohn
* Add missing $OpenBSD$ tags.tb2018-04-032-0/+2
|
* In ssl.h rev. 1.151 2018/03/17 15:48:31, tb@ providedschwarze2018-04-021-6/+34
| | | | | | | | SSL_CTX_get_default_passwd_cb(3) and SSL_CTX_get_default_passwd_cb_userdata(3). Merge the documentation, tweaked by me; from Christian Heimes <cheimes at redhat dot com> via OpenSSL commit 0c452abc Mar 2 12:53:40 2016 +0100.
* In x509_vfy.h rev. 1.26 2018/03/17 15:43:32, tb@ providedschwarze2018-04-021-6/+14
| | | | X509_STORE_get0_param(3); write the documentation from scratch.
* In x509_vfy.h rev. 1.25 2018/03/17 15:39:43, tb@ providedschwarze2018-04-021-4/+21
| | | | | X509_OBJECT_get_type(3). It is undocumented in OpenSSL, so write some documentation from scratch.
* When you replace an element in a sorted array with somethingschwarze2018-04-012-13/+6
| | | | | | | | | | | | | | | | arbitrarily different, the array is in general no longer sorted. This commit copies a small hidden bugfix from the OpenSSL commit https://github.com/openssl/openssl/commit/fbb7b33b the rest of which is merely cosmetics. I discovered the bug independently while documenting sk_find(3). Keep the library's idea of when an empty stack or a one-element stack is sorted and when it is not bug-compatible with OpenSSL, even though in fact, empty and one-element stacks are of course always sorted. OK beck@
* Improve description of openssl(1) ciphers.schwarze2018-03-311-9/+5
| | | | | | * Remove -tls1 option which has no effect. * For -V, sort the fields in the order they are printed, and do not talk about key size restrictions, nothing like that is printed.
* Updates to the description of "openssl ca" from OpenSSL.schwarze2018-03-301-23/+82
| | | | | Some options were missing, some were in the wrong section (CRL-related or not), and there were some minor errors, typos, and omissions.
* checked the content against the current version of OpenSSL openssl.pod;schwarze2018-03-301-5/+5
| | | | | resulting fixes: markup of "command" below SYNOPSIS and links to the config file formats below SEE ALSO
* fix typo; from <Alex dot Gaynor at gmail dot com>schwarze2018-03-301-4/+4
| | | | via OpenSSL commit 3266cf58 Mar 10 13:13:23 2018 -0500
* jsing@ points out to me that our X25519 interface was copied fromschwarze2018-03-301-98/+85
| | | | | | | | | | | | BoringSSL rather than from OpenSSL and that it is not hooked into evp(3). So delete all text from OpenSSL including the Copyright and license and replace it by some text assembled from comments in BoringSSL code and headers and some text written myself, all under ISC license. In particular, also describe X25519_keypair(3), add SYNOPSIS, RETURN VALUES, STANDARDS, and a reference to D. J. Bernsteins instructions on how to use the algorithm. Delete the text related to EVP_PKEY describing features we do not support.
* Add missing $OpenBSD$.jsing2018-03-301-0/+1
|
* fix MALLOC_STATS; spotted by and ok semarie@otto2018-03-301-1/+5
|
* include more information about how to create keys;schwarze2018-03-301-6/+19
| | | | | from Matt Caswell <matt at openssl dot org> via OpenSSL commit f929439f Mar 15 12:19:16 2018 +0000
* Add one short sentence each from the new OpenSSL X509_STORE_add_cert(3)schwarze2018-03-302-4/+10
| | | | | | manual page, which is below the threshold of originality, so there is no need to change the Copyright headers. The rest of that page is less clear and less precise than what we already have in our various pages.
* Remove mention of link between message digests and public key algorithms.schwarze2018-03-292-16/+8
| | | | | | | | | | | | | The comment in EVP_DigestInit.pod is: "EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated with this digest. For example EVP_sha1() is associated with RSA so this will return NID_sha1WithRSAEncryption. Since digests and signature algorithms are no longer linked this function is only retained for compatibility reasons." So there is no link anymore. From <paul dot dale at oracle dot com> via OpenSSL commit 79b49fb0 Mar 20 10:03:10 2018 +1000
* missing "const" in seven prototypes;schwarze2018-03-291-16/+16
| | | | | from Kurt Roeckx <kurt at roeckx dot be> via OpenSSL commit b38fa985 Mar 10 16:32:55 2018 +0100
* describe EC_POINT_get_affine_coordinates_GFp(3) andschwarze2018-03-291-3/+15
| | | | | | EC_POINT_get_affine_coordinates_GF2m(3); from David Benjamin <davidben at google dot com> via OpenSSL commit ddc1caac Mar 6 14:00:24 2018 -0500
* correct callback argument for BIO_puts(3);schwarze2018-03-291-4/+4
| | | | | from <Bernd dot Edlinger at hotmail dot de> via OpenSSL commit c911e5da Mar 19 14:20:53 2018 +0100
* BIO_get_mem_data(3) and BIO_get_mem_ptr(3) assign to *pp, not to pp;schwarze2018-03-291-5/+5
| | | | | from <Matthias dot St dot Pierre at ncp dash e dot com> via OpenSSL commit 36359cec Mar 7 14:37:23 2018 +0100
* spelling; from <Alex dot Gaynor at gmail dot com>schwarze2018-03-291-5/+5
| | | | via OpenSSL commit d47eaaf4 Mar 9 07:11:13 2018 -0500
* missing words; from Ivan Filenko <ivan dot filenko at protonmail dot com>schwarze2018-03-291-5/+5
| | | | via OpenSSL commit 4a56d2a3 Feb 25 16:49:27 2018 +0300
* Fix three bugs in setlocale(3):schwarze2018-03-291-2/+2
| | | | | | | | | | | 1. setlocale(LC_ALL, "A"); setlocale(LC_CTYPE, "T"); setlocale(LC_ALL, NULL); must return "A/T/A/A/A/A", not "A". Fix this by always initializing the LC_ALL entry of newgl to "" in dupgl(). Reported by Karl Williamson <public at khwilliamson dot com> on bugs@, thanks! 2. Do not leak newgl when strdup(3) fails in setlocale(3). 3. For setlocale(LC_ALL, "C/C/fr_FR.UTF-8/C/C/C"); correctly set _GlobalRuneLocale; i found 2. and 3. while looking at the code. Feedback on a buggy earlier version and OK martijn@.
* Limit ASN.1 constructed types recursive definition depthinoguchi2018-03-293-22/+45
| | | | | | | | Fixes for CVE-2018-0739. Copied from commit below, and modified for adaption to our code. https://github.com/openssl/openssl/commit/9310d45087ae546e27e61ddf8f6367f29848220d ok bcook@ beck@ jsing@
* found a complete archive of SSLeay-0.4 to SSLeay-0.8.1b tarballsschwarze2018-03-27229-917/+1179
| | | | on the web, so fix up SSLeay HISTORY accordingly
* Clear password buffers in non-terminating casesderaadt2018-03-271-8/+11
| | | | ok tobias
* bump to 2.7.2bcook2018-03-241-3/+3
|
* finish ssl HISTORY; mostly 1.1.0/6.3, but also various other fixeslibressl-v2.7.1schwarze2018-03-2418-47/+104
|
* ouch, previous was wrong; revert it and fix HISTORY insteadschwarze2018-03-241-2/+29
|
* delete two functions that do not existschwarze2018-03-231-22/+1
|
* finish crypto HISTORY; mostly 1.1.0/6.3, but also various other fixesschwarze2018-03-2352-155/+289
|
* ssl.h HISTORY up to 1.0.2; researched from OpenSSL git and OpenBSD CVSschwarze2018-03-236-9/+41
|
* crypto HISTORY up to 1.0.2; researched from OpenSSL git and OpenBSD CVSschwarze2018-03-236-12/+41
|
* ssl.h HISTORY up to 1.0.1; researched from OpenSSL gitschwarze2018-03-239-18/+60
|
* crypto HISTORY up to 1.0.1; researched from OpenSSL gitschwarze2018-03-2310-16/+79
|
* ssl.h HISTORY up to 1.0.0; researched from OpenSSL gitschwarze2018-03-232-5/+15
|
* crypto HISTORY up to 1.0.0; researched from OpenSSL gitschwarze2018-03-2343-114/+299
|
* ssl.h HISTORY up to 0.9.8zh; researched from OpenSSL gitschwarze2018-03-232-8/+11
|
* crypto HISTORY up to 0.9.8zh; researched from OpenSSL gitschwarze2018-03-233-4/+18
|
* ssl.h HISTORY up to 0.9.8h; researched from OpenSSL gitschwarze2018-03-233-6/+23
|
* crypto HISTORY up to 0.9.8h; researched from OpenSSL gitschwarze2018-03-237-14/+59
|
* ssl.h HISTORY up to 0.9.8; researched from OpenSSL gitschwarze2018-03-234-8/+31
|
* crypto HISTORY up to 0.9.8; researched from OpenSSL gitschwarze2018-03-2329-68/+329
|
* crypto HISTORY up to 0.9.7h; researched from OpenSSL gitschwarze2018-03-226-10/+34
|
* ssl.h HISTORY up to 0.9.7; researched from OpenSSL gitschwarze2018-03-224-12/+19
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-31 05:36:58 +0000