| Commit message (Collapse) | Author | Files | Lines |
|---|
|
crafted server response used in conjunction with an anonymous DH or
anonymous ECDH ciphersuite.
Fixes CVE-2014-3510, which is effectively a repeat of CVE-2014-3470 in
copied code.
Reported by Felix Groebert of the Google Security Team.
ok beck@ miod@
|
|
ok tedu@ miod@ deraadt@
|
|
ok beck@ tedu@ miod@ guenther@ doug@ deraadt@
|
|
ok beck@ tedu@ miod@
|
|
Remove the remaining random casts on optval. Fixups for this can be handled by
the portability layer all in once place.
Remove remaining fake socklen_t unions, though beck@ points out that this also
removes support for socklen_t changing its length at runtime. RIP.
ok tedu@ beck@ miod@ deraadt@
|
|
ok beck@ miod@ tedu@ deraadt@
|
|
|
|
Remove the bug about rand() being faster.
Add a bug about historical implementations seeding very poorly.
|
|
the same text from random.3.
|
|
entries.
|
|
|
|
better to find one instead of continuing to mangle this mess.
|
|
only doing what's needed for crypt_hashpass. sigh.
|
|
write out a hash. also simplify writing out the hash.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ok tedu@ on a previous version
|
|
ok tedu@
|
|
pwd_gensalt origins, but a string argument works equally work and is more
friendly to consumers beyond local user accounts.
ok deraadt
|
|
Makefile.inc (i.e. landisk and m88k)
|
|
|
|
Would be nice to document when/where this originated (in glibc?) if
anyone knows...
tweaks by schwarze@
ok jmc@ espie@ kettenis@ schwarze@ dimitry(at)google.com
|
|
ok deraadt@
|
|
|
|
Based on boringssl commit: 1df112448b41c3568477f3fcd3b8fc820ce80066
ok miod@ jsing@
|
|
|
|
|
|
|
|
ok deraadt@ millert@ tedu@
|
|
This causes a libssl major version bump as this affects the layout of some
internal-but-unfortunately-made-visible structs.
|
|
libcrypto minor bump.
|
|
cleanup diff.
|
|
broken in r1.3.
Spotted by Dmitry Eremin-Solenikov
|
|
the function argument not being NULL
|
|
There used to be a strong reluctance to provide this cipher in LibreSSL in the
past, because the licence terms under which Cammelia was released by NTT were
free-but-not-in-the-corners, by restricting the right to modify the source
code, as well retaining the right to enforce their patents against anyone
in the future.
However, as stated in http://www.ntt.co.jp/news/news06e/0604/060413a.html ,
NTT changed its mind and made this code truly free. We only wish there had
been more visibility of this, for we could have had enabled Cammelia
earlier (-:
Licence change noticed by deraadt@. General agreement from the usual LibreSSL
suspects.
Crank libcrypto.so minor version due to the added symbols.
|
|
expect a good use for this knowledge in the tree in the near future.
Contributed by Vincent Gross, thanks!
|
|
does most of the work pwd_gensalt did, but also creates the hash.
(unused yet)
|
|
|
|
troff displays these as typographic quotes, but nroff implementations
almost always print them literally, which rarely has the intended effect
with modern fonts, even in stock xterm.
These uses of `` '' can be replaced either with more semantic alternatives
or with Dq, which prints typographic quotes in a UTF-8 locale (but will
automatically fall back to `` '' in an ASCII locale).
improvements and ok schwarze@
|
|
- make VKO_compute_key() no longer void so that it can return failure.
- fix unchecked allocations in too many routines to mention /-:
- fix unchecked BN operations in gost2001_do_sign(), gost2001_do_verify(),
VKO_compute_key().
- fix the gost2001_do_sign() interface violation by having its sole caller
free the BIGNUM it passes to that function by itself, instead of having
the callee do this.
Reviewed (except for the last item) by Dmitry Eremin-Solenikov.
|
|
|
|
|
|
return the number of items read of written.
When you intend to return the number of bytes actually processed, it is
wise to pass 1 as the item size and the size as the number of items.
But in *some* places, the OpenSSL does the opposite, and has extra logic
to change a successful return of 1 (item processed) into the real size.
And, guess why it does that? Because of old VMS, for they (used to) have a
substandard stdio implementation.
Note that this change causes the return values of BIO_dump_fp() and
BIO_dump_indent_fp() to no longer be useless (actual number of callback calls),
but actual bytes output. Given the irrelevance of the return value before,
it is unlikely that anything depends upon it (and if something does, it
probably has other problems in need for a fix...)
ok tedu@ beck@ jsing@
|
|
CryptAcquireContext and CryptGenRandom returns zero (FALSE) if fails.
From: Dongsheng Song <dongsheng.song@gmail.com>
|
|
other allocations in the same block couldn't.
problem pointed out by David Ramos on the openssl-dev list
ok miod@ doug@
|
|
|
