openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	nasty whitespace	tb	2022-08-31	1	-9/+9
\|
*	Rework DSA_size() and ECDSA_size()	tb	2022-08-31	1	-18/+10
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	DSA_size() and ECDSA_size() have a very special hack. They fudge up an ASN1_INTEGER with a size which is typically > 100 bytes, backed by a buffer of size 4. This was "fine", however, since they set buf[0] = 0xff, where the craziness that was i2c_ASN1_INTEGER() only looks at the first octet (one may then ask why a buffer of size 4 was necessary...). This changed with the rewrite of i2c_ASN1_INTEGER(), which doesn't respect this particular hack and rightly assumes that it is fed an actual ASN1_INTEGER... Instead, create an appropriate signature and use i2d to determine its size. Fixes an out-of-bounds read flagged by ASAN and oss-fuzz. ok jsing
*	Prepare to provide DSA_security_bits()	tb	2022-06-27	1	-1/+10
\| \| \| \|	ok beck jsing
*	Simplify DSAPublicKey_it	tb	2022-01-14	1	-3/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This was obtained by porting the OpenSSL commit below and then using expand_crypto_asn1.go to unroll the new ASN.1 macros - actually the ones from 987157f6f63 which fixed the omission of dsa_cb() in the first commit. ok inoguchi jsing commit ea6b07b54c1f8fc2275a121cdda071e2df7bd6c1 Author: Dr. Stephen Henson <steve@openssl.org> Date: Thu Mar 26 14:35:49 2015 +0000 Simplify DSA public key handling. DSA public keys could exist in two forms: a single Integer type or a SEQUENCE containing the parameters and public key with a field called "write_params" deciding which form to use. These forms are non standard and were only used by functions containing "DSAPublicKey" in the name. Simplify code to only use the parameter form and encode the public key component directly in the DSA public key method. Reviewed-by: Richard Levitte <levitte@openssl.org>
*	Prepare the move of DSA_SIG, DSA_METHOD and DSA to dsa_locl.h by	tb	2022-01-07	1	-1/+2
\| \| \| \| \| \|	including the local header where it will be needed. discussed with jsing
*	Add an essentially empty dh_local.h and include it in the files where	tb	2022-01-07	1	-1/+3
\| \| \| \| \| \|	it will be needed in the upcoming bump. discussed with jsing
*	Prepare to provide DSA_bits()	tb	2022-01-05	1	-1/+7
\| \| \| \| \| \|	Used by Qt5 and Qt6 and slightly reduces the patching in there. ok inoguchi jsing
*	Prepare to provide DSA_get0_{p,q,g,{priv,pub}_key}()	tb	2022-01-05	1	-1/+31
\| \| \| \|	ok inoguchi jsing
*	make ENGINE_finish() succeed on NULL and simplify callers as in	tb	2018-04-14	1	-10/+6
\| \| \| \| \| \| \| \| \| \| \|	OpenSSL commit 7c96dbcdab9 by Rich Salz. This cleans up the caller side quite a bit and reduces the number of lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net shows that almost nothing checks the return value of ENGINE_finish(). While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'. ok jsing, tested by & ok inoguchi
*	Provide DSA_get0_engine()	tb	2018-02-20	1	-1/+7
\| \| \| \|	ok jsing
*	Provide DSA_{clear,set,test}_flags()	tb	2018-02-20	1	-1/+19
\| \| \| \|	ok jsing
*	Provide {DH,DSA}_set0_key(). Requested by sthen.	tb	2018-02-18	1	-1/+19
\| \| \| \|	ok jsing
*	Provide DSA_set0_pqg.	tb	2018-02-18	1	-1/+24
\| \| \| \|	ok jsing
*	Provide further parts of the OpenSSL 1.1 API: {DH,DSA}_get0_{key,pqg}(),	tb	2018-02-17	1	-1/+21
\| \| \| \| \| \|	EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key(). ok jsing
*	Send the function codes from the error functions to the bit bucket,	beck	2017-01-29	1	-4/+4
\| \| \| \| \| \|	as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
*	Enable building with -DOPENSSL_NO_DEPRECATED.	doug	2015-02-11	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@
*	if (x) FOO_free(x) -> FOO_free(x).	miod	2014-07-12	1	-17/+9
\| \| \| \| \| \| \|	Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
*	Only import cryptlib.h in the four source files that actually need it.	jsing	2014-07-11	1	-6/+6
\| \| \| \| \| \| \| \|	Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
*	Explicitly include <openssl/opensslconf.h> in every file that references	jsing	2014-07-10	1	-1/+4
\| \| \| \| \| \| \| \| \|	an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
*	remove unused, private version strings except SSL_version_str	bcook	2014-07-09	1	-3/+1
\| \| \| \| \| \|	Also remove unused des_ver.h, which exports some of these strings, but is not installed. ok miod@ tedu@
*	KNF	miod	2014-07-09	1	-119/+132
\|
*	tags as requested by miod and tedu	deraadt	2014-06-12	1	-1/+1
\|
*	malloc() result does not need a cast.	deraadt	2014-06-07	1	-1/+1
\| \| \| \|	ok miod
*	kill REF_PRINT/REF_CHECK debugging framework noone would use	deraadt	2014-04-17	1	-20/+0
\| \| \| \|	ok miod
*	Change library to use intrinsic memory allocation functions instead of	beck	2014-04-17	1	-5/+5
\| \| \| \| \| \| \| \|	OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
*	remove FIPS mode support. people who require FIPS can buy something that	tedu	2014-04-15	1	-11/+0
\| \| \| \| \|	meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
*	resolve conflicts	djm	2012-10-13	1	-2/+20
\|
*	resolve conflicts, fix local changes	djm	2010-10-01	1	-27/+22
\|
*	resolve conflicts	djm	2009-01-09	1	-22/+27
\|
*	resolve conflicts	djm	2008-09-06	1	-1/+4
\|
*	merge 0.9.7b with local changes; crank majors for libssl/libcrypto	markus	2003-05-12	1	-1/+14
\|
*	OpenSSL 0.9.7 stable 2002 05 08 merge	beck	2002-05-15	1	-76/+75
\|
*	import DSA changes from 0.9.6a (Bleichenbacher attack), ok provos@/deraadt@	markus	2001-04-23	1	-4/+4
\|
*	openssl-engine-0.9.6 merge	beck	2000-12-15	1	-12/+62
\|
*	OpenSSL 0.9.5 merge	beck	2000-03-19	1	-3/+65
\| \| \| \| \| \|	warning this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
*	OpenSSL 0.9.4 merge	beck	1999-09-29	1	-10/+49
\|
*	Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build	ryker	1998-10-05	1	-0/+145
	functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.