openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Use calloc() when allocating cipher_data.	jsing	2019-04-14	1	-5/+5
\| \| \| \| \| \|	Avoids use of uninitialised memory. ok tb@
*	Annotate a future improvement.	jsing	2019-04-14	1	-1/+2
\|
*	Avoid potential double-frees following EVP_CIPHER_CTX_copy().	jsing	2019-04-14	1	-4/+17
\| \| \| \| \| \| \| \| \| \| \|	In the case of a cipher with a custom copy control, if that control fails we may still have pointers that we do not own in the previously copied cipher data. Avoid potential double-frees by zeroing and freeing the copied cipher data in this case. Issue reported by Guido Vranken. ok tb@
*	Provide EVP_aes_{128,192,256}_wrap(). This is a compatible	tb	2019-03-17	1	-2/+8
\| \| \| \| \| \| \| \| \| \| \| \| \|	implementation based on the one in OpenSSL 1.0.2r which is still freely licensed. The functions are undocumented in OpenSSL. To use them, one needs to set the undocumented EVP_CIPHER_CTX_FLAG_WRAP_ALLOW flag on the EVP_CIPHER_CTX. resolves #505 ok jsing
*	make ENGINE_finish() succeed on NULL and simplify callers as in	tb	2018-04-14	1	-5/+2
\| \| \| \| \| \| \| \| \| \| \|	OpenSSL commit 7c96dbcdab9 by Rich Salz. This cleans up the caller side quite a bit and reduces the number of lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net shows that almost nothing checks the return value of ENGINE_finish(). While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'. ok jsing, tested by & ok inoguchi
*	Provide EVP_CIPHER_CTX_reset().	jsing	2018-02-17	1	-17/+25
\| \| \| \|	Rides previous minor bump.
*	GNU ld has prefixed the contents of .gnu.warning.SYMBOL sections	tb	2017-11-28	1	-4/+4
\| \| \| \| \| \| \| \|	with "warning: " since 2003, so the messages themselves need not contain the prefix anymore. From Scott Cheloha ok jca, deraadt
*	Send the function codes from the error functions to the bit bucket,	beck	2017-01-29	1	-35/+24
\| \| \| \| \| \|	as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
*	back out calls to EVP_CIPHER_CTX_cleanup() in EVP_Cipher/Encrypt/DecryptFinal	bcook	2016-09-09	1	-4/+1
\| \| \| \| \|	Software that refers to ctx after calling Final breaks with these changes. revert parts of 1.31 and 1.32
*	include <sys/types.h> to get <sys/cdefs.h> instead (for __warn_references)	bcook	2016-09-04	1	-2/+2
\| \| \| \|	corrected by deraadt@ / guenther@
*	include <sys/cdefs.h> for portable	bcook	2016-09-04	1	-1/+3
\|
*	deprecate EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal()	bcook	2016-09-03	1	-3/+15
\| \| \| \| \| \| \| \| \| \|	This switches EVP_CipherFinal() to work as EVP_EncryptFinal() and EVP_DecryptFinal() do, always clearing the cipher context on completion. Indicate that, since it is not possible to tell whether this function will clear the context (the API has changed over time in OpenSSL), it is better to use the _ex() variants and explicitly clear instead. ok beck@
*	deprecate internal use of EVP_[Cipher\|Encrypt\|Decrypt]_Final.	beck	2016-05-30	1	-4/+6
\| \| \| \| \| \| \|	14 years ago these were changed in OpenSSL to be the same as the _ex functions. We use the _ex functions only internally to ensure it is obvious the ctx must be cleared. ok bcook@
*	fix for integer overflow in encode and encrypt update functions.	tedu	2016-05-04	1	-2/+2
\| \| \| \| \| \|	additionally, in EncodeUpdate, if the amount written would overflow, return 0 instead to prevent bugs in the caller. CVE-2016-2105 and CVE-2016-2106 from openssl.
*	revert the big change from yesterday to prepare for smaller commits.	tedu	2016-05-04	1	-2/+2
\|
*	patch from openssl for multiple issues:	tedu	2016-05-03	1	-2/+2
\| \| \| \| \| \| \|	missing padding check in aesni functions overflow in evp encode functions use of invalid negative asn.1 types ok beck
*	Correct spelling of OPENSSL_cleanse.	jsing	2015-09-10	1	-2/+2
\| \| \| \|	ok miod@
*	Replace assert() and OPENSSL_assert() calls with proper error return paths.	miod	2015-02-10	1	-14/+31
\| \| \| \|	Careful review, feedback & ok doug@ jsing@
*	Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().	jsing	2014-10-22	1	-4/+3
\| \| \| \| \| \| \| \|	arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@
*	Only import cryptlib.h in the four source files that actually need it.	jsing	2014-07-11	1	-3/+4
\| \| \| \| \| \| \| \|	Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
*	Explicitly include <openssl/opensslconf.h> in every file that references	jsing	2014-07-10	1	-1/+3
\| \| \| \| \| \| \| \| \|	an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
*	Stop including standard headers via cryptlib.h - pull in the headers that	jsing	2014-07-10	1	-1/+3
\| \| \| \| \| \|	are needed in the source files that actually require them. ok beck@ miod@
*	remove unused, private version strings except SSL_version_str	bcook	2014-07-09	1	-3/+1
\| \| \| \| \| \|	Also remove unused des_ver.h, which exports some of these strings, but is not installed. ok miod@ tedu@
*	Simplify EVP_CIPHER_CTX_new() - stop pretending that EVP_CIPHER_CTX_init()	jsing	2014-06-15	1	-6/+2
\| \| \| \| \| \|	does something special... just use calloc() instead. ok beck@ miod@
*	tags as requested by miod and tedu	deraadt	2014-06-12	1	-1/+1
\|
*	no need for null check before free. from Brendan MacDonell	tedu	2014-05-30	1	-2/+1
\|
*	KNF.	jsing	2014-05-08	1	-339/+333
\|
*	Change library to use intrinsic memory allocation functions instead of	beck	2014-04-17	1	-5/+5
\| \| \| \| \| \| \| \|	OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
*	remove FIPS mode support. people who require FIPS can buy something that	tedu	2014-04-15	1	-21/+0
\| \| \| \| \|	meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
*	resolve conflicts	djm	2012-10-13	1	-9/+86
\|
*	openssl-1.0.0e: resolve conflicts	djm	2011-11-03	1	-0/+1
\|
*	resolve conflicts, fix local changes	djm	2010-10-01	1	-52/+215
\|
*	resolve conflicts	djm	2009-01-09	1	-191/+63
\|
*	update to openssl-0.9.8i; tested by several, especially krw@	djm	2009-01-05	1	-4/+9
\|
*	resolve conflicts	djm	2008-09-06	1	-78/+49
\|
*	resolve conflicts	djm	2005-04-29	1	-1/+60
\|
*	merge 0.9.7d	markus	2004-04-08	1	-1/+13
\|
*	merge 0.9.7b with local changes; crank majors for libssl/libcrypto	markus	2003-05-12	1	-8/+22
\|
*	Merge openssl-0.9.7-stable-SNAP-20020519	beck	2002-05-21	1	-16/+14
\|
*	OpenSSL 0.9.7 stable 2002 05 08 merge	beck	2002-05-15	1	-61/+229
\|
*	openssl-engine-0.9.6 merge	beck	2000-12-15	1	-39/+110
\|
*	OpenSSL 0.9.4 merge	beck	1999-09-29	1	-52/+19
\|
*	Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build	ryker	1998-10-05	1	-0/+303
	functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.