openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Fix incorrect carry operation in 512 bit addition: in the case	tb	2019-05-09	1	-6/+8
\| \| \| \| \| \| \| \| \|	that there is already a carry and Sigma[i-1] == -1, the carry must be kept. From Dmitry Eremin-Solenik. Fixes incorrect Streebog result reported by Guido Vranken.
*	Add consts to EVP_PKEY_asn1_set_private()	tb	2018-08-24	1	-2/+2
\| \| \| \| \| \| \| \| \|	Requires adding a const to the priv_decode() member of EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode() functions. All this is already documented this way. tested in a bulk build by sthen ok jsing
*	After removing support for broken PKCS#8 formats (it was high time),	tb	2018-08-24	1	-3/+3
\| \| \| \| \| \| \| \|	we can add const to PKCS8_pkey_get0(). In order for this to work, we need to sprinkle a few consts here and there. tested in a bulk by sthen ok jsing
*	Remove a handrolled GOST_le2bn().	jsing	2018-06-10	1	-8/+4
\| \| \| \|	From Dmitry Eremin-Solenikov <dbaryshkov at gmail dot com>.
*	Convert a handful of X509_*() functions to take const as in OpenSSL.	tb	2018-05-01	1	-3/+3
\| \| \| \| \|	tested in a bulk by sthen ok jsing
*	use freezero() instead of memset/explicit_bzero + free. Substantially	deraadt	2017-05-02	1	-3/+2
\| \| \| \| \| \| \| \| \| \|	reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
*	Send the function codes from the error functions to the bit bucket,	beck	2017-01-29	6	-143/+83
\| \| \| \| \| \|	as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
*	Add ct and nonct versions of BN_mod_inverse for internal use	beck	2017-01-21	1	-2/+2
\| \| \| \|	ok jsing@
*	Split out BN_div and BN_mod into ct and nonct versions for Internal use.	beck	2017-01-21	1	-4/+6
\| \| \| \|	ok jsing@
*	Explicitly export a list of symbols from libcrypto.	jsing	2016-12-21	2	-2/+10
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@
*	unifdef OPENSSL_NO_CMS	jsing	2016-10-19	2	-21/+2
\|
*	Expand DECLARE_ASN1_.*FUNCTIONS macros.	jsing	2016-09-04	2	-7/+27
\| \| \| \|	No change in preprocessed output, ignoring whitespace and line numbers.
*	Correct spelling of OPENSSL_cleanse.	jsing	2015-09-10	4	-9/+11
\| \| \| \|	ok miod@
*	Expand ASN.1 template macros - no change in generated assembly.	jsing	2015-07-24	1	-22/+144
\|
*	prefer string.h to strings.h ok guenther@ doug@	bcook	2015-07-20	1	-2/+2
\|
*	Fix possible 32 byte buffer overrun, found by coverity, CID 78869	beck	2015-07-15	1	-2/+2
\| \| \| \|	ok miod@
*	Memory leaks upon error. Coverity CID 78874.	miod	2015-02-14	1	-10/+10
\| \| \| \|	ok jsing@
*	Consistently check the return value from BN_CTX_get() on assignment.	jsing	2015-02-14	4	-42/+44
\| \| \| \| \| \| \|	This is the same as the previous larger commit, however it would seem the GOST part got missed. ok beck@ doug@
*	Guenther has plans for OPENSSL_NO_CMS, so revert this for the moment.	beck	2015-02-11	2	-2/+21
\|
*	get rid of OPENSSL_NO_CMS code we do not use.	beck	2015-02-11	2	-21/+2
\| \| \| \|	ok miod@
*	Enable building with -DOPENSSL_NO_DEPRECATED.	doug	2015-02-11	4	-4/+8
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@
*	Replace assert() and OPENSSL_assert() calls with proper error return paths.	miod	2015-02-10	1	-5/+20
\| \| \| \|	Careful review, feedback & ok doug@ jsing@
*	Remove assert() or OPENSSL_assert() of pointers being non-NULL. The policy	miod	2015-02-10	1	-5/+1
\| \| \| \| \|	for libraries in OpenBSD is to deliberately let NULL pointers cause a SIGSEGV. ok doug@ jsing@
*	Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible and	jsing	2015-02-09	1	-5/+125
\| \| \| \| \| \| \| \|	functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
*	Make GOST compile with a strict C compiler - in this case incrementing a	jsing	2014-12-07	3	-10/+12
\| \| \| \| \| \| \|	void pointer is undefined and initialising an array with {} is a syntax error. Based on a diff from kinichiro inoguchi.
*	Correctly output the result in STREEBOG512_Final() when running on a big-endian	miod	2014-12-07	1	-5/+28
\| \| \| \|	system. blush
*	Argh, another bug introduced in r1.3; Dmitry Eremin-Solenikov	miod	2014-11-18	1	-2/+2
\|
*	Return success in param_copy_gost01() if there is no private key to copy;	miod	2014-11-18	1	-2/+2
\| \| \| \| \|	broken in r1.3. Spotted by Dmitry Eremin-Solenikov
*	Add many missing error checks (probably not exhaustive, but a good start):	miod	2014-11-13	6	-287/+488
\| \| \| \| \| \| \| \| \| \| \| \|	- make VKO_compute_key() no longer void so that it can return failure. - fix unchecked allocations in too many routines to mention /-: - fix unchecked BN operations in gost2001_do_sign(), gost2001_do_verify(), VKO_compute_key(). - fix the gost2001_do_sign() interface violation by having its sole caller free the BIGNUM it passes to that function by itself, instead of having the callee do this. Reviewed (except for the last item) by Dmitry Eremin-Solenikov.
*	KNF (when not conflicting with other cleanup changes in progress)	miod	2014-11-09	10	-329/+446
\|
*	Remove DEBUG_SIGN code. Make sure gost_key_unwrap_crypto_pro() returns failure	miod	2014-11-09	2	-19/+4
\| \| \| \|	instead of a printf and a success return, when the operation fails.
*	Rename internal yet public key_{un,}wrap_crypto_pro symbols by prepending a	miod	2014-11-09	3	-30/+32
\| \| \| \| \|	`gost_' prefix to them, so that we do not pollute the global namespace too much.
*	Replace RAND_bytes() usage with arc4random_buf().	miod	2014-11-09	3	-10/+3
\|
*	GOST crypto algorithms (well, most of them), ported from the removed GOST	miod	2014-11-09	17	-0/+5569
	engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov; libcrypto bits only for now. This is a verbatim import of Dmitry's work, and does not compile in this state; the forthcoming commits will address these issues. None of the GOST code is enabled in libcrypto yet, for it still gets compiled with OPENSSL_NO_GOST defined. However, the public header gost.h will be installed.