openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Use err_local.h rather than err.h in most places	tb	2025-05-10	1	-2/+2
\| \| \| \|	ok jsing
*	Zap HMAC_Init	tb	2024-08-31	1	-10/+1
\| \| \| \| \| \|	Long deprecated, last users have been fixed. ok beck jsing
*	Remove support for static buffers in HMAC/digests	tb	2024-06-01	1	-4/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	HMAC() and the one-step digests used to support passing a NULL buffer and would return the digest in a static buffer. This design is firmly from the nineties, not thread safe and it saves callers a single line. The few ports that used to rely this were fixed with patches sent to non-hostile (and non-dead) upstreams. It's early enough in the release cycle that remaining uses hidden from the compiler should be caught, at least the ones that matter. There won't be that many since BoringSSL removed this feature in 2017. https://boringssl-review.googlesource.com/14528 Add non-null attributes to the headers and add a few missing bounded attributes. ok beck jsing
*	Add missing LCRYPTO_ALIAS()	tb	2024-03-30	1	-1/+3
\| \| \| \| \| \|	HMAC_CTX_reset() and HMAC_Init() had missing LCRYPTO_ALIAS(). ok beck jsing
*	Simplify HMAC_CTX_new()	joshua	2024-03-26	1	-9/+2
\| \| \| \| \| \| \|	There is no need to call HMAC_CTX_init() as the memory has already been initialised to zero. ok tb
*	Use EVP_MD_CTX_legacy_clear() internally	tb	2024-02-18	1	-4/+4
\| \| \| \|	ok jsing
*	libressl _namespace.h: adjust _ALIAS() to require a semicolon	tb	2023-02-16	1	-10/+10
\| \| \| \| \| \| \| \| \| \|	LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon. This does not conform to style(9), breaks editors and ctags and (most importantly) my workflow. Fix this by neutering them with asm("") so that -Wpedantic doesn't complain. There's precedent in libc's namespace.h fix suggested by & ok jsing
*	Make internal header file names consistent	tb	2022-11-26	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Libcrypto currently has a mess of _lcl.h, _locl.h, and _local.h names used for internal headers. Move all these headers we inherited from OpenSSL to _local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
*	Add support for symbol hiding disabled by default.	beck	2022-11-11	1	-1/+10
\| \| \| \| \| \| \| \| \| \| \| \|	Fully explained in libcrypto/README. TL;DR make sure libcrypto and libssl's function calls internally and to each other are via symbol names that won't get overridden by linking other libraries. Mostly work by guenther@, which will currently be gated behind a build setting NAMESPACE=yes. once we convert all the symbols to this method we will do a major bump and pick up the changes. ok tb@ jsing@
*	Fix HMAC() with NULL key	tb	2022-05-05	1	-2/+7
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	If a NULL key is passed to HMAC_Init_ex(), it tries to reuse the previous key. This makes no sense inside HMAC() since the HMAC_CTX has no key set yet. This is hit by HKDF() with NULL salt() via the EVP API and results in a few Wycheproof test failures. If key is NULL, use a zero length dummy key. This was not hit from wycheproof.go since we pass a []byte with a single NUL from Go. Matches OpenSSL if key is NULL and key_len is 0. If key_len != 0, OpenSSL will still fail by passing a NULL key which makes no sense, so set key_len to 0 instead. ok beck jsing
*	Include evp_locl.h where it will be needed once most structs from	tb	2021-12-12	1	-1/+2
\| \| \| \| \| \|	evp.h will be moved to evp_locl.h in an upcoming bump. ok inoguchi
*	Add a mostly empty hmac_local.h. HMAC_CTX and a few other things	tb	2021-12-12	1	-1/+3
\| \| \| \| \| \| \|	from hmac.h will be moved there in an umpcoming bump. Include this file where it will be needed. ok inoguchi
*	Provide HMAC_CTX_new(), HMAC_CTX_free(), HMAC_CTX_reset() and	jsing	2018-02-17	1	-9/+47
\| \| \| \|	HMAC_CTX_get_md().
*	Ensure MD and key initialized before processing HMAC	inoguchi	2017-03-03	1	-4/+18
\| \| \| \| \| \| \| \|	Ensure both MD and key have been initialized before processing HMAC. Releasing HMAC_CTX in error path of HMAC(). In regress test, added test 4,5,6 and cleaned up the code. ok jsing@
*	Send the function codes from the error functions to the bit bucket,	beck	2017-01-29	1	-4/+3
\| \| \| \| \| \|	as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
*	Replace assert() and OPENSSL_assert() calls with proper error return paths.	miod	2015-02-10	1	-4/+11
\| \| \| \|	Careful review, feedback & ok doug@ jsing@
*	Only import cryptlib.h in the four source files that actually need it.	jsing	2014-07-11	1	-2/+3
\| \| \| \| \| \| \| \|	Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
*	More KNF.	jsing	2014-06-21	1	-14/+15
\|
*	KNF	miod	2014-06-21	1	-82/+84
\|
*	tags as requested by miod and tedu	deraadt	2014-06-12	1	-1/+1
\|
*	remove FIPS mode support. people who require FIPS can buy something that	tedu	2014-04-15	1	-37/+0
\| \| \| \| \|	meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
*	resolve conflicts	djm	2012-10-13	1	-0/+37
\|
*	openssl-1.0.0e: resolve conflicts	djm	2011-11-03	1	-3/+0
\|
*	resolve conflicts, fix local changes	djm	2010-10-01	1	-28/+62
\|
*	resolve conflicts	djm	2009-01-09	1	-0/+3
\|
*	update to openssl-0.9.8i; tested by several, especially krw@	djm	2009-01-05	1	-0/+7
\|
*	resolve conflicts	djm	2008-09-06	1	-15/+5
\|
*	resolve conflicts	djm	2006-06-27	1	-9/+3
\|
*	resolve conflicts	djm	2005-04-29	1	-0/+16
\|
*	merge 0.9.7b with local changes; crank majors for libssl/libcrypto	markus	2003-05-12	1	-0/+3
\|
*	undo local change, HMAC_Init() already does HMAC_CTX_init if(key && md)	markus	2002-09-17	1	-1/+0
\|
*	remove whitespace changes (keep diffs to 0.9.7-beta1 minimal)	markus	2002-09-03	1	-1/+1
\|
*	OpenSSL 0.9.7 stable 2002 05 08 merge	beck	2002-05-15	1	-16/+35
\|
*	OpenSSL 0.9.5a merge	beck	2000-04-15	1	-1/+3
\|
*	OpenSSL 0.9.5 merge	beck	2000-03-19	1	-2/+2
\| \| \| \| \| \|	warning this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
*	OpenSSL 0.9.4 merge	beck	1999-09-29	1	-24/+9
\|
*	Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build	ryker	1998-10-05	1	-0/+165
	functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.