summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/stack/stack.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2016-04-28Update regress test to reflect changes in the cipher list.jsing1-61/+62
2016-04-28Implement the IETF ChaCha20-Poly1305 cipher suites.jsing10-92/+336
Rename the existing ChaCha20-Poly1305 cipher suites with an "-OLD" suffix, effectively replaces the original Google implementation. We continue to support both the IETF and Google versions, however the existing names now refer to the ciphers from draft-ietf-tls-chacha20-poly1305-04. Feedback from doug@
2016-04-28Update AEAD regress to match EVP_aead_chacha20_poly1305() changes.jsing2-83/+83
2016-04-28Rename EVP_aead_chacha20_poly1305() to EVP_aead_chacha20_poly1305_old()jsing6-30/+30
and replace with EVP_aead_chacha20_poly1305_ietf(). The IETF version will become the standard version. Discussed with many.
2016-04-26add "dns" to openssl ocspsemarie1-2/+2
problem reported by Alexandre (kAworu) ok beck@ deraadt@ sthen@
2016-04-25Allow setenv(3) and putenv(3) to operate on a NULL environ pointer.millert1-11/+15
The getenv(3) and unsetenv(3) functions already support this. This will make it easier to emulate the glibc clearenv() function in ports. Based on a diff from and OK jca@
2016-04-24no more outlen; from remcojmc1-5/+3
ok bcook deraadt
2016-04-24typos;jmc1-3/+3
2016-04-19fix typo in comment; ok becktj2-4/+4
2016-04-13Use the correct iv and counter when decrypting the ciphertext forjsing2-8/+8
EVP_aead_chacha20_poly1305_ietf().
2016-04-13After opening an AEAD, ensure that the decrypted output matches thejsing1-0/+5
plaintext for the regress test case.
2016-04-12two times a define to an inline function, from Michael McConville; ok djm@otto1-10/+19
2016-04-09tweak MALLOC_STATS printing (switched off by default), prodded byotto1-14/+14
Michael McConville
2016-04-09redundant memset(3), from Michael McConville, ok armani@otto1-2/+1
2016-04-07hexidecimal->hexadecimal; from mmccjmc1-4/+4
ok beck
2016-04-05Prefer _MUTEX_*LOCK over _THREAD_PRIVATE_MUTEX_*LOCK() when thread-specificguenther2-8/+8
data isn't necessary. ok mpi@, ok&tweak natano@
2016-04-05Update example in comment: setlogin doesn't use {PROTO,DEF}_WRAP() nowguenther1-8/+8
2016-04-03Document ``use after free'' error messageotto1-2/+4
2016-03-30for some time now mandoc has not required MLINKS to functionjmc7-1233/+7
correctly - logically complete that now by removing MLINKS from base; authors need only to ensure there is an entry in NAME for any function/ util being added. MLINKS will still work, and remain for perl to ease upgrades; ok nicm (curses) bcook (ssl) ok schwarze, who provided a lot of feedback and assistance ok tb natano jung
2016-03-27Merge a memleak fix from BoringSSL 6b6e0b2:mmcc2-2/+6
https://boringssl.googlesource.com/boringssl/+/6b6e0b20893e2be0e68af605a60ffa2cbb0ffa64%5E!/#F0 ok millert@, beck@
2016-03-26fix the last bunch of NAME sections that were overlooked earlierschwarze1-2/+9
such that the MLINKS removal can be committed after this; OK jmc@
2016-03-21Return zero from two functions on allocation failure instead of alwaysmmcc4-8/+8
returning one (indicating success). Each function has only a single usage, and both usages check the return value. Merged from BoringSSL 0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c: https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!/#F0 ok beck@
2016-03-20" the the " -> " the ", or in a couple of cases replace the superfluouskrw9-13/+13
"the" with the obviously intended word. Started with a "the the" spotted by Mihal Mazurek.
2016-03-17properly guard to macrosmmcc1-5/+5
ok otto@
2016-03-17explicit_bzero for asn1 objects on free. Too often these contain sensitive ↵beck2-48/+54
information and they should not be a performance bottleneck ok miod@ krw@
2016-03-15'accomodate' -> 'accommodate' in comments.krw10-18/+18
Started by diff from Mical Mazurek.
2016-03-14small step towards multiple pools: move two globls into the struct dir_infootto1-112/+126
ok @stefan armani@
2016-03-13environ and __progname are not declared in a public header; declare themguenther4-10/+4
in libc's hidden/stdlib.h instead of in each .c file that needs one ok deraadt@ gsoares@ mpi@
2016-03-13check return value for BN_hex2bn in regression testsbcook1-4/+10
2016-03-13Fix examples for EVP_PKEY_CTX_set_rsa_padding.bcook4-4/+4
Noted here, https://github.com/libressl-portable/portable/issues/161, we document a non-existent constant in the examples for EVP_PKEY_CTX_set_rsa_padding. ok deraadt@
2016-03-12Add error handling to the remaining calls to bn_wexpand().bcook4-32/+46
Noticed by pascal-cuoq from Github: https://github.com/libressl-portable/openbsd/issues/56 ok beck@
2016-03-12Remove sentences in RETURN VALUES sections saying that functions withmmcc28-79/+14
void return types 'return no value'. This is obvious and therefore unneccessary to mention. We spare rewind(3)'s sentence because espie@ pointed out that it's a warning - the function masks a potential error. This commit also adds a sentence to X509_free clarifying that it's NULL-safe. This bit was discussed with doug@. ok martijn@, sentiment supported by schwarze@
2016-03-12Bump for LibreSSL 2.4.0bcook2-6/+6
2016-03-11X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc30-148/+92
ok doug@
2016-03-10http -> https for a few more IETF URLs in comments or man pagesmmcc6-14/+14
2016-03-10un-vax;jmc1-3/+3
2016-03-07http -> https for IETF/IANA URLs in commentsmmcc2-8/+8
2016-03-06explict_bzero for some asn1 free's - ok miod@beck4-6/+18
2016-03-06Make sure stdio functions don't end up in the library, from miod@beck7-15/+39
ok doug@ bcook@
2016-03-04graduate bn_expand() to a real function. the openssl version of thisderaadt4-8/+32
uses a macro with multiple-evaluations of arguments (different amount than the previous version..), but doug/bcook's inline version makes BIGNUM not opaque [problem spotted by naddy] ok doug
2016-03-04Revert bn_expand until there's consensus on a fix.doug2-28/+6
2016-03-02fix the rest of the read_ledword() calls used as lengths to be bounded.beck2-2/+10
inspired by guido vranken https://guidovranken.wordpress.com/2016/03/01/public-disclosure-malformed-private-keys-lead-to-heap-corruption-in-b2i_pvk_bio/ ok doug@
2016-03-02Add bounds checking for BN_hex2bn/BN_dec2bn.doug4-20/+52
Need to make sure i * 4 won't overflow. Based on OpenSSL: commit 99ba9fd02fd481eb971023a3a0a251a37eb87e4c input + ok bcook@ ok beck@
2016-03-02bound lengths coming out of a pem file to something like realitybeck2-6/+14
ok deraadt@
2016-03-01Remove support for ancient, broken DSA implementations.doug2-120/+40
Based on a few OpenSSL commits: Remove ancient DSA workarounds commit ab4a81f69ec88d06c9d8de15326b9296d7f498ed Remove workaround for broken DSA implementations using negative integers commit dfb10af92e9663ce4eefaa1d6b678817fa85344d Typo in error name (EVP_R_DECODE_ERROR -> DSA_R_DECODE_ERROR) commit f6fb7f1856d443185c23f1a5968c08b4269dd37d ok beck@
2016-02-29remove NULL checks for pqueue_free()mmcc2-22/+12
ok doug@
2016-02-26Add a test for negated POSIX characer classes.millert1-0/+1
2016-02-25refactor option letter parsing into a subfunction, to increase clarityderaadt1-93/+102
about which options are turned on/off by 's' and 'S' ok tedu
2016-02-17Sync some root certificates with Mozilla's cert store. ok bcook@sthen1-84/+1016
- Add new root certificates present in Mozilla cert store from CA organizations who are already in cert.pem (AddTrust, Comodo, DigiCert, Entrust, GeoTrust, USERTrust). - Replace Startcom's root with their updated sha256 version present in Mozilla cert store. (They maintained serial# etc so this is still valid for existing signed certificates). - Add two root certificates from CA not previously present: "C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority" "C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru) We are still listing some certificates that have been removed from Mozilla's store (1024-bit etc) however these cannot be removed until cert validation is improved (we don't currently accept a certificate as valid unless the CA is at the end of a chain).
2016-02-12word fix from previous; ok sthenjmc1-3/+3
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 21:08:07 +0000