summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* http://repzret.org/p/repzret/deraadt2017-12-113-8/+8
| | | | | | | | | | My read of this: Long time ago (Think Conan, not dinasaurs) during the race to make speedier processors, a cpu vendor built a pipeline with a bad stall, and proposed a tremendously hasky workaround. A wizard adopted this into his perl scroll, and failed to reflect later when no compiler adopted the practice. This relic remains at the tail end of some functions in OpenSSL as ".byte 0xf3,0xc3". Banish it straight to hell. ok mlarkin, others also stared blankly
* In the middle of CRYPTO_gcm128_finish() there is a complicated #ifdefderaadt2017-12-091-6/+8
| | | | | block which defines a variable late, after code. Place this chunk into a { subblock } to satisfy old compilers and old eyes.
* Please variable decl before code.deraadt2017-12-091-2/+2
|
* Rewrite ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.jsing2017-11-281-81/+78
| | | | | | | This removes the last remaining use of the old M_ASN1_* macros (asn1_mac.h) from API that needs to continue to exist. ok beck@ inoguchi@
* GNU ld has prefixed the contents of .gnu.warning.SYMBOL sectionstb2017-11-281-4/+4
| | | | | | | | with "warning: " since 2003, so the messages themselves need not contain the prefix anymore. From Scott Cheloha ok jca, deraadt
* bump version in advance of final releasebcook2017-09-261-3/+3
|
* bump wo 2.6.2libressl-v2.6.2bcook2017-09-261-3/+3
|
* Checking sizeof size_t by SIZE_MAX instead of _LP64inoguchi2017-09-031-7/+7
| | | | ok bcook@
* Remove OPENSSL_NO_NEXTPROTONEG - some software creates conflictingjsing2017-08-311-1/+0
| | | | | prototypes if we have both OPENSSL_NO_NEXTPROTONEG and the prototypes defined.
* Bring back the RSA_SSLV23_PADDING define.jsing2017-08-301-1/+2
| | | | Several pieces of software expect this to be available unconditionally.
* Fix ifdef to if in gcm128.cinoguchi2017-08-301-2/+2
| | | | ok deraadt@ bcook@
* Bump lib{crypto,ssl,tls} majors due to symbol removals.jsing2017-08-281-2/+2
|
* Remove EVP_aead_chacha20_poly1305_old() now that the original/oldjsing2017-08-283-83/+28
| | | | chacha20-poly1305 cipher suites have been removed from libssl.
* Remove documentation for EVP_aead_chacha20_poly1305_ietf() - this wasjsing2017-08-281-13/+3
| | | | removed/renamed a long time back.
* Put the opening curly brace in the right place.jsing2017-08-281-2/+3
|
* Remove RSA_padding_add_SSLv23()/RSA_padding_check_SSLv23() and relatedjsing2017-08-289-202/+11
| | | | | | code. We removed SSLv2/SSLv3 a long time ago... Discussed with doug@
* Define OPENSSL_NO_NEXTPROTONEG since there is no longer any NPN.jsing2017-08-281-0/+1
|
* Make the symbol for ASN1_time_tm_clamp_notafter visible so libtlsbeck2017-08-273-4/+5
| | | | | can get at it, so libtls can also deal with notafter's past the realm of 32 bit time in portable
* New manual page X509_check_private_key(3), using informationschwarze2017-08-202-1/+65
| | | | | | | | from the OpenSSL manual and from code inspection. Use my own Copyright and license because no Copyright-worthy amount of text from OpenSSL remains. And, no, these functions do *NOT* check private keys, not at all.
* fix a pasto in the description of UI_get0_result_string(3);schwarze2017-08-201-4/+4
| | | | | from Richard Levitte <levitte at openssl dot org> via OpenSSL commit e9c9971b Jul 1 18:28:50 2017 +0200
* Add a BUGS section stating that RSA_PKCS1_PADDING is weak by design;schwarze2017-08-201-3/+11
| | | | | from Emilia Kasper <emilia at openssl dot org> via OpenSSL commit 1e3f62a3 Jul 17 16:47:13 2017 +0200.
* Add a BUGS sectionschwarze2017-08-201-3/+10
| | | | | | stating that RSA_padding_check_PKCS1_type_2(3) is weak by design; from Emilia Kasper <emilia at openssl dot org> via OpenSSL commit 1e3f62a3 Jul 17 16:47:13 2017 +0200.
* import PEM_bytes_read_bio(3) from OpenSSL,schwarze2017-08-204-7/+124
| | | | dropping the secmem stuff that we don't want
* mention CRYPTO_mem_leaks_cb(3) because OpenSSLschwarze2017-08-201-4/+18
| | | | now also documents it, in OPENSSL_malloc.pod
* import EVP_PKEY_meth_get_count.pod from OpenSSL, pruning the functions weschwarze2017-08-202-1/+75
| | | | don't have, which implies renaming the file to EVP_PKEY_meth_get0_info.3
* fix wrong function name;schwarze2017-08-201-6/+7
| | | | | from Rich Salz <rsalz at openssl dot org> via OpenSSL commit 1722496f Jun 8 15:18:38 2017 -0400
* sync with OpenSSL:schwarze2017-08-201-4/+14
| | | | | | | | | | | | | | 1. mention three additional functions for stitched ciphers from Steven Collison <steven at raycoll dot com> via OpenSSL commit 209fac9f Mar 28 12:46:07 2017 -0700 2. fix wrong data type of an automatic variable in an example from Paul Yang <paulyang dot inf at gmail dot com> via OpenSSL commit 719b289d May 22 23:18:45 2017 +0800 3. fix memory leak in sample encryption code and check return value of fopen from Greg Zaverucha <gregz at microsoft dot com> via OpenSSL commit 519a5d1e Jun 27 17:38:25 2017 -0700
* zap trailing whitespace;jmc2017-08-201-2/+2
|
* sprinkle a few missing dependencies on perl scripts internal bits.espie2017-08-203-11/+17
| | | | 'it works' deraadt@
* Sync with OpenSSL: document several new functions, plus some additionalschwarze2017-08-201-48/+227
| | | | | minor improvements. Mostly from Todd Short <tshort at akamai dot com> via OpenSSL commit cf37aaa3 Aug 4 11:24:03 2017 +1000.
* clarify deprecation notice;schwarze2017-08-201-6/+7
| | | | from Rich Salz, OpenSSL commit a95d7574, July 2, 2017
* New ASN1_STRING_TABLE_add(3) manual page, based on information fromschwarze2017-08-202-1/+94
| | | | | | | | | the OpenSSL manual page committed on July 27, 2017, and on source code inspection. Use my own Copyright and license because no copyright-worthy amount of text from OpenSSL remains. NOTA BENE: BUGS Most aspects of the semantics considerably differ from OpenSSL.
* fix missing bracket on ARMbcook2017-08-141-15/+15
| | | | ok beck@
* Add ability to clamp a notafter to values representable in a 32 bit time_tbeck2017-08-133-7/+41
| | | | | | This will only be used in portable. As noted, necessary to make us conformant to RFC 5280 4.1.2.5. ok jsing@ bcook@
* Switch to -Werror with clang for libressl.doug2017-08-131-2/+2
| | | | | Discussed with beck@ and jsing@ ok beck@
* move endian/word size checks from runtime to compile timebcook2017-08-134-325/+340
| | | | ok guenther@
* Convert the sigma and tau initialisers to byte arrays, rather than usingjsing2017-08-131-3/+12
| | | | | | | | | strings. The original code is perfectly valid C, however it causes some compilers to complain since it lacks room for a string NUL terminator and the compiler is not smart enough to realise that these are only used as byte arrays and never treated as strings. ok bcook@ beck@ inoguchi@
* bump to 2.6.1bcook2017-08-121-3/+3
|
* add missing and correct misspelled names, most in NAME sections;schwarze2017-08-016-21/+29
| | | | | found with regress/usr.bin/mandoc/db/dbm_dump; OK jmc@
* Allow leading . in nameConstraints. from openssl via jabberwock. ok jsingtedu2017-07-201-2/+2
|
* remove misc. depend and yacc nits that no longer matter.espie2017-07-101-2/+1
| | | | okay millert@
* fix broken cross references; found with mandoc -Tlintschwarze2017-07-063-43/+8
|
* fix cross references to self; found with mandoc -Tlintschwarze2017-07-052-7/+6
|
* .init stub creation doesn't need a jmp + .align to reach a branch target,deraadt2017-06-281-3/+0
| | | | | | | just fall into the code. The .align created a FILL zone in the .init section, which on i386 was filled with a NOP-sled, something we want to get away from. discussed with kettenis and tom
* Distinguish between self-issued certificates and self-signed certificates.jsing2017-06-222-30/+40
| | | | | | | | | | | | | | The certificate verification code has special cases for self-signed certificates and without this change, self-issued certificates (which it seems are common place with openvpn/easyrsa) were also being included in this category. Based on BoringSSL. Thanks to Dale Ghent <daleg at elemental dot org> for assisting in identifying the issue and testing this fix. ok inoguchi@
* mark files as BUILDFIRST, or write explicit dependencies, so that mostespie2017-06-161-1/+2
| | | | | programs will build even without a make depend first. okay tb@ millert@
* repair broken markup of callback argument; found with mandoc -Tlintschwarze2017-06-101-5/+3
|
* Randomize link-order of libcrypto as we do with libc. This libraryderaadt2017-05-291-1/+2
| | | | | | | | | | | | | | has many small functions without significant local storage, therefore less tail protection from -fstack-protector-strong to prevent their use as ROP gadgets. It is used in security contexts. Also many functions dribble pointers onto the stack, allowing discovery of gadgets via the fixed relative addresses, so let's randomly bias those. ok tedu jsing The rc script will soon need a strategy for skipping this step on machines with poor IO performance. Or maybe do it less often? However, I don't see many more libraries we'll do this with, these are the two most important ones.
* Avoid a potential NULL pointer dereference in d2i_ECPrivateKey().jsing2017-05-261-1/+7
| | | | | | Reported by Robert Swiecki, who found the issue using honggfuzz. ok bcook@
* Add definitions for three OIDs used in EV certificates.jsing2017-05-252-0/+9
| | | | From Kyle J. McKay <mackyle at gmail dot com>
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 22:16:08 +0000