summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Allow leading . in nameConstraints. from openssl via jabberwock. ok jsingtedu2017-07-201-2/+2
|
* remove misc. depend and yacc nits that no longer matter.espie2017-07-101-2/+1
| | | | okay millert@
* fix broken cross references; found with mandoc -Tlintschwarze2017-07-063-43/+8
|
* fix cross references to self; found with mandoc -Tlintschwarze2017-07-052-7/+6
|
* .init stub creation doesn't need a jmp + .align to reach a branch target,deraadt2017-06-281-3/+0
| | | | | | | just fall into the code. The .align created a FILL zone in the .init section, which on i386 was filled with a NOP-sled, something we want to get away from. discussed with kettenis and tom
* Distinguish between self-issued certificates and self-signed certificates.jsing2017-06-222-30/+40
| | | | | | | | | | | | | | The certificate verification code has special cases for self-signed certificates and without this change, self-issued certificates (which it seems are common place with openvpn/easyrsa) were also being included in this category. Based on BoringSSL. Thanks to Dale Ghent <daleg at elemental dot org> for assisting in identifying the issue and testing this fix. ok inoguchi@
* mark files as BUILDFIRST, or write explicit dependencies, so that mostespie2017-06-161-1/+2
| | | | | programs will build even without a make depend first. okay tb@ millert@
* repair broken markup of callback argument; found with mandoc -Tlintschwarze2017-06-101-5/+3
|
* Randomize link-order of libcrypto as we do with libc. This libraryderaadt2017-05-291-1/+2
| | | | | | | | | | | | | | has many small functions without significant local storage, therefore less tail protection from -fstack-protector-strong to prevent their use as ROP gadgets. It is used in security contexts. Also many functions dribble pointers onto the stack, allowing discovery of gadgets via the fixed relative addresses, so let's randomly bias those. ok tedu jsing The rc script will soon need a strategy for skipping this step on machines with poor IO performance. Or maybe do it less often? However, I don't see many more libraries we'll do this with, these are the two most important ones.
* Avoid a potential NULL pointer dereference in d2i_ECPrivateKey().jsing2017-05-261-1/+7
| | | | | | Reported by Robert Swiecki, who found the issue using honggfuzz. ok bcook@
* Add definitions for three OIDs used in EV certificates.jsing2017-05-252-0/+9
| | | | From Kyle J. McKay <mackyle at gmail dot com>
* Fix a problem introduced in freezero() conversion and usejsg2017-05-111-2/+2
| | | | | | | | | | sizeof(struct) not sizeof(pointer). otto@ points out that on OpenBSD currently freezero() would have still zeroed the entire allocation, but this is not documented behaviour and may change in future. ok tom@
* BUF_MEM_grow_clean() returns an int, not a size_t. Humourously, on successjsing2017-05-081-3/+3
| | | | it returns "len", which is a size_t value, as an int...
* Bring in HKDF, from BoringSSL, with regress tests modified to bebeck2017-05-063-1/+186
| | | | | in C. Ride previous minor bump ok tom@ inoguchi@ jsing@
* space needed between macro arg and punctuation;jmc2017-05-061-2/+2
|
* Bump minors for symbol addition in libcryptobeck2017-05-061-1/+1
| | | | ok jsing@
* Add ASN1_TIME_set_to to exported symbolsbeck2017-05-061-0/+4
| | | | ok jsing@
* Add ASN1_TIME_set_tm to set an asn1 from a struct tm *beck2017-05-063-5/+44
| | | | ok jsing@
* the XXXfree functions being called accept NULL, so don't check first.deraadt2017-05-023-26/+14
| | | | ok beck
* use freezero() instead of memset/explicit_bzero + free. Substantiallyderaadt2017-05-0237-234/+107
| | | | | | | | | | reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
* No original OpenSSL code remains in this file. Relicensebeck2017-04-301-54/+13
|
* Make BIO_get_host_ip just yet another getaddrinfo wrapperbeck2017-04-301-27/+20
|
* Rework BIO_accept to be more like modern code.beck2017-04-301-54/+19
| | | | ok jsing@
* Only enable -Werror on libcrypto/libssl/libtls if we are building withjsing2017-04-301-3/+6
| | | | | | | gcc4. This should avoid failed builds while transitioning compilers. While here also make the CFLAGS blocks consistent across makefiles. Discussed with deraadt@, ok beck@
* Microsoft Windows hates BIO_get_accept_socket in portable. Fix it tobeck2017-04-301-115/+35
| | | | | | not be awful or have any claims on supporting ipv6 when it does so very badly ok jsing@
* Stop calling OPENSSL_init() internally, since it is a no-op. Also placejsing2017-04-293-9/+4
| | | | | | it under #ifndef LIBRESSL_INTERNAL. ok beck@
* Switch Linux getrandom() usage to non-blocking mode, continuing tobeck2017-04-291-6/+9
| | | | | | | | | | use fallback mechanims if unsuccessful. The design of Linux getrandom is broken. It has an uninitialized phase coupled with blocking behaviour, which is unacceptable from within a library at boot time without possible recovery. ok deraadt@ jsing@
* Revert previous change that forced consistency between return value andbeck2017-04-281-10/+2
| | | | | | | error code, since this breaks the documented API. Under certain circumstances this will result in incorrect successful certiticate verification (where a user supplied callback always returns 1, and later code checks the error code to potentially abort post verification)
* revert previous accidental commitbeck2017-04-285-25/+46
|
* *** empty log message ***beck2017-04-285-46/+25
|
* new X25519(3) manual page;schwarze2017-04-105-10/+113
| | | | from Dr. Stephen Henson <steve@openssl.org>, OpenSSL commit d218f3c3
* document three additional functions;schwarze2017-04-101-7/+60
| | | | from Emilia Kasper <emilia at openssl dot org>, OpenSSL commit 4ac139b4
* Simplify/clean up BUF_MEM_grow_clean().jsing2017-04-091-17/+16
| | | | ok beck@
* With recallocarray() BUF_MEM_grow() is essentially the same asjsing2017-04-091-28/+2
| | | | | | | BUF_MEM_grow_clean() (the only difference is clearing on internal down sizing), so make it a wrapper. ok beck@ deraadt@
* Explicitly test for NULL.jsing2017-04-091-4/+4
| | | | ok beck@
* trailing ; on end of macro definition is wrong; ok guentherderaadt2017-04-061-4/+4
|
* bump version for new development branchbcook2017-04-061-3/+3
|
* Fix silly code that printfs NULL when there are no fractional secondsbeck2017-04-031-2/+2
| | | | | | on a GENREALIZEDTIME (which there should really never be for anything remotely standards compliant) ok jsing@
* reinstate the capitalisation from previous, as advised by schwarze;jmc2017-03-271-3/+3
|
* tweak previous;jmc2017-03-263-9/+9
|
* merge new UI documentation from OpenSSLschwarze2017-03-265-13/+651
|
* document X509_Digest(3) and friends;schwarze2017-03-252-1/+135
| | | | from Rich Salz <rsalz@openssl.org>, OpenSSL commit 3e5d9da5 etc.
* document the public function X509_cmp_time(3);schwarze2017-03-252-1/+88
| | | | | from Emilia Kasper <emilia@openssl.org>, OpenSSL commit 80770da3, tweaked by me
* correct RETURN VALUES;schwarze2017-03-251-7/+13
| | | | from Richard Levitte <levitte@openssl.org>, OpenSSL commit cdd6c8c5
* fix two more prototypes;schwarze2017-03-251-5/+5
| | | | from Matt Caswell <matt@openssl.org>, OpenSSL commit b41f6b64
* correct prototypes;schwarze2017-03-251-5/+5
| | | | from Matt Caswell <matt@openssl.org>, OpenSSL commit b41f6b64
* complete description of RETURN VALUES;schwarze2017-03-251-6/+8
| | | | from Alexander Koeppe via OpenSSL commit bb6c5e7f
* minimal stub-quality documentation of EVP_MD_CTX_ctrl(3);schwarze2017-03-251-3/+17
| | | | from Todd Short <tshort@akamai.com> via OpenSSL commit 52ad5b60
* OpenSSL documented the public function BIO_printf(3) (and friends)schwarze2017-03-253-3/+91
| | | | | in commit 2ca2e917. Document it here, too, but do not use their text. Be more concise and more precise at the same time.
* document ASN1_tag2str(3); from OpenSSL commit 9e183d22schwarze2017-03-251-4/+14
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-05 19:51:06 +0000