summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* bump version for stable releaselibressl-v2.5.3bcook2017-04-061-3/+3
|
* reinstate the capitalisation from previous, as advised by schwarze;jmc2017-03-271-3/+3
|
* tweak previous;jmc2017-03-263-9/+9
|
* merge new UI documentation from OpenSSLschwarze2017-03-265-13/+651
|
* document X509_Digest(3) and friends;schwarze2017-03-252-1/+135
| | | | from Rich Salz <rsalz@openssl.org>, OpenSSL commit 3e5d9da5 etc.
* document the public function X509_cmp_time(3);schwarze2017-03-252-1/+88
| | | | | from Emilia Kasper <emilia@openssl.org>, OpenSSL commit 80770da3, tweaked by me
* correct RETURN VALUES;schwarze2017-03-251-7/+13
| | | | from Richard Levitte <levitte@openssl.org>, OpenSSL commit cdd6c8c5
* fix two more prototypes;schwarze2017-03-251-5/+5
| | | | from Matt Caswell <matt@openssl.org>, OpenSSL commit b41f6b64
* correct prototypes;schwarze2017-03-251-5/+5
| | | | from Matt Caswell <matt@openssl.org>, OpenSSL commit b41f6b64
* complete description of RETURN VALUES;schwarze2017-03-251-6/+8
| | | | from Alexander Koeppe via OpenSSL commit bb6c5e7f
* minimal stub-quality documentation of EVP_MD_CTX_ctrl(3);schwarze2017-03-251-3/+17
| | | | from Todd Short <tshort@akamai.com> via OpenSSL commit 52ad5b60
* OpenSSL documented the public function BIO_printf(3) (and friends)schwarze2017-03-253-3/+91
| | | | | in commit 2ca2e917. Document it here, too, but do not use their text. Be more concise and more precise at the same time.
* document ASN1_tag2str(3); from OpenSSL commit 9e183d22schwarze2017-03-251-4/+14
|
* Convert BUF_MEM_grow() and BUF_MEM_grow_clean() to recallocarray(),jsing2017-03-161-13/+3
| | | | | | | | | | ensuring that the buffer contents are zeroed on allocation and not leaked when resizing. It is worth noting that BUF_MEM_grow_clean() already did this manually by avoiding realloc(). ok beck@ inoguchi@
* Use calloc() instead of malloc() followed by manually zeroing fields.jsing2017-03-161-6/+3
| | | | ok beck@ inoguchi@
* Ensure MD and key initialized before processing HMACinoguchi2017-03-031-4/+18
| | | | | | | | Ensure both MD and key have been initialized before processing HMAC. Releasing HMAC_CTX in error path of HMAC(). In regress test, added test 4,5,6 and cleaned up the code. ok jsing@
* Include EVP_md5_sha1() via OpenSSL_add_all_digests().jsing2017-03-011-1/+2
|
* Bump minors due to symbol addition.jsing2017-02-281-1/+1
|
* Document EVP_md5_sha1().jsing2017-02-281-2/+11
|
* Add an EVP interface that provides concatenated MD5+SHA1 hashes, which arejsing2017-02-284-2/+88
| | | | | | | | | | used in various parts of TLS 1.0/1.1. This will allow for code simplification in libssl. The same interface exists in OpenSSL 1.1. ok beck@ deraadt@ inoguchi@ millert@
* Fix typo in issuingDistributionPoint description.jsing2017-02-281-1/+1
|
* Add the following root CAs, from SECOM Trust Systems / Security Communicationsthen2017-02-241-1/+126
| | | | | | | | of Japan, they are present in Mozilla's CA store. OK ajacoutot@ /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1 /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2 /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
* don;t end Nd with a full stop;jmc2017-02-211-3/+3
|
* Mark ERR_add_error_data and ERR_add_error_vdata as not for internal use,beck2017-02-205-14/+81
| | | | | and document ERR_asprintf_error_data as their replacement. ok jsing@, ingo@
* bump to 2.5.2bcook2017-02-141-3/+3
|
* DES keys are not 7 days long. ok jsing@dtucker2017-02-092-5/+5
|
* Revert previous; the implementation is incorrect since it assumes that thejsing2017-02-072-20/+7
| | | | | provided error code matches the error that is currently on the top of the error stack.
* Add file and line to the LibreSSL error strings sine we are no longer inbeck2017-02-072-7/+20
| | | | | | | 1989, VMS, or MS/DOS and we all run Brobdingnagian C compilers that have can now be counted on to achieve this level of sophistication nearly everywhere. ok jsing@
* Kill leak introduced with refactorbeck2017-02-051-3/+6
| | | | ok jsing@
* LibreSSL : Truncated packet could crash via OOB readinoguchi2017-01-312-3/+10
| | | | | | | | This patch is originally from master branch of OpenSSL. - 2198b3a crypto/evp: harden AEAD ciphers. - 8e20499 crypto/evp: harden RC4_MD5 cipher. ok tom@
* Document functions returning standard moduli for DH key exchange.schwarze2017-01-312-1/+136
| | | | jsing@ confirmed that these are public and worth documenting.
* tweak previous;jmc2017-01-303-11/+11
|
* Document BN_set_flags(3) and BN_get_flags(3).schwarze2017-01-306-13/+159
| | | | jsing@ confirmed that these macros are public and worth documenting.
* Seriously warn against calling BN_init(3), BN_MONT_CTX_init(3),schwarze2017-01-293-12/+75
| | | | | | | and BN_RECP_CTX_init(3). They are not only deprecated but so dangerous that they are almost unusable. I found these scary traps while reading the code in order to document BN_set_flags(3). While here, delete ERR_get_error(3) from SEE ALSO.
* Send the function codes from the error functions to the bit bucket,beck2017-01-29273-3888/+2396
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Hide SSLerr() under #ifndef LIBRESSL_INTERNAL since we shouldn't bebeck2017-01-261-2/+4
| | | | | using it anymore ok jsing@
* Document ERR_load_BN_strings(3).schwarze2017-01-261-11/+47
| | | | | | | | | | | | | | | | | jsing@ confirmed that this function is public and worth documenting. This page needs much more work, it is outrageously incomplete and unclear. For example, it remains unexplained what error strings are, what "registering" means and what the benefit for the application is, what happens if it is not done, or what happens if an error occurs after calling ERR_free_strings(3). I tried to read the code, but it is so contorted that i postponed that work. For example, it looks like there are hooks for applications to replace the functions used for registering strings by other, application-supplied functions, and, of course, there are many levels of macro and function wrappers. For now, i only documented the most obvious BUGS.
* document BN_asc2bn(3);schwarze2017-01-251-3/+27
| | | | jsing@ confirmed that it is a public function worth documenting
* Construct a BN_gcd_nonct, based on BN_mod_inverse_no_branch, as suggestedbeck2017-01-256-10/+170
| | | | | | | | | | | by Alejandro Cabrera <aldaya@gmail.com> to avoid the possibility of a sidechannel timing attack during RSA private key generation. Modify BN_gcd to become not visible under LIBRESSL_INTERNAL and force the use of the _ct or _nonct versions of the function only within the library. ok jsing@
* use BN_div_nonct where it is safe to do so.beck2017-01-211-2/+2
| | | | ok guenther@
* Add ct and nonct versions of BN_mod_inverse for internal usebeck2017-01-2113-36/+67
| | | | ok jsing@
* Split out BN_div and BN_mod into ct and nonct versions for Internal use.beck2017-01-2117-58/+92
| | | | ok jsing@
* Make explicit _ct and _nonct versions of bn_mod_exp funcitons thatbeck2017-01-2114-39/+106
| | | | | | | | | | | | matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@
* Place {DECLARE,IMPLEMENT}_OBJ_BSEARCH{_GLOBAL,}_CMP_FN macros undefjsing2017-01-211-1/+5
| | | | LIBRESSL_INTERNAL.
* Expand DECLARE_OBJ_BSEARCH_CMP_FN and IMPLEMENT_OBJ_BSEARCH_CMP_FN macros.jsing2017-01-216-28/+168
| | | | No change to generated assembly excluding line numbers.
* /usr/bin/unifdef -D MONT_MUL_MOD -D MONT_EXP_WORD -D RECP_MUL_MOD -m bn_exp.cbeck2017-01-211-23/+2
| | | | | with some style cleanup after. no binary change ok jsing@
* Expand DECLARE_OBJ_BSEARCH_CMP_FN and IMPLEMENT_OBJ_BSEARCH_CMP_FN macros.jsing2017-01-212-8/+38
| | | | No change to generated assembly excluding line numbers.
* fix bogus commentbeck2017-01-211-2/+2
| | | | ok jsing@
* Make return value of X509_verify_cert be consistent with the error code,beck2017-01-211-2/+10
| | | | | | with the caveat that we force V_OK when a user provided callback has us returning success. ok inoguchi@ jsing@
* Rework internal_verify, mostly from OpenSSL. so we can progressbeck2017-01-201-102/+102
| | | | | towards cleaning up the V_OK stuff. ok kinichiro@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-16 23:01:26 +0000