summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* fix a pasto in the description of UI_get0_result_string(3);schwarze2017-08-201-4/+4
| | | | | from Richard Levitte <levitte at openssl dot org> via OpenSSL commit e9c9971b Jul 1 18:28:50 2017 +0200
* Add a BUGS section stating that RSA_PKCS1_PADDING is weak by design;schwarze2017-08-201-3/+11
| | | | | from Emilia Kasper <emilia at openssl dot org> via OpenSSL commit 1e3f62a3 Jul 17 16:47:13 2017 +0200.
* Add a BUGS sectionschwarze2017-08-201-3/+10
| | | | | | stating that RSA_padding_check_PKCS1_type_2(3) is weak by design; from Emilia Kasper <emilia at openssl dot org> via OpenSSL commit 1e3f62a3 Jul 17 16:47:13 2017 +0200.
* import PEM_bytes_read_bio(3) from OpenSSL,schwarze2017-08-204-7/+124
| | | | dropping the secmem stuff that we don't want
* mention CRYPTO_mem_leaks_cb(3) because OpenSSLschwarze2017-08-201-4/+18
| | | | now also documents it, in OPENSSL_malloc.pod
* import EVP_PKEY_meth_get_count.pod from OpenSSL, pruning the functions weschwarze2017-08-202-1/+75
| | | | don't have, which implies renaming the file to EVP_PKEY_meth_get0_info.3
* fix wrong function name;schwarze2017-08-201-6/+7
| | | | | from Rich Salz <rsalz at openssl dot org> via OpenSSL commit 1722496f Jun 8 15:18:38 2017 -0400
* sync with OpenSSL:schwarze2017-08-201-4/+14
| | | | | | | | | | | | | | 1. mention three additional functions for stitched ciphers from Steven Collison <steven at raycoll dot com> via OpenSSL commit 209fac9f Mar 28 12:46:07 2017 -0700 2. fix wrong data type of an automatic variable in an example from Paul Yang <paulyang dot inf at gmail dot com> via OpenSSL commit 719b289d May 22 23:18:45 2017 +0800 3. fix memory leak in sample encryption code and check return value of fopen from Greg Zaverucha <gregz at microsoft dot com> via OpenSSL commit 519a5d1e Jun 27 17:38:25 2017 -0700
* zap trailing whitespace;jmc2017-08-201-2/+2
|
* sprinkle a few missing dependencies on perl scripts internal bits.espie2017-08-203-11/+17
| | | | 'it works' deraadt@
* Sync with OpenSSL: document several new functions, plus some additionalschwarze2017-08-201-48/+227
| | | | | minor improvements. Mostly from Todd Short <tshort at akamai dot com> via OpenSSL commit cf37aaa3 Aug 4 11:24:03 2017 +1000.
* clarify deprecation notice;schwarze2017-08-201-6/+7
| | | | from Rich Salz, OpenSSL commit a95d7574, July 2, 2017
* New ASN1_STRING_TABLE_add(3) manual page, based on information fromschwarze2017-08-202-1/+94
| | | | | | | | | the OpenSSL manual page committed on July 27, 2017, and on source code inspection. Use my own Copyright and license because no copyright-worthy amount of text from OpenSSL remains. NOTA BENE: BUGS Most aspects of the semantics considerably differ from OpenSSL.
* fix missing bracket on ARMbcook2017-08-141-15/+15
| | | | ok beck@
* Add ability to clamp a notafter to values representable in a 32 bit time_tbeck2017-08-133-7/+41
| | | | | | This will only be used in portable. As noted, necessary to make us conformant to RFC 5280 4.1.2.5. ok jsing@ bcook@
* Switch to -Werror with clang for libressl.doug2017-08-131-2/+2
| | | | | Discussed with beck@ and jsing@ ok beck@
* move endian/word size checks from runtime to compile timebcook2017-08-134-325/+340
| | | | ok guenther@
* Convert the sigma and tau initialisers to byte arrays, rather than usingjsing2017-08-131-3/+12
| | | | | | | | | strings. The original code is perfectly valid C, however it causes some compilers to complain since it lacks room for a string NUL terminator and the compiler is not smart enough to realise that these are only used as byte arrays and never treated as strings. ok bcook@ beck@ inoguchi@
* bump to 2.6.1bcook2017-08-121-3/+3
|
* add missing and correct misspelled names, most in NAME sections;schwarze2017-08-016-21/+29
| | | | | found with regress/usr.bin/mandoc/db/dbm_dump; OK jmc@
* Allow leading . in nameConstraints. from openssl via jabberwock. ok jsingtedu2017-07-201-2/+2
|
* remove misc. depend and yacc nits that no longer matter.espie2017-07-101-2/+1
| | | | okay millert@
* fix broken cross references; found with mandoc -Tlintschwarze2017-07-063-43/+8
|
* fix cross references to self; found with mandoc -Tlintschwarze2017-07-052-7/+6
|
* .init stub creation doesn't need a jmp + .align to reach a branch target,deraadt2017-06-281-3/+0
| | | | | | | just fall into the code. The .align created a FILL zone in the .init section, which on i386 was filled with a NOP-sled, something we want to get away from. discussed with kettenis and tom
* Distinguish between self-issued certificates and self-signed certificates.jsing2017-06-222-30/+40
| | | | | | | | | | | | | | The certificate verification code has special cases for self-signed certificates and without this change, self-issued certificates (which it seems are common place with openvpn/easyrsa) were also being included in this category. Based on BoringSSL. Thanks to Dale Ghent <daleg at elemental dot org> for assisting in identifying the issue and testing this fix. ok inoguchi@
* mark files as BUILDFIRST, or write explicit dependencies, so that mostespie2017-06-161-1/+2
| | | | | programs will build even without a make depend first. okay tb@ millert@
* repair broken markup of callback argument; found with mandoc -Tlintschwarze2017-06-101-5/+3
|
* Randomize link-order of libcrypto as we do with libc. This libraryderaadt2017-05-291-1/+2
| | | | | | | | | | | | | | has many small functions without significant local storage, therefore less tail protection from -fstack-protector-strong to prevent their use as ROP gadgets. It is used in security contexts. Also many functions dribble pointers onto the stack, allowing discovery of gadgets via the fixed relative addresses, so let's randomly bias those. ok tedu jsing The rc script will soon need a strategy for skipping this step on machines with poor IO performance. Or maybe do it less often? However, I don't see many more libraries we'll do this with, these are the two most important ones.
* Avoid a potential NULL pointer dereference in d2i_ECPrivateKey().jsing2017-05-261-1/+7
| | | | | | Reported by Robert Swiecki, who found the issue using honggfuzz. ok bcook@
* Add definitions for three OIDs used in EV certificates.jsing2017-05-252-0/+9
| | | | From Kyle J. McKay <mackyle at gmail dot com>
* Fix a problem introduced in freezero() conversion and usejsg2017-05-111-2/+2
| | | | | | | | | | sizeof(struct) not sizeof(pointer). otto@ points out that on OpenBSD currently freezero() would have still zeroed the entire allocation, but this is not documented behaviour and may change in future. ok tom@
* BUF_MEM_grow_clean() returns an int, not a size_t. Humourously, on successjsing2017-05-081-3/+3
| | | | it returns "len", which is a size_t value, as an int...
* Bring in HKDF, from BoringSSL, with regress tests modified to bebeck2017-05-063-1/+186
| | | | | in C. Ride previous minor bump ok tom@ inoguchi@ jsing@
* space needed between macro arg and punctuation;jmc2017-05-061-2/+2
|
* Bump minors for symbol addition in libcryptobeck2017-05-061-1/+1
| | | | ok jsing@
* Add ASN1_TIME_set_to to exported symbolsbeck2017-05-061-0/+4
| | | | ok jsing@
* Add ASN1_TIME_set_tm to set an asn1 from a struct tm *beck2017-05-063-5/+44
| | | | ok jsing@
* the XXXfree functions being called accept NULL, so don't check first.deraadt2017-05-023-26/+14
| | | | ok beck
* use freezero() instead of memset/explicit_bzero + free. Substantiallyderaadt2017-05-0237-234/+107
| | | | | | | | | | reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
* No original OpenSSL code remains in this file. Relicensebeck2017-04-301-54/+13
|
* Make BIO_get_host_ip just yet another getaddrinfo wrapperbeck2017-04-301-27/+20
|
* Rework BIO_accept to be more like modern code.beck2017-04-301-54/+19
| | | | ok jsing@
* Only enable -Werror on libcrypto/libssl/libtls if we are building withjsing2017-04-301-3/+6
| | | | | | | gcc4. This should avoid failed builds while transitioning compilers. While here also make the CFLAGS blocks consistent across makefiles. Discussed with deraadt@, ok beck@
* Microsoft Windows hates BIO_get_accept_socket in portable. Fix it tobeck2017-04-301-115/+35
| | | | | | not be awful or have any claims on supporting ipv6 when it does so very badly ok jsing@
* Stop calling OPENSSL_init() internally, since it is a no-op. Also placejsing2017-04-293-9/+4
| | | | | | it under #ifndef LIBRESSL_INTERNAL. ok beck@
* Switch Linux getrandom() usage to non-blocking mode, continuing tobeck2017-04-291-6/+9
| | | | | | | | | | use fallback mechanims if unsuccessful. The design of Linux getrandom is broken. It has an uninitialized phase coupled with blocking behaviour, which is unacceptable from within a library at boot time without possible recovery. ok deraadt@ jsing@
* Revert previous change that forced consistency between return value andbeck2017-04-281-10/+2
| | | | | | | error code, since this breaks the documented API. Under certain circumstances this will result in incorrect successful certiticate verification (where a user supplied callback always returns 1, and later code checks the error code to potentially abort post verification)
* revert previous accidental commitbeck2017-04-285-25/+46
|
* *** empty log message ***beck2017-04-285-46/+25
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-26 19:35:19 +0000