summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Provide X509_get{0,m}_not{Before,After}().jsing2018-02-143-5/+41
|
* Provide ASN1_STRING_get0_data().jsing2018-02-143-3/+11
|
* Provide EVP_PKEY_up_ref().jsing2018-02-143-2/+11
|
* Start providing parts of the OpenSSL 1.1 API.jsing2018-02-143-2/+24
| | | | | | | | | | This will ease the burden on ports and others trying to make software work with LibreSSL, while avoiding #ifdef mazes. Note that we are not removing 1.0.1 API or making things opaque, hence software written to use the older APIs will continue to work, as will software written to use the 1.1 API (as more functionality become available). Discussed at length with deraadt@ and others.
* Provide X509_get_signature_nid().jsing2018-02-143-12/+21
|
* New manual page EVP_PKEY_asn1_new(3) from Richard Levitteschwarze2018-02-148-13/+475
| | | | | | | | | | | via OpenSSL commit 751148e2 Oct 27 00:11:11 2017 +0200, including only the parts related to functions that exist in OpenBSD. The design of these interfaces is not particularly pretty, they are not particularly easy to document, and the manual page does not look particularly good when formatted, but what can we do, things are as they are...
* I recently documented X509_VERIFY_PARAM_lookup(3), so change .Fn to .Xr.schwarze2018-02-141-3/+3
|
* Mention two more block cipher modes that actually exist in our tree;schwarze2018-02-141-8/+30
| | | | | | | | | | | | | from Patrick dot Steuer at de dot ibm dot com via OpenSSL commit 338ead0f Oct 9 12:16:34 2017 +0200. Correct the EVP_EncryptUpdate(3) and EVP_DecryptUpdate(3) prototypes; from FdaSilvaYY at gmail dot com via OpenSSL commit 7bbb0050 Nov 22 22:00:29 2017 +0100. Document the additional public function EVP_CIPHER_CTX_rand_key(3); from Patrick dot Steuer at de dot ibm dot com via OpenSSL commit 5c5eb286 Dec 5 00:36:43 2017 +0100.
* Add the missing RETURN VALUES section.schwarze2018-02-131-5/+118
| | | | | Mostly from Paul Yang via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800, tweaked by me for conciseness and accuracy.
* Add the missing RETURN VALUES section, mostly from Paul Yangschwarze2018-02-131-11/+38
| | | | | | | | via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800, but fixing two bugs in his description. This commit also includes a few minor improvements to the description of DES_fcrypt(3), also from OpenSSL, tweaked by me.
* Correctly describe BN_get_word(3) and BN_set_word(3).schwarze2018-02-131-20/+25
| | | | | | | | These functions constitute an obvious portability nightmare, but that's no excuse for incorrect documentation. Pointed out by Nicolas Schodet via OpenSSL commit b713c4ff Jan 22 14:41:09 2018 -0500.
* Mention that BN_new(3) sets the value to zero;schwarze2018-02-131-5/+6
| | | | | from Hubert Kario <hkario at redhat dot com> via OpenSSL commit 681acb31 Sep 29 13:10:34 2017 +0200.
* Delete duplicate .Nm entry in the NAME section,schwarze2018-02-131-4/+4
| | | | | | | | from Rich Salz via OpenSSL commit 8162f6f5 Jun 9 17:02:59 2016 -0400. Merging the RETURN VALUES section really wouldn't make much sense here, it contains no additional information and i don't see any way to reorganize the content and make it better.
* Add the missing RETURN VALUES section.schwarze2018-02-131-14/+76
| | | | | | | | | | Triggered by OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800 by Paul Yang, but reworded for intelligibility and precision. While here, also expand the description of the "ret" argument of BIO_callback_fn(). That's a fairly complicated and alarmingly powerful concept, but the description was so brief that is was barely comprehensible.
* Add the missing RETURN VALUES section;schwarze2018-02-121-3/+21
| | | | | from Paul Yang via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800 with tweaks by me.
* Add the missing RETURN VALUES section;schwarze2018-02-121-3/+15
| | | | from Paul Yang via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800.
* Add missing RETURN VALUES section.schwarze2018-02-121-4/+15
| | | | | From Paul Yang via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800 with one tweak.
* Add the missing RETURN VALUES section and reorder the contentschwarze2018-02-121-35/+93
| | | | | | | | | | accordingly. Make some statements more precise, and point out some dangerous traps in these ill-designed interfaces. Also do some minor polishing while here. Triggered by OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800 by Paul Yang, but not using most of his wording because that is in part redundant, in part incomplete, and in part outright wrong.
* Document three more functions recently made public by jsing@schwarze2018-02-111-18/+185
| | | | | | as requested by jsing@, and also document six more related functions that have already been public before that. OpenSSL fails to document any of these.
* Merge documentation from OpenSSL for seven functionsschwarze2018-02-111-7/+196
| | | | | that jsing@ recently exposed publicly in libcrypto. Requested by jsing@.
* Bump lib{crypto,ssl,tls} minors due to symbol addition.jsing2018-02-101-1/+1
|
* Expose X509_VERIFY_PARAM_* functions that appeared in the OpenSSL 1.0.2jsing2018-02-102-1/+26
| | | | API and are now in use by various libraries and applications.
* Restore the old behavior when a port number without a host name isbluhm2018-02-071-10/+12
| | | | | | passed to BIO_get_accept_socket(). This is part of the API and it fixes "openssl ocsp -port 12345" in server mode. from markus@; OK jsing@ beck@
* Do not call freeaddrinfo() with a NULL parameter.bluhm2018-02-061-2/+3
| | | | OK jsing@
* Make the NEON codepaths conditional on __STRICT_ALIGNMENT not beingkettenis2018-01-243-5/+5
| | | | | | defined as they rely on unaligned access. ok joel@
* On OpenBSD/armv7 we deliberately trap unaligned access. Unfortunatelykettenis2018-01-075-12/+16
| | | | | | | | the assembly code in libcrypto assumes unaligned access is allowed for ARMv7. Make these paths conditional on __STRICT_ALIGNMENT not being defined and define __STRICT_ALIGNMENT in arm_arch.h for OpenBSD. ok tom@
* bump to 2.7.0bcook2017-12-111-3/+3
|
* http://repzret.org/p/repzret/deraadt2017-12-113-8/+8
| | | | | | | | | | My read of this: Long time ago (Think Conan, not dinasaurs) during the race to make speedier processors, a cpu vendor built a pipeline with a bad stall, and proposed a tremendously hasky workaround. A wizard adopted this into his perl scroll, and failed to reflect later when no compiler adopted the practice. This relic remains at the tail end of some functions in OpenSSL as ".byte 0xf3,0xc3". Banish it straight to hell. ok mlarkin, others also stared blankly
* In the middle of CRYPTO_gcm128_finish() there is a complicated #ifdefderaadt2017-12-091-6/+8
| | | | | block which defines a variable late, after code. Place this chunk into a { subblock } to satisfy old compilers and old eyes.
* Please variable decl before code.deraadt2017-12-091-2/+2
|
* Rewrite ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.jsing2017-11-281-81/+78
| | | | | | | This removes the last remaining use of the old M_ASN1_* macros (asn1_mac.h) from API that needs to continue to exist. ok beck@ inoguchi@
* GNU ld has prefixed the contents of .gnu.warning.SYMBOL sectionstb2017-11-281-4/+4
| | | | | | | | with "warning: " since 2003, so the messages themselves need not contain the prefix anymore. From Scott Cheloha ok jca, deraadt
* bump version in advance of final releasebcook2017-09-261-3/+3
|
* bump wo 2.6.2libressl-v2.6.2bcook2017-09-261-3/+3
|
* Checking sizeof size_t by SIZE_MAX instead of _LP64inoguchi2017-09-031-7/+7
| | | | ok bcook@
* Remove OPENSSL_NO_NEXTPROTONEG - some software creates conflictingjsing2017-08-311-1/+0
| | | | | prototypes if we have both OPENSSL_NO_NEXTPROTONEG and the prototypes defined.
* Bring back the RSA_SSLV23_PADDING define.jsing2017-08-301-1/+2
| | | | Several pieces of software expect this to be available unconditionally.
* Fix ifdef to if in gcm128.cinoguchi2017-08-301-2/+2
| | | | ok deraadt@ bcook@
* Bump lib{crypto,ssl,tls} majors due to symbol removals.jsing2017-08-281-2/+2
|
* Remove EVP_aead_chacha20_poly1305_old() now that the original/oldjsing2017-08-283-83/+28
| | | | chacha20-poly1305 cipher suites have been removed from libssl.
* Remove documentation for EVP_aead_chacha20_poly1305_ietf() - this wasjsing2017-08-281-13/+3
| | | | removed/renamed a long time back.
* Put the opening curly brace in the right place.jsing2017-08-281-2/+3
|
* Remove RSA_padding_add_SSLv23()/RSA_padding_check_SSLv23() and relatedjsing2017-08-289-202/+11
| | | | | | code. We removed SSLv2/SSLv3 a long time ago... Discussed with doug@
* Define OPENSSL_NO_NEXTPROTONEG since there is no longer any NPN.jsing2017-08-281-0/+1
|
* Make the symbol for ASN1_time_tm_clamp_notafter visible so libtlsbeck2017-08-273-4/+5
| | | | | can get at it, so libtls can also deal with notafter's past the realm of 32 bit time in portable
* New manual page X509_check_private_key(3), using informationschwarze2017-08-202-1/+65
| | | | | | | | from the OpenSSL manual and from code inspection. Use my own Copyright and license because no Copyright-worthy amount of text from OpenSSL remains. And, no, these functions do *NOT* check private keys, not at all.
* fix a pasto in the description of UI_get0_result_string(3);schwarze2017-08-201-4/+4
| | | | | from Richard Levitte <levitte at openssl dot org> via OpenSSL commit e9c9971b Jul 1 18:28:50 2017 +0200
* Add a BUGS section stating that RSA_PKCS1_PADDING is weak by design;schwarze2017-08-201-3/+11
| | | | | from Emilia Kasper <emilia at openssl dot org> via OpenSSL commit 1e3f62a3 Jul 17 16:47:13 2017 +0200.
* Add a BUGS sectionschwarze2017-08-201-3/+10
| | | | | | stating that RSA_padding_check_PKCS1_type_2(3) is weak by design; from Emilia Kasper <emilia at openssl dot org> via OpenSSL commit 1e3f62a3 Jul 17 16:47:13 2017 +0200.
* import PEM_bytes_read_bio(3) from OpenSSL,schwarze2017-08-204-7/+124
| | | | dropping the secmem stuff that we don't want
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-22 17:38:13 +0000