summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix some broken .Xr links, loosely based on a diffschwarze2016-10-051-13/+12
| | | | | | | | from Rob Pierce <rob at 2keys dot ca>. The content of this page may also need expert attention, i suspect it may be lacking modern algorithms and over-emphasizing obsolete ones, but i dare not touch the content.
* In X509_cmp_time(), pass asn1_time_parse() the tag of the field beingguenther2016-10-021-2/+3
| | | | | | | | | parsed so that a malformed GeneralizedTime field is recognized as an error instead of potentially being interpreted as if it was a valid UTCTime. Reported by Theofilos Petsios (theofilos (at) cs.columbia.edu) ok beck@ tedu@ jsing@
* Append to CLEANFILES instead of replacing it, so libcrypto.pc isnatano2016-09-231-2/+2
| | | | | | deleted on make clean. ok millert
* revert documentation update for the clearning behavior we already revertedbcook2016-09-221-5/+1
|
* Generate pkg-config files at build time like everything else. Thisnatano2016-09-141-2/+3
| | | | | | | avoids permission problems due to the build and install stages being run by different users. ok deraadt jasper
* Files in /etc/ssl belong to root. ok deraadtnatano2016-09-111-4/+4
|
* missing space after commatb2016-09-091-2/+2
| | | | | | (this was apparently lost during the repo surgery) ok bcook
* back out calls to EVP_CIPHER_CTX_cleanup() in EVP_Cipher/Encrypt/DecryptFinalbcook2016-09-091-4/+1
| | | | | Software that refers to ctx after calling Final breaks with these changes. revert parts of 1.31 and 1.32
* remove CMS manuals; beck@ agress with the general ideaschwarze2016-09-0523-2347/+1
|
* Remove cms.jsing2016-09-041-8/+1
|
* Remove cms.jsing2016-09-0415-7541/+0
| | | | ok beck@, guenther@, tedu@
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-045-69/+293
| | | | No change in preprocessed output, ignoring whitespace and line numbers.
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-042-7/+27
| | | | No change in preprocessed output, ignoring whitespace and line numbers.
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-041-33/+133
| | | | No change in preprocessed output, ignoring whitespace.
* Place IMPLEMENT_PEM macros under #ifndef LIBRESSL_INTERNAL.jsing2016-09-041-2/+4
|
* Sort and group functions.jsing2016-09-044-238/+215
|
* Expand IMPLEMENT_PEM macros.jsing2016-09-044-30/+545
| | | | No change in generated assembly.
* Less S390.jsing2016-09-0412-4596/+2
| | | | ok deraadt@
* Less IA64.jsing2016-09-0410-6846/+1
| | | | ok deraadt@
* Less vax.jsing2016-09-044-617/+1
| | | | ok deraadt@
* include <sys/types.h> to get <sys/cdefs.h> instead (for __warn_references)bcook2016-09-041-2/+2
| | | | corrected by deraadt@ / guenther@
* include <sys/cdefs.h> for portablebcook2016-09-041-1/+3
|
* Add ISRG Root X1, the letsencrypt CA root. This is now included in its ownsthen2016-09-041-1/+55
| | | | | right in Mozilla's CA list, rather than relying on IdenTrust cross-signing. ok beck@ jca@
* only regen pkg-config files when required; ok jaspernatano2016-09-041-5/+5
|
* switch to a constant-time gather procedure for amd64 mont5 asmbcook2016-09-031-199/+314
| | | | | | | from OpenSSL commit 7f98aa7403a1244cf17d1aa489f5bb0f39bae431 CVE-2016-0702 ok beck@
* add constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF.bcook2016-09-031-16/+55
| | | | | | | | | | Patch based on OpenSSL commit d7a854c055ff22fb7da80c3b0e7cb08d248591d0 "Performance penalty varies from platform to platform, and even key length. For rsa2048 sign it was observed to reach almost 10%." CVE-2016-0702 ok beck@
* BN_mod_exp_mont_consttime: check for zero modulus.bcook2016-09-031-9/+33
| | | | | | | Don't dereference d when top is zero. Original patch from OpenSSL commit d46e946d2603c64df6e1e4f9db0c70baaf1c4c03 ok jsing@
* add iOS support for getentropybcook2016-09-031-1/+12
| | | | from Jacob Berkman, ok beck@
* deprecate EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal()bcook2016-09-032-7/+23
| | | | | | | | | | This switches EVP_CipherFinal() to work as EVP_EncryptFinal() and EVP_DecryptFinal() do, always clearing the cipher context on completion. Indicate that, since it is not possible to tell whether this function will clear the context (the API has changed over time in OpenSSL), it is better to use the _ex() variants and explicitly clear instead. ok beck@
* BN_mod_exp_mont_consttime: check for zero modulus.bcook2016-09-031-4/+5
| | | | | | | Don't dereference |d| when |top| is zero. Also test that various BIGNUM methods behave correctly on zero/even inputs. Original patch from OpenSSL commit d46e946d2603c64df6e1e4f9db0c70baaf1c4c03
* Avoid undefined-behavior right-shifting by a word-size # of bits.bcook2016-09-031-3/+2
| | | | Found with STACK, originally from OpenSSL, ok @beck
* Make tree build againbeck2016-09-033-6/+431
|
* remove unused variablebeck2016-09-031-2/+1
|
* Fix some very unnecessary convoultion.beck2016-09-031-16/+6
| | | | ok krw@
* crank minor for API addiiton of x509_email, etc. functionsbeck2016-09-031-1/+1
|
* Bring in functions used by stunnel and exim from BoringSSL - this bringsbeck2016-09-032-2/+452
| | | | | | in X509_check_host, X509_check_email, X509_check_ip, and X509_check_ip_asc, with some cleanup on the way in by myself and jsing@ ok bcook@
* Remove the libcrypto/crypto directorybeck2016-09-0341-6330/+0
|
* Update the link for the getentropy(2) manual to man.openbsd.org/tb2016-08-0716-32/+32
| | | | ok deraadt@
* Do not *printf %s NULLderaadt2016-08-051-2/+3
| | | | ok bcook
* bump for LibreSSL 2.5.xbcook2016-07-311-3/+3
|
* don't mix code and decls, ok tedu@bcook2016-07-181-2/+3
|
* use memset to initialize the unionbcook2016-07-171-2/+4
|
* remove unused OPENSSL_NO_OBJECT casebcook2016-07-171-14/+1
| | | | ok tedu@
* Initialize buffers before use, noted by Kinichiro Inoguchi.bcook2016-07-171-7/+7
| | | | ok beck@
* Clean up OCSP_check_validity() a bit more.beck2016-07-161-11/+10
| | | | | | - Return on first failure rather than continuing. - Don't compare times by comparing strings that possibly were not parsable as a time. ok deraadt@
* call BN_init on temporaries to avoid use-before-set warningsbcook2016-07-073-3/+14
| | | | ok beck@
* remove unneeded duplicate call - spotted by jsing@beck2016-07-051-3/+1
|
* On systems where we do not have BN_ULLONG defined (most 64-bit systems),bcook2016-07-054-12/+45
| | | | | | | | | | | | | | BN_mod_word() can return incorrect results if the supplied modulus is too big, so we need to fall back to BN_div_word. Now that BN_mod_word may fail, handle errors properly update the man page. Thanks to Brian Smith for pointing out these fixes from BoringSSL: https://boringssl.googlesource.com/boringssl/+/67cb49d045f04973ddba0f92fe8a8ad483c7da89 https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db100a4b8a830be ok beck@
* Add several fixes from OpenSSL to make OCSP work with intermediatebeck2016-07-051-10/+24
| | | | | | certificates provided in the response. - makes our newly added ocsp regress test pass too.. ok bcook@
* Tighten behavior of _rs_allocate failure for portable arc4random ↵bcook2016-06-3014-14/+28
| | | | | | | | | | implementations. In the event of a failure in _rs_allocate for rsx, we still have a reference to freed memory for rs on return. Not a huge deal since we subsequently abort in _rs_init, but it looks strange on its own. ok deraadt@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-21 07:44:23 +0000