| Commit message (Collapse) | Author | Files | Lines |
|---|
|
to the arguments of OCSP_cert_id_new(3). Adjust the manual.
|
|
tested in a bulk by sthen
ok beck, jsing
|
|
to the "obj" argument of X509v3_get_ext_by_OBJ(3). Adjust the manual.
|
|
to the "sig" argument of EVP_DigestVerifyFinal(3). Adjust the manual.
|
|
PKCS12_decrypt_skey(3).
tested in a bulk by sthen
ok beck, jsing
|
|
ok beck@ tb@
|
|
Also place all of the OPENSSL_* memory related prototypes under #ifndef
LIBRESSL_INTERNAL.
ok beck@ tb@
|
|
PKCS12_add_key(3), PKCS12_add_safe(3), PKCS12_create(3).
tested in a bulk build by sthen
ok beck, jsing
|
|
PEM_write(3) and PEM_write_bio(3).
tested in a bulk build by sthen
ok jsing
|
|
OCSP_crlID_new(3), OCSP_parse_url(3), OCSP_sendreq_bio(3),
OCSP_sendreq_new(3), and OCSP_url_svcloc_new(3).
tested in a bulk build by sthen
ok jsing (as part of a larger diff)
|
|
X509_get_subject_name(3).
tested in a bulk build by sthen
ok jsing (as part of a larger diff)
|
|
ASN1_INTEGER * arguments of OCSP_cert_id_new(3).
tested in a bulk build by sthen
ok jsing (as part of a larger diff)
|
|
OCSP_REQUEST_get_ext_by_OBJ(3), OCSP_ONEREQ_ext_by_OBJ(3)
OCSP_BASICRESP_get_ext_by_OBJ(3), OCSP_SINGLERESP_get_ext_by_OBJ(3)
tested in a bulk build by sthen
ok jsing (as part of a larger diff)
|
|
X509v3_get_ext_by_OBJ(3).
tested in a bulk build by sthen
ok jsing (as part of a larger diff)
|
|
EVP_PKEY_get_attr_by_OBJ(3), X509at_get_attr_by_OBJ(3),
X509at_get0_data_by_OBJ(3), X509_REQ_get_attr_by_OBJ(3)
tested in a bulk by sthen
ok beck (as part of a larger diff)
|
|
tested in a bulk build by sthen
ok beck (as part of a larger diff)
|
|
tested in a bulk build by sthen
ok beck (as part of a larger diff)
|
|
tested in a bulk build by sthen
ok beck (as part of a larger diff)
|
|
tested in a bulk build by sthen
ok beck (as part of a larger diff)
|
|
to the argument of BIO_new_accept(3), BIO_new_connect(3), and
BIO_new_mem_buf(3). Update the documentation.
|
|
to return value of BIO_s_mem(3). Update the manual page.
|
|
BIO_new_accept(). The one for BIO_new_mem_buf() is a bit ugly
since it needs to cast away the newly added const qualifier,
as in OpenSSL commit 8ab31975bac.
ok jsing
|
|
BIO_s_datagram().
ok jsing
|
|
Avoid overloading a variable to store both a value and an error code - we
can simply inline the error calls (as done everywhere else). Remove a bunch
of unnecessary parentheses and tidy a few other things.
With input from tb@.
ok inoguchi@ tb@
|
|
This could potentially result in a left shift that exceeded the size of the
storage type.
Issue found by Simon Friedberger, Robert Merget and Juraj Somorovsky.
ok inoguchi@ tb@
|
|
ok bcook@ tb@
|
|
alert rather than an internal_error alert.
Issue found by Simon Friedberger, Robert Merget and Juraj Somorovsky.
ok beck@ inoguchi@
|
|
ok benno
|
|
|
|
to the return value of BIO_f_base64(3), BIO_f_cipher(3), and
BIO_f_base64(3). Update the documentation.
|
|
tested in bulk by sthen
ok jsing
|
|
Reported by Ondřej Surý, LibreSSL-portable issue #92.
ok inoguchi, jsing
|
|
to some function arguments. Update the documentation.
|
|
tested in a bulk by sthen
ok jsing
|
|
to the prototypes of several functions. Update the documentation.
|
|
to return const. Update the documentation.
|
|
|
|
public API in libssl.
ok beck, jsing
|
|
functions.
ok beck, jsing
|
|
With advice from jca@
OK jca@ millert@
|
|
carefully document constant time vs. non-constant time operation
of BN_div(3), BN_mod_exp(3), and BN_mod_inverse(3).
Until the work that is required on the ill-designed BN_exp(3) and
BN_gcd(3) interfaces can be undertaken, also document the imperfections
in their behaviour, for now. Finally, mention BN_mod_exp(3) behaviour
for even moduli.
Delete the vague statement about some functions automatically
setting BN_FLG_CONSTTIME. It created a false sense of security.
Do not rely on it: not all relevant functions do that.
Topic brought up by beck@, significant feedback and OK jsing@.
|
|
ok schwarze@
|
|
|
|
|
|
and reference gethostby*(3) and /etc/hosts instead.
Say that setnetent(3), getnetent(3), and endnetent(3) now do nothing.
With feedback from guenther and significant help from deraadt@.
|
|
While here, stop implying plans to support additional address
families in the future, and do not call gethostbyname2(3) "advanced".
OK deraadt@ guenther@
|
|
getnetent(3), and endnetent(3) do nothing, just like sethostent(3),
gethostent(3), and endhostent(3) years ago.
OK deraadt@ guenther@
|
|
of OpenSSL commit c0caa945f6ef30363e0d01d75155f20248403df4 to our
version of this function.
ok beck, jsing
Original commit message:
commit c0caa945f6ef30363e0d01d75155f20248403df4
Author: Pauli <paul.dale@oracle.com>
Date: Wed Nov 1 06:58:13 2017 +1000
Address a timing side channel whereby it is possible to determine some
information about the length of the scalar used in DSA operations from
a large number (2^32) of signatures.
This doesn't rate as a CVE because:
* For the non-constant time code, there are easier ways to extract
more information.
* For the constant time code, it requires a significant number of signatures
to leak a small amount of information.
Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for
reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4576)]
|
|
this is OpennSSL commit 4a089bbdf11f9e231cc68f42bba934c954d81a49.
ok beck, jsing
Original commit message:
commit 4a089bbdf11f9e231cc68f42bba934c954d81a49
Author: Pauli <paul.dale@oracle.com>
Date: Wed Nov 1 06:58:39 2017 +1000
Address a timing side channel whereby it is possible to determine some
information about the length of the scalar used in ECDSA operations
from a large number (2^32) of signatures.
This doesn't rate as a CVE because:
* For the non-constant time code, there are easier ways to extract
more information.
* For the constant time code, it requires a significant number of signatures
to leak a small amount of information.
Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for
reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4576)]
|
|
in preparation for pledgepath
ok deraadt@
|
