summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Rename EVP_aead_chacha20_poly1305() to EVP_aead_chacha20_poly1305_old()jsing2016-04-284-17/+17
| | | | | | | and replace with EVP_aead_chacha20_poly1305_ietf(). The IETF version will become the standard version. Discussed with many.
* Use the correct iv and counter when decrypting the ciphertext forjsing2016-04-131-4/+4
| | | | EVP_aead_chacha20_poly1305_ietf().
* for some time now mandoc has not required MLINKS to functionjmc2016-03-301-166/+1
| | | | | | | | | | | | correctly - logically complete that now by removing MLINKS from base; authors need only to ensure there is an entry in NAME for any function/ util being added. MLINKS will still work, and remain for perl to ease upgrades; ok nicm (curses) bcook (ssl) ok schwarze, who provided a lot of feedback and assistance ok tb natano jung
* Merge a memleak fix from BoringSSL 6b6e0b2:mmcc2016-03-272-2/+6
| | | | | | https://boringssl.googlesource.com/boringssl/+/6b6e0b20893e2be0e68af605a60ffa2cbb0ffa64%5E!/#F0 ok millert@, beck@
* Return zero from two functions on allocation failure instead of alwaysmmcc2016-03-212-4/+4
| | | | | | | | | | | returning one (indicating success). Each function has only a single usage, and both usages check the return value. Merged from BoringSSL 0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c: https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!/#F0 ok beck@
* " the the " -> " the ", or in a couple of cases replace the superfluouskrw2016-03-207-10/+10
| | | | | | "the" with the obviously intended word. Started with a "the the" spotted by Mihal Mazurek.
* explicit_bzero for asn1 objects on free. Too often these contain sensitive ↵beck2016-03-171-24/+27
| | | | | | | information and they should not be a performance bottleneck ok miod@ krw@
* 'accomodate' -> 'accommodate' in comments.krw2016-03-155-9/+9
| | | | Started by diff from Mical Mazurek.
* Fix examples for EVP_PKEY_CTX_set_rsa_padding.bcook2016-03-132-2/+2
| | | | | | | | Noted here, https://github.com/libressl-portable/portable/issues/161, we document a non-existent constant in the examples for EVP_PKEY_CTX_set_rsa_padding. ok deraadt@
* Add error handling to the remaining calls to bn_wexpand().bcook2016-03-122-16/+23
| | | | | | | Noticed by pascal-cuoq from Github: https://github.com/libressl-portable/openbsd/issues/56 ok beck@
* Remove sentences in RETURN VALUES sections saying that functions withmmcc2016-03-1211-23/+2
| | | | | | | | | | | | | void return types 'return no value'. This is obvious and therefore unneccessary to mention. We spare rewind(3)'s sentence because espie@ pointed out that it's a warning - the function masks a potential error. This commit also adds a sentence to X509_free clarifying that it's NULL-safe. This bit was discussed with doug@. ok martijn@, sentiment supported by schwarze@
* Bump for LibreSSL 2.4.0bcook2016-03-121-3/+3
|
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-1122-119/+73
| | | | ok doug@
* http -> https for a few more IETF URLs in comments or man pagesmmcc2016-03-105-12/+12
|
* http -> https for IETF/IANA URLs in commentsmmcc2016-03-072-8/+8
|
* explict_bzero for some asn1 free's - ok miod@beck2016-03-062-3/+9
|
* Make sure stdio functions don't end up in the library, from miod@beck2016-03-067-15/+39
| | | | ok doug@ bcook@
* graduate bn_expand() to a real function. the openssl version of thisderaadt2016-03-042-4/+16
| | | | | | | uses a macro with multiple-evaluations of arguments (different amount than the previous version..), but doug/bcook's inline version makes BIGNUM not opaque [problem spotted by naddy] ok doug
* Revert bn_expand until there's consensus on a fix.doug2016-03-041-14/+3
|
* fix the rest of the read_ledword() calls used as lengths to be bounded.beck2016-03-021-1/+5
| | | | | inspired by guido vranken https://guidovranken.wordpress.com/2016/03/01/public-disclosure-malformed-private-keys-lead-to-heap-corruption-in-b2i_pvk_bio/ ok doug@
* Add bounds checking for BN_hex2bn/BN_dec2bn.doug2016-03-022-10/+26
| | | | | | | | | Need to make sure i * 4 won't overflow. Based on OpenSSL: commit 99ba9fd02fd481eb971023a3a0a251a37eb87e4c input + ok bcook@ ok beck@
* bound lengths coming out of a pem file to something like realitybeck2016-03-021-3/+7
| | | | ok deraadt@
* Remove support for ancient, broken DSA implementations.doug2016-03-011-60/+20
| | | | | | | | | | | | | | | Based on a few OpenSSL commits: Remove ancient DSA workarounds commit ab4a81f69ec88d06c9d8de15326b9296d7f498ed Remove workaround for broken DSA implementations using negative integers commit dfb10af92e9663ce4eefaa1d6b678817fa85344d Typo in error name (EVP_R_DECODE_ERROR -> DSA_R_DECODE_ERROR) commit f6fb7f1856d443185c23f1a5968c08b4269dd37d ok beck@
* remove NULL checks for pqueue_free()mmcc2016-02-292-22/+12
| | | | ok doug@
* Therefor -> Therefore (where appropriate)tb2016-01-292-2/+2
| | | | from ray@, ok jmc@
* deprecate SSL_OP_SINGLE_DH_USElibressl-v2.3.2beck2016-01-274-74/+12
| | | | ok jsing@
* Document that the ssl free() functions are NULL safe. OK mmcc@millert2015-12-306-12/+42
|
* More adress -> addressmmcc2015-12-242-2/+2
|
* remove NULL-checks before free()mmcc2015-12-233-19/+11
|
* assign pointer NULL rather than 0mmcc2015-12-231-2/+2
|
* assign pointer to NULL rather than 0mmcc2015-12-231-2/+2
|
* initialize a pointer to NULL rather than 0mmcc2015-12-221-2/+2
|
* initialize ext_len to 0.beck2015-12-141-2/+6
| | | | ok guenther@
* initialize ok to 0beck2015-12-141-2/+2
| | | | ok guenther@
* initialize md_len to 0 for readability to quell warnings.beck2015-12-141-3/+3
| | | | ok guenther@
* decipher comment. ok bcook@mmcc2015-12-122-4/+4
|
* move initialization of buf up to quell warnings and make it obvious the err ↵beck2015-12-121-4/+5
| | | | | | case is ok. ok bcook@
* prevent possibly use of uninitialized variablebeck2015-12-121-2/+2
| | | | ok bcook@
* make the counter a size_t as well, which quells a warning on visual studio 2015beck2015-12-121-2/+3
| | | | ok bcook@
* bump the major for libcrypto/ssl/tls for a CRYPTO_chacha_20 ABI changebcook2015-12-092-4/+4
| | | | ok jsing@, deraadt@, beck@
* Change the counter argument for CRYPTO_chacha_20 to be 64-bits on all platforms.bcook2015-12-092-5/+6
| | | | | | | | | | | The recently-added EVP_aead_chacha20_poly1305_ietf() function, which implements informational RFC 7539, "ChaCha20 and Poly1305 for IETF Protocols", needs a 64-bit counter to avoid truncation on 32-bit platforms. The existing TLS ChaCha20-Poly1305 ciphersuite is not impacted by this, but making this change requires an ABI bump. ok jsing@, "Looks sane" beck@
* Remove SHA0 check, as we did in v1.21 of sha.h.bcook2015-12-071-2/+2
| | | | | | This enables ENGINE_get_digest to work again with SHA1. noted by NARUSE, Yui, @nurse from github
* Fix for OpenSSL CVE-2015-3195beck2015-12-041-3/+8
| | | | ok djm@ jsing@
* Fix for OpenSSL CVE-2015-3194beck2015-12-031-2/+2
| | | | ok krw@
* fix references to lhash(3);jmc2015-11-152-14/+16
|
* mutli -> multimiod2015-11-141-1/+1
|
* Various *syncron* -> *synchron* typos.miod2015-11-141-1/+1
|
* update cross references after deleting the imaginary MLINKSschwarze2015-11-122-2/+2
| | | | bn_internal(3) and lhash(3)
* Convert the handful of manuals that had imaginary names,schwarze2015-11-126-1055/+0
| | | | | give them names that really exist. This also helps jmc@'s ongoing work on improving NAME sections.
* add missing functions to NAME, or otherwise correct the mlinkjmc2015-11-1120-43/+69
| | | | | | entry for them; feedback/ok schwarze
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-07 10:44:04 +0000