summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* http -> https for IETF/IANA URLs in commentsmmcc2016-03-072-8/+8
|
* explict_bzero for some asn1 free's - ok miod@beck2016-03-062-3/+9
|
* Make sure stdio functions don't end up in the library, from miod@beck2016-03-067-15/+39
| | | | ok doug@ bcook@
* graduate bn_expand() to a real function. the openssl version of thisderaadt2016-03-042-4/+16
| | | | | | | uses a macro with multiple-evaluations of arguments (different amount than the previous version..), but doug/bcook's inline version makes BIGNUM not opaque [problem spotted by naddy] ok doug
* Revert bn_expand until there's consensus on a fix.doug2016-03-041-14/+3
|
* fix the rest of the read_ledword() calls used as lengths to be bounded.beck2016-03-021-1/+5
| | | | | inspired by guido vranken https://guidovranken.wordpress.com/2016/03/01/public-disclosure-malformed-private-keys-lead-to-heap-corruption-in-b2i_pvk_bio/ ok doug@
* Add bounds checking for BN_hex2bn/BN_dec2bn.doug2016-03-022-10/+26
| | | | | | | | | Need to make sure i * 4 won't overflow. Based on OpenSSL: commit 99ba9fd02fd481eb971023a3a0a251a37eb87e4c input + ok bcook@ ok beck@
* bound lengths coming out of a pem file to something like realitybeck2016-03-021-3/+7
| | | | ok deraadt@
* Remove support for ancient, broken DSA implementations.doug2016-03-011-60/+20
| | | | | | | | | | | | | | | Based on a few OpenSSL commits: Remove ancient DSA workarounds commit ab4a81f69ec88d06c9d8de15326b9296d7f498ed Remove workaround for broken DSA implementations using negative integers commit dfb10af92e9663ce4eefaa1d6b678817fa85344d Typo in error name (EVP_R_DECODE_ERROR -> DSA_R_DECODE_ERROR) commit f6fb7f1856d443185c23f1a5968c08b4269dd37d ok beck@
* remove NULL checks for pqueue_free()mmcc2016-02-292-22/+12
| | | | ok doug@
* Therefor -> Therefore (where appropriate)tb2016-01-292-2/+2
| | | | from ray@, ok jmc@
* deprecate SSL_OP_SINGLE_DH_USElibressl-v2.3.2beck2016-01-274-74/+12
| | | | ok jsing@
* Document that the ssl free() functions are NULL safe. OK mmcc@millert2015-12-306-12/+42
|
* More adress -> addressmmcc2015-12-242-2/+2
|
* remove NULL-checks before free()mmcc2015-12-233-19/+11
|
* assign pointer NULL rather than 0mmcc2015-12-231-2/+2
|
* assign pointer to NULL rather than 0mmcc2015-12-231-2/+2
|
* initialize a pointer to NULL rather than 0mmcc2015-12-221-2/+2
|
* initialize ext_len to 0.beck2015-12-141-2/+6
| | | | ok guenther@
* initialize ok to 0beck2015-12-141-2/+2
| | | | ok guenther@
* initialize md_len to 0 for readability to quell warnings.beck2015-12-141-3/+3
| | | | ok guenther@
* decipher comment. ok bcook@mmcc2015-12-122-4/+4
|
* move initialization of buf up to quell warnings and make it obvious the err ↵beck2015-12-121-4/+5
| | | | | | case is ok. ok bcook@
* prevent possibly use of uninitialized variablebeck2015-12-121-2/+2
| | | | ok bcook@
* make the counter a size_t as well, which quells a warning on visual studio 2015beck2015-12-121-2/+3
| | | | ok bcook@
* bump the major for libcrypto/ssl/tls for a CRYPTO_chacha_20 ABI changebcook2015-12-092-4/+4
| | | | ok jsing@, deraadt@, beck@
* Change the counter argument for CRYPTO_chacha_20 to be 64-bits on all platforms.bcook2015-12-092-5/+6
| | | | | | | | | | | The recently-added EVP_aead_chacha20_poly1305_ietf() function, which implements informational RFC 7539, "ChaCha20 and Poly1305 for IETF Protocols", needs a 64-bit counter to avoid truncation on 32-bit platforms. The existing TLS ChaCha20-Poly1305 ciphersuite is not impacted by this, but making this change requires an ABI bump. ok jsing@, "Looks sane" beck@
* Remove SHA0 check, as we did in v1.21 of sha.h.bcook2015-12-071-2/+2
| | | | | | This enables ENGINE_get_digest to work again with SHA1. noted by NARUSE, Yui, @nurse from github
* Fix for OpenSSL CVE-2015-3195beck2015-12-041-3/+8
| | | | ok djm@ jsing@
* Fix for OpenSSL CVE-2015-3194beck2015-12-031-2/+2
| | | | ok krw@
* fix references to lhash(3);jmc2015-11-152-14/+16
|
* mutli -> multimiod2015-11-141-1/+1
|
* Various *syncron* -> *synchron* typos.miod2015-11-141-1/+1
|
* update cross references after deleting the imaginary MLINKSschwarze2015-11-122-2/+2
| | | | bn_internal(3) and lhash(3)
* Convert the handful of manuals that had imaginary names,schwarze2015-11-126-1055/+0
| | | | | give them names that really exist. This also helps jmc@'s ongoing work on improving NAME sections.
* add missing functions to NAME, or otherwise correct the mlinkjmc2015-11-1120-43/+69
| | | | | | entry for them; feedback/ok schwarze
* Convert five more manuals from POD to mdoc.schwarze2015-11-115-458/+0
| | | | | I found drafts of these in my tree, probably originally from Max Fillinger, that just needed minor polishing.
* Convert and enable CMS manuals.schwarze2015-11-1116-1234/+0
| | | | Already some time ago, bcook@ said these can be installed.
* SSL_CTX_sess_set_remove mlink should be SSL_CTX_sess_set_remove_cb;jmc2015-11-101-2/+2
|
* Fix gcc version preprocessor checks to cope with gcc 5.x and beyond;miod2015-11-061-2/+2
| | | | reported by Ruslan Babayev.
* Cast Td4[] values (which are uint8_t) to uint32_t before shifting them left bymiod2015-11-051-5/+5
| | | | | | | | | 24 bits; if we don't, Td4[] gets cast to signed int, and according to C>=99 6.5.7, signed int shifted by enough bits to cause a the sign bit to be set is an UB. Reported by Pascal Cuoq on behalf of the trust-in-soft.com mafia I am {partial,slightly related} to.
* Mention ROTL() is always invoked with a proper shift value, due to the way themiod2015-11-051-1/+2
| | | | | CAST_KEY is constructed. This is expected to reduce blood pressure in auditors.
* bump to 2.3.2, format LIBRESSL_VERSION_NUMBER like OPENSSL_VERSION_NUMBER.bcook2015-11-031-3/+3
| | | | | | Suggested by WubTheCaptain so the same comparison code can be used with LibreSSL. https://www.openssl.org/docs/manmaster/crypto/OPENSSL_VERSION_NUMBER.html
* Fix typo in comment of previous commit: "that that".reyk2015-11-021-3/+3
|
* bump minors after adding EVP_aead_chacha20_poly1305_ietf()reyk2015-11-022-2/+2
| | | | OK jsing@
* Add EVP_aead_chacha20_poly1305_ietf() - The informational RFC 7539,reyk2015-11-022-19/+113
| | | | | | | | | "ChaCha20 and Poly1305 for IETF Protocols", introduced a modified AEAD construction that is incompatible with the common style that has been already used in TLS with EVP_aead_chacha20_poly1305(). The IETF version also adds a constant (salt) that is prepended to the nonce. OK mikeb@ jsing@
* Pull in <sys/types.h> to get ssize_t or <stdint.h> to get uint32_t, instead ofmiod2015-10-301-1/+2
| | | | | relying upon previously included headers to do this, to enhance portability; from Pascal Cuoq, libressl github pull request #52
* Sort the obsolete flags.doug2015-10-252-12/+12
|
* Mark SSL_OP_NO_{COMPRESSION,SSLv2,SSLv3} as obsolete.doug2015-10-252-10/+8
| | | | | | For backward compatibility, the flags are redefined as 0. ok jsing@
* Remove last vestige of SSL_OP_NO_SSLv3 support.doug2015-10-252-8/+2
| | | | | | No part of LibreSSL checks for this flag any longer. ok jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-19 01:41:03 +0000