| Commit message (Collapse) | Author | Files | Lines |
|---|
|
mistaknely made the write buffer usable even if the stream is read
mode. See the change of lib/libc/stdio/fpurge.c,v 1.11.
|
|
|
|
are no longer public, so delete their manual pages.
OK tb@
|
|
descriptions of CMS_REUSE_DIGEST, PKCS7_REUSE_DIGEST, SMIME_BINARY,
and SMIME_CRLFEOL and some improved wordings from that former page to
SMIME_write_CMS(3) and SMIME_write_PKCS7(3), with some further polishing.
Feedback and OK tb@.
|
|
|
|
and since SMIME_write_ASN1(3) is no longer public,
replace the .Xr to it with some other pointers.
OK tb@
|
|
so link to SMIME_read_CMS(3), SMIME_read_PKCS7(3), SMIME_write_CMS(3),
and/or SMIME_write_PKCS7(3) instead;
OK tb@
|
|
so link to SMIME_read_CMS(3) or SMIME_read_PKCS7(3) instead,
and sprinkle a few other .Xrs that may be helpful;
OK tb@
|
|
|
|
In bf_local.h r1.2, openssl/opensslconf.h was pulled out of the
HEADER_BF_LOCL_H header guard, so BF_PTR was never defined from
opensslfeatures.h. Thus, alpha, mips64, sparc64 haven't used the
path that is supposedly optimized for them. On the M3k the speed
gain of bf-cbc with BF_PTR is roughly 5%, so not really great.
This is blowfish, so I don't think we want to carry complications
for alpha and mips64 only.
ok jsing kenjiro
|
|
|
|
|
|
|
|
Most of the constants here are only defined if a specific header is in
scope. So move the machine-independent macros to those headers and lose
the header guards. Most of these should actually be typedefs but let's
change this when we're bumping the major since this technically has ABI
impact.
IDEA_INT RC2_INT and RC4_INT are always unsigned int
DES_LONG is always unsigned int except on i386
This preserves the existing situation on OpenBSD. If you're using
portable on i386 with a compiler that does not define __i386__,
there's an ABI break.
ok jsing
|
|
The OPENSSL_IA32_SSE2 flag controls whether a number of the perlasm
scripts generate additional implementations that use SSE2 functionality.
In all cases except ghash, the code checks OPENSSL_ia32cap_P for SSE2
support, before trying to run SSE2 code. For ghash it generates a CLMUL
based implementation in addition to different MMX version (one MMX
version hides behind OPENSSL_IA32_SSE2, the other does not), however this
does not appear to actually use SSE2. We also disable AES-NI on i386 if
OPENSSL_IA32_SSE2.
On OpenBSD, we've always defined OPENSSL_IA32_SSE2 so this is effectively
a no-op. The only change is that we now check MMX rather than SSE2 for the
ghash MMX implementation.
ok bcook@ beck@
|
|
GNU assembler version 2.19 was released in 2014, so it does not seem
unreasonable to expect that we have an assembler that supports AVX.
Furthermore, the current check fails on LLVM.
ok bcook@ beck@
|
|
This no longer does anything on this architecture.
ok bcook@ beck@
|
|
because these functions no longer exist.
OK tb@
|
|
OK tb@
|
|
is no longer public. Even though ASN1_add_oid_module() still exists
as an internal function, this file contains more misleading (DSO,
OPENSSL_load_builtin_modules) than useful information, so delete it.
OK tb@
|
|
reported by smatch via jsg
ok beck
|
|
"sounds good" tb@
|
|
|
|
that no longer exists, and add .Lb libssl libcrypto;
OK tb@
|
|
|
|
|
|
that no longer exists, and add .Lb;
OK tb@
|
|
|
|
|
|
|
|
These are unused internally and very few things look at them, none of
which should really matter to us, except possibly free pascal on Windows.
sizeof has been available since forever...
ok jsing
|
|
has been read or that has not.
|
|
Fix some things that got missed in the last pass - the majority is use of
post-increment rather than unnecessary pre-increment.
|
|
|
|
pointed out by/ok jsing
|
|
codesearch.debian.net only shows some legacy openssl patches plus binkd
(a FidoNet mailer) as sole potential user. net-snmp and a strongswan DES
plugin bundle some opt-in libdes/openssl legacy things. If this should
break any of this, I don't think we need to care. If you're really going
to use DES you can also use non bleeding edge libressl.
We can remove the big 'default values' block because one of
DES_RISC1, DES_RISC2, DES_UNROLL is always defined (you can ignore
DES_PTR for this), so this is dead support code for mostly dead
platforms.
ok kenjiro
|
|
|
|
|
|
Switch argument order and use sizeof(*ctx) rather than sizeof(struct ...).
ok jsg
|
|
ok jsg
|
|
enctmp is only allocated if saltlen > 0, so there is no harm in checking
for that, but it's also pointless. Unconfuses smatch who thinks there
might be a memory leak:
pem/pvkfmt.c:808 do_PVK_body() warn: possible memory leak of 'enctmp'
found by jsg
|
|
Remove unnecessary and inconsistent NULL check for 'it', which the only
caller, asn1_item_print_ctx(), already dereferenced.
found by jsg
ok kenjiro
|
|
|
|
|
|
The old default is still available with rc2-40.
https://github.com/pyca/cryptography/issues/12949
https://github.com/libressl/portable/issues/1168
ok kenjiro
|
|
The old default is still available with "des3"
https://github.com/pyca/cryptography/issues/12949
https://github.com/libressl/portable/issues/1168
ok kenjiro
|
|
classes_new is an array of pointers to struct crypto_ex_data, not
an array of struct crypto_ex_data_index, so this overallocated by
240 or 480 bytes on ILP32 or LP64, respectively.
found by jsg using smatch
ok jsing
|
|
There is an old trap that you must not call EVP_*Final() when
using AES-CCM. While encrypting this happens to be a noop and
succeeds, but when decrypting, the call fails. This behavior
changed in OpenSSL and BoringSSL, making the trap even worse
since we now fail when the others succeed.
This is an adaptation of OpenSSL commit 197421b1 to fix this.
See also https://github.com/sfackler/rust-openssl/pull/1805#issuecomment-2734788336
ok beck kenjiro
|
|
|
|
libdes is dead, Jim. Only its successors continue to haunt us.
discussed with jsing
|
