summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* MFC: Reject excessively large primes in DH key generation. Problem reportedlibressl-v2.7.4jsing2018-06-131-1/+6
| | | | | | | by Guido Vranken to OpenSSL (https://github.com/openssl/openssl/pull/6457) and based on his diff. suggestions from tb@, ok tb@ jsing@ Original commit by sthen@
* MFC: Avoid a timing side-channel leak when generating DSA and ECDSAjsing2018-06-132-7/+4
| | | | | | | | | | | signatures. This is caused by an attempt to do fast modular arithmetic, which introduces branches that leak information regarding secret values. Issue identified and reported by Keegan Ryan of NCC Group. ok beck@ tb@
* Bump to LibreSSL 2.6.4bcook2018-06-131-3/+3
|
* bump to 2.7.3libressl-v2.7.3bcook2018-05-031-3/+3
|
* MFC:tb2018-05-021-5/+1
| | | | | | | Remove incorrect NULL checks in DH_set0_key(). Reported by Ondrej Sury, LibreSSL-portable issue #92. ok inoguchi, jsing
* Limit tls_config_clear_keys() to only clearing private keys.jsing2018-04-183-8/+6
| | | | | | | | This was inadvertently clearing the keypair, which includes the OCSP staple and pubkey hash - if an application called tls_configure() followed by tls_config_clear_keys(), this would prevent OCSP staples from working. ok beck@
* bump to 2.7.2bcook2018-03-241-3/+3
|
* finish ssl HISTORY; mostly 1.1.0/6.3, but also various other fixeslibressl-v2.7.1schwarze2018-03-2418-47/+104
|
* ouch, previous was wrong; revert it and fix HISTORY insteadschwarze2018-03-241-2/+29
|
* delete two functions that do not existschwarze2018-03-231-22/+1
|
* finish crypto HISTORY; mostly 1.1.0/6.3, but also various other fixesschwarze2018-03-2352-155/+289
|
* ssl.h HISTORY up to 1.0.2; researched from OpenSSL git and OpenBSD CVSschwarze2018-03-236-9/+41
|
* crypto HISTORY up to 1.0.2; researched from OpenSSL git and OpenBSD CVSschwarze2018-03-236-12/+41
|
* ssl.h HISTORY up to 1.0.1; researched from OpenSSL gitschwarze2018-03-239-18/+60
|
* crypto HISTORY up to 1.0.1; researched from OpenSSL gitschwarze2018-03-2310-16/+79
|
* ssl.h HISTORY up to 1.0.0; researched from OpenSSL gitschwarze2018-03-232-5/+15
|
* crypto HISTORY up to 1.0.0; researched from OpenSSL gitschwarze2018-03-2343-114/+299
|
* ssl.h HISTORY up to 0.9.8zh; researched from OpenSSL gitschwarze2018-03-232-8/+11
|
* crypto HISTORY up to 0.9.8zh; researched from OpenSSL gitschwarze2018-03-233-4/+18
|
* ssl.h HISTORY up to 0.9.8h; researched from OpenSSL gitschwarze2018-03-233-6/+23
|
* crypto HISTORY up to 0.9.8h; researched from OpenSSL gitschwarze2018-03-237-14/+59
|
* ssl.h HISTORY up to 0.9.8; researched from OpenSSL gitschwarze2018-03-234-8/+31
|
* crypto HISTORY up to 0.9.8; researched from OpenSSL gitschwarze2018-03-2329-68/+329
|
* crypto HISTORY up to 0.9.7h; researched from OpenSSL gitschwarze2018-03-226-10/+34
|
* ssl.h HISTORY up to 0.9.7; researched from OpenSSL gitschwarze2018-03-224-12/+19
|
* crypto HISTORY up to 0.9.7; researched from OpenSSL gitschwarze2018-03-2251-134/+383
|
* organizationUnitName -> organizationalUnitName;jmc2018-03-221-3/+3
| | | | from matt schwartz
* crypto HISTORY up to 0.9.6h; researched from OpenSSL gitschwarze2018-03-221-2/+6
|
* ssl.h HISTORY up to 0.9.6c; researched from OpenSSL gitschwarze2018-03-221-2/+8
|
* crypto HISTORY up to 0.9.6c; researched from OpenSSL gitschwarze2018-03-222-5/+7
|
* crypto HISTORY up to 0.9.6a; researched from OpenSSL gitschwarze2018-03-221-2/+4
|
* crypto HISTORY up to 0.9.6; researched from OpenSSL gitschwarze2018-03-2219-36/+141
|
* bump for 2.7.1bcook2018-03-221-3/+4
|
* ssl.h HISTORY up to 0.9.5; researched from OpenSSL gitschwarze2018-03-223-6/+22
|
* crypto HISTORY up to 0.9.5; researched from OpenSSL gitschwarze2018-03-2248-140/+362
|
* Call strlen() if name length provided is 0, like OpenSSL does.beck2018-03-221-1/+3
| | | | | Issue notice by Christian Heimes <christian@python.org> ok deraadt@ jsing@
* Catch up after beck@ fixed autoconfiguration:schwarze2018-03-213-62/+55
| | | | | | | | | * Say more precisely what OPENSSL_config(3) and OPENSSL_no_config(3) do. * Revert the deprecation notice for them, nothing wrong with them. * Document OPENSSL_INIT_LOAD_CONFIG. * Deprecate OpenSSL_add_all_algorithms(3), it's now automatic. * Add OpenSSL_add_all_algorithms(3) HISTORY. Substantial feedback and OK beck@.
* ssl.h HISTORY up to 0.9.4; researched from OpenSSL gitschwarze2018-03-212-3/+15
|
* crypto HISTORY up to 0.9.4; researched from OpenSSL gitschwarze2018-03-2112-25/+92
|
* ssl.h HISTORY up to 0.9.3; researched from OpenSSL gitlibressl-v2.7.0schwarze2018-03-213-4/+19
|
* crypto HISTORY up to 0.9.3; researched from OpenSSL gitschwarze2018-03-2121-43/+178
|
* ssl.h HISTORY up to 0.9.2b; researched from OpenSSL gitschwarze2018-03-218-11/+49
|
* crypto HISTORY up to OpenSSL 0.9.2b; researched from OpenSSL gitschwarze2018-03-2118-30/+134
|
* Full sync of CA list with Mozilla's.sthen2018-03-211-580/+3448
| | | | | | | | Produced using curl's make-ca-bundle.pl and then reformatted with our format-pem.pl from: https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt OK benno@. juanfra agrees with syncing with Mozilla. No objections received.
* Adjust (non-installed) helper script to cope better with CAs that don't havesthen2018-03-211-2/+6
| | | | "o=" in their subject.
* crypto HISTORY up to OpenSSL 0.9.1c; researched from OpenSSL gitschwarze2018-03-211-3/+6
|
* ssl.h HISTORY up to SSLeay 0.9.1; researched from OpenSSL gitschwarze2018-03-212-4/+12
|
* crypto HISTORY up to SSLeay 0.9.1; researched from OpenSSL gitschwarze2018-03-2117-34/+101
|
* ssl.h HISTORY up to SSLeay 0.9.0; researched from OpenSSL gitschwarze2018-03-2111-23/+86
|
* x509_vfy.h HISTORY up to SSLeay 0.9.0; researched from OpenSSL gitschwarze2018-03-213-7/+14
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-27 12:22:20 +0000