summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-01-05OpenSSL 1.0.0f: import upstream sourceDamien Miller
2011-11-03crank major for openssl-1.0.0eDamien Miller
2011-11-03openssl-1.0.0e: resolve conflictsDamien Miller
2011-11-03import OpenSSL 1.0.0eDamien Miller
2011-02-10fix for CVE-2011-0014 "OCSP stapling vulnerability";Damien Miller
ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected.
2010-12-16move CRYPTO_VIAC3_MAX out of cryptodev.h and into the onlyJonathan Gray
file it will be used from. requested by/ok mikeb@
2010-12-16The VIA ciphers are added to an array of CRYPTO_ALGORITHM_MAX lengthJonathan Gray
which should have been declared as CRYPTO_ALGORITHM_MAX + 1, fix this and reserve enough space for the VIA additions as well. ok/comments from mikeb & deraadt
2010-12-15Security fix for CVE-2010-4180 as mentioned in ↵Jasper Lievisse Adriaanse
http://www.openssl.org/news/secadv_20101202.txt. where clients could modify the stored session cache ciphersuite and in some cases even downgrade the suite to weaker ones. This code is not enabled by default. ok djm@
2010-11-17- Apply security fix for CVE-2010-3864 (+commit 19998 which fixes the fix).Jasper Lievisse Adriaanse
ok djm@ deraadt@
2010-10-18Disable use of dladdr() on a.out arches, they do not provide it (yet); ok djm@Miod Vallat
2010-10-06More OpenSSL fixes:Damien Miller
- Update local engines for the EVP API change (len u_int => size_t) - Use hw_cryptodev.c instead of eng_cryptodev.c - Make x86_64-xlate.pl always write to the output file and not stdout, fixing "make -j" builds (spotted by naddy@) ok naddy@
2010-10-06Retire SkipjackMike Belopuhov
There's not much use for the declassified cipher from the 80's with a questionable license these days. According to the FIPS drafts, Skipjack reaches its EOL in December 2010. The libc portion will be removed after the ports hackathon. djm and thib agree, no objections from deraadt Thanks to jsg for digging up FIPS drafts.
2010-10-01fix -Wall due to API changeDamien Miller
2010-10-01update supporting files, crank library majorsDamien Miller
2010-10-01add missing; yay for cvs!Damien Miller
2010-10-01resolve conflicts, fix local changesDamien Miller
2010-10-01import OpenSSL-1.0.0aDamien Miller
2010-09-01Oracle has re-licensed sunrpc under a three-clause BSD license.Todd C. Miller
Update our sources appropriately. OK deraadt@ jsg@
2010-07-01import OpenSSL-1.0.1cThordur I. Bjornsson
2010-07-01AES-NI engine support for OpenSSL.Thordur I. Bjornsson
This is code mostly picked up from upstream OpenSSL, or to be more exact a diff from David Woodhouse <dwmw2 at infradead dot org>. Remember to make includes before doing a build! no objections from djm@ OK deraadt@, reyk@ (AES is about 4.25x faster on his x201 now)
2010-06-29VIA xcrypt for amd64, simpler version of a diff from deraadtJonathan Gray
with suggestions from miod. The codepath doesn't seem to be called yet, this will be investigated later. looks good miod@, ok deraadt@
2010-05-03When running in pic mode we don't have enough general registers for allJonathan Gray
the xcrypt inputs, hence the dance which is done to make this work. The constraint for the key however was "mr" which is both from memory and from a general register, it seems gcc3 went with the former and gcc4 went with the later in the pic case, so change the constraint for the key to just "m" which gives us more efficient code that both gcc3 and gcc4 are happy with. ok kettenis@
2010-04-14Security fix for CVE-2010-0740Jasper Lievisse Adriaanse
"In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL." http://openssl.org/news/secadv_20100324.txt ok deraadt@ djm@ sthen@
2010-03-04cherrypick patch from OpenSSL 0.9.8m:Damien Miller
*) Always check bn_wexpend() return values for failure. (CVE-2009-3245) [Martin Olsson, Neel Mehta]
2010-01-31add a fix from OpenSSL CVS for SA38200.Jasper Lievisse Adriaanse
"Modify compression code so it avoids using ex_data free functions. This stops applications that call CRYPTO_free_all_ex_data() prematurely leaking memory." looks ok to markus@
2009-11-10pull Ben Lauries blind prefix injection fix for CVE-2009-3555 fromMarkus Friedl
openssl 0.9.8l; crank minor version; ok djm@ deraadt@; initially from jsg@
2009-10-31s/Mhz/MHz/, MHz is a multiple of the SI unit hertz (whose symbol is Hz).Igor Sobrado
2009-08-07pull string for memcpy; ok hshoexer@Martynas Venckus
2009-04-06crankus majorisDamien Miller
2009-04-06resolve conflictsDamien Miller
2009-04-06import of OpenSSL 0.9.8kDamien Miller
2009-01-12convert a strdup (into a purpose-allocated buffer) in libcrypto to aDamien Miller
memcpy to avoid linker deprecation warnings; pointed out by dkrause@
2009-01-09adjust Makefile and crank major for openssl-0.9.8jDamien Miller
2009-01-09resolve conflictsDamien Miller
2009-01-09import openssl-0.9.8jDamien Miller
2009-01-05update to openssl-0.9.8i; tested by several, especially krw@Damien Miller
2008-09-19fix some cause of bad TEXTREL on i386 and amd64Otto Moerbeek
- global function calls in .init sections (diff makes them via PLT) - calls to global functions in aes-586.S (made static or local) - global variable accesses in rc4-x86_64.S (now made via GOT) from djm@large; ok miod@
2008-09-10use one call to arc4random_buf() instead of lots of arc4random()Damien Miller
2008-09-07Fix merge botch.Mark Kettenis
ok miod@
2008-09-06remove duplicate definition of OPENSSL_DSA_MAX_MODULUS_BITS spottedDamien Miller
by dtucker@
2008-09-06remerge local tweaks, update per-arch configuration headers, updateDamien Miller
Makefiles, crank shlib_version
2008-09-06resolve conflictsDamien Miller
2008-09-06import of OpenSSL 0.9.8hDamien Miller
2008-02-26fix memory leak (in one case of unaligned buffers); from Markus KvetterTheo de Raadt
ok markus
2007-10-10Replace use of strcpy(3) and other pointer goo inMoritz Jodeit
SSL_get_shared_ciphers() with strlcat(3). ok deraadt@ markus@
2007-09-27Fix off-by-one buffer overflow in SSL_get_shared_ciphers().Moritz Jodeit
From OpenSSL_0_9_8-stable branch. ok djm@
2007-09-10Proper use of fseek/fseeko macros.Tobias Stoeckmann
OK joris@, otto@
2007-08-21http://openssl.org/news/patch-CVE-2007-3108.txt; ok pval, deraadtMarkus Friedl
2007-04-06Add proper checks against fgets failure. From Charles Longeau.Ray Lai
OK moritz@, millert@, and jaredy@.
2007-03-20remove some bogus *p tests from charles longeauTed Unangst
ok deraadt millert