| Age | Commit message (Collapse) | Author |
|---|
|
ok miod@ deraadt@
|
|
relevant anymore. OpenSSL should have a better way to include 3rd
party engines: either completely and free or external. But including
a wrapper for a non-free wrapper in the code base does not make much
sense and could also be provided by the vendor.
ok deraadt@
|
|
non-free libraries. OpenSSL should have a better way to include 3rd
party engines: either completely free or external. But including a
wrapper for a non-free wrapper in the code base does not make much
sense and could also be provided by the vendor.
ok deraadt@
|
|
hardware.
The vendor_defns/cswift.h does not specify a copyright and
theoretically defaults to the OpenSSL license, but it also mentions
that it includes parts that have been "clipped" from CryptoSwift's
proprietary headers. This file should better include an explicit
copyright statement or mention OpenSSL's library instead of the
ambiguous "Attribution notice".
ok deraadt@
|
|
The vendor_defns/sureware.h file by Baltimore Technologies Ltd. has a
copyright that does not grant rights!
Vendor files should either include a compatible license in the
copyright statement or use OpenSSL's defaults, but adding a copyright
statement without any terms is not acceptable. It should not have
been included in the first place.
ok deraadt@
|
|
The vendor_defns/hw_ubsec.h file has a copyright that does not grant rights!
Vendor files should either include a compatible license in the
copyright statement or use OpenSSL's defaults, but adding a copyright
statement without any terms is not acceptable. It should not have
been included in the first place.
(The ubsec(4) kernel driver is not affected by this change)
ok deraadt@
|
|
old PCI accelerator that was EOL'ed in 2005.
ok deraadt@
|
|
|
|
so that libssl no longer need to access the non-external headers of libcrypto
to build.
No library bump, riding upon the recent update.
|
|
and libssl major (ssl_check_clienthello_tlsext split into two functions)
|
|
|
|
|
|
|
|
as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.
ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.
|
|
issue. Apply that version. Maybe someday upstream will wake up and then
we can have the same code.
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
|
|
|
|
ok benno deraadt
|
|
OpenSSL git; ok sthen@
|
|
Note that I missed two of these in the diff shown initially, thx
to the atrocious Makefile rule...
okay millert@, sthen@, basically
|
|
CVE-2013-4353 NULL pointer dereference with crafted Next Protocol
Negotiation record in TLS handshake.
Upstream: 197e0ea
CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client.
Upstream: ca98926, 0294b2b
CVE-2013-6450 Fix DTLS retransmission from previous session.
Upstream: 3462896
|
|
architectures. ok miod@ djm@
Upstream patch:
commit cdd1acd788020d2c525331da1712ada778f1373c
Author: Andy Polyakov <appro@openssl.org>
Date: Wed Dec 18 21:27:35 2013 +0100
|
|
members to 64bit types. Assign new syscall numbers for (almost
all) the syscalls that involve the affected types, including anything
with time_t, timeval, itimerval, timespec, rusage, dirent, stat,
or kevent arguments. Add a d_off member to struct dirent and replace
getdirentries() with getdents(), thus immensely simplifying and
accelerating telldir/seekdir. Build perl with -DBIG_TIME.
Bump the major on every single base library: the compat bits included
here are only good enough to make the transition; the T32 compat
option will be burned as soon as we've reached the new world are
are happy with the snapshots for all architectures.
DANGER: ABI incompatibility. Updating to this kernel requires extra
work or you won't be able to login: install a snapshot instead.
Much assistance in fixing userland issues from deraadt@ and tedu@
and build assistance from todd@ and otto@
|
|
hyphen in their official programming guide sometime between 2003 and
2005, and Clang's integrated assembler does not support hyphenated
mnemonics.
ok jsg, deraadt
|
|
from the openssl git (changes between openssl 1.0.1c and 1.0.1d).
ok djm@
|
|
|
|
|
|
have to go through the PLT/GOT to get at them anymore. In fact going through
the GOT now fails since we no longer have a GOT entry for OPENSSL_ia32cap_P.
Fixes the problem spotted by jasper@ and sthen@. Based on a diff from mikeb@
who did most of the actual work of tracking down the issue.
ok millert@, mikeb@
|
|
Disable use of dladdr() on a.out arches, they do not provide it (yet);
|
|
major cranks
|
|
|
|
|
|
|
|
and __PIC__ defines. Makes things easier for PIE.
ok djm@
|
|
Brad, jasper and naddy helped with test builds, fixing ports, etc.
|
|
ok miod@ deraadt@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ok markus@ jasper@ miod@
AFAIK nothing in base uses this, though apache2 from ports may be affected.
|
|
file it will be used from.
requested by/ok mikeb@
|
|
which should have been declared as CRYPTO_ALGORITHM_MAX + 1,
fix this and reserve enough space for the VIA additions as well.
ok/comments from mikeb & deraadt
|
|
http://www.openssl.org/news/secadv_20101202.txt.
where clients could modify the stored session
cache ciphersuite and in some cases even downgrade the suite to weaker ones.
This code is not enabled by default.
ok djm@
|
|
ok djm@ deraadt@
|
|
|
|
- Update local engines for the EVP API change (len u_int => size_t)
- Use hw_cryptodev.c instead of eng_cryptodev.c
- Make x86_64-xlate.pl always write to the output file and not stdout,
fixing "make -j" builds (spotted by naddy@)
ok naddy@
|
|
There's not much use for the declassified cipher from the 80's
with a questionable license these days. According to the FIPS
drafts, Skipjack reaches its EOL in December 2010.
The libc portion will be removed after the ports hackathon.
djm and thib agree, no objections from deraadt
Thanks to jsg for digging up FIPS drafts.
|
|
|
