| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Apparently "very old" Netscape versions illegally included empty content
and a detached signature. OpenSSL removed the #if 0 that protected
these users and added a new button OPENSSL_DONT_SUPPORT_OLD_NETSCAPE.
It appears to be off by default to keep the hopes and dreams of very old
Netscape users alive. We decided to be rebels and disable support.
If you installed your browser from floppy disks, it's time to upgrade!
Based on OpenSSL commit: 02a938c953b3e1ced71d9a832de1618f907eb96d
ok tedu@, miod@, jsing@
|
|
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't
strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3
3d47c1d331fdc7574d2275cda1a630ccdb624b08
dfb56425b68314b2b57e17c82c1df42e7a015132
c8fa2356a00cbaada8963f739e5570298311a060
f16a64d11f55c01f56baa62ebf1dec7f8fe718cb
9ccc00ef6ea65567622e40c49aca43f2c6d79cdb
02a938c953b3e1ced71d9a832de1618f907eb96d
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
d6fbb194095312f4722c81c9362dbd0de66cb656
6f1a93ad111c7dfe36a09a976c4c009079b19ea1
1a5adcfb5edfe23908b350f8757df405b0f5f71f
8de24b792743d11e1d5a0dcd336a49368750c577
a2b18e657ea1a932d125154f4e13ab2258796d90
8e964419603d2478dfb391c66e7ccb2dcc9776b4
32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
|
Requested by deraadt@
|
|
this split across files, especially when two of them have less code than
license text.
ok bcook@ beck@ doug@ miod@
|
|
shouldn't be used directly. They aren't part of the API; each module
(file, dir, mem) provides an actual function to export the now-static
object.
OK miod@
|
|
from OpenSSL with a hint of boring and some things done here. Addresses
CVE-2014-8275 for OpenSSL fully
ok miod@ doug@
|
|
No change to generated assembly.
|
|
instead of disk. OpenSSL didn't provide a built-in API from loading
certificates in a chroot'ed process that doesn't have direct access to
the files. X509_STORE_load_mem() provides a new backend that will be
used by libssl and libtls to implement such privsep-friendly
functionality.
Adopted for LibreSSL based on older code from relayd (by pyr@ and myself)
With feedback and OK bluhm@
|
|
Change the runtime check for whether a long is smaller than a pointer to a
compile-time check. Replace the silly hash for LLP64 platforms.
ok tedu@
|
|
The latest NetBSD (6.1.5) arc4random does not appear to reseed the CRNG state
after a fork, so provide an override until the fork-safe version in CVS appears
in a release.
These are the same as the FreeBSD shims.
ok deraadt@
|
|
other systems to fit into the same mold, so add copyright
|
|
Free data->saved_message.data. Based on OpenSSL commit:
41cd41c4416f545a18ead37e09e437c75fa07c95 except this version sets a->ptr
to NULL to avoid accidental reuse and handles malloc failing.
ok beck@, input + ok miod@
|
|
ok jsing@ beck@
|
|
|
|
patch from Kinichiro Inoguchi, tested on HP-UX 11.31
ok deraadt@
|
|
Instead of asserting, return an error code for I/O errors. This is based
on OpenSSL commit 2521fcd8527008ceb3e4748f95b0ed4e2d70cfef. Added checks
for two calloc()s while I'm here.
ok miod@
|
|
Casting a pointer to an unsigned long discards bits on an LLP64 system.
ok deraadt@
|
|
void pointer is undefined and initialising an array with {} is a syntax
error.
Based on a diff from kinichiro inoguchi.
|
|
system. *blush*
|
|
generating code for 64-bit mips userland.
|
|
bn_div_words, bn_mul_add_words, bn_mul_words, bn_sqr_words, bn_sub_words)
on sgi, because the generated assembly code isn't R4000-safe.
|
|
|
|
|
|
If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the
object in an inconsistent state since the name is already freed.
This commit avoids changing the original name unless the *_add() call
will succeed.
Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0
ok miod@
|
|
Several functions that need to be redefined for a Windows port are right
in the middle of other code that is relatively portable. This patch
isolates the functions that need Windows-specific implementations so
they can be built conditionally in the portable tree.
ok jsing@ deraadt@
|
|
ok jsing@ deraadt@
|
|
EC_POINT_point2oct so that later allocation does not overflow
with miod
|
|
ok miod
|
|
ok beck@ tedu@ miod@ guenther@ doug@ deraadt@
|
|
ok beck@ tedu@ miod@
|
|
Remove the remaining random casts on optval. Fixups for this can be handled by
the portability layer all in once place.
Remove remaining fake socklen_t unions, though beck@ points out that this also
removes support for socklen_t changing its length at runtime. RIP.
ok tedu@ beck@ miod@ deraadt@
|
|
ok beck@ miod@ tedu@ deraadt@
|
|
|
|
|
|
ok deraadt@
|
|
|
|
|
|
libcrypto minor bump.
|
|
cleanup diff.
|
|
broken in r1.3.
Spotted by Dmitry Eremin-Solenikov
|
|
the function argument not being NULL
|
|
There used to be a strong reluctance to provide this cipher in LibreSSL in the
past, because the licence terms under which Cammelia was released by NTT were
free-but-not-in-the-corners, by restricting the right to modify the source
code, as well retaining the right to enforce their patents against anyone
in the future.
However, as stated in http://www.ntt.co.jp/news/news06e/0604/060413a.html ,
NTT changed its mind and made this code truly free. We only wish there had
been more visibility of this, for we could have had enabled Cammelia
earlier (-:
Licence change noticed by deraadt@. General agreement from the usual LibreSSL
suspects.
Crank libcrypto.so minor version due to the added symbols.
|
|
expect a good use for this knowledge in the tree in the near future.
Contributed by Vincent Gross, thanks!
|
|
- make VKO_compute_key() no longer void so that it can return failure.
- fix unchecked allocations in too many routines to mention /-:
- fix unchecked BN operations in gost2001_do_sign(), gost2001_do_verify(),
VKO_compute_key().
- fix the gost2001_do_sign() interface violation by having its sole caller
free the BIGNUM it passes to that function by itself, instead of having
the callee do this.
Reviewed (except for the last item) by Dmitry Eremin-Solenikov.
|
|
|
|
|
|
return the number of items read of written.
When you intend to return the number of bytes actually processed, it is
wise to pass 1 as the item size and the size as the number of items.
But in *some* places, the OpenSSL does the opposite, and has extra logic
to change a successful return of 1 (item processed) into the real size.
And, guess why it does that? Because of old VMS, for they (used to) have a
substandard stdio implementation.
Note that this change causes the return values of BIO_dump_fp() and
BIO_dump_indent_fp() to no longer be useless (actual number of callback calls),
but actual bytes output. Given the irrelevance of the return value before,
it is unlikely that anything depends upon it (and if something does, it
probably has other problems in need for a fix...)
ok tedu@ beck@ jsing@
|
|
CryptAcquireContext and CryptGenRandom returns zero (FALSE) if fails.
From: Dongsheng Song <dongsheng.song@gmail.com>
|
|
other allocations in the same block couldn't.
problem pointed out by David Ramos on the openssl-dev list
ok miod@ doug@
|
