| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-12-03 | Fix for OpenSSL CVE-2015-3194 | Bob Beck | |
| ok krw@ | |||
| 2015-11-14 | mutli -> multi | Miod Vallat | |
| 2015-11-14 | Various *syncron* -> *synchron* typos. | Miod Vallat | |
| 2015-11-12 | update cross references after deleting the imaginary MLINKS | Ingo Schwarze | |
| bn_internal(3) and lhash(3) | |||
| 2015-11-11 | add missing functions to NAME, or otherwise correct the mlink | Jason McIntyre | |
| entry for them; feedback/ok schwarze | |||
| 2015-11-06 | Fix gcc version preprocessor checks to cope with gcc 5.x and beyond; | Miod Vallat | |
| reported by Ruslan Babayev. | |||
| 2015-11-05 | Cast Td4[] values (which are uint8_t) to uint32_t before shifting them left by | Miod Vallat | |
| 24 bits; if we don't, Td4[] gets cast to signed int, and according to C>=99 6.5.7, signed int shifted by enough bits to cause a the sign bit to be set is an UB. Reported by Pascal Cuoq on behalf of the trust-in-soft.com mafia I am {partial,slightly related} to. | |||
| 2015-11-05 | Mention ROTL() is always invoked with a proper shift value, due to the way the | Miod Vallat | |
| CAST_KEY is constructed. This is expected to reduce blood pressure in auditors. | |||
| 2015-11-03 | bump to 2.3.2, format LIBRESSL_VERSION_NUMBER like OPENSSL_VERSION_NUMBER. | Brent Cook | |
| Suggested by WubTheCaptain so the same comparison code can be used with LibreSSL. https://www.openssl.org/docs/manmaster/crypto/OPENSSL_VERSION_NUMBER.html | |||
| 2015-11-02 | Fix typo in comment of previous commit: "that that". | Reyk Floeter | |
| 2015-11-02 | bump minors after adding EVP_aead_chacha20_poly1305_ietf() | Reyk Floeter | |
| OK jsing@ | |||
| 2015-11-02 | Add EVP_aead_chacha20_poly1305_ietf() - The informational RFC 7539, | Reyk Floeter | |
| "ChaCha20 and Poly1305 for IETF Protocols", introduced a modified AEAD construction that is incompatible with the common style that has been already used in TLS with EVP_aead_chacha20_poly1305(). The IETF version also adds a constant (salt) that is prepended to the nonce. OK mikeb@ jsing@ | |||
| 2015-10-30 | Pull in <sys/types.h> to get ssize_t or <stdint.h> to get uint32_t, instead of | Miod Vallat | |
| relying upon previously included headers to do this, to enhance portability; from Pascal Cuoq, libressl github pull request #52 | |||
| 2015-10-22 | Another change that is needed to restore the previous behaviour of | Joel Sing | |
| ASN1_{GENERALIZED,UTC}TIME_set_string(), which allows it to be called with a NULL pointer. ok beck@ | |||
| 2015-10-22 | Restore previous behaviour and allow | Joel Sing | |
| ASN1_{GENERALIZED,UTC,}TIME_set_string() to be called with a NULL pointer. Found the hard way by @kinichiro on github. ok beck@ | |||
| 2015-10-21 | Reject too small bits value in BN_generate_prime_ex(), so that it does not risk | Miod Vallat | |
| becoming negative in probable_prime_dh_safe(). Reported by Franck Denis who noticed `openssl gendh 0' would segfault. Fix adapted from OpenSSL RT#2701. ok beck@ jsing@ | |||
| 2015-10-21 | In the case where len is not a multiple of sizeof(RC4_CHUNK) the RC4 code | Joel Sing | |
| will end up doing a read and write of up to 7 bytes beyond the specified length. This is effectively a non-issue since we read and write back the same data and due to alignment it is within a page boundary. Regardless, avoid this by removing the "special" handling for the remaining length and allow the standard (non-chunk) code to process the remaining bytes, which does not result in overrun. Reported by Pascal Cuoq <cuoq at trust-in-soft.com> - thanks! ok beck@ miod@ | |||
| 2015-10-20 | Lob a style(9) grenade in here. | Joel Sing | |
| 2015-10-19 | Stop supporing "legcay" time formats that OpenSSL supports. Rewrite the | Bob Beck | |
| utctime and gentime wrappers accordingly. Along with some other cleanup. this also removes the need for timegm. ok bcook@ sthen@ jsing@ | |||
| 2015-10-16 | Remove pointless externs - the structs are declared in the same files a | Joel Sing | |
| few lines above. | |||
| 2015-10-16 | Expand DECLARE_ASN1_ALLOC_FUNCTIONS and DECLARE_ASN1_FUNCTIONS_const | Joel Sing | |
| macros. The only change in the generated assembly is due to line numbering. | |||
| 2015-10-16 | Remove pointless uses of DECLARE_ASN1_ENCODE_FUNCTIONS_const. | Joel Sing | |
| DECLARE_ASN1_FUNCTIONS_const already includes this macro so using both means we end up with duplicate function prototypes and externs. | |||
| 2015-10-16 | actually include the prerequisite dependency for BIO instead of doing nastyness | Bob Beck | |
| 2015-10-14 | better fix for overrun reported by Qualys Security. | Ted Unangst | |
| buf is at all times kept nul terminated, so there is no need to enforce this again upon exit. (no need to move buf around after we exahust space.) ok beck miod | |||
| 2015-10-14 | Bail out early if we have no buf_len | Bob Beck | |
| ok miod@ | |||
| 2015-10-14 | fix a memory leak reported by Qualys Security. | Ted Unangst | |
| move the bndec variable in tighter since it's not used elsewhere in the loop, then always free it after use. ok bcook miod | |||
| 2015-10-14 | Ensure we don't write a 0 byte past end of the buffer in the error case. | Bob Beck | |
| ok bcook@ deraadt@ | |||
| 2015-10-14 | Add EVP_AEAD_CTX_init(3) manpage to document the new(ish) AEAD API. | Reyk Floeter | |
| The "authenticated encryption with additional data" API is used for ciphers like AES-GCM or ChaCha20-Poly1305. The manpage is a beginning and certainly needs more work, especially improvements in the EXAMPLES section. Based on agl's source code comments. Converted from pod to mandoc by schwarze@ OK schwarze@ jsing@ | |||
| 2015-10-13 | Put ASN1_dup() under #ifndef LIBRESSL_INTERNAL. | Joel Sing | |
| 2015-10-13 | Convert ECParameters_dup() from a macro that uses ASN1_dup_of() into an | Joel Sing | |
| actual function. This removes the last ASN1_dup_of usage from the tree. Feedback from doug@ and miod@ | |||
| 2015-10-13 | Convert a number of the old ASN1_{d2i,i2d}_{bio,fp}_of() macros to | Joel Sing | |
| ASN1_item_{d2i,i2d}_{bio,fp}() function calls. ok beck@ doug@ | |||
| 2015-10-13 | Group d2i/i2d function prototypes by type and add missing externs for the | Joel Sing | |
| DSAPublicKey, DSAPrivateKey and DSAparams ASN1_ITEMs. | |||
| 2015-10-12 | unifdef EVP_CHECK_DES_KEY: Ben Kaduk noticed it has a syntax error; that | Philip Guenther | |
| error was present in the original 2004 commit, so it hasn't been used in over 11 years, thus exceeding our deprecation requirements by over a decade. OpenSSL has chosen to *fix it*; we'll gladly watch it burn ok jsing@ | |||
| 2015-10-08 | Rip the guts out of another gibbering horror of a time comparison function, and | Bob Beck | |
| mark it as #ifndef LIBRESSL_INTERNAL at least we don't use this. ok jsing@ | |||
| 2015-10-08 | revert previous accidental commit | Bob Beck | |
| 2015-10-08 | Spelling in comment | Bob Beck | |
| 2015-10-06 | prefer limits.h over sys/limits.h | Brent Cook | |
| ok deraadt@ | |||
| 2015-10-05 | Make sure dot is not set after tz - fixes incorrect handling, which allows | Joel Sing | |
| 20151005171301+1.09Z to be treated as a valid time. ok beck@ | |||
| 2015-10-04 | Apply some style(9), tweak a few things for readability and add some | Joel Sing | |
| additional bounds checks. ok beck@ | |||
| 2015-10-02 | Flense the greasy black guts of unreadble string parsing code out of three areas | Bob Beck | |
| in asn1 and x509 code, all dealing with an ASN1_TIME. This brings the parsing together in one function that converts into a struct tm. While we are at it this also brings us into conformance with RFC 5280 for times allowed in an X509 cert, as OpenSSL is very liberal with what it allows. input and fixes from deraadt@ jsing@ guethther@ and others. ok krw@, guenther@, jsing@ | |||
| 2015-09-30 | Place all of the ASN1 M_ macros under #ifndef LIBRESSL_INTERNAL. | Joel Sing | |
| 2015-09-30 | Expand M_i2d_ASN1_OCTET_STRING macros - no change in generated assembly, | Joel Sing | |
| aside from line numbers. | |||
| 2015-09-30 | s/M_ASN1_ENUMERATED_free/ASN1_ENUMERATED_free/ | Joel Sing | |
| 2015-09-30 | Replace M_ASN1_ENUMERATED_(free|new) with ASN1_ENUMERATED_(free|new). | Joel Sing | |
| 2015-09-30 | Replace M_ASN1_OCTET_STRING_(free|new) with ASN1_OCTET_STRING_(free|new). | Joel Sing | |
| 2015-09-30 | Replace M_ASN1_UTCTIME_(new|free) with ASN1_UTCTIME_(new|free). | Joel Sing | |
| 2015-09-30 | Replace M_ASN1_IA5STRING_(new|free) with ASN1_IA5STRING_(new|free). Same | Joel Sing | |
| with one s/M_ASN1_VISIBLESTRING_new/ASN1_VISIBLESTRING_new/. | |||
| 2015-09-30 | Replace M_ASN1_GENERALIZEDTIME_(new|free) with | Joel Sing | |
| ASN1_GENERALIZEDTIME_(new|free). | |||
| 2015-09-30 | s/M_ASN1_TIME_free/ASN1_TIME_free/ | Joel Sing | |
| 2015-09-30 | Replace M_ASN1_INTEGER_(new|free) with ASN1_INTEGER_(new|free) - this is | Joel Sing | |
| different from the macro expansion, but the result is the same. Also replace some ASN1_STRING_dup() with ASN1_INTEGER_dup(). ok beck@ doug@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |