| Age | Commit message (Collapse) | Author |
|---|
|
|
|
My read of this: Long time ago (Think Conan, not dinasaurs) during the race
to make speedier processors, a cpu vendor built a pipeline with a bad stall,
and proposed a tremendously hasky workaround. A wizard adopted this into his
perl scroll, and failed to reflect later when no compiler adopted the practice.
This relic remains at the tail end of some functions in OpenSSL as
".byte 0xf3,0xc3". Banish it straight to hell.
ok mlarkin, others also stared blankly
|
|
block which defines a variable late, after code. Place this chunk into
a { subblock } to satisfy old compilers and old eyes.
|
|
|
|
This removes the last remaining use of the old M_ASN1_* macros (asn1_mac.h)
from API that needs to continue to exist.
ok beck@ inoguchi@
|
|
with "warning: " since 2003, so the messages themselves need not
contain the prefix anymore.
From Scott Cheloha
ok jca, deraadt
|
|
|
|
|
|
ok bcook@
|
|
prototypes if we have both OPENSSL_NO_NEXTPROTONEG and the prototypes
defined.
|
|
Several pieces of software expect this to be available unconditionally.
|
|
ok deraadt@ bcook@
|
|
|
|
chacha20-poly1305 cipher suites have been removed from libssl.
|
|
removed/renamed a long time back.
|
|
|
|
code. We removed SSLv2/SSLv3 a long time ago...
Discussed with doug@
|
|
|
|
can get at it, so libtls can also deal with notafter's past the
realm of 32 bit time in portable
|
|
from the OpenSSL manual and from code inspection.
Use my own Copyright and license because no Copyright-worthy amount
of text from OpenSSL remains.
And, no, these functions do *NOT* check private keys, not at all.
|
|
from Richard Levitte <levitte at openssl dot org>
via OpenSSL commit e9c9971b Jul 1 18:28:50 2017 +0200
|
|
from Emilia Kasper <emilia at openssl dot org>
via OpenSSL commit 1e3f62a3 Jul 17 16:47:13 2017 +0200.
|
|
stating that RSA_padding_check_PKCS1_type_2(3) is weak by design;
from Emilia Kasper <emilia at openssl dot org>
via OpenSSL commit 1e3f62a3 Jul 17 16:47:13 2017 +0200.
|
|
dropping the secmem stuff that we don't want
|
|
now also documents it, in OPENSSL_malloc.pod
|
|
don't have, which implies renaming the file to EVP_PKEY_meth_get0_info.3
|
|
from Rich Salz <rsalz at openssl dot org>
via OpenSSL commit 1722496f Jun 8 15:18:38 2017 -0400
|
|
1. mention three additional functions for stitched ciphers
from Steven Collison <steven at raycoll dot com>
via OpenSSL commit 209fac9f Mar 28 12:46:07 2017 -0700
2. fix wrong data type of an automatic variable in an example
from Paul Yang <paulyang dot inf at gmail dot com>
via OpenSSL commit 719b289d May 22 23:18:45 2017 +0800
3. fix memory leak in sample encryption code and check return value of fopen
from Greg Zaverucha <gregz at microsoft dot com>
via OpenSSL commit 519a5d1e Jun 27 17:38:25 2017 -0700
|
|
|
|
'it works' deraadt@
|
|
minor improvements. Mostly from Todd Short <tshort at akamai dot com>
via OpenSSL commit cf37aaa3 Aug 4 11:24:03 2017 +1000.
|
|
from Rich Salz, OpenSSL commit a95d7574, July 2, 2017
|
|
the OpenSSL manual page committed on July 27, 2017, and on source
code inspection. Use my own Copyright and license because no
copyright-worthy amount of text from OpenSSL remains.
NOTA BENE:
BUGS Most aspects of the semantics considerably differ from OpenSSL.
|
|
ok beck@
|
|
This will only be used in portable. As noted, necessary to
make us conformant to RFC 5280 4.1.2.5.
ok jsing@ bcook@
|
|
Discussed with beck@ and jsing@
ok beck@
|
|
ok guenther@
|
|
strings. The original code is perfectly valid C, however it causes some
compilers to complain since it lacks room for a string NUL terminator and
the compiler is not smart enough to realise that these are only used as
byte arrays and never treated as strings.
ok bcook@ beck@ inoguchi@
|
|
|
|
found with regress/usr.bin/mandoc/db/dbm_dump;
OK jmc@
|
|
|
|
okay millert@
|
|
|
|
|
|
just fall into the code. The .align created a FILL zone in the .init section,
which on i386 was filled with a NOP-sled, something we want to get away
from.
discussed with kettenis and tom
|
|
The certificate verification code has special cases for self-signed
certificates and without this change, self-issued certificates (which it
seems are common place with openvpn/easyrsa) were also being included in
this category.
Based on BoringSSL.
Thanks to Dale Ghent <daleg at elemental dot org> for assisting in
identifying the issue and testing this fix.
ok inoguchi@
|
|
programs will build even without a make depend first.
okay tb@ millert@
|
|
|
|
has many small functions without significant local storage, therefore
less tail protection from -fstack-protector-strong to prevent their use
as ROP gadgets. It is used in security contexts. Also many functions
dribble pointers onto the stack, allowing discovery of gadgets via the
fixed relative addresses, so let's randomly bias those.
ok tedu jsing
The rc script will soon need a strategy for skipping this step on
machines with poor IO performance. Or maybe do it less often? However,
I don't see many more libraries we'll do this with, these are the two
most important ones.
|
|
Reported by Robert Swiecki, who found the issue using honggfuzz.
ok bcook@
|
