| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
Configure script.
ok deraadt@
|
|
Allows https checkouts from github to work.
- Add digicert's other root certs.
Fingerprints carefully checked against those in the built-in roots
supplied with Mozilla.
ok dcoppa@ jcs@
|
|
Small test by marco@ and md5 /usr/lib/libcrypto.so.19.0 agrees.
|
|
build on i386. This enables SSE2 optimizations for bignum multiplications,
Montgomery multiplications and sha512.
This speeds up Diffie-Hellman operations in isakmpd and iked quite
a bit. OK djm@, markus@, mikeb@
|
|
discussed with lots of people, tested by naddy@,
"move fast" deraadt@
|
|
DigiCert High Assurance CA-3
Go Daddy Secure Certification Authority/serialNumber=07969287
Equifax Secure Certificate Authority
VeriSign Class 3 Public Primary Certification Authority - G5
Entrust Certification Authority - L1C
Entrust.net Secure Server Certification Authority
ok mikeb@ beck@ fgsch@
constant prodding by marco@
|
|
months since it was introduced so it's safe to assume people have this dir now.
ok deraadt@
|
|
the openssl and libz versions:
- use a generic ${lib_version}
- define ${version_file} to look run ${version_re} on to
acquire the library version.
- add license
- remove unused -k flag
no change in generated files
ok sthen@
|
|
ok sthen@
|
|
"if you have checked this I am ok with it" does not mean
1) not to pay attention to breaking news after I tell you that and
2) not to get ok's from the others this had been shown to.
I am absolutely not ok with thig going in with only *my* ok. There's a reason why we want more than one ok on important commits
ok deraadt@ for the backout
|
|
DigiCert High Assurance CA-3
Go Daddy Secure Certification Authority
COMODO High-Assurance Secure Server CA
Equifax Secure Certificate Authority
VeriSign Class 3 Public Primary Certification Authority - G5
Entrust Certification Authority - L1C
Entrust.net Secure Server Certification Authority
cross checked with mozilla
ok beck@
|
|
Fixes build on NFS src with no root access. ok jasper@
|
|
ok beck@ fgsch@
|
|
ok markus@ jasper@ miod@
AFAIK nothing in base uses this, though apache2 from ports may be affected.
|
|
test -n "`pkg-config --cflags openssl`"
don't assume that OpenSSL isn't available.
ok miod@, sthen@, ajacoutot@, djm@
|
|
prompted by brad
|
|
- zap a trailing tab
|
|
common/encouraged practice
|
|
projects depend on being present (e.g. various ports).
as discussed with various porters in a hungarian spa
help/feedback from ingo@ and also OK halex@
no objections from djm@
|
|
file it will be used from.
requested by/ok mikeb@
|
|
which should have been declared as CRYPTO_ALGORITHM_MAX + 1,
fix this and reserve enough space for the VIA additions as well.
ok/comments from mikeb & deraadt
|
|
http://www.openssl.org/news/secadv_20101202.txt.
where clients could modify the stored session
cache ciphersuite and in some cases even downgrade the suite to weaker ones.
This code is not enabled by default.
ok djm@
|
|
ok djm@ deraadt@
|
|
|
|
|
|
- Update local engines for the EVP API change (len u_int => size_t)
- Use hw_cryptodev.c instead of eng_cryptodev.c
- Make x86_64-xlate.pl always write to the output file and not stdout,
fixing "make -j" builds (spotted by naddy@)
ok naddy@
|
|
There's not much use for the declassified cipher from the 80's
with a questionable license these days. According to the FIPS
drafts, Skipjack reaches its EOL in December 2010.
The libc portion will be removed after the ports hackathon.
djm and thib agree, no objections from deraadt
Thanks to jsg for digging up FIPS drafts.
|
|
Revert the "set -e" additions and kill unneeded subshells. ok djm@
|
|
u_long on i386. suggested by deraadt@ and kettenis@
|
|
amd64
|
|
|
|
|
|
|
|
|
|
|
|
these are not built by default, but only built when MANPS is set.
kristaps@ and jmc@ agree with the idea,
and the patch doesn't bother deraadt@ at all
|
|
Update our sources appropriately. OK deraadt@ jsg@
|
|
|
|
|
|
This is code mostly picked up from upstream OpenSSL, or to be more exact
a diff from David Woodhouse <dwmw2 at infradead dot org>.
Remember to make includes before doing a build!
no objections from djm@
OK deraadt@, reyk@ (AES is about 4.25x faster on his x201 now)
|
|
with suggestions from miod.
The codepath doesn't seem to be called yet, this will be
investigated later.
looks good miod@, ok deraadt@
|
|
version require these flags to accept the X.509 certificates from the
gateway or client; I just add both flags to make it work in both cases
and verified it with win7, for example when authenticating against iked.
go ahead beck@
|
|
the xcrypt inputs, hence the dance which is done to make this work.
The constraint for the key however was "mr" which is both from
memory and from a general register, it seems gcc3 went with the former
and gcc4 went with the later in the pic case, so change the
constraint for the key to just "m" which gives us more efficient
code that both gcc3 and gcc4 are happy with.
ok kettenis@
|
|
"mbuf" as a C string when using the pop3 s_client feature. This causes
a segmentation fault with malloc.conf option "J" set when BIO_printf()
runs off the end of the buffer. The following patch fixes PR 6282
from Matthew Haub (asked to submit upstream), ok djm
|
