| Age | Commit message (Collapse) | Author |
|---|
|
common/encouraged practice
|
|
projects depend on being present (e.g. various ports).
as discussed with various porters in a hungarian spa
help/feedback from ingo@ and also OK halex@
no objections from djm@
|
|
file it will be used from.
requested by/ok mikeb@
|
|
which should have been declared as CRYPTO_ALGORITHM_MAX + 1,
fix this and reserve enough space for the VIA additions as well.
ok/comments from mikeb & deraadt
|
|
http://www.openssl.org/news/secadv_20101202.txt.
where clients could modify the stored session
cache ciphersuite and in some cases even downgrade the suite to weaker ones.
This code is not enabled by default.
ok djm@
|
|
ok djm@ deraadt@
|
|
|
|
|
|
- Update local engines for the EVP API change (len u_int => size_t)
- Use hw_cryptodev.c instead of eng_cryptodev.c
- Make x86_64-xlate.pl always write to the output file and not stdout,
fixing "make -j" builds (spotted by naddy@)
ok naddy@
|
|
There's not much use for the declassified cipher from the 80's
with a questionable license these days. According to the FIPS
drafts, Skipjack reaches its EOL in December 2010.
The libc portion will be removed after the ports hackathon.
djm and thib agree, no objections from deraadt
Thanks to jsg for digging up FIPS drafts.
|
|
Revert the "set -e" additions and kill unneeded subshells. ok djm@
|
|
u_long on i386. suggested by deraadt@ and kettenis@
|
|
amd64
|
|
|
|
|
|
|
|
|
|
|
|
these are not built by default, but only built when MANPS is set.
kristaps@ and jmc@ agree with the idea,
and the patch doesn't bother deraadt@ at all
|
|
Update our sources appropriately. OK deraadt@ jsg@
|
|
|
|
|
|
This is code mostly picked up from upstream OpenSSL, or to be more exact
a diff from David Woodhouse <dwmw2 at infradead dot org>.
Remember to make includes before doing a build!
no objections from djm@
OK deraadt@, reyk@ (AES is about 4.25x faster on his x201 now)
|
|
with suggestions from miod.
The codepath doesn't seem to be called yet, this will be
investigated later.
looks good miod@, ok deraadt@
|
|
version require these flags to accept the X.509 certificates from the
gateway or client; I just add both flags to make it work in both cases
and verified it with win7, for example when authenticating against iked.
go ahead beck@
|
|
the xcrypt inputs, hence the dance which is done to make this work.
The constraint for the key however was "mr" which is both from
memory and from a general register, it seems gcc3 went with the former
and gcc4 went with the later in the pic case, so change the
constraint for the key to just "m" which gives us more efficient
code that both gcc3 and gcc4 are happy with.
ok kettenis@
|
|
"mbuf" as a C string when using the pop3 s_client feature. This causes
a segmentation fault with malloc.conf option "J" set when BIO_printf()
runs off the end of the buffer. The following patch fixes PR 6282
from Matthew Haub (asked to submit upstream), ok djm
|
|
"In TLS connections, certain incorrectly formatted records can cause an OpenSSL
client or server to crash due to a read attempt at NULL."
http://openssl.org/news/secadv_20100324.txt
ok deraadt@ djm@ sthen@
|
|
excepting the tbl(1) pages, which are less than twenty.
"commit the diff that enables it, now" deraadt@
|
|
*) Always check bn_wexpend() return values for failure. (CVE-2009-3245)
[Martin Olsson, Neel Mehta]
|
|
files or directories when applicable.
The inspiration and name of MACHINE_CPU come from NetBSD, although the way to
provide it to Makefiles is completely different.
ok kettenis@
|
|
"Modify compression code so it avoids using ex_data free functions.
This stops applications that call CRYPTO_free_all_ex_data()
prematurely leaking memory."
looks ok to markus@
|
|
|
|
|
|
|
|
openssl 0.9.8l; crank minor version; ok djm@ deraadt@; initially from jsg@
|
|
|
|
found by Guillaume Protet (guillaume dot protet at mortheres dot info)
while testing bzr update. deraadt@ ok
|
|
beck@ ok
|
|
|
|
ok beck@
|
|
MLINKS; feedback and ok jmc@
|
|
|
|
|
|
|
|
"openssl s_client"), fix an unlikely memory leak
|
|
the size of the diff against openssl mainline
|
|
memcpy to avoid linker deprecation warnings; pointed out by dkrause@
|
|
useful "server name indication" that allows multihomed TLS server), so
remove the #define to disable it here
|
|
|
