summaryrefslogtreecommitdiff
path: root/lib/libssl
AgeCommit message (Collapse)Author
2012-08-21When deciding whether we're PIC in a (generated) asm file, check for both PICPascal Stumpf
and __PIC__ defines. Makes things easier for PIE. ok djm@
2012-08-02remove leftover NOLINT, WANTLINT, LINTFLAGS, LOBJ vars and lint targets.Okan Demirmen
ok guenther@
2012-07-12Skip printing another SSLv2-only command in s_client's usage text.Stuart Henderson
jmc@ noticed this in the manpage while updating it, but it applies here too.
2012-07-11Disable SSLv2 in OpenSSL. No objections from djm.Stuart Henderson
Brad, jasper and naddy helped with test builds, fixing ports, etc.
2012-04-19cherrypick fix for CVE-2012-2110: libcrypto ASN.1 parsing heap overflowDamien Miller
ok miod@ deraadt@
2012-01-05OpenSSL 1.0.0f: crank minorDamien Miller
2012-01-05OpenSSL 1.0.0f: mergeDamien Miller
2012-01-05OpenSSL 1.0.0f: import upstream sourceDamien Miller
2011-11-03crank major for openssl-1.0.0eDamien Miller
2011-11-03openssl-1.0.0e: resolve conflictsDamien Miller
2011-11-03import OpenSSL 1.0.0eDamien Miller
2011-08-03Add support for hppa64 based on the defaults for 64-bit HP-UX as found in theMark Kettenis
Configure script. ok deraadt@
2011-07-20- Replace digicert 2nd-level cert with the root which issued it.Stuart Henderson
Allows https checkouts from github to work. - Add digicert's other root certs. Fingerprints carefully checked against those in the built-in roots supplied with Mozilla. ok dcoppa@ jcs@
2011-07-08No need to set CFLAGS+=-DOPENSSL_IA32_SSE2 on amd64. Nothing uses it.Marco Pfatschbacher
Small test by marco@ and md5 /usr/lib/libcrypto.so.19.0 agrees.
2011-07-08Pass CFLAGS (which contains -DOPENSSL_IA32_SSE2) to the perlasmMarco Pfatschbacher
build on i386. This enables SSE2 optimizations for bignum multiplications, Montgomery multiplications and sha512. This speeds up Diffie-Hellman operations in isakmpd and iked quite a bit. OK djm@, markus@, mikeb@
2011-06-23switch to installing source manuals (base part)Ingo Schwarze
discussed with lots of people, tested by naddy@, "move fast" deraadt@
2011-06-15Add the following certs:David Hill
DigiCert High Assurance CA-3 Go Daddy Secure Certification Authority/serialNumber=07969287 Equifax Secure Certificate Authority VeriSign Class 3 Public Primary Certification Authority - G5 Entrust Certification Authority - L1C Entrust.net Secure Server Certification Authority ok mikeb@ beck@ fgsch@ constant prodding by marco@
2011-05-26remove hack to test and create /usr/lib/pkgconfig/ if needed, it's been sixJasper Lievisse Adriaanse
months since it was introduced so it's safe to assume people have this dir now. ok deraadt@
2011-05-05Make this script more generic and minimize differences betweenJasper Lievisse Adriaanse
the openssl and libz versions: - use a generic ${lib_version} - define ${version_file} to look run ${version_re} on to acquire the library version. - add license - remove unused -k flag no change in generated files ok sthen@
2011-05-03Adjust to explicitly list ${libdir}.Jasper Lievisse Adriaanse
ok sthen@
2011-03-25back out previous commit.Bob Beck
"if you have checked this I am ok with it" does not mean 1) not to pay attention to breaking news after I tell you that and 2) not to get ok's from the others this had been shown to. I am absolutely not ok with thig going in with only *my* ok. There's a reason why we want more than one ok on important commits ok deraadt@ for the backout
2011-03-25Add the following certs:David Hill
DigiCert High Assurance CA-3 Go Daddy Secure Certification Authority COMODO High-Assurance Secure Server CA Equifax Secure Certificate Authority VeriSign Class 3 Public Primary Certification Authority - G5 Entrust Certification Authority - L1C Entrust.net Secure Server Certification Authority cross checked with mozilla ok beck@
2011-03-24This script doesn't need write access to $curdir. Just check existence.Matthieu Herrb
Fixes build on NFS src with no root access. ok jasper@
2011-03-03Remove expired certs.David Hill
ok beck@ fgsch@
2011-02-10fix for CVE-2011-0014 "OCSP stapling vulnerability";Damien Miller
ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected.
2011-01-25Put -I${includedir} back into Cflags so configure script tests likeChristian Weisgerber
test -n "`pkg-config --cflags openssl`" don't assume that OpenSSL isn't available. ok miod@, sthen@, ajacoutot@, djm@
2011-01-21- simplify, krb5 handling is not needed.Jasper Lievisse Adriaanse
prompted by brad
2011-01-03- adjust krb5 directoriesJasper Lievisse Adriaanse
- zap a trailing tab
2010-12-28- ensure ${DESTDIR}/usr/lib/pkgconfig/ as running make distrib-dirs is notJasper Lievisse Adriaanse
common/encouraged practice
2010-12-28- generate and install pkg-config files for openssl, which more and moreJasper Lievisse Adriaanse
projects depend on being present (e.g. various ports). as discussed with various porters in a hungarian spa help/feedback from ingo@ and also OK halex@ no objections from djm@
2010-12-16move CRYPTO_VIAC3_MAX out of cryptodev.h and into the onlyJonathan Gray
file it will be used from. requested by/ok mikeb@
2010-12-16The VIA ciphers are added to an array of CRYPTO_ALGORITHM_MAX lengthJonathan Gray
which should have been declared as CRYPTO_ALGORITHM_MAX + 1, fix this and reserve enough space for the VIA additions as well. ok/comments from mikeb & deraadt
2010-12-15Security fix for CVE-2010-4180 as mentioned in ↵Jasper Lievisse Adriaanse
http://www.openssl.org/news/secadv_20101202.txt. where clients could modify the stored session cache ciphersuite and in some cases even downgrade the suite to weaker ones. This code is not enabled by default. ok djm@
2010-11-17- Apply security fix for CVE-2010-3864 (+commit 19998 which fixes the fix).Jasper Lievisse Adriaanse
ok djm@ deraadt@
2010-10-18Disable use of dladdr() on a.out arches, they do not provide it (yet); ok djm@Miod Vallat
2010-10-07OpenSSL grows another undocumented header, apparently needed on armishDamien Miller
2010-10-06More OpenSSL fixes:Damien Miller
- Update local engines for the EVP API change (len u_int => size_t) - Use hw_cryptodev.c instead of eng_cryptodev.c - Make x86_64-xlate.pl always write to the output file and not stdout, fixing "make -j" builds (spotted by naddy@) ok naddy@
2010-10-06Retire SkipjackMike Belopuhov
There's not much use for the declassified cipher from the 80's with a questionable license these days. According to the FIPS drafts, Skipjack reaches its EOL in December 2010. The libc portion will be removed after the ports hackathon. djm and thib agree, no objections from deraadt Thanks to jsg for digging up FIPS drafts.
2010-10-04Our make already uses sh -e when executing commands.Christian Weisgerber
Revert the "set -e" additions and kill unneeded subshells. ok djm@
2010-10-03DES_LONG should be u_int on all platforms, it was spuriouslyDamien Miller
u_long on i386. suggested by deraadt@ and kettenis@
2010-10-02percolate up errors from perl asm scripts, correctly enable SHA-256 asm onDamien Miller
amd64
2010-10-01fix -Wall due to API changeDamien Miller
2010-10-01update supporting files, crank library majorsDamien Miller
2010-10-01add missing; yay for cvs!Damien Miller
2010-10-01resolve conflicts, fix local changesDamien Miller
2010-10-01import OpenSSL-1.0.0aDamien Miller
2010-09-09Use mandoc instead of groff to build PostScript manuals; note thatIngo Schwarze
these are not built by default, but only built when MANPS is set. kristaps@ and jmc@ agree with the idea, and the patch doesn't bother deraadt@ at all
2010-09-01Oracle has re-licensed sunrpc under a three-clause BSD license.Todd C. Miller
Update our sources appropriately. OK deraadt@ jsg@
2010-07-01oops. Missed this from my aes-ni commit.Thordur I. Bjornsson
2010-07-01import OpenSSL-1.0.1cThordur I. Bjornsson
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-14 08:49:10 +0000