summaryrefslogtreecommitdiff
path: root/lib/libssl
AgeCommit message (Collapse)Author
2013-07-13Remove no longer needed vax CFLAGS workarounds.Miod Vallat
2013-07-05VAX ELF userland bits. Consists mostly of register prefix additions.Miod Vallat
2013-05-30Switch to using unhyphenated VIA padlock mnemonics. VIA abandoned theMatthew Dempsky
hyphen in their official programming guide sometime between 2003 and 2005, and Clang's integrated assembler does not support hyphenated mnemonics. ok jsg, deraadt
2013-02-14cherry pick bugfixes for http://www.openssl.org/news/secadv_20130205.txtMarkus Friedl
from the openssl git (changes between openssl 1.0.1c and 1.0.1d). ok djm@
2008-09-06import of OpenSSL 0.9.8hDamien Miller
2013-01-26remove ACSS, crank libcrypto major; ok markus@ deraadt@Damien Miller
2012-12-03New CA root certificates, ok beck@.Stuart Henderson
- additional cert's from GlobalSign. - additional cert's from VeriSign and replace existing ones with 'Signature Algorithm: md2WithRSAEncryption' with their currently distributed sha1WithRSAEncryption versions. - new CAs: AddTrust (root for most Comodo certificates also heavily used in academic networks), Comodo (most of their certs are rooted in AddTrust but TERENA use the Comodo AAA Certificate Services root for some things so add that separately), UserTrust Network/UTN (part of Comodo) and Starfield (part of Go Daddy).
2012-12-01Additional CA root certificates: GeoTrust/Equifax, Go Daddy, StartCom, thawte.Stuart Henderson
ok beck@ william@ todd@
2012-11-30Regenerate the text information for all certificates with recent opensslStuart Henderson
and include sha1 signatures for all certs (some were missing). No certificate changes, this is just for consistency. ok beck@
2012-11-30Remove retired Thawte/Verisign certificates.Stuart Henderson
Remove intermediate GoDaddy certificate, this file should just contain roots. ok beck@ phessler@
2012-10-31On amd64 OPENSSL_cpuid_setup and OPENSSL_ia32cap_P are now hidden so we don'tMark Kettenis
have to go through the PLT/GOT to get at them anymore. In fact going through the GOT now fails since we no longer have a GOT entry for OPENSSL_ia32cap_P. Fixes the problem spotted by jasper@ and sthen@. Based on a diff from mikeb@ who did most of the actual work of tracking down the issue. ok millert@, mikeb@
2012-10-22Restore r1.10, lost during last update:Miod Vallat
Disable use of dladdr() on a.out arches, they do not provide it (yet);
2012-10-13Makefile and header changes for OpenSSL-1.0.1cDamien Miller
major cranks
2012-10-13import files that CVS missed; sighDamien Miller
2012-10-13resolve conflictsDamien Miller
2012-10-13import OpenSSL-1.0.1cDamien Miller
2012-08-21When deciding whether we're PIC in a (generated) asm file, check for both PICPascal Stumpf
and __PIC__ defines. Makes things easier for PIE. ok djm@
2012-08-02remove leftover NOLINT, WANTLINT, LINTFLAGS, LOBJ vars and lint targets.Okan Demirmen
ok guenther@
2012-07-12Skip printing another SSLv2-only command in s_client's usage text.Stuart Henderson
jmc@ noticed this in the manpage while updating it, but it applies here too.
2012-07-11Disable SSLv2 in OpenSSL. No objections from djm.Stuart Henderson
Brad, jasper and naddy helped with test builds, fixing ports, etc.
2012-04-19cherrypick fix for CVE-2012-2110: libcrypto ASN.1 parsing heap overflowDamien Miller
ok miod@ deraadt@
2012-01-05OpenSSL 1.0.0f: crank minorDamien Miller
2012-01-05OpenSSL 1.0.0f: mergeDamien Miller
2012-01-05OpenSSL 1.0.0f: import upstream sourceDamien Miller
2011-11-03crank major for openssl-1.0.0eDamien Miller
2011-11-03openssl-1.0.0e: resolve conflictsDamien Miller
2011-11-03import OpenSSL 1.0.0eDamien Miller
2011-08-03Add support for hppa64 based on the defaults for 64-bit HP-UX as found in theMark Kettenis
Configure script. ok deraadt@
2011-07-20- Replace digicert 2nd-level cert with the root which issued it.Stuart Henderson
Allows https checkouts from github to work. - Add digicert's other root certs. Fingerprints carefully checked against those in the built-in roots supplied with Mozilla. ok dcoppa@ jcs@
2011-07-08No need to set CFLAGS+=-DOPENSSL_IA32_SSE2 on amd64. Nothing uses it.Marco Pfatschbacher
Small test by marco@ and md5 /usr/lib/libcrypto.so.19.0 agrees.
2011-07-08Pass CFLAGS (which contains -DOPENSSL_IA32_SSE2) to the perlasmMarco Pfatschbacher
build on i386. This enables SSE2 optimizations for bignum multiplications, Montgomery multiplications and sha512. This speeds up Diffie-Hellman operations in isakmpd and iked quite a bit. OK djm@, markus@, mikeb@
2011-06-23switch to installing source manuals (base part)Ingo Schwarze
discussed with lots of people, tested by naddy@, "move fast" deraadt@
2011-06-15Add the following certs:David Hill
DigiCert High Assurance CA-3 Go Daddy Secure Certification Authority/serialNumber=07969287 Equifax Secure Certificate Authority VeriSign Class 3 Public Primary Certification Authority - G5 Entrust Certification Authority - L1C Entrust.net Secure Server Certification Authority ok mikeb@ beck@ fgsch@ constant prodding by marco@
2011-05-26remove hack to test and create /usr/lib/pkgconfig/ if needed, it's been sixJasper Lievisse Adriaanse
months since it was introduced so it's safe to assume people have this dir now. ok deraadt@
2011-05-05Make this script more generic and minimize differences betweenJasper Lievisse Adriaanse
the openssl and libz versions: - use a generic ${lib_version} - define ${version_file} to look run ${version_re} on to acquire the library version. - add license - remove unused -k flag no change in generated files ok sthen@
2011-05-03Adjust to explicitly list ${libdir}.Jasper Lievisse Adriaanse
ok sthen@
2011-03-25back out previous commit.Bob Beck
"if you have checked this I am ok with it" does not mean 1) not to pay attention to breaking news after I tell you that and 2) not to get ok's from the others this had been shown to. I am absolutely not ok with thig going in with only *my* ok. There's a reason why we want more than one ok on important commits ok deraadt@ for the backout
2011-03-25Add the following certs:David Hill
DigiCert High Assurance CA-3 Go Daddy Secure Certification Authority COMODO High-Assurance Secure Server CA Equifax Secure Certificate Authority VeriSign Class 3 Public Primary Certification Authority - G5 Entrust Certification Authority - L1C Entrust.net Secure Server Certification Authority cross checked with mozilla ok beck@
2011-03-24This script doesn't need write access to $curdir. Just check existence.Matthieu Herrb
Fixes build on NFS src with no root access. ok jasper@
2011-03-03Remove expired certs.David Hill
ok beck@ fgsch@
2011-02-10fix for CVE-2011-0014 "OCSP stapling vulnerability";Damien Miller
ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected.
2011-01-25Put -I${includedir} back into Cflags so configure script tests likeChristian Weisgerber
test -n "`pkg-config --cflags openssl`" don't assume that OpenSSL isn't available. ok miod@, sthen@, ajacoutot@, djm@
2011-01-21- simplify, krb5 handling is not needed.Jasper Lievisse Adriaanse
prompted by brad
2011-01-03- adjust krb5 directoriesJasper Lievisse Adriaanse
- zap a trailing tab
2010-12-28- ensure ${DESTDIR}/usr/lib/pkgconfig/ as running make distrib-dirs is notJasper Lievisse Adriaanse
common/encouraged practice
2010-12-28- generate and install pkg-config files for openssl, which more and moreJasper Lievisse Adriaanse
projects depend on being present (e.g. various ports). as discussed with various porters in a hungarian spa help/feedback from ingo@ and also OK halex@ no objections from djm@
2010-12-16move CRYPTO_VIAC3_MAX out of cryptodev.h and into the onlyJonathan Gray
file it will be used from. requested by/ok mikeb@
2010-12-16The VIA ciphers are added to an array of CRYPTO_ALGORITHM_MAX lengthJonathan Gray
which should have been declared as CRYPTO_ALGORITHM_MAX + 1, fix this and reserve enough space for the VIA additions as well. ok/comments from mikeb & deraadt
2010-12-15Security fix for CVE-2010-4180 as mentioned in ↵Jasper Lievisse Adriaanse
http://www.openssl.org/news/secadv_20101202.txt. where clients could modify the stored session cache ciphersuite and in some cases even downgrade the suite to weaker ones. This code is not enabled by default. ok djm@
2010-11-17- Apply security fix for CVE-2010-3864 (+commit 19998 which fixes the fix).Jasper Lievisse Adriaanse
ok djm@ deraadt@