summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2014-07-12guard inclusion of sys/sysctl.h so we can detect at compile time andBob Beck
keep linux distros happy that don't have it. ok bcook@
2014-07-12Principle of least surprise: make CMAC_CTX_free(), OCSP_REQ_CTX_free() andMiod Vallat
X509_STORE_CTX_free() accept NULL pointers as input without dereferencing them, like all the other well-behaved *_CTX_free() functions do.
2014-07-12remove gratuitous differences, ok beckTheo de Raadt
2014-07-12remove gratuitous differences, ok beck bcookTheo de Raadt
2014-07-12Correct the sentence in the BUGS section. Colon chars are usable as aYASUOKA Masahiko
string value and usage of it in type is documented in the other section. ok jmc
2014-07-12Split arc4random_uniform into it's own file, to assist other projectsTheo de Raadt
now using this as upstream code. The particular problem is systems that contain older arc4random derivations lacking arc4random_uniform(). ok tedu miod
2014-07-12Solaris uses a symbolic link for /dev/urandom which harms best practice ofBob Beck
using O_NOFOLLOW - cope with it as best as possible by trying two different paths. - written by deraadt@ and kettenis@
2014-07-12Remove remnants from PSK, KRB5 and SRP.Joel Sing
ok beck@ miod@
2014-07-12typosMiod Vallat
2014-07-12Place comments in a block above the if statement, rather than attemptingJoel Sing
to interleave them within the conditions. Also fix wrapping and indentation.
2014-07-12Make disabling last cipher work.Philip Guenther
From Thijs Alkemade via OpenSSL trunk ok miod@
2014-07-12-DOPENSSL_NO_KRB5 is no longer neededTheo de Raadt
ok guenther
2014-07-12odds are that some ABI change occured today, no matter how careful everyoneTheo de Raadt
is
2014-07-12enough churn, a crank is advised by guenther..Theo de Raadt
2014-07-12document sendsyslog(2); ok guenther tedu matthewTheo de Raadt
2014-07-12Initial version of libressl - a library that provides a clean, simple,Joel Sing
consistent and secure-by-default API for SSL clients (and soon servers). This is a long way from complete and the interface will likely change substantially - committing now so that further work can happen in the tree. Initiated by tedu@ and inspired by discussions with tedu@, beck@ and other developers.
2014-07-11As reported by David Ramos, most consumer of ssl_get_message() perform lateMiod Vallat
bounds check, after reading the 2-, 3- or 4-byte size of the next chunk to process. But the size fields themselves are not checked for being entirely contained in the buffer. Since reading past your bounds is bad practice, and may not possible if you are using a secure memory allocator, we need to add the necessary bounds check, at the expense of some readability. As a bonus, a wrong size GOST session key will now trigger an error instead of a printf to stderr and it being handled as if it had the correct size. Creating this diff made my eyes bleed (in the real sense); reviewing it made guenther@'s and beck@'s eyes bleed too (in the literal sense). ok guenther@ beck@
2014-07-11Provide LIBRESSL_VERSION_NUMBER for people who use such things toBob Beck
detect versions distinct from OPENSSL_BLAH_WOOF.. ok jsing@ tedu@ deraadt@
2014-07-11missing \Theo de Raadt
2014-07-11formattingBob Beck
ok bcook@
2014-07-11add comment about format requirementsBob Beck
ok miod@
2014-07-11Modify formatting to make portable's life a lot easier.Bob Beck
ok miod@ bcook@
2014-07-11adapt addapt spelling to adapt; request from miodTheo de Raadt
2014-07-11Huge documentation update for libcrypto and libssl, mostly from Matt Caswell,Miod Vallat
Jeff Trawick, Jean-Paul Calderone, Michal Bozon, Jeffrey Walton and Rich Salz, via OpenSSL trunk (with some parts not applying to us, such as SSLv2 support, at least partially removed).
2014-07-11If the application uses tls_session_secret_cb for session resumption, setMiod Vallat
the CCS_OK flag. From OpenSSL trunk.
2014-07-11Avoid invoking EVP_CIPHER_CTX_cleanup() on uninitialized memory; fromMiod Vallat
Coverity via OpenSSL trunk
2014-07-11Fix a memory leak in BIO_free() which no current BIO can trigger; OpenSSLMiod Vallat
PR #3439 via OpenSSL trunk
2014-07-11Prevent infinite loop during configuration file parsing; OpenSSL PR #2985Miod Vallat
via OpenSSL trunk.
2014-07-11Missing bounds check in do_PVK_body(); OpenSSL RT #2277, from OpenSSL trunk,Miod Vallat
but without a memory leak.
2014-07-11OPENSSL_ALGORITHM_DEFINES has been removed from conf.h, no need for it nowTed Unangst
2014-07-11In RSA_eay_private_encrypt(), correctly return the smaller BN; OpenSSLMiod Vallat
PR #3418 via OpenSSL trunk
2014-07-11In ssl3_get_cert_verify(), allow for larger messages to accomodate keysMiod Vallat
larger than 4096-bit RSA which the most paranoid of us are using; OpenSSL PR #319 via OpenSSL trunk.
2014-07-11it has been 4888 days since the transient feature to define short macrosTed Unangst
for apps that haven't had time to make the appropriate changes was added. time's up.
2014-07-11Apparently better fix for OpenSSL PR #3397 (Joyent bug #7704), from OpenSSLMiod Vallat
trunk
2014-07-11Also make these files parsable by pod2man..Bob Beck
ok bcook@
2014-07-11Make this file parsable by pod2man without errors.Bob Beck
ok bcook@
2014-07-11In ASN1_get_object(), reject primitive encodings using the indefinite lengthMiod Vallat
constructed form. OpenSSL PR #2438 via OpenSSL trunk
2014-07-11Fix copy for CCM, GCM and XTS.Miod Vallat
Internal pointers in CCM, GCM and XTS contexts should either be NULL or set to point to the appropriate key schedule. This needs to be adjusted when copying contexts. OpenSSL PR #3272 with further fixes, from OpenSSL trunk
2014-07-11i'm a dumbdumb. fix build.Ted Unangst
2014-07-11In asn1_get_length(), tolerate leading zeroes in BER encoding.Miod Vallat
OpenSSL PR #2746 via OpenSSL trunk
2014-07-11In EVP_PBE_alg_add don't use the underlying NID for the cipherMiod Vallat
as it may have a non-standard key size; OpenSSL PR #3206 via OpenSSL trunk.
2014-07-11additional features: no buffer freelists and no heartbleedTed Unangst
2014-07-11no compression is also a feature of libresslTed Unangst
2014-07-11move all the feature settings to a common header.Ted Unangst
probably ok beck jsing miod
2014-07-11Tolerate critical AKID in CRLs; OpenSSL PR #3014 via OpenSSL trunk, andMiod Vallat
also update the comments to reflect what the code now does.
2014-07-11Fix OID encoding for single components. OpenSSL PR #2556 via OpenSSL trunk.Miod Vallat
(be sure to make cleandir and make includes before building)
2014-07-11More memory leaks and unchecked allocations; OpenSSL PR #3403 via OpenSSLMiod Vallat
trunk. (note we had already fixed some of the issues in that PR independently)
2014-07-11Fix incorrect duplicate mlinksBob Beck
ok bcook@
2014-07-11Make sure BN_sqr never returns negative numbers.Miod Vallat
OpenSSL PR #3400 via OpenSSL trunk.
2014-07-11Accept CCS again after `finished' has been sent by the client; at this pointMiod Vallat
keys have been correctly set up so it is ok to accept CCS from the server. Without renegotiation can sometimes fail. OpenSSL PR #3400 via OpenSSL trunk.