| Age | Commit message (Collapse) | Author |
|---|
|
In OpenBSD's case, we know it has optimal entropy properties,
so just say so.
okay mikeb@, "why not" deraadt@
|
|
|
|
ok jmc@
|
|
still under a free license, tweaked by me
|
|
|
|
The algorithm is insecure and yet its description would spread over
three paragraphs in the cipher list, including remarkable advice
like using a 40 bit key length.
|
|
this moves a large number of functions out of the way that are no
longer the latest and greatest. Also mention a few that were missing.
|
|
that are also documented in OpenSSL 1.1.1 (still under a free license)
|
|
in r1.28 when the AES ciphers were split into their own manual.
|
|
okay tb@
|
|
patch from Peter Piwowarski <peterjpiwowarski at gmail dot com>
|
|
AES wrap modes, the function EVP_CIPHER_CTX_set_flags(3) needed to
set it, and the companion functions EVP_CIPHER_CTX_clear_flags(3)
and EVP_CIPHER_CTX_test_flags(3).
With help and an OK from tb@.
|
|
Found by oss-fuzz, fixes issue #13797.
ok beck@ tb@
|
|
|
|
check for overflow correctly after computing a file offset
|
|
includes changes to address problems sunil@ found with fuzzing
original diff from and ok sunil@
|
|
* correct the description of "unknown"
(the previous are both from OpenSSL 1.1.1, still under a free license)
* add a comment saying that TLS1_get_version() and TLS1_get_client_version()
are intentionally undocumented (reasons provided by jsing@)
|
|
from Jan Stary <hans at stare dot cz>.
Where here, correct one .Vt NULL -> .Dv NULL.
|
|
both resulting pages are still long.
Mention a number of missing functions.
Add some text from the OpenSSL 1.1.1 EVP_aes.pod manual page,
which is still under a free license.
Add missing HISTORY information.
Triggered by tb@ providing EVP_aes_{128,192,256}_wrap(3)
in evp.h rev. 1.74.
|
|
Document them.
|
|
|
|
No binary change.
|
|
Document it.
Even though OpenSSL muddles the waters by lumping the description
together with the other EVP_PKEY_get0_*() functions, describe it
separately because a char * has no reference count and because
the function fills in an additional length parameter.
|
|
|
|
freely licensed.
From jsing
|
|
implementation based on the one in OpenSSL 1.0.2r which is
still freely licensed.
The functions are undocumented in OpenSSL. To use them, one
needs to set the undocumented EVP_CIPHER_CTX_FLAG_WRAP_ALLOW
flag on the EVP_CIPHER_CTX.
resolves #505
ok jsing
|
|
This is an ISC licensed version based on the sources by Ribose Inc
that were ported to OpenSSL in 2017.
Patch from Daniel Wyatt with minor tweaks.
ok inoguchi, jsing
|
|
ok tb@
|
|
The recv action handler returns success/failure, rather than a TLS13_IO_*
value, which is what tls13_handshake_recv_action() needs to return.
Failure previously mapped to TLS13_IO_EOF, which is not ideal.
ok tb@
|
|
LibreSSL only supports TLSv1.0 and above, hence the checks the macros are
performing are useless. Simplify them to their effective code. Also place
both under #ifndef LIBRESSL_INTERNAL and use the variables directly in our
code, which improves readability.
ok tb@
|
|
In TLSv1.3 the alert level is effectively meaningless and the record layer
has already checked that it is appropriate. As such, drop it from the alert
callback.
ok tb@
|
|
|
|
From Viktor Dukhovni via OpenSSL commit 0df65d82 Jun 12 11:51:53 2018 -0400
which is still under a free license because it is before the 1.1.1 branch point.
While here, add several missing const qualifiers.
|
|
so mention it here, too.
|
|
From David dot von dot Oheimb at siemens dot com
via OpenSSL commit b8c32081 Feb 10 15:45:11 2018 +0100, which is still
under a free license because it is before the 1.1.1 branch point.
|
|
ok deraadt@
|
|
ok patrick@
|
|
|
|
mechanical M_ASN1 macro expansion. The ASN1_INTEGER_cmp function
takes signs into account while ASN1_STRING_cmp doesn't. The mixups
mostly involve serialNumbers, which, in principle, should be positive.
However, it is unclear whether that is checked or enforced anywhere
in the code, so these are probably bugs.
Patch from Holger Mikolon
ok jsing
|
|
cert.pem from Mozilla NSS.
|
|
in preparation for adding support for the probing code for arm64.
ok bcook@
|
|
Caching implemented via red-black trees, this can be improved and
further work is on-going to bring it closer to GNU's performance that
uses a LRU-MRU 8-entries based caching algorithm.
Prompted by robert@ who run into a runtime of an executed macro of
5 minutes in libreoffice. With this the execution is reduced to 58 seconds.
C++11 tips from espie@, rsadowski@
Tested by robert@
OK mortimer@, kettenis@.
|
|
in libm since the rounding mode is in fpcr, not fpsr. Since both FPU
registers are 32-bit we can store them in the 64-bit fenv_t to make
handling the bits easier.
While there add FE_DENORMAL, which also exists on x86. Also make sure
that whenever we are being passed an exception mask, we only allow the
bits that are supported by hardware.
Found by regression tests
Debugged with Moritz Buhl
ok kettenis@
|
|
|
|
because CRYPTO_set_locking_callback() is now a no-op
and was never documented in the first place;
no text change;
requested by jmc@ long ago
|
|
and that don't do anything in OpenSSL either;
no significant amount of text remains from OpenSSL, so change the
Copyright information and license of CRYPTO_set_locking_callback.3;
OK inoguchi@ jmc@
|
|
shared one manpage.
ok florian@
|
|
From Holger Mikolon
|
|
Gcc/clang will treat void * as char * but this is non-standard.
OK deraadt@ jsing@ inoguchi@
|
|
that could happen if there was more than one writer waiting
for a read-locked rwlock.
Problem found by semarie@.
OK semarie@ tedu@
|
