summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* OpenSSL 1.0.0f: mergedjm2012-01-0537-166/+460
|
* OpenSSL 1.0.0f: import upstream sourcedjm2012-01-058-18/+115
|
* openssl-1.0.0e: resolve conflictsdjm2011-11-03150-1359/+2933
|
* import OpenSSL 1.0.0edjm2011-11-0368-609/+2325
|
* fix for CVE-2011-0014 "OCSP stapling vulnerability";djm2011-02-101-1/+7
| | | | | | ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected.
* move CRYPTO_VIAC3_MAX out of cryptodev.h and into the onlyjsg2010-12-161-0/+2
| | | | | | file it will be used from. requested by/ok mikeb@
* The VIA ciphers are added to an array of CRYPTO_ALGORITHM_MAX lengthjsg2010-12-161-2/+2
| | | | | | | which should have been declared as CRYPTO_ALGORITHM_MAX + 1, fix this and reserve enough space for the VIA additions as well. ok/comments from mikeb & deraadt
* Security fix for CVE-2010-4180 as mentioned in http://www.openssl.org/news/secadv_20101202.txt.jasper2010-12-152-0/+8
| | | | | | | | | where clients could modify the stored session cache ciphersuite and in some cases even downgrade the suite to weaker ones. This code is not enabled by default. ok djm@
* - Apply security fix for CVE-2010-3864 (+commit 19998 which fixes the fix).jasper2010-11-171-18/+42
| | | | ok djm@ deraadt@
* Disable use of dladdr() on a.out arches, they do not provide it (yet); ok djm@miod2010-10-181-1/+1
|
* More OpenSSL fixes:djm2010-10-063-12/+14
| | | | | | | | | - Update local engines for the EVP API change (len u_int => size_t) - Use hw_cryptodev.c instead of eng_cryptodev.c - Make x86_64-xlate.pl always write to the output file and not stdout, fixing "make -j" builds (spotted by naddy@) ok naddy@
* Retire Skipjackmikeb2010-10-062-2/+0
| | | | | | | | | | | There's not much use for the declassified cipher from the 80's with a questionable license these days. According to the FIPS drafts, Skipjack reaches its EOL in December 2010. The libc portion will be removed after the ports hackathon. djm and thib agree, no objections from deraadt Thanks to jsg for digging up FIPS drafts.
* fix -Wall due to API changedjm2010-10-011-3/+3
|
* add missing; yay for cvs!djm2010-10-013-0/+402
|
* resolve conflicts, fix local changesdjm2010-10-01990-126731/+39623
|
* import OpenSSL-1.0.0adjm2010-10-01414-6881/+51698
|
* Oracle has re-licensed sunrpc under a three-clause BSD license.millert2010-09-011-27/+29
| | | | Update our sources appropriately. OK deraadt@ jsg@
* AES-NI engine support for OpenSSL.thib2010-07-0110-3/+1661
| | | | | | | | | | This is code mostly picked up from upstream OpenSSL, or to be more exact a diff from David Woodhouse <dwmw2 at infradead dot org>. Remember to make includes before doing a build! no objections from djm@ OK deraadt@, reyk@ (AES is about 4.25x faster on his x201 now)
* VIA xcrypt for amd64, simpler version of a diff from deraadtjsg2010-06-291-6/+19
| | | | | | | | | with suggestions from miod. The codepath doesn't seem to be called yet, this will be investigated later. looks good miod@, ok deraadt@
* When running in pic mode we don't have enough general registers for alljsg2010-05-031-1/+1
| | | | | | | | | | | | the xcrypt inputs, hence the dance which is done to make this work. The constraint for the key however was "mr" which is both from memory and from a general register, it seems gcc3 went with the former and gcc4 went with the later in the pic case, so change the constraint for the key to just "m" which gives us more efficient code that both gcc3 and gcc4 are happy with. ok kettenis@
* The openssl command line tool treats the non-null terminated bufferderaadt2010-04-201-1/+1
| | | | | | | "mbuf" as a C string when using the pop3 s_client feature. This causes a segmentation fault with malloc.conf option "J" set when BIO_printf() runs off the end of the buffer. The following patch fixes PR 6282 from Matthew Haub (asked to submit upstream), ok djm
* Security fix for CVE-2010-0740jasper2010-04-141-3/+4
| | | | | | | | | "In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL." http://openssl.org/news/secadv_20100324.txt ok deraadt@ djm@ sthen@
* cherrypick patch from OpenSSL 0.9.8m:djm2010-03-044-8/+11
| | | | | *) Always check bn_wexpend() return values for failure. (CVE-2009-3245) [Martin Olsson, Neel Mehta]
* add a fix from OpenSSL CVS for SA38200.jasper2010-01-311-10/+7
| | | | | | | | "Modify compression code so it avoids using ex_data free functions. This stops applications that call CRYPTO_free_all_ex_data() prematurely leaking memory." looks ok to markus@
* plug a memory leak; found by parfait, ok djmderaadt2009-12-111-0/+2
|
* pull Ben Lauries blind prefix injection fix for CVE-2009-3555 frommarkus2009-11-104-5/+19
| | | | openssl 0.9.8l; crank minor version; ok djm@ deraadt@; initially from jsg@
* s/Mhz/MHz/, MHz is a multiple of the SI unit hertz (whose symbol is Hz).sobrado2009-10-312-4/+4
|
* pull string for memcpy; ok hshoexer@martynas2009-08-071-1/+2
|
* resolve conflictsdjm2009-04-0649-175/+303
|
* import of OpenSSL 0.9.8kdjm2009-04-0641-128/+18137
|
* missing ssl_sock_init() call in init_client() (used bydjm2009-01-301-3/+10
| | | | "openssl s_client"), fix an unlikely memory leak
* remove some gratuitous changes that do nothing other than inreasedjm2009-01-301-2/+1
| | | | the size of the diff against openssl mainline
* convert a strdup (into a purpose-allocated buffer) in libcrypto to adjm2009-01-121-2/+3
| | | | memcpy to avoid linker deprecation warnings; pointed out by dkrause@
* resolve conflictsdjm2009-01-09284-4665/+6506
|
* import openssl-0.9.8jdjm2009-01-09175-3572/+18657
|
* update to openssl-0.9.8i; tested by several, especially krw@djm2009-01-0599-2812/+4426
|
* fix some cause of bad TEXTREL on i386 and amd64otto2008-09-195-14/+64
| | | | | | | - global function calls in .init sections (diff makes them via PLT) - calls to global functions in aes-586.S (made static or local) - global variable accesses in rc4-x86_64.S (now made via GOT) from djm@large; ok miod@
* use one call to arc4random_buf() instead of lots of arc4random()djm2008-09-101-8/+2
|
* Fix merge botch.kettenis2008-09-071-3/+0
| | | | ok miod@
* remove duplicate definition of OPENSSL_DSA_MAX_MODULUS_BITS spotteddjm2008-09-061-2/+0
| | | | by dtucker@
* remerge local tweaks, update per-arch configuration headers, updatedjm2008-09-068-28/+30
| | | | Makefiles, crank shlib_version
* resolve conflictsdjm2008-09-06616-13932/+37412
|
* import of OpenSSL 0.9.8hdjm2008-09-06365-8821/+84788
|
* fix memory leak (in one case of unaligned buffers); from Markus Kvetterderaadt2008-02-261-2/+3
| | | | ok markus
* Replace use of strcpy(3) and other pointer goo inmoritz2007-10-101-15/+12
| | | | | | SSL_get_shared_ciphers() with strlcat(3). ok deraadt@ markus@
* Fix off-by-one buffer overflow in SSL_get_shared_ciphers().moritz2007-09-271-11/+11
| | | | | | From OpenSSL_0_9_8-stable branch. ok djm@
* Proper use of fseek/fseeko macros.tobias2007-09-101-1/+1
| | | | OK joris@, otto@
* http://openssl.org/news/patch-CVE-2007-3108.txt; ok pval, deraadtmarkus2007-08-211-13/+65
|
* Correctly NUL terminate the message buffer that is used with theclaudio2007-08-061-4/+24
| | | | | -starttls option. Without this openssl s_client -starttls crashed with malloc.conf -> J. OK deraadt@, hshoexer@
* More comment typos from Diego Casati. Including winners like funtion, allmost,krw2007-05-261-1/+1
| | | | oustside, seqencer, toghether, nessissary, etc.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.