Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Add the extendedKeyUsage flags serverAuth and clientAuth. Newer Windows | 2010-06-26 | 1 | -0/+3 | ||
| | | | | | | | | version require these flags to accept the X.509 certificates from the gateway or client; I just add both flags to make it work in both cases and verified it with win7, for example when authenticating against iked. go ahead beck@ | |||||
* | When running in pic mode we don't have enough general registers for all | 2010-05-03 | 1 | -1/+1 | ||
| | | | | | | | | | | | | the xcrypt inputs, hence the dance which is done to make this work. The constraint for the key however was "mr" which is both from memory and from a general register, it seems gcc3 went with the former and gcc4 went with the later in the pic case, so change the constraint for the key to just "m" which gives us more efficient code that both gcc3 and gcc4 are happy with. ok kettenis@ | |||||
* | The openssl command line tool treats the non-null terminated buffer | 2010-04-20 | 1 | -1/+1 | ||
| | | | | | | | "mbuf" as a C string when using the pop3 s_client feature. This causes a segmentation fault with malloc.conf option "J" set when BIO_printf() runs off the end of the buffer. The following patch fixes PR 6282 from Matthew Haub (asked to submit upstream), ok djm | |||||
* | Security fix for CVE-2010-0740 | 2010-04-14 | 2 | -6/+8 | ||
| | | | | | | | | | "In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL." http://openssl.org/news/secadv_20100324.txt ok deraadt@ djm@ sthen@ | |||||
* | Build all manual pages in base with mandoc(1) instead of groff, | 2010-04-03 | 1 | -3/+3 | ||
| | | | | | | excepting the tbl(1) pages, which are less than twenty. "commit the diff that enables it, now" deraadt@ | |||||
* | cherrypick patch from OpenSSL 0.9.8m: | 2010-03-04 | 4 | -8/+11 | ||
| | | | | | *) Always check bn_wexpend() return values for failure. (CVE-2009-3245) [Martin Olsson, Neel Mehta] | |||||
* | Use MACHINE_CPU instead of MACHINE_ARCH to pick the correct machine dependent | 2010-02-03 | 1 | -6/+8 | ||
| | | | | | | | files or directories when applicable. The inspiration and name of MACHINE_CPU come from NetBSD, although the way to provide it to Makefiles is completely different. ok kettenis@ | |||||
* | add a fix from OpenSSL CVS for SA38200. | 2010-01-31 | 1 | -10/+7 | ||
| | | | | | | | | "Modify compression code so it avoids using ex_data free functions. This stops applications that call CRYPTO_free_all_ex_data() prematurely leaking memory." looks ok to markus@ | |||||
* | new ipsca root. | 2009-12-31 | 1 | -0/+108 | ||
| | ||||||
* | ipsca has expired | 2009-12-31 | 1 | -51/+0 | ||
| | ||||||
* | plug a memory leak; found by parfait, ok djm | 2009-12-11 | 1 | -0/+2 | ||
| | ||||||
* | pull Ben Lauries blind prefix injection fix for CVE-2009-3555 from | 2009-11-10 | 10 | -12/+40 | ||
| | | | | openssl 0.9.8l; crank minor version; ok djm@ deraadt@; initially from jsg@ | |||||
* | s/Mhz/MHz/, MHz is a multiple of the SI unit hertz (whose symbol is Hz). | 2009-10-31 | 2 | -4/+4 | ||
| | ||||||
* | another cert that makes godaddy.com and launchpad.net (among others) happy. | 2009-10-12 | 1 | -0/+51 | ||
| | | | | | found by Guillaume Protet (guillaume dot protet at mortheres dot info) while testing bzr update. deraadt@ ok | |||||
* | remove expired certificates and add startcom ltd. | 2009-08-08 | 1 | -839/+148 | ||
| | | | | beck@ ok | |||||
* | pull string for memcpy; ok hshoexer@ | 2009-08-07 | 1 | -1/+2 | ||
| | ||||||
* | add ipsCA as a valid authority. | 2009-05-25 | 1 | -0/+51 | ||
| | | | | ok beck@ | |||||
* | resync libssl/libcrypto pod documentation - quite a few more pages and | 2009-04-10 | 1 | -27/+242 | ||
| | | | | MLINKS; feedback and ok jmc@ | |||||
* | crankus majoris | 2009-04-06 | 3 | -3/+3 | ||
| | ||||||
* | resolve conflicts | 2009-04-06 | 52 | -176/+308 | ||
| | ||||||
* | import of OpenSSL 0.9.8k | 2009-04-06 | 41 | -128/+18137 | ||
| | ||||||
* | missing ssl_sock_init() call in init_client() (used by | 2009-01-30 | 1 | -3/+10 | ||
| | | | | "openssl s_client"), fix an unlikely memory leak | |||||
* | remove some gratuitous changes that do nothing other than inrease | 2009-01-30 | 1 | -2/+1 | ||
| | | | | the size of the diff against openssl mainline | |||||
* | convert a strdup (into a purpose-allocated buffer) in libcrypto to a | 2009-01-12 | 1 | -2/+3 | ||
| | | | | memcpy to avoid linker deprecation warnings; pointed out by dkrause@ | |||||
* | openssl-0.9.8j enables RFC3546 TLS extensions by default (e.g. the very | 2009-01-09 | 13 | -39/+0 | ||
| | | | | | useful "server name indication" that allows multihomed TLS server), so remove the #define to disable it here | |||||
* | adjust Makefile and crank major for openssl-0.9.8j | 2009-01-09 | 17 | -16/+56 | ||
| | ||||||
* | resolve conflicts | 2009-01-09 | 293 | -4796/+6975 | ||
| | ||||||
* | import openssl-0.9.8j | 2009-01-09 | 182 | -3583/+18902 | ||
| | ||||||
* | Add a missing MLINK for BIO_new_socket. | 2009-01-08 | 1 | -1/+2 | ||
| | | | | Noticed by blambert@. Ok jmc@. | |||||
* | update to openssl-0.9.8i; tested by several, especially krw@ | 2009-01-05 | 136 | -2902/+4741 | ||
| | ||||||
* | fix some cause of bad TEXTREL on i386 and amd64 | 2008-09-19 | 5 | -14/+64 | ||
| | | | | | | | - global function calls in .init sections (diff makes them via PLT) - calls to global functions in aes-586.S (made static or local) - global variable accesses in rc4-x86_64.S (now made via GOT) from djm@large; ok miod@ | |||||
* | use one call to arc4random_buf() instead of lots of arc4random() | 2008-09-10 | 1 | -8/+2 | ||
| | ||||||
* | turn off CAST assembler code (i.e. use C implementation) as it has bad | 2008-09-08 | 1 | -3/+3 | ||
| | | | | | relocations that lead to libcrypto.so being marked TEXTREL; linker-fu from drahn@ "go ahead" deraadt@ | |||||
* | sparc now requires this bloated library to be -fPIC | 2008-09-07 | 1 | -1/+5 | ||
| | ||||||
* | Fix merge botch. | 2008-09-07 | 1 | -3/+0 | ||
| | | | | ok miod@ | |||||
* | remove duplicate definition of OPENSSL_DSA_MAX_MODULUS_BITS spotted | 2008-09-06 | 1 | -2/+0 | ||
| | | | | by dtucker@ | |||||
* | remerge local tweaks, update per-arch configuration headers, update | 2008-09-06 | 26 | -98/+875 | ||
| | | | | Makefiles, crank shlib_version | |||||
* | resolve conflicts | 2008-09-06 | 660 | -15376/+43371 | ||
| | ||||||
* | import of OpenSSL 0.9.8h | 2008-09-06 | 388 | -9448/+92829 | ||
| | ||||||
* | Install man pages for the BIO_* libcrypto functions, but not bio.3 | 2008-07-28 | 1 | -1/+126 | ||
| | | | | | | as the page doesn't directly describe any functions. ok deraadt@ | |||||
* | i have to crank this for a ridiculous reason, to save me about 4 hours of work | 2008-07-25 | 1 | -1/+1 | ||
| | ||||||
* | remove duplicates; remove des_random_key; remove unused; sort MLINKS; ok jmc@ | 2008-05-07 | 1 | -113/+8 | ||
| | ||||||
* | fix memory leak (in one case of unaligned buffers); from Markus Kvetter | 2008-02-26 | 1 | -2/+3 | ||
| | | | | ok markus | |||||
* | Replace use of strcpy(3) and other pointer goo in | 2007-10-10 | 2 | -30/+24 | ||
| | | | | | | SSL_get_shared_ciphers() with strlcat(3). ok deraadt@ markus@ | |||||
* | Fix off-by-one buffer overflow in SSL_get_shared_ciphers(). | 2007-09-27 | 2 | -22/+22 | ||
| | | | | | | From OpenSSL_0_9_8-stable branch. ok djm@ | |||||
* | Proper use of fseek/fseeko macros. | 2007-09-10 | 1 | -1/+1 | ||
| | | | | OK joris@, otto@ | |||||
* | http://openssl.org/news/patch-CVE-2007-3108.txt; ok pval, deraadt | 2007-08-21 | 1 | -13/+65 | ||
| | ||||||
* | Correctly NUL terminate the message buffer that is used with the | 2007-08-06 | 1 | -4/+24 | ||
| | | | | | -starttls option. Without this openssl s_client -starttls crashed with malloc.conf -> J. OK deraadt@, hshoexer@ | |||||
* | More comment typos from Diego Casati. Including winners like funtion, allmost, | 2007-05-26 | 1 | -1/+1 | ||
| | | | | oustside, seqencer, toghether, nessissary, etc. | |||||
* | Add proper checks against fgets failure. From Charles Longeau. | 2007-04-06 | 1 | -1/+2 | ||
| | | | | OK moritz@, millert@, and jaredy@. |