summaryrefslogtreecommitdiffstats
path: root/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* remove leftover NOLINT, WANTLINT, LINTFLAGS, LOBJ vars and lint targets.okan2012-08-022-4/+2
| | | | ok guenther@
* Skip printing another SSLv2-only command in s_client's usage text.sthen2012-07-121-0/+2
| | | | jmc@ noticed this in the manpage while updating it, but it applies here too.
* Disable SSLv2 in OpenSSL. No objections from djm.sthen2012-07-1119-7/+94
| | | | Brad, jasper and naddy helped with test builds, fixing ports, etc.
* cherrypick fix for CVE-2012-2110: libcrypto ASN.1 parsing heap overflowdjm2012-04-193-14/+61
| | | | ok miod@ deraadt@
* OpenSSL 1.0.0f: crank minordjm2012-01-053-3/+3
|
* OpenSSL 1.0.0f: mergedjm2012-01-0551-186/+526
|
* OpenSSL 1.0.0f: import upstream sourcedjm2012-01-0510-26/+139
|
* crank major for openssl-1.0.0edjm2011-11-033-3/+3
|
* openssl-1.0.0e: resolve conflictsdjm2011-11-03180-1657/+3506
|
* import OpenSSL 1.0.0edjm2011-11-0376-714/+2741
|
* Add support for hppa64 based on the defaults for 64-bit HP-UX as found in thekettenis2011-08-031-0/+253
| | | | | | Configure script. ok deraadt@
* - Replace digicert 2nd-level cert with the root which issued it.sthen2011-07-201-114/+247
| | | | | | | | | | | Allows https checkouts from github to work. - Add digicert's other root certs. Fingerprints carefully checked against those in the built-in roots supplied with Mozilla. ok dcoppa@ jcs@
* No need to set CFLAGS+=-DOPENSSL_IA32_SSE2 on amd64. Nothing uses it.mpf2011-07-081-2/+1
| | | | Small test by marco@ and md5 /usr/lib/libcrypto.so.19.0 agrees.
* Pass CFLAGS (which contains -DOPENSSL_IA32_SSE2) to the perlasmmpf2011-07-081-3/+3
| | | | | | | build on i386. This enables SSE2 optimizations for bignum multiplications, Montgomery multiplications and sha512. This speeds up Diffie-Hellman operations in isakmpd and iked quite a bit. OK djm@, markus@, mikeb@
* switch to installing source manuals (base part)schwarze2011-06-231-262/+246
| | | | | discussed with lots of people, tested by naddy@, "move fast" deraadt@
* Add the following certs:dhill2011-06-151-0/+563
| | | | | | | | | | | | DigiCert High Assurance CA-3 Go Daddy Secure Certification Authority/serialNumber=07969287 Equifax Secure Certificate Authority VeriSign Class 3 Public Primary Certification Authority - G5 Entrust Certification Authority - L1C Entrust.net Secure Server Certification Authority ok mikeb@ beck@ fgsch@ constant prodding by marco@
* remove hack to test and create /usr/lib/pkgconfig/ if needed, it's been sixjasper2011-05-261-3/+1
| | | | | | months since it was introduced so it's safe to assume people have this dir now. ok deraadt@
* Make this script more generic and minimize differences betweenjasper2011-05-051-8/+23
| | | | | | | | | | | | | the openssl and libz versions: - use a generic ${lib_version} - define ${version_file} to look run ${version_re} on to acquire the library version. - add license - remove unused -k flag no change in generated files ok sthen@
* Adjust to explicitly list ${libdir}.jasper2011-05-031-4/+4
| | | | ok sthen@
* back out previous commit.beck2011-03-251-665/+0
| | | | | | | | | | | "if you have checked this I am ok with it" does not mean 1) not to pay attention to breaking news after I tell you that and 2) not to get ok's from the others this had been shown to. I am absolutely not ok with thig going in with only *my* ok. There's a reason why we want more than one ok on important commits ok deraadt@ for the backout
* Add the following certs:dhill2011-03-251-0/+665
| | | | | | | | | | | | | | DigiCert High Assurance CA-3 Go Daddy Secure Certification Authority COMODO High-Assurance Secure Server CA Equifax Secure Certificate Authority VeriSign Class 3 Public Primary Certification Authority - G5 Entrust Certification Authority - L1C Entrust.net Secure Server Certification Authority cross checked with mozilla ok beck@
* This script doesn't need write access to $curdir. Just check existence.matthieu2011-03-241-3/+3
| | | | Fixes build on NFS src with no root access. ok jasper@
* Remove expired certs.dhill2011-03-031-174/+0
| | | | ok beck@ fgsch@
* fix for CVE-2011-0014 "OCSP stapling vulnerability";djm2011-02-102-2/+14
| | | | | | ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected.
* Put -I${includedir} back into Cflags so configure script tests likenaddy2011-01-251-4/+8
| | | | | | | test -n "`pkg-config --cflags openssl`" don't assume that OpenSSL isn't available. ok miod@, sthen@, ajacoutot@, djm@
* - simplify, krb5 handling is not needed.jasper2011-01-212-27/+8
| | | | prompted by brad
* - adjust krb5 directoriesjasper2011-01-031-8/+5
| | | | - zap a trailing tab
* - ensure ${DESTDIR}/usr/lib/pkgconfig/ as running make distrib-dirs is notjasper2010-12-281-2/+3
| | | | common/encouraged practice
* - generate and install pkg-config files for openssl, which more and morejasper2010-12-282-1/+122
| | | | | | | | projects depend on being present (e.g. various ports). as discussed with various porters in a hungarian spa help/feedback from ingo@ and also OK halex@ no objections from djm@
* move CRYPTO_VIAC3_MAX out of cryptodev.h and into the onlyjsg2010-12-161-0/+2
| | | | | | file it will be used from. requested by/ok mikeb@
* The VIA ciphers are added to an array of CRYPTO_ALGORITHM_MAX lengthjsg2010-12-161-2/+2
| | | | | | | which should have been declared as CRYPTO_ALGORITHM_MAX + 1, fix this and reserve enough space for the VIA additions as well. ok/comments from mikeb & deraadt
* Security fix for CVE-2010-4180 as mentioned in http://www.openssl.org/news/secadv_20101202.txt.jasper2010-12-154-0/+16
| | | | | | | | | where clients could modify the stored session cache ciphersuite and in some cases even downgrade the suite to weaker ones. This code is not enabled by default. ok djm@
* - Apply security fix for CVE-2010-3864 (+commit 19998 which fixes the fix).jasper2010-11-172-36/+84
| | | | ok djm@ deraadt@
* Disable use of dladdr() on a.out arches, they do not provide it (yet); ok djm@miod2010-10-181-1/+1
|
* OpenSSL grows another undocumented header, apparently needed on armishdjm2010-10-071-1/+2
|
* More OpenSSL fixes:djm2010-10-064-14/+16
| | | | | | | | | - Update local engines for the EVP API change (len u_int => size_t) - Use hw_cryptodev.c instead of eng_cryptodev.c - Make x86_64-xlate.pl always write to the output file and not stdout, fixing "make -j" builds (spotted by naddy@) ok naddy@
* Retire Skipjackmikeb2010-10-062-2/+0
| | | | | | | | | | | There's not much use for the declassified cipher from the 80's with a questionable license these days. According to the FIPS drafts, Skipjack reaches its EOL in December 2010. The libc portion will be removed after the ports hackathon. djm and thib agree, no objections from deraadt Thanks to jsg for digging up FIPS drafts.
* Our make already uses sh -e when executing commands.naddy2010-10-041-7/+7
| | | | Revert the "set -e" additions and kill unneeded subshells. ok djm@
* DES_LONG should be u_int on all platforms, it was spuriouslydjm2010-10-031-1/+1
| | | | u_long on i386. suggested by deraadt@ and kettenis@
* percolate up errors from perl asm scripts, correctly enable SHA-256 asm ondjm2010-10-021-9/+9
| | | | amd64
* fix -Wall due to API changedjm2010-10-011-3/+3
|
* update supporting files, crank library majorsdjm2010-10-0118-274/+621
|
* add missing; yay for cvs!djm2010-10-013-0/+402
|
* resolve conflicts, fix local changesdjm2010-10-011055-134929/+48221
|
* import OpenSSL-1.0.0adjm2010-10-01429-7135/+54334
|
* Use mandoc instead of groff to build PostScript manuals; note thatschwarze2010-09-091-3/+3
| | | | | | these are not built by default, but only built when MANPS is set. kristaps@ and jmc@ agree with the idea, and the patch doesn't bother deraadt@ at all
* Oracle has re-licensed sunrpc under a three-clause BSD license.millert2010-09-011-27/+29
| | | | Update our sources appropriately. OK deraadt@ jsg@
* oops. Missed this from my aes-ni commit.thib2010-07-011-3/+4
|
* AES-NI engine support for OpenSSL.thib2010-07-0111-3/+1730
| | | | | | | | | | This is code mostly picked up from upstream OpenSSL, or to be more exact a diff from David Woodhouse <dwmw2 at infradead dot org>. Remember to make includes before doing a build! no objections from djm@ OK deraadt@, reyk@ (AES is about 4.25x faster on his x201 now)
* VIA xcrypt for amd64, simpler version of a diff from deraadtjsg2010-06-291-6/+19
| | | | | | | | | with suggestions from miod. The codepath doesn't seem to be called yet, this will be investigated later. looks good miod@, ok deraadt@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.