370456 |
01-Sep-2021 |
jkim |
OpenSSL: Fix the RSA_SSLV23_PADDING padding type
This also fixes the public function RSA_padding_check_SSLv23.
Commit 6555a89 changed the padding check logic in RSA_padding_check_SSLv23 so that padding is rejected if the nul delimiter byte is not immediately preceded by at least 8 bytes containing 0x03. Prior to that commit the padding is rejected if it *is* preceded by at least 8 bytes containing 0x03.
Presumably this change was made to be consistent with what it says in appendix E.3 of RFC 5246. Unfortunately that RFC is in error, and the original behaviour was correct. This is fixed in later errata issued for that RFC.
Applications that use SSLv2 or call RSA_paddin_check_SSLv23 directly, or use the RSA_SSLV23_PADDING mode may be impacted. The effect of the original error is that an RSA message encrypted by an SSLv2 only client will fail to be decrypted properly by a TLS capable server, or a message encrypted by a TLS capable client will fail to decrypt on an SSLv2 only server. Most significantly an RSA message encrypted by a TLS capable client will be successfully decrypted by a TLS capable server. This last case should fail due to a rollback being detected.
Thanks to D. Katz and Joel Luellwitz (both from Trustwave) for reporting this issue.
CVE-2021-23839
https://github.com/openssl/openssl/commit/30919ab80a478f2d81f2e9acdcca3fa4740cd547
Git Hash: 0ad812e6cda6c0138b821902b53cf070b79ddd5b Git Author: matt@openssl.org |
370450 |
31-Aug-2021 |
git2svn |
openssl: Fix a read buffer overrun in X509_CERT_AUX_print()
This is a backport of commit c5dc9ab965f to 1.0.2. That commit fixed the same bug but in master/1.1.1 it is in the function X509_aux_print(). The original commit had the following description:
Fix a read buffer overrun in X509_aux_print().
The ASN1_STRING_get0_data(3) manual explitely cautions the reader that the data is not necessarily NUL-terminated, and the function X509_alias_set1(3) does not sanitize the data passed into it in any way either, so we must assume the return value from X509_alias_get0(3) is merely a byte array and not necessarily a string in the sense of the C language.
I found this bug while writing manual pages for X509_print_ex(3) and related functions. Theo Buehler <tb@openbsd.org> checked my patch to fix the same bug in LibreSSL, see
http://cvsweb.openbsd.org/src/lib/libcrypto/asn1/t_x509a.c#rev1.9
As an aside, note that the function still produces incomplete and misleading results when the data contains a NUL byte in the middle and that error handling is consistently absent throughout, even though the function provides an "int" return value obviously intended to be 1 for success and 0 for failure, and even though this function is called by another function that also wants to return 1 for success and 0 for failure and even does so in many of its code paths, though not in others. But let's stay focussed. Many things would be nice to have in the wide wild world, but a buffer overflow must not be allowed to remain in our backyard.
CVE-2021-3712
Reviewed-by: Paul Dale <pauli@openssl.org>
Git Hash: c40b21a7e2a030434d6850c28a4217c46b33577b Git Author: matt@openssl.org |
369300 |
19-Feb-2021 |
jkim |
OpenSSL: Fix Null pointer deref in X509_issuer_and_serial_hash()
Note it is backported from OpenSSL 1.1.1j to fix CVE-2021-23841.
https://github.com/openssl/openssl/commit/122a19ab48091c657f7cb1fb3af9fc07bd557bbf
Git Hash: 2dcaecea30c0258d0541aaf434df95d143d07c06 Git Author: jkim@FreeBSD.org |
369299 |
19-Feb-2021 |
jkim |
OpenSSL: Don't overflow the output length in EVP_CipherUpdate calls
Note it is backported from OpenSSL 1.1.1j to fix CVE-2021-23840.
https://github.com/openssl/openssl/commit/6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1
Git Hash: 9e94eac9765f54671b90150955e0851579959daa Git Author: jkim@FreeBSD.org |
368530 |
10-Dec-2020 |
jkim |
OpenSSL: backport fixes for CVE-2020-1971 from head (r368447)
Note this is a direct commit because we have OpenSSL 1.0.2u in this branch. |
356290 |
02-Jan-2020 |
jkim |
Merge OpenSSL 1.0.2u. |
352193 |
10-Sep-2019 |
jkim |
Merge OpenSSL 1.0.2t. |
348343 |
29-May-2019 |
jkim |
Merge OpenSSL 1.0.2s.
Approved by: re (kib) |
344604 |
26-Feb-2019 |
jkim |
Merge OpenSSL 1.0.2r. |
340704 |
20-Nov-2018 |
jkim |
Merge OpenSSL 1.0.2q. |
337982 |
17-Aug-2018 |
jkim |
MFC: r337791
Merge OpenSSL 1.0.2p. |
331638 |
27-Mar-2018 |
jkim |
MFC: r331627
Merge OpenSSL 1.0.2o. |
326663 |
07-Dec-2017 |
jkim |
MFC: r326662
Merge OpenSSL 1.0.2n. |
325337 |
02-Nov-2017 |
jkim |
MFC: r325328
Merge OpenSSL 1.0.2m. |
325335 |
02-Nov-2017 |
jkim |
MFC: r318899
Merge OpenSSL 1.0.2l. |
325334 |
02-Nov-2017 |
jkim |
MFC: r316607 (andrew)
Fix linking with lld by marking OPENSSL_armcap_P as hidden.
Linking with lld fails as it contains a relative address, however the data this address is for may be relocated from the shared object to the main executable.
Fix this by adding the hidden attribute. This stops moving this value to the main executable. It seems this is implicit upstream as it uses a version script. |
325333 |
02-Nov-2017 |
jkim |
MFC: r307976
Build OpenSSL assembly sources for aarch64. |
312826 |
26-Jan-2017 |
jkim |
MFC: r312825
Merge OpenSSL 1.0.2k. |
306343 |
26-Sep-2016 |
jkim |
MFC: r306342
Merge OpenSSL 1.0.2j. |
306195 |
22-Sep-2016 |
jkim |
MFC: r306193
Merge OpenSSL 1.0.2u. |
305152 |
31-Aug-2016 |
jkim |
MFC: r304636
Build OpenSSL assembly sources for arm. |
302408 |
08-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
301271 |
03-Jun-2016 |
avg |
openssl: change SHLIB_VERSION_NUMBER to reflect the reality
Some consumers actually use this definition.
We probably need some procedure to ensure that SHLIB_VERSION_NUMBER is updated whenever we change the library version in secure/lib/libssl/Makefile.
|
298998 |
03-May-2016 |
jkim |
Merge OpenSSL 1.0.2h.
Relnotes: yes
|
296279 |
01-Mar-2016 |
jkim |
Merge OpenSSL 1.0.2g.
Relnotes: yes
|
295009 |
28-Jan-2016 |
jkim |
Merge OpenSSL 1.0.2f.
Relnotes: yes
|
291719 |
03-Dec-2015 |
jkim |
Merge OpenSSL 1.0.2e.
|
290207 |
30-Oct-2015 |
jkim |
Merge OpenSSL 1.0.2d.
|
285329 |
09-Jul-2015 |
jkim |
Merge OpenSSL 1.0.1p.
|
284329 |
12-Jun-2015 |
jkim |
Merge OpenSSL 1.0.1o.
|
284283 |
11-Jun-2015 |
jkim |
Merge OpenSSL 1.0.1n.
|
280297 |
20-Mar-2015 |
jkim |
Merge OpenSSL 1.0.1m.
|
277270 |
16-Jan-2015 |
jkim |
Merge OpenSSL 1.0.1l.
MFC after: 1 week Relnotes: yes
|
276863 |
09-Jan-2015 |
jkim |
MFV: r276862
Fix build.
|
276861 |
08-Jan-2015 |
jkim |
Merge OpenSSL 1.0.1k.
|
273144 |
15-Oct-2014 |
jkim |
Merge OpenSSL 1.0.1j.
|
269682 |
07-Aug-2014 |
jkim |
Merge OpenSSL 1.0.1i.
|
267256 |
09-Jun-2014 |
jkim |
Merge OpenSSL 1.0.1h.
Approved by: so (delphij)
|
264278 |
08-Apr-2014 |
jkim |
Merge OpenSSL 1.0.1g.
Approved by: benl (maintainer)
|
264265 |
08-Apr-2014 |
delphij |
Fix NFS deadlock vulnerability. [SA-14:05]
Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06]
|
261037 |
22-Jan-2014 |
jkim |
Merge OpenSSL 1.0.1f.
Approved by: so (delphij), benl (silence)
|
246772 |
13-Feb-2013 |
jkim |
Merge OpenSSL 1.0.1e.
Approved by: secteam (simon), benl (silence)
|
245952 |
26-Jan-2013 |
pfg |
Clean some 'svn:executable' properties in the tree.
Submitted by: Christoph Mallon MFC after: 3 days
|
244975 |
02-Jan-2013 |
delphij |
Indicate that we are using OpenSSL with some local modifications.
X-MFC after: with r244974
|
244974 |
02-Jan-2013 |
delphij |
MFV r244973:
Integrate OpenSSL changeset 22950 (appro):
bn_word.c: fix overflow bug in BN_add_word.
MFC after: 2 weeks
|
243933 |
06-Dec-2012 |
eadler |
Clean up hardcoded ar(1) flags in the tree to use the global ARFLAGS in share/mk/sys.mk instead.
This is part of a medium term project to permit deterministic builds of FreeBSD.
Submitted by: Erik Cederstrand <erik@cederstrand.dk> Reviewed by: imp, toolchain@ Approved by: cperciva MFC after: 2 weeks
|
243715 |
30-Nov-2012 |
pjd |
Allow OpenSSL to use arc4random(3) on FreeBSD. arc4random(3) was modified some time ago to use sysctl instead of /dev/random to get random data, so is now much better choice, especially for sandboxed processes that have no direct access to /dev/random.
Approved by: benl MFC after: 2 weeks
|
240339 |
11-Sep-2012 |
avg |
openssl: change SHLIB_VERSION_NUMBER to reflect the reality
Note: I timed out waiting for an exp-run for this change but I survived having it locally for quite a long time.
MFC after: 1 month X-MFC note: SHLIB_MAJOR is 6 in stable/8 and stable/9
|
238405 |
12-Jul-2012 |
jkim |
Merge OpenSSL 1.0.1c.
Approved by: benl (maintainer)
|
237657 |
27-Jun-2012 |
jkim |
Merge OpenSSL 0.9.8x.
Reviewed by: stas Approved by: benl (maintainer) MFC after: 3 days
|
236304 |
30-May-2012 |
bz |
Update the previous openssl fix. [12:01]
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]
Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon)
|
234954 |
03-May-2012 |
bz |
Fix multiple OpenSSL vulnerabilities.
Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109 Security: CVE-2012-0884, CVE-2012-2110 Security: FreeBSD-SA-12:01.openssl Approved by: so (bz,simon)
|
216166 |
03-Dec-2010 |
simon |
Merge OpenSSL 0.9.8q into head.
Security: CVE-2010-4180 Security: http://www.openssl.org/news/secadv_20101202.txt MFC after: 3 days
|
215697 |
22-Nov-2010 |
simon |
Merge OpenSSL 0.9.8p into head.
Security: CVE-2010-3864 Security: http://www.openssl.org/news/secadv_20101116.txt
|
212961 |
21-Sep-2010 |
rpaulo |
Bring in OpenSSL checkin 19821:
Make inline assembler clang-friendly [from HEAD].
openssl/crypto/md32_common.h 1.45.2.1 -> 1.45.2.2 openssl/crypto/rc5/rc5_locl.h 1.8 -> 1.8.8.1
Approved by: simon
|
206046 |
01-Apr-2010 |
simon |
Merge OpenSSL 0.9.8n into head.
This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m) but not -STABLE branches.
I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD. This will be investigated further.
Security: CVE-2010-0433, CVE-2010-0740 Security: http://www.openssl.org/news/secadv_20100324.txt
|
205601 |
24-Mar-2010 |
ed |
Prune empty directories.
|
205128 |
13-Mar-2010 |
simon |
Merge OpenSSL 0.9.8m into head.
This also "reverts" some FreeBSD local changes so we should now be back to using entirely stock OpenSSL. The local changes were simple $FreeBSD$ lines additions, which were required in the CVS days, and the patch for FreeBSD-SA-09:15.ssl which has been superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation extension' support.
MFC after: 3 weeks
|
196474 |
23-Aug-2009 |
simon |
Merge DTLS fixes from vendor-crypto/openssl/dist:
- Fix memory consumption bug with "future epoch" DTLS records. - Fix fragment handling memory leak. - Do not access freed data structure. - Fix DTLS fragment bug - out-of-sequence message handling which could result in NULL pointer dereference in dtls1_process_out_of_seq_message().
Note that this will not get FreeBSD Security Advisory as DTLS is experimental in OpenSSL.
MFC after: 1 week Security: CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387
|
194206 |
14-Jun-2009 |
simon |
Merge OpenSSL 0.9.8k into head.
Approved by: re
|
191381 |
22-Apr-2009 |
cperciva |
Don't leak information via uninitialized space in db(3) records. [09:07]
Sanity-check string lengths in order to stop OpenSSL crashing when printing corrupt BMPString or UniversalString objects. [09:08]
Security: FreeBSD-SA-09:07.libc Security: FreeBSD-SA-09:08.openssl Security: CVE-2009-0590 Approved by: re (kensmith) Approved by: so (cperciva)
|
175292 |
13-Jan-2008 |
simon |
Unbreak detection of cryptodev support for FreeBSD which was broken with OpenSSL 0.9.8 import.
Note that this does not enable cryptodev by default, as it was the case with OpenSSL 0.9.7 in FreeBSD base, but this change makes it possible to enable cryptodev at all.
This has been submitted upstream as: http://rt.openssl.org/Ticket/Display.html?id=1624
Submitted by: nork
|
169883 |
22-May-2007 |
simon |
Fix runtime crash in OpenSSL with "Illegal instruction" by making some casts a bit less evil.
This was e.g. seen when using portsnap as:
Fetching snapshot tag from portsnap3.FreeBSD.org... Illegal instruction
Note the patch is slightly different from kan's original patch to match style in the OpenSSL source files a bit better.
Submitted by: kan Tested by: many
|
167618 |
15-Mar-2007 |
simon |
This commit was generated by cvs2svn to compensate for changes in r167617, which included commits to RCS files with non-trunk default branches.
|
167615 |
15-Mar-2007 |
simon |
Resolve conflicts after import of OpenSSL 0.9.8e.
|
167613 |
15-Mar-2007 |
simon |
This commit was generated by cvs2svn to compensate for changes in r167612, which included commits to RCS files with non-trunk default branches.
|
162917 |
01-Oct-2006 |
simon |
This commit was generated by cvs2svn to compensate for changes in r162916, which included commits to RCS files with non-trunk default branches.
|
162914 |
01-Oct-2006 |
simon |
Resolve conflicts after import of OpenSSL 0.9.8d.
|
162912 |
01-Oct-2006 |
simon |
This commit was generated by cvs2svn to compensate for changes in r162911, which included commits to RCS files with non-trunk default branches.
|
162207 |
10-Sep-2006 |
simon |
Correct incorrect PKCS#1 v1.5 padding validation in crypto(3).
Obtained from: OpenSSL project Security: FreeBSD-SA-06:19.openssl
|
160837 |
30-Jul-2006 |
simon |
Resolve conflicts after import of OpenSSL 0.9.8b.
This was missed the first time around since eng_padlock.c was not part of OpenSSL 0.9.7e and therefor did not have the v0_9_7e CVS tag used during original resolve of conflicts.
Noticed by: Antoine Brodin <antoine.brodin@laposte.net>
|
160817 |
29-Jul-2006 |
simon |
Resolve conflicts after import of OpenSSL 0.9.8b.
|
160815 |
29-Jul-2006 |
simon |
This commit was generated by cvs2svn to compensate for changes in r160814, which included commits to RCS files with non-trunk default branches.
|
142432 |
25-Feb-2005 |
nectar |
File removed in update from OpenSSL 0.9.7d -> 0.9.7e.
|
142431 |
25-Feb-2005 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r142430, which included commits to RCS files with non-trunk default branches.
|
142428 |
25-Feb-2005 |
nectar |
Resolve conflicts after import of OpenSSL 0.9.7e.
|
142426 |
25-Feb-2005 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r142425, which included commits to RCS files with non-trunk default branches.
|
133718 |
14-Aug-2004 |
markm |
Add support for C3 Nehemiah ACE ("Padlock") AES crypto. This comes from OpenSSL 0.9.5 (yet to be released), and is pretty complete.
|
133666 |
13-Aug-2004 |
markm |
This commit was generated by cvs2svn to compensate for changes in r133665, which included commits to RCS files with non-trunk default branches.
|
127905 |
05-Apr-2004 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r127904, which included commits to RCS files with non-trunk default branches.
|
127134 |
17-Mar-2004 |
nectar |
Resolve conflicts after import of OpenSSL 0.9.7d.
|
127129 |
17-Mar-2004 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r127128, which included commits to RCS files with non-trunk default branches.
|
120636 |
01-Oct-2003 |
nectar |
Remove files no longer included with OpenSSL as of version 0.9.7c.
|
120635 |
01-Oct-2003 |
nectar |
Merge conflicts after import of OpenSSL 0.9.7c.
|
120632 |
01-Oct-2003 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r120631, which included commits to RCS files with non-trunk default branches.
|
112446 |
20-Mar-2003 |
jedgar |
Merge conflicts
|
111150 |
19-Feb-2003 |
nectar |
Resolve conflicts after import of OpenSSL 0.9.7a.
|
111148 |
19-Feb-2003 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r111147, which included commits to RCS files with non-trunk default branches.
|
110049 |
29-Jan-2003 |
nectar |
Background: When libdes was replaced with OpenSSL's libcrypto, there were a few interfaces that the former implemented but the latter did not. Because some software in the base system still depended upon these interfaces, we simply included them in our libcrypto (rnd_keys.c).
Now, finally get around to removing the dependencies on these interfaces. There were basically two cases:
des_new_random_key -- This is just a wrapper for des_random_key, and these calls were replaced.
des_init_random_number_generator et. al. -- A few functions were used by the application to seed libdes's PRNG. These are not necessary when using libcrypto, as OpenSSL internally seeds the PRNG from /dev/random. These calls were simply removed.
Again, some of the Kerberos 4 files have been taken off the vendor branch. I do not expect there to be future imports of KTH Kerberos 4.
|
110019 |
29-Jan-2003 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r110018, which included commits to RCS files with non-trunk default branches.
|
110007 |
28-Jan-2003 |
markm |
Merge conflicts. This is cunning doublespeak for "use vendor code".
|
110006 |
28-Jan-2003 |
markm |
Remove files no longer on OpenSSL 0.9.7. crypto/des/rnd_keys.c is retained as it is still used.
|
109999 |
28-Jan-2003 |
markm |
This commit was generated by cvs2svn to compensate for changes in r109998, which included commits to RCS files with non-trunk default branches.
|
101619 |
10-Aug-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r101618, which included commits to RCS files with non-trunk default branches.
|
101614 |
10-Aug-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r101613, which included commits to RCS files with non-trunk default branches.
|
101387 |
05-Aug-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r101386, which included commits to RCS files with non-trunk default branches.
|
100943 |
30-Jul-2002 |
nectar |
Resolve conflicts after import of OpenSSL 0.9.6e.
|
100937 |
30-Jul-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r100936, which included commits to RCS files with non-trunk default branches.
|
100934 |
30-Jul-2002 |
nectar |
This man page has not been referenced by anything for a while, and is not part of the OpenSSL distribution. Remove it.
|
100932 |
30-Jul-2002 |
nectar |
Remove many obsolete files. The majority of these are simply no longer included as part of the OpenSSL distribution. However, a few we just don't need and are explicitly excluded in FREEBSD-Xlist.
|
100931 |
30-Jul-2002 |
nectar |
Resolve conflicts after import of OpenSSL 0.9.6d.
|
100929 |
30-Jul-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r100928, which included commits to RCS files with non-trunk default branches.
|
89840 |
27-Jan-2002 |
kris |
Resolve conflicts.
|
89838 |
27-Jan-2002 |
kris |
This commit was generated by cvs2svn to compensate for changes in r89837, which included commits to RCS files with non-trunk default branches.
|
87174 |
01-Dec-2001 |
markm |
Protect names that are used elsewhere. This fixes WARNS=2 breakage in crypto telnet.
|
80001 |
19-Jul-2001 |
kris |
Resolve conflicts
|
79999 |
19-Jul-2001 |
kris |
This commit was generated by cvs2svn to compensate for changes in r79998, which included commits to RCS files with non-trunk default branches.
|
76870 |
20-May-2001 |
kris |
Resolve conflicts
|
76867 |
20-May-2001 |
kris |
This commit was generated by cvs2svn to compensate for changes in r76866, which included commits to RCS files with non-trunk default branches.
|
72616 |
18-Feb-2001 |
kris |
Resolve conflicts
|
72614 |
18-Feb-2001 |
kris |
This commit was generated by cvs2svn to compensate for changes in r72613, which included commits to RCS files with non-trunk default branches.
|
68654 |
13-Nov-2000 |
kris |
Resolve conflicts, and garbage collect some local changes that are no longer required
|
68652 |
13-Nov-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r68651, which included commits to RCS files with non-trunk default branches.
|
65653 |
10-Sep-2000 |
kris |
Nuke RSAREF support from orbit.
It's the only way to be sure.
|
62030 |
24-Jun-2000 |
markm |
MFI. This is a documentation-only, diffreducing patch, that if invoked will cause breakage. US Users - DO NOT try to turn on IDEA - the sources are not included.
|
61828 |
19-Jun-2000 |
markm |
Grrr. I hate CVS. These were supposed to be committed when I did the IDEA fix earlier today.
Bring back IDEA from the dead (but not compiled by default).
|
61821 |
19-Jun-2000 |
markm |
Re-add IDEA. This is not actually built unless asked for by the user. (To avoid patent hassles).
|
59402 |
19-Apr-2000 |
markm |
MFF: catch up with FreeFall
|
59354 |
18-Apr-2000 |
kris |
If stderr is closed, report the error message about missing libraries via syslog instead.
Reviewed by: jkh
|
59282 |
16-Apr-2000 |
markm |
This commit was generated by cvs2svn to compensate for changes in r59281, which included commits to RCS files with non-trunk default branches.
|
59194 |
13-Apr-2000 |
kris |
Resolve conflicts.
|
59192 |
13-Apr-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r59191, which included commits to RCS files with non-trunk default branches.
|
59027 |
05-Apr-2000 |
kris |
Correct a typo and interchanged library names
Submitted by: Ben Rosengart <ben@narcissus.net> Matthew D. Fuller <fullermd@futuresouth.com>
|
58549 |
25-Mar-2000 |
kris |
Don't refer to the openssl handbook chapter by name - the doc guys keep jamming new chapters in front of it :)
|
57971 |
13-Mar-2000 |
kris |
Add a new function stub to libcrypto() which resolves to a symbol in the librsa* library and reports which version of the library (OpenSSL/RSAREF) is being used.
This is then used in openssh to detect the failure case of RSAREF and a RSA key >1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai led.'
This is a 4.0-RELEASE candidate.
|
57683 |
02-Mar-2000 |
kris |
Update the wording on the error message when libcrypto.so can't find an RSA library.
Reviewed by: peter, jkh
|
57518 |
26-Feb-2000 |
peter |
Sync with internat.freebsd.org; weak symbols vs static libs == trouble
|
57514 |
26-Feb-2000 |
peter |
Merge from internat.freebsd.org; move VERBOSE_STUBS to a better spot.
|
57513 |
26-Feb-2000 |
peter |
Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)
Reorganize and unify libcrypto's interface so that the RSA implementation is chosen at runtime via dlopen().
This is a checkpoint and may require more tweaks still.
|
57511 |
26-Feb-2000 |
peter |
Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)
Reorganize and unify libcrypto's interface so that the RSA implementation is chosen at runtime via dlopen().
This is a checkpoint and may require more tweaks still.
|
57510 |
26-Feb-2000 |
peter |
At great personal risk (to my already fragile sanity), reorganize the rsa stubs for libcrypto. libcrypto.so now uses dlopen() to implement the backends for either the native or rsaref implemented RSA code. This involves: - unifying the libcrypto and openssl(1) source so there is no #ifdef RSAref variations. - using weak symbols and dlopen()/dlsym() routines to access the rsa method vectors.
Releases will enable the user to choose International, US (rsaref) or no RSA code at install time. 'make world' will DTRT depending on whether you have the international or US source. For US users, you must either install rsaref (the port or package) or (if you don't fear RSA Inc) use the (superior) International rsa_eay.c code.
This has been discussed at great length by the affected folks and even we have a great deal of confusion. This is a checkpoint so we can tune the results. This works for me in all permutations I can think of and should result in a CD/ftp 'release' just about doing the right thing now.
|
57427 |
24-Feb-2000 |
markm |
Oops; forgot to add this.
|
57426 |
24-Feb-2000 |
markm |
Get this to the same level of functionality as old libdes.
|
56084 |
16-Jan-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r56083, which included commits to RCS files with non-trunk default branches.
|
55719 |
10-Jan-2000 |
kris |
Zap NO_IDEA
|
55715 |
10-Jan-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r55714, which included commits to RCS files with non-trunk default branches.
|
55709 |
10-Jan-2000 |
kris |
Zap the IDEA stuff - it's patented internationally (at least in some places), and we don't want people to get in trouble just for having it.
|
55100 |
25-Dec-1999 |
kris |
This commit was generated by cvs2svn to compensate for changes in r55099, which included commits to RCS files with non-trunk default branches.
|