#
1.32 |
|
11-May-2024 |
tb |
Remove unused DSA methods
There are no accessors to set them, so this has been involved in a bunch of dead logic ever since we made DSA opaque a few years ago.
ok jsing
|
Revision tags: OPENBSD_7_5_BASE
|
#
1.31 |
|
02-Mar-2024 |
tb |
Remove DSA_generate_parameters
This was deprecated in 0.9.8 and used until recently by rust-openssl and by keynote (keynote has the excuse that it was written before the deprecation). Fortunately Paul Kehrer fixed this in rust-openssl, so we can garbage collect this turd. (It was replaced with the less ergonomic DSA_generate_parameters_ex() to expose a new fancy way of displaying dots, stars and pluses on key generation).
ok jsing
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.30 |
|
08-Jul-2023 |
beck |
hide symbols in dsa
ok tb@
|
#
1.29 |
|
13-Apr-2023 |
tb |
Move DSA_generate_parameters() from dsa_depr.c to dsa_gen.c
Discussed with jsing
|
#
1.28 |
|
27-Mar-2023 |
tb |
Replace the remaining BN_copy() with bn_copy()
ok jsing
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.27 |
|
11-Jan-2023 |
jsing |
Clean up and simplify BIGNUM handling in DSA code.
This adds missing BN_CTX_start()/BN_CTX_end() calls, removes NULL checks before BN_CTX_end()/BN_CTX_free() (since they're NULL safe) and calls BN_free() instead of BN_clear_free() (which does the same thing).
Also replace stack allocated BIGNUMs with calls to BN_CTX_get(), using the BN_CTX that is already available.
ok tb@
|
#
1.26 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
#
1.25 |
|
19-Nov-2022 |
tb |
Fix whitespace
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.24 |
|
21-Jan-2017 |
beck |
Split out BN_div and BN_mod into ct and nonct versions for Internal use. ok jsing@
|
#
1.23 |
|
21-Jan-2017 |
beck |
Make explicit _ct and _nonct versions of bn_mod_exp funcitons that matter for constant time, and make the public interface only used external to the library.
This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method.
Add regress tests for same. ok jsing@
|
#
1.22 |
|
15-Jul-2015 |
miod |
Fix inverted test in previous. Commit message told what we intended, but we did not notice my fingers slipping. Noticed by bcook@
|
#
1.21 |
|
15-Jul-2015 |
miod |
Previous fix for Coverity CID 21785 did not cope correctly with seed_len != 0, seed_in == NULL case. Since this situation is an error anyway, bail out early. with and ok beck@
|
#
1.20 |
|
15-Feb-2015 |
doug |
Avoid calling BN_CTX_end() on a context that wasn't started.
In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new() call above it will have allocated a ctx without calling BN_CTX_start() on it. The error handling calls BN_CTX_end() when ctx is allocated.
Move the BN_MONT_CTX_new() call up so it will fail first without splitting up the BN_CTX_new() and BN_CTX_start().
tweak + ok miod@, ok bcook@
|
#
1.19 |
|
15-Feb-2015 |
miod |
If we decide to discard the provided seed buffer because its size is not large enough, do it correctly so that the local seed buffer on the stack gets properly initialized in the first iteration of the loop. While there, remove an outdated and bogus comment. Coverity CID 21785 ok doug@ jsing@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
BN_CTX_get() can fail - consistently check its return value.
There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine).
Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify.
Note there are still a handful of cases that do not follow the idiom - these will be handled separately.
ok beck@ doug@
|
#
1.17 |
|
22-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks.
ok deraadt@
|
#
1.16 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.15 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.14 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.13 |
|
09-Jul-2014 |
miod |
KNF
|
#
1.12 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.11 |
|
15-Apr-2014 |
tedu |
remove FIPS mode support. people who require FIPS can buy something that meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
|
#
1.10 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.9 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.8 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.7 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.31 |
|
02-Mar-2024 |
tb |
Remove DSA_generate_parameters
This was deprecated in 0.9.8 and used until recently by rust-openssl and by keynote (keynote has the excuse that it was written before the deprecation). Fortunately Paul Kehrer fixed this in rust-openssl, so we can garbage collect this turd. (It was replaced with the less ergonomic DSA_generate_parameters_ex() to expose a new fancy way of displaying dots, stars and pluses on key generation).
ok jsing
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.30 |
|
08-Jul-2023 |
beck |
hide symbols in dsa
ok tb@
|
#
1.29 |
|
13-Apr-2023 |
tb |
Move DSA_generate_parameters() from dsa_depr.c to dsa_gen.c
Discussed with jsing
|
#
1.28 |
|
27-Mar-2023 |
tb |
Replace the remaining BN_copy() with bn_copy()
ok jsing
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.27 |
|
11-Jan-2023 |
jsing |
Clean up and simplify BIGNUM handling in DSA code.
This adds missing BN_CTX_start()/BN_CTX_end() calls, removes NULL checks before BN_CTX_end()/BN_CTX_free() (since they're NULL safe) and calls BN_free() instead of BN_clear_free() (which does the same thing).
Also replace stack allocated BIGNUMs with calls to BN_CTX_get(), using the BN_CTX that is already available.
ok tb@
|
#
1.26 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
#
1.25 |
|
19-Nov-2022 |
tb |
Fix whitespace
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.24 |
|
21-Jan-2017 |
beck |
Split out BN_div and BN_mod into ct and nonct versions for Internal use. ok jsing@
|
#
1.23 |
|
21-Jan-2017 |
beck |
Make explicit _ct and _nonct versions of bn_mod_exp funcitons that matter for constant time, and make the public interface only used external to the library.
This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method.
Add regress tests for same. ok jsing@
|
#
1.22 |
|
15-Jul-2015 |
miod |
Fix inverted test in previous. Commit message told what we intended, but we did not notice my fingers slipping. Noticed by bcook@
|
#
1.21 |
|
15-Jul-2015 |
miod |
Previous fix for Coverity CID 21785 did not cope correctly with seed_len != 0, seed_in == NULL case. Since this situation is an error anyway, bail out early. with and ok beck@
|
#
1.20 |
|
15-Feb-2015 |
doug |
Avoid calling BN_CTX_end() on a context that wasn't started.
In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new() call above it will have allocated a ctx without calling BN_CTX_start() on it. The error handling calls BN_CTX_end() when ctx is allocated.
Move the BN_MONT_CTX_new() call up so it will fail first without splitting up the BN_CTX_new() and BN_CTX_start().
tweak + ok miod@, ok bcook@
|
#
1.19 |
|
15-Feb-2015 |
miod |
If we decide to discard the provided seed buffer because its size is not large enough, do it correctly so that the local seed buffer on the stack gets properly initialized in the first iteration of the loop. While there, remove an outdated and bogus comment. Coverity CID 21785 ok doug@ jsing@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
BN_CTX_get() can fail - consistently check its return value.
There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine).
Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify.
Note there are still a handful of cases that do not follow the idiom - these will be handled separately.
ok beck@ doug@
|
#
1.17 |
|
22-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks.
ok deraadt@
|
#
1.16 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.15 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.14 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.13 |
|
09-Jul-2014 |
miod |
KNF
|
#
1.12 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.11 |
|
15-Apr-2014 |
tedu |
remove FIPS mode support. people who require FIPS can buy something that meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
|
#
1.10 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.9 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.8 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.7 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.30 |
|
08-Jul-2023 |
beck |
hide symbols in dsa
ok tb@
|
#
1.29 |
|
13-Apr-2023 |
tb |
Move DSA_generate_parameters() from dsa_depr.c to dsa_gen.c
Discussed with jsing
|
#
1.28 |
|
27-Mar-2023 |
tb |
Replace the remaining BN_copy() with bn_copy()
ok jsing
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.27 |
|
11-Jan-2023 |
jsing |
Clean up and simplify BIGNUM handling in DSA code.
This adds missing BN_CTX_start()/BN_CTX_end() calls, removes NULL checks before BN_CTX_end()/BN_CTX_free() (since they're NULL safe) and calls BN_free() instead of BN_clear_free() (which does the same thing).
Also replace stack allocated BIGNUMs with calls to BN_CTX_get(), using the BN_CTX that is already available.
ok tb@
|
#
1.26 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
#
1.25 |
|
19-Nov-2022 |
tb |
Fix whitespace
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.24 |
|
21-Jan-2017 |
beck |
Split out BN_div and BN_mod into ct and nonct versions for Internal use. ok jsing@
|
#
1.23 |
|
21-Jan-2017 |
beck |
Make explicit _ct and _nonct versions of bn_mod_exp funcitons that matter for constant time, and make the public interface only used external to the library.
This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method.
Add regress tests for same. ok jsing@
|
#
1.22 |
|
15-Jul-2015 |
miod |
Fix inverted test in previous. Commit message told what we intended, but we did not notice my fingers slipping. Noticed by bcook@
|
#
1.21 |
|
15-Jul-2015 |
miod |
Previous fix for Coverity CID 21785 did not cope correctly with seed_len != 0, seed_in == NULL case. Since this situation is an error anyway, bail out early. with and ok beck@
|
#
1.20 |
|
15-Feb-2015 |
doug |
Avoid calling BN_CTX_end() on a context that wasn't started.
In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new() call above it will have allocated a ctx without calling BN_CTX_start() on it. The error handling calls BN_CTX_end() when ctx is allocated.
Move the BN_MONT_CTX_new() call up so it will fail first without splitting up the BN_CTX_new() and BN_CTX_start().
tweak + ok miod@, ok bcook@
|
#
1.19 |
|
15-Feb-2015 |
miod |
If we decide to discard the provided seed buffer because its size is not large enough, do it correctly so that the local seed buffer on the stack gets properly initialized in the first iteration of the loop. While there, remove an outdated and bogus comment. Coverity CID 21785 ok doug@ jsing@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
BN_CTX_get() can fail - consistently check its return value.
There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine).
Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify.
Note there are still a handful of cases that do not follow the idiom - these will be handled separately.
ok beck@ doug@
|
#
1.17 |
|
22-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks.
ok deraadt@
|
#
1.16 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.15 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.14 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.13 |
|
09-Jul-2014 |
miod |
KNF
|
#
1.12 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.11 |
|
15-Apr-2014 |
tedu |
remove FIPS mode support. people who require FIPS can buy something that meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
|
#
1.10 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.9 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.8 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.7 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.29 |
|
13-Apr-2023 |
tb |
Move DSA_generate_parameters() from dsa_depr.c to dsa_gen.c
Discussed with jsing
|
#
1.28 |
|
27-Mar-2023 |
tb |
Replace the remaining BN_copy() with bn_copy()
ok jsing
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.27 |
|
11-Jan-2023 |
jsing |
Clean up and simplify BIGNUM handling in DSA code.
This adds missing BN_CTX_start()/BN_CTX_end() calls, removes NULL checks before BN_CTX_end()/BN_CTX_free() (since they're NULL safe) and calls BN_free() instead of BN_clear_free() (which does the same thing).
Also replace stack allocated BIGNUMs with calls to BN_CTX_get(), using the BN_CTX that is already available.
ok tb@
|
#
1.26 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
#
1.25 |
|
19-Nov-2022 |
tb |
Fix whitespace
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.24 |
|
21-Jan-2017 |
beck |
Split out BN_div and BN_mod into ct and nonct versions for Internal use. ok jsing@
|
#
1.23 |
|
21-Jan-2017 |
beck |
Make explicit _ct and _nonct versions of bn_mod_exp funcitons that matter for constant time, and make the public interface only used external to the library.
This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method.
Add regress tests for same. ok jsing@
|
#
1.22 |
|
15-Jul-2015 |
miod |
Fix inverted test in previous. Commit message told what we intended, but we did not notice my fingers slipping. Noticed by bcook@
|
#
1.21 |
|
15-Jul-2015 |
miod |
Previous fix for Coverity CID 21785 did not cope correctly with seed_len != 0, seed_in == NULL case. Since this situation is an error anyway, bail out early. with and ok beck@
|
#
1.20 |
|
15-Feb-2015 |
doug |
Avoid calling BN_CTX_end() on a context that wasn't started.
In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new() call above it will have allocated a ctx without calling BN_CTX_start() on it. The error handling calls BN_CTX_end() when ctx is allocated.
Move the BN_MONT_CTX_new() call up so it will fail first without splitting up the BN_CTX_new() and BN_CTX_start().
tweak + ok miod@, ok bcook@
|
#
1.19 |
|
15-Feb-2015 |
miod |
If we decide to discard the provided seed buffer because its size is not large enough, do it correctly so that the local seed buffer on the stack gets properly initialized in the first iteration of the loop. While there, remove an outdated and bogus comment. Coverity CID 21785 ok doug@ jsing@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
BN_CTX_get() can fail - consistently check its return value.
There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine).
Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify.
Note there are still a handful of cases that do not follow the idiom - these will be handled separately.
ok beck@ doug@
|
#
1.17 |
|
22-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks.
ok deraadt@
|
#
1.16 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.15 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.14 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.13 |
|
09-Jul-2014 |
miod |
KNF
|
#
1.12 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.11 |
|
15-Apr-2014 |
tedu |
remove FIPS mode support. people who require FIPS can buy something that meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
|
#
1.10 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.9 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.8 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.7 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.27 |
|
11-Jan-2023 |
jsing |
Clean up and simplify BIGNUM handling in DSA code.
This adds missing BN_CTX_start()/BN_CTX_end() calls, removes NULL checks before BN_CTX_end()/BN_CTX_free() (since they're NULL safe) and calls BN_free() instead of BN_clear_free() (which does the same thing).
Also replace stack allocated BIGNUMs with calls to BN_CTX_get(), using the BN_CTX that is already available.
ok tb@
|
#
1.26 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
#
1.25 |
|
19-Nov-2022 |
tb |
Fix whitespace
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.24 |
|
21-Jan-2017 |
beck |
Split out BN_div and BN_mod into ct and nonct versions for Internal use. ok jsing@
|
#
1.23 |
|
21-Jan-2017 |
beck |
Make explicit _ct and _nonct versions of bn_mod_exp funcitons that matter for constant time, and make the public interface only used external to the library.
This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method.
Add regress tests for same. ok jsing@
|
#
1.22 |
|
15-Jul-2015 |
miod |
Fix inverted test in previous. Commit message told what we intended, but we did not notice my fingers slipping. Noticed by bcook@
|
#
1.21 |
|
15-Jul-2015 |
miod |
Previous fix for Coverity CID 21785 did not cope correctly with seed_len != 0, seed_in == NULL case. Since this situation is an error anyway, bail out early. with and ok beck@
|
#
1.20 |
|
15-Feb-2015 |
doug |
Avoid calling BN_CTX_end() on a context that wasn't started.
In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new() call above it will have allocated a ctx without calling BN_CTX_start() on it. The error handling calls BN_CTX_end() when ctx is allocated.
Move the BN_MONT_CTX_new() call up so it will fail first without splitting up the BN_CTX_new() and BN_CTX_start().
tweak + ok miod@, ok bcook@
|
#
1.19 |
|
15-Feb-2015 |
miod |
If we decide to discard the provided seed buffer because its size is not large enough, do it correctly so that the local seed buffer on the stack gets properly initialized in the first iteration of the loop. While there, remove an outdated and bogus comment. Coverity CID 21785 ok doug@ jsing@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
BN_CTX_get() can fail - consistently check its return value.
There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine).
Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify.
Note there are still a handful of cases that do not follow the idiom - these will be handled separately.
ok beck@ doug@
|
#
1.17 |
|
22-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks.
ok deraadt@
|
#
1.16 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.15 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.14 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.13 |
|
09-Jul-2014 |
miod |
KNF
|
#
1.12 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.11 |
|
15-Apr-2014 |
tedu |
remove FIPS mode support. people who require FIPS can buy something that meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
|
#
1.10 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.9 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.8 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.7 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.26 |
|
26-Nov-2022 |
tb |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
|
#
1.25 |
|
19-Nov-2022 |
tb |
Fix whitespace
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.24 |
|
21-Jan-2017 |
beck |
Split out BN_div and BN_mod into ct and nonct versions for Internal use. ok jsing@
|
#
1.23 |
|
21-Jan-2017 |
beck |
Make explicit _ct and _nonct versions of bn_mod_exp funcitons that matter for constant time, and make the public interface only used external to the library.
This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method.
Add regress tests for same. ok jsing@
|
#
1.22 |
|
15-Jul-2015 |
miod |
Fix inverted test in previous. Commit message told what we intended, but we did not notice my fingers slipping. Noticed by bcook@
|
#
1.21 |
|
15-Jul-2015 |
miod |
Previous fix for Coverity CID 21785 did not cope correctly with seed_len != 0, seed_in == NULL case. Since this situation is an error anyway, bail out early. with and ok beck@
|
#
1.20 |
|
15-Feb-2015 |
doug |
Avoid calling BN_CTX_end() on a context that wasn't started.
In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new() call above it will have allocated a ctx without calling BN_CTX_start() on it. The error handling calls BN_CTX_end() when ctx is allocated.
Move the BN_MONT_CTX_new() call up so it will fail first without splitting up the BN_CTX_new() and BN_CTX_start().
tweak + ok miod@, ok bcook@
|
#
1.19 |
|
15-Feb-2015 |
miod |
If we decide to discard the provided seed buffer because its size is not large enough, do it correctly so that the local seed buffer on the stack gets properly initialized in the first iteration of the loop. While there, remove an outdated and bogus comment. Coverity CID 21785 ok doug@ jsing@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
BN_CTX_get() can fail - consistently check its return value.
There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine).
Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify.
Note there are still a handful of cases that do not follow the idiom - these will be handled separately.
ok beck@ doug@
|
#
1.17 |
|
22-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks.
ok deraadt@
|
#
1.16 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.15 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.14 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.13 |
|
09-Jul-2014 |
miod |
KNF
|
#
1.12 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.11 |
|
15-Apr-2014 |
tedu |
remove FIPS mode support. people who require FIPS can buy something that meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
|
#
1.10 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.9 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.8 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.7 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
#
1.25 |
|
19-Nov-2022 |
tb |
Fix whitespace
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.24 |
|
21-Jan-2017 |
beck |
Split out BN_div and BN_mod into ct and nonct versions for Internal use. ok jsing@
|
#
1.23 |
|
21-Jan-2017 |
beck |
Make explicit _ct and _nonct versions of bn_mod_exp funcitons that matter for constant time, and make the public interface only used external to the library.
This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method.
Add regress tests for same. ok jsing@
|
#
1.22 |
|
15-Jul-2015 |
miod |
Fix inverted test in previous. Commit message told what we intended, but we did not notice my fingers slipping. Noticed by bcook@
|
#
1.21 |
|
15-Jul-2015 |
miod |
Previous fix for Coverity CID 21785 did not cope correctly with seed_len != 0, seed_in == NULL case. Since this situation is an error anyway, bail out early. with and ok beck@
|
#
1.20 |
|
15-Feb-2015 |
doug |
Avoid calling BN_CTX_end() on a context that wasn't started.
In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new() call above it will have allocated a ctx without calling BN_CTX_start() on it. The error handling calls BN_CTX_end() when ctx is allocated.
Move the BN_MONT_CTX_new() call up so it will fail first without splitting up the BN_CTX_new() and BN_CTX_start().
tweak + ok miod@, ok bcook@
|
#
1.19 |
|
15-Feb-2015 |
miod |
If we decide to discard the provided seed buffer because its size is not large enough, do it correctly so that the local seed buffer on the stack gets properly initialized in the first iteration of the loop. While there, remove an outdated and bogus comment. Coverity CID 21785 ok doug@ jsing@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
BN_CTX_get() can fail - consistently check its return value.
There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine).
Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify.
Note there are still a handful of cases that do not follow the idiom - these will be handled separately.
ok beck@ doug@
|
#
1.17 |
|
22-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks.
ok deraadt@
|
#
1.16 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.15 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.14 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.13 |
|
09-Jul-2014 |
miod |
KNF
|
#
1.12 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.11 |
|
15-Apr-2014 |
tedu |
remove FIPS mode support. people who require FIPS can buy something that meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
|
#
1.10 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.9 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.8 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.7 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.24 |
|
21-Jan-2017 |
beck |
Split out BN_div and BN_mod into ct and nonct versions for Internal use. ok jsing@
|
#
1.23 |
|
21-Jan-2017 |
beck |
Make explicit _ct and _nonct versions of bn_mod_exp funcitons that matter for constant time, and make the public interface only used external to the library.
This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method.
Add regress tests for same. ok jsing@
|
#
1.22 |
|
15-Jul-2015 |
miod |
Fix inverted test in previous. Commit message told what we intended, but we did not notice my fingers slipping. Noticed by bcook@
|
#
1.21 |
|
15-Jul-2015 |
miod |
Previous fix for Coverity CID 21785 did not cope correctly with seed_len != 0, seed_in == NULL case. Since this situation is an error anyway, bail out early. with and ok beck@
|
#
1.20 |
|
15-Feb-2015 |
doug |
Avoid calling BN_CTX_end() on a context that wasn't started.
In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new() call above it will have allocated a ctx without calling BN_CTX_start() on it. The error handling calls BN_CTX_end() when ctx is allocated.
Move the BN_MONT_CTX_new() call up so it will fail first without splitting up the BN_CTX_new() and BN_CTX_start().
tweak + ok miod@, ok bcook@
|
#
1.19 |
|
15-Feb-2015 |
miod |
If we decide to discard the provided seed buffer because its size is not large enough, do it correctly so that the local seed buffer on the stack gets properly initialized in the first iteration of the loop. While there, remove an outdated and bogus comment. Coverity CID 21785 ok doug@ jsing@
|
#
1.18 |
|
09-Feb-2015 |
jsing |
BN_CTX_get() can fail - consistently check its return value.
There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine).
Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify.
Note there are still a handful of cases that do not follow the idiom - these will be handled separately.
ok beck@ doug@
|
#
1.17 |
|
22-Oct-2014 |
jsing |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks.
ok deraadt@
|
#
1.16 |
|
12-Jul-2014 |
miod |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
1.15 |
|
11-Jul-2014 |
jsing |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
|
#
1.14 |
|
10-Jul-2014 |
jsing |
Stop including standard headers via cryptlib.h - pull in the headers that are needed in the source files that actually require them.
ok beck@ miod@
|
#
1.13 |
|
09-Jul-2014 |
miod |
KNF
|
#
1.12 |
|
12-Jun-2014 |
deraadt |
tags as requested by miod and tedu
|
#
1.11 |
|
15-Apr-2014 |
tedu |
remove FIPS mode support. people who require FIPS can buy something that meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
|
#
1.10 |
|
13-Oct-2012 |
djm |
resolve conflicts
|
#
1.9 |
|
03-Nov-2011 |
djm |
openssl-1.0.0e: resolve conflicts
|
#
1.8 |
|
01-Oct-2010 |
djm |
resolve conflicts, fix local changes
|
#
1.7 |
|
09-Jan-2009 |
djm |
resolve conflicts
|
#
1.6 |
|
06-Sep-2008 |
djm |
resolve conflicts
|
#
1.5 |
|
29-Apr-2005 |
djm |
resolve conflicts
|
#
1.4 |
|
15-May-2002 |
beck |
OpenSSL 0.9.7 stable 2002 05 08 merge
|
#
1.3 |
|
19-Mar-2000 |
beck |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
#
1.2 |
|
29-Sep-1999 |
beck |
OpenSSL 0.9.4 merge
|
#
1.1 |
|
05-Oct-1998 |
ryker |
branches: 1.1.1; Initial revision
|