summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_srvr.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* This commit was manufactured by cvs2git to create branch 'OPENBSD_5_6'.cvs2svn2014-08-081-1578/+0
|
* Prevent a possible use after free by mimicing the s3_srvr.c fixes contributed bymiod2014-08-061-4/+1
| | | | | | | Adam Langley close to three years ago, which were commited in https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e7928282d0148af5f28fa3437a625a2006af0214 ok jsing@
* The RSA, DH, and ECDH temporary key callbacks expect the number of keybitsguenther2014-07-281-4/+7
| | | | | | | | | | | | | for the key (expressed in RSA key bits, which makes *no sense* for ECDH) as their second argument, not zero. (jsing@ notes that the RSA callback is only invoked for 'export' ciphers, which have been removed from LibreSSL, and for the SSL_OP_EPHEMERAL_RSA option, which is makes the application non-compliant. More fuel for the tedu fire...) jasper@ noted the breakage and bisected it down to the diff that broke this ok jsing@ miod@
* The correct name for EDH is DHE, likewise EECDH should be ECDHE.jsing2014-07-121-6/+6
| | | | | | Based on changes to OpenSSL trunk. ok beck@ miod@
* Remove remnants from PSK, KRB5 and SRP.jsing2014-07-121-22/+9
| | | | ok beck@ miod@
* Place comments in a block above the if statement, rather than attemptingjsing2014-07-121-18/+32
| | | | | to interleave them within the conditions. Also fix wrapping and indentation.
* Remove the PSK code. We don't need to drag around thisbeck2014-07-111-25/+1
| | | | | baggage. ok miod@ jsing@
* decompress libssl. ok beck jsingtedu2014-07-101-8/+1
|
* tedu the SSL export cipher handling - since we do not have enabled exportjsing2014-07-091-21/+5
| | | | | | ciphers we no longer need the flags or code to support it. ok beck@ miod@
* fix the identical leak in three different files.tedu2014-06-301-2/+3
| | | | reported by Brent Cook, original diff by logan
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162e ↵deraadt2014-06-071-1/+2
| | | | | | | | | | | | | | | | | | | c30718b5e7480add42598158 Don't know the full story, but it looks like a "can't do random perfectly, so do it god awful" problem was found in 2013, and replaced with "only do it badly if a flag is set". New flags (SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old scheme of "use time_t for first 4 bytes of the random buffer". Nothing uses these flags [ecosystem scan by sthen] Fully discourage use of these flags in the future by removing support & definition of them. The buflen < 4 check is also interesting, because no entropy would be returned. No callers passed such small buffers. ok miod sthen
* TLS would not be entirely functional without extensions, so unifdefjsing2014-05-311-19/+0
| | | | | | OPENSSL_NO_TLSEXT. ok tedu@
* remove some #if 0 code. we don't need any more reminders that we're usingtedu2014-05-301-5/+0
| | | | a not quite appropriate data structure. ok jsing
* unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.tedu2014-05-291-16/+0
| | | | ok deraadt jsing
* More KNF.jsing2014-05-281-3/+2
|
* DeIMPLEMENT libssl. Expand the IMPLEMENT_* macros since it is far morejsing2014-05-241-3/+38
| | | | | | | | readable and one less layer of abstraction. Use C99 initialisers for clarity, grepability and to protect from future field reordering/removal. ok miod@ (tedu@ also thought it was a wonderful idea, beck@ also agreed, but ran away squealing since it reminded him of the VOP layer...)
* Remove SRP and Kerberos support from libssl. These are complex protocolstedu2014-05-051-3/+0
| | | | | all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
* Make libssl and libcrypto compile with -Werrorbeck2014-04-231-1/+1
| | | | ok miod@
* more malloc/realloc/calloc cleanups; ok beck kettenisderaadt2014-04-211-2/+1
|
* More KNF and style consistency tweaksguenther2014-04-191-4/+3
|
* always build in RSA and DSA. ok deraadt miodtedu2014-04-171-8/+0
|
* fix a potential double freejsg2014-04-171-2/+2
| | | | ok miod@
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-6/+6
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* strncpy(d, s, strlen(s)) is a special kind of stupid. even when it's right,tedu2014-04-161-4/+8
| | | | | it looks wrong. replace with auditable code and eliminate many strlen calls to improve efficiency. (wait, did somebody say FASTER?) ok beck
* make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miodtedu2014-04-141-12/+0
|
* So the OpenSSL codebase does "get the time, add it as a random seed"deraadt2014-04-141-2/+0
| | | | | | | in a bunch of places inside the TLS engine, to try to keep entropy high. I wonder if their moto is "If you can't solve a problem, at least try to do it badly". ok miod
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-141-797/+726
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* Do not include "e_os.h" anymore. Simply pull in the necessary headers.mpi2014-04-131-1/+1
| | | | ok miod@, deraadt@
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-9/+20
|
* resolve conflictsdjm2012-10-131-19/+167
|
* OpenSSL 1.0.0f: mergedjm2012-01-051-1/+1
|
* openssl-1.0.0e: resolve conflictsdjm2011-11-031-7/+19
|
* resolve conflicts, fix local changesdjm2010-10-011-68/+472
|
* update to openssl-0.9.8i; tested by several, especially krw@djm2009-01-051-3/+3
|
* import of OpenSSL 0.9.8hdjm2008-09-061-0/+1147
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-09-02 09:09:12 +0000