summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s23_srvr.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Since we no longer need to support SSLv2-style cipher lists, startjsing2014-08-101-3/+1
| | | | | | | | | | unravelling the maze of function pointers and callbacks by directly calling ssl3_{get,put}_cipher_by_char() and removing the ssl_{get,put}_cipher_by_char macros. Prompted by similar changes in boringssl. ok guenther.
* When you expect a function to return a particular value, don't put a commentmiod2014-08-071-6/+3
| | | | | | | | | | | saying that you expect it to return that value and compare it against zero because it is supposedly faster, for this leads to bugs (especially given the high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in this library). Instead, compare for the exact value it ought to return upon success. ok deraadt@
* Fix CVE-2014-3511; TLS downgrade, verbatim diffderaadt2014-08-071-5/+27
| | | | | https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b ok guenther miod
* No need to keep ssl23_foo() flavours mapping to ssl3_foo().miod2014-07-111-4/+4
| | | | ok tedu@
* decompress libssl. ok beck jsingtedu2014-07-101-2/+2
|
* fix the identical leak in three different files.tedu2014-06-301-2/+3
| | | | reported by Brent Cook, original diff by logan
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* remove some #if 0 code. we don't need any more reminders that we're usingtedu2014-05-301-11/+0
| | | | a not quite appropriate data structure. ok jsing
* Code using malloc() in ssl23_get_client_hello() got removed 12 years ago,miod2014-05-241-32/+27
| | | | | it's time to remove the test for a possible need to free(). ok jsing@
* DeIMPLEMENT libssl. Expand the IMPLEMENT_* macros since it is far morejsing2014-05-241-3/+39
| | | | | | | | readable and one less layer of abstraction. Use C99 initialisers for clarity, grepability and to protect from future field reordering/removal. ok miod@ (tedu@ also thought it was a wonderful idea, beck@ also agreed, but ran away squealing since it reminded him of the VOP layer...)
* More KNF.jsing2014-04-191-13/+13
|
* More KNF and style consistency tweaksguenther2014-04-191-5/+4
|
* whack a bunch of disabled code. ok beck lteotedu2014-04-171-5/+0
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-2/+2
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap fromguenther2014-04-161-7/+12
| | | | | | | | | the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally. ok tedu@ beck@
* remove ssl2 support even more completely.tedu2014-04-151-44/+0
| | | | | | in the process, always include ssl3 and tls1, we don't need config options for them. when the time comes to expire ssl3, it will be with an ax. checked by miod
* remove FIPS mode support. people who require FIPS can buy something thattedu2014-04-151-11/+0
| | | | | meets their needs, but dumping it in here only penalizes the rest of us. ok miod
* So the OpenSSL codebase does "get the time, add it as a random seed"deraadt2014-04-141-2/+0
| | | | | | | in a bunch of places inside the TLS engine, to try to keep entropy high. I wonder if their moto is "If you can't solve a problem, at least try to do it badly". ok miod
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-141-304/+260
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* Do not include "e_os.h" anymore. Simply pull in the necessary headers.mpi2014-04-131-1/+1
| | | | ok miod@, deraadt@
* resolve conflictsdjm2012-10-131-4/+48
|
* resolve conflicts, fix local changesdjm2010-10-011-14/+27
|
* update to openssl-0.9.8i; tested by several, especially krw@djm2009-01-051-0/+9
|
* resolve conflictsdjm2008-09-061-32/+4
|
* resolve conflictsdjm2006-06-271-4/+1
|
* fix potential SSL 2.0 rollback ↵markus2005-10-111-3/+1
| | | | | | (http://www.openssl.org//news/secadv_20051011.txt) from http://www.openssl.org/news/patch-CAN-2005-2969.txt
* resolve conflictsdjm2005-04-291-0/+9
|
* merge 0.9.7b with local changes; crank majors for libssl/libcryptomarkus2003-05-121-6/+13
|
* merge openssl-0.9.7-beta3, tested on vax by miod@markus2002-09-101-1/+1
|
* OpenSSL 0.9.7 stable 2002 05 08 mergebeck2002-05-151-84/+97
|
* openssl-engine-0.9.6 mergebeck2000-12-151-12/+20
|
* OpenSSL 0.9.5 mergebeck2000-03-191-35/+100
| | | | | | *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
* OpenSSL 0.9.4 mergebeck1999-09-291-34/+38
|
* Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD buildryker1998-10-051-0/+499
functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 08:28:26 +0000