summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_srvr.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS andjsing2014-05-301-19/+13
| | | | | | SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
* the comment says RAND_pseudo_bytes should be RAND_bytes. make it so.tedu2014-05-291-6/+1
| | | | ok deraadt
* unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.tedu2014-05-291-30/+0
| | | | ok deraadt jsing
* There is no point in checking if a pointer is non-NULL before calling free,jsing2014-05-281-6/+3
| | | | | | | | since free already does this for us. Also remove some pointless NULL assignments, where the result from malloc(3) is immediately assigned to the same variable. ok miod@
* Remove TLS_DEBUG, SSL_DEBUG, CIPHER_DEBUG and OPENSSL_RI_DEBUG. Much ofjsing2014-05-251-19/+0
| | | | | | | this is sporadic, hacked up and can easily be put back in an improved form should we ever need it. ok miod@
* DeIMPLEMENT libssl. Expand the IMPLEMENT_* macros since it is far morejsing2014-05-241-4/+38
| | | | | | | | readable and one less layer of abstraction. Use C99 initialisers for clarity, grepability and to protect from future field reordering/removal. ok miod@ (tedu@ also thought it was a wonderful idea, beck@ also agreed, but ran away squealing since it reminded him of the VOP layer...)
* Stop including kssl_lcl.h and nuke it from orbit - it is a no-op now.jsing2014-05-221-1/+0
| | | | ok beck@ miod@
* In ssl3_send_certificate_request(), when adding the extra payload ifmiod2014-05-181-1/+6
| | | | | | | NETSCAPE_HANG_BUG is defined, make sure we BUF_MEM_grow() the buffer to accomodate for the payload size. Issue reported by David Ramos; ok beck@
* Remove SRP and Kerberos support from libssl. These are complex protocolstedu2014-05-051-317/+0
| | | | | all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
* More KNF, things that couldn't be verified with md5(1), and some whitespacemcbride2014-04-241-74/+92
| | | | I missed on the first go around.
* Make libssl and libcrypto compile with -Werrorbeck2014-04-231-1/+1
| | | | ok miod@
* more malloc/realloc/calloc cleanups; ok beck kettenisderaadt2014-04-211-2/+1
|
* More KNF and style consistency tweaksguenther2014-04-191-4/+3
|
* whack a bunch of disabled code. ok beck lteotedu2014-04-171-18/+0
|
* always build in RSA and DSA. ok deraadt miodtedu2014-04-171-16/+0
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-12/+12
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* add back SRP. i was being too greedy.tedu2014-04-161-0/+122
|
* Thanks to the knobs in http://tools.ietf.org/html/rfc5746, we have a knobbeck2014-04-161-3/+1
| | | | | | to say "allow this connection to negotiate insecurely". de-fang the code that respects this option to ignore it. ok miod@
* disentangle SRP code from TLStedu2014-04-161-122/+0
|
* strncpy(d, s, strlen(s)) is a special kind of stupid. even when it's right,tedu2014-04-161-8/+9
| | | | | it looks wrong. replace with auditable code and eliminate many strlen calls to improve efficiency. (wait, did somebody say FASTER?) ok beck
* KNFmcbride2014-04-161-361/+619
|
* make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miodtedu2014-04-141-11/+0
|
* So the OpenSSL codebase does "get the time, add it as a random seed"deraadt2014-04-141-2/+1
| | | | | | | in a bunch of places inside the TLS engine, to try to keep entropy high. I wonder if their moto is "If you can't solve a problem, at least try to do it badly". ok miod
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-141-1892/+1597
| | | | | readable. This pass is whitespace only and can readily be verified using tr and md5.
* Do not include "e_os.h" anymore. Simply pull in the necessary headers.mpi2014-04-131-1/+1
| | | | ok miod@, deraadt@
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-16/+23
|
* resolve conflictsdjm2012-10-131-86/+460
|
* OpenSSL 1.0.0f: mergedjm2012-01-051-0/+11
|
* openssl-1.0.0e: resolve conflictsdjm2011-11-031-10/+26
|
* Security fix for CVE-2010-4180 as mentioned in ↵jasper2010-12-151-0/+5
| | | | | | | | | | | http://www.openssl.org/news/secadv_20101202.txt. where clients could modify the stored session cache ciphersuite and in some cases even downgrade the suite to weaker ones. This code is not enabled by default. ok djm@
* resolve conflicts, fix local changesdjm2010-10-011-268/+595
|
* pull Ben Lauries blind prefix injection fix for CVE-2009-3555 frommarkus2009-11-101-0/+8
| | | | openssl 0.9.8l; crank minor version; ok djm@ deraadt@; initially from jsg@
* resolve conflictsdjm2009-01-091-14/+20
|
* update to openssl-0.9.8i; tested by several, especially krw@djm2009-01-051-3/+5
|
* resolve conflictsdjm2008-09-061-91/+846
|
* resolve conflictsdjm2006-06-271-2/+2
|
* resolve conflictsdjm2005-04-291-6/+11
|
* out-of-bounds read in (unused) kerberos ciphersuites (CAN-2004-0112)markus2004-03-171-0/+16
|
* more fixes from 0.9.7c, ok deraadt, clodermarkus2003-09-301-4/+10
|
* merge 0.9.7b with local changes; crank majors for libssl/libcryptomarkus2003-05-121-12/+18
|
* Fix for Klima-Pokorny-Rosa attack on RSA in SSL/TLS, seemarkus2003-03-191-13/+12
| | | | http://marc.theaimsgroup.com/?l=bugtraq&m=104811162730834&w=2
* merge with openssl-0.9.7-stable-SNAP-20020911,markus2002-09-141-1/+5
| | | | | new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
* merge openssl-0.9.7-beta3, tested on vax by miod@markus2002-09-101-2/+2
|
* merge with 0.9.7-beta1markus2002-09-051-2/+2
|
* protect <openssl/krb5_asn.h> with OPENSSL_NO_KRB5markus2002-08-301-0/+2
|
* sync with http://www.openssl.org/news/patch_20020730_0_9_7.txtmarkus2002-07-301-4/+14
| | | | | (adds fix for unused kerberos and engine code, and some more assertions, as well as a 64bit integer string fix for conf_mod.c)
* apply patches from OpenSSL Security Advisory [30 July 2002],markus2002-07-301-0/+1
| | | | http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
* OpenSSL 0.9.7 stable 2002 05 08 mergebeck2002-05-151-66/+322
|
* merge openssl 0.9.6b-enginebeck2001-08-011-2/+24
| | | | | Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries
* CRT and DH+SSL fix from 0.9.6a, ok provos@/deraadt@markus2001-04-221-0/+1
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 05:44:01 +0000