| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Rename s3_{both,clnt,pkt_srvr}.c to have an ssl_ prefix since they are no | jsing | 2017-01-26 | 1 | -2923/+0 |
| | | | | | | | longer SSLv3 code. ok beck@ | ||||
| * | Merge the client/server version negotiation into the existing (currently | jsing | 2017-01-26 | 1 | -7/+18 |
| | | | | | | | fixed version) client/server code. ok beck@ | ||||
| * | sk_pop_free() checks for NULL so do not bother doing it from the callers. | jsing | 2017-01-24 | 1 | -5/+4 |
| | | |||||
| * | Remove unused cert variable. | jsing | 2017-01-24 | 1 | -3/+1 |
| | | | | | Found by bcook@ | ||||
| * | sk_SSL_CIPHER_free() checks for NULL so do not bother doing the same from | jsing | 2017-01-24 | 1 | -10/+6 |
| | | | | | the callers. | ||||
| * | Move options and mode from SSL_CTX and SSL to internal, since these can be | jsing | 2017-01-23 | 1 | -4/+4 |
| | | | | | set and cleared via existing functions. | ||||
| * | Split most of SSL_METHOD out into an internal variant, which is opaque. | jsing | 2017-01-23 | 1 | -16/+16 |
| | | | | | Discussed with beck@ | ||||
| * | send state and rstate from ssl_st into internal. There are accessors | beck | 2017-01-23 | 1 | -59/+59 |
| | | | | | | so these should not be diddled with directly ok jsing@ | ||||
| * | Move a large part of ssl_st into internal, so we can see what squeals. | beck | 2017-01-23 | 1 | -75/+75 |
| | | | | | ok jsing@ | ||||
| * | Move most of the fields in SSL_CTX to internal - the ones that remain are | jsing | 2017-01-23 | 1 | -8/+8 |
| | | | | | | | known to be in use. ok beck@ | ||||
| * | move the callbacks from ssl_st to internal | beck | 2017-01-23 | 1 | -9/+9 |
| | | | | | ok jsing@ | ||||
| * | Move callback function pointers and argument pointers from SSL_CTX to | jsing | 2017-01-23 | 1 | -8/+8 |
| | | | | | | | internal. ok beck@ | ||||
| * | Move not_resumable and sess_cert from SSL_SESSION to internal. | jsing | 2017-01-23 | 1 | -7/+7 |
| | | | | | ok beck@ | ||||
| * | Move the stats struct from SSL_CTX to internal. | jsing | 2017-01-23 | 1 | -4/+4 |
| | | | | | ok beck@ | ||||
| * | Move most of the SSL3_STATE fields to internal - the ones that remain are | jsing | 2017-01-22 | 1 | -76/+76 |
| | | | | | | | known to be used by ports. ok beck@ | ||||
| * | Move most of DTLS1_STATE to internal. | beck | 2017-01-22 | 1 | -6/+6 |
| | | | | | ok jsing@ | ||||
| * | Move ALPN and NPN fields from SSL/SSL_CTX to internal. | jsing | 2017-01-22 | 1 | -5/+5 |
| | | | | | ok beck@ | ||||
| * | Add support for ECDHE with X25519. | jsing | 2016-12-21 | 1 | -5/+112 |
| | | | | | | | Testing of an earlier revision by naddy@. ok beck@ | ||||
| * | Ensure that we zero memory that contiansthe ASN.1 encoded session, since | jsing | 2016-12-07 | 1 | -26/+29 |
| | | | | | | | this contains the session master key. ok deraadt@ doug@ | ||||
| * | Convert certificate handshake message generation to CBB, with some clean | jsing | 2016-12-06 | 1 | -7/+22 |
| | | | | | | | | | | | up and restructure. This also adds CBB based variants of the ssl3_handshake_msg_{start,finish} functions - for the time being these use a CBB to build the messages, then copy back into the init_buf. ok doug@ | ||||
| * | Convert ssl3_send_server_hello() to CBB. | jsing | 2016-12-04 | 1 | -18/+38 |
| | | | | | ok beck@ doug@ | ||||
| * | Avoid signed vs unsigned warnings from clang by adding two casts, | jsing | 2016-12-03 | 1 | -2/+2 |
| | | | | | | | slightly rewriting some code and changing the type of an array. ok bcook@ doug@ | ||||
| * | Convert ssl3_get_client_kex_dhe() to CBS and perform some general code | jsing | 2016-11-17 | 1 | -38/+29 |
| | | | | | | | cleanup, including the removal of a dead code path. ok beck@ | ||||
| * | Split ssl3_get_client_key_exchange() into separate per algorithm functions. | jsing | 2016-11-06 | 1 | -320/+388 |
| | | | | | ok beck@ | ||||
| * | Remove pointless check - without fixed ECDH, there is only one way to reach | jsing | 2016-11-06 | 1 | -8/+1 |
| | | | | | | | this code path. ok beck@ bcook@ | ||||
| * | Split out the DHE and ECDHE code paths from | jsing | 2016-11-06 | 1 | -203/+221 |
| | | | | | | | ssl3_send_server_key_exchange(). ok beck@ bcook@ | ||||
| * | Do a partial CBB conversion of ssl3_send_server_key_exchange(), which will | jsing | 2016-11-05 | 1 | -52/+67 |
| | | | | | | | make it easier to do further clean up. ok beck@ miod@ | ||||
| * | Remove support for fixed ECDH cipher suites - these is not widely supported | jsing | 2016-10-19 | 1 | -15/+7 |
| | | | | | | | | | | and more importantly they do not provide PFS (if you want to use ECDH, use ECDHE instead). With input from guenther@. ok deraadt@ guenther@ | ||||
| * | Check for packet with truncated DTLS cookie. | guenther | 2016-09-22 | 1 | -12/+17 |
| | | | | | | | | | | | | Flip pointer comparison logic to avoid beyond-end-of-buffer pointers to make it less likely a compiler will decide to screw you. Based on parts of openssl commits 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 and 89c2720298f875ac80777da2da88a64859775898 ok jsing@ | ||||
| * | deprecate internal use of EVP_[Cipher|Encrypt|Decrypt]_Final. | beck | 2016-05-30 | 1 | -2/+2 |
| | | | | | | | | 14 years ago these were changed in OpenSSL to be the same as the _ex functions. We use the _ex functions only internally to ensure it is obvious the ctx must be cleared. ok bcook@ | ||||
| * | X509_free(3) is NULL-safe, so remove NULL checks before its calls. | mmcc | 2016-03-11 | 1 | -5/+3 |
| | | | | | ok doug@ | ||||
| * | deprecate SSL_OP_SINGLE_DH_USElibressl-v2.3.2 | beck | 2016-01-27 | 1 | -20/+5 |
| | | | | | ok jsing@ | ||||
| * | Use ECDH_size() instead of rolling our own. | jsing | 2015-09-13 | 1 | -6/+6 |
| | | | | | ok beck@ | ||||
| * | The *_accept() functions increment in_handshake at the start of the function, | jsing | 2015-09-13 | 1 | -16/+25 |
| | | | | | | | | | then decrement it and call a callback on exit from the function. As such, these functions should not return in the middle, otherwise in_handshake is never decremented and the callback never called. ok beck@ "with many sighs" miod@ | ||||
| * | Remove most of the SSLv3 version checks and a few TLS v1.0. | doug | 2015-09-12 | 1 | -37/+24 |
| | | | | | | | | We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and DTLS1_BAD_VER support was removed. "reads ok" miod@ | ||||
| * | Move handshake message header length determination into a separate | jsing | 2015-09-12 | 1 | -5/+8 |
| | | | | | | | | ssl3_handshake_msg_hdr_len() function. Use this to correct several places that have magic numbers with header lengths hardcoded as '4'. ok beck@ | ||||
| * | Convert the rest of the server handshake functions to ssl3_handshake_msg_*. | jsing | 2015-09-12 | 1 | -44/+35 |
| | | | | | ok beck@ | ||||
| * | Rename functions that moved to t1_enc.c, with a tls1_ prefix instead of a | jsing | 2015-09-11 | 1 | -9/+9 |
| | | | | | | | ssl3_ prefix. ok beck@ | ||||
| * | Remove support for DTLS_BAD_VER. We do not support non-standard and | jsing | 2015-09-10 | 1 | -2/+2 |
| | | | | | | | | incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years. ok bcook@ miod@ | ||||
| * | Correct spelling of OPENSSL_cleanse. | jsing | 2015-09-10 | 1 | -4/+4 |
| | | | | | ok miod@ | ||||
| * | Remove the ssl_prepare_{client,server}hello_tlsext() functions, which are | jsing | 2015-09-01 | 1 | -6/+1 |
| | | | | | | | now nothing more than noops. ok bcook@ doug@ | ||||
| * | Remove SSLv3 method data structs and unlink s3_meth.c from the build. | doug | 2015-08-29 | 1 | -41/+1 |
| | | | | | ok jsing@ | ||||
| * | Remove SSLv3 support from LibreSSL. | doug | 2015-08-27 | 1 | -15/+1 |
| | | | | | | | | | | | This is the first wave of SSLv3 removal which removes the main SSLv3 functions. Future commits will remove the rest of the SSLv3 support. Discussed the plan at c2k15. Input from jsing@, beck@, miod@, bcook@, sthen@, naddy@, and deraadt@. ok jsing@, beck@ | ||||
| * | Add linker warnings in case SSLv3_{,client,server}_method are referenced. | miod | 2015-07-29 | 1 | -1/+7 |
| | | | | | | | | Use of this symbols proves the existence of a code path willingly using SSLv3, even with OPENSSL_NO_SSL3 being defined, which hints that it needs fixing. Discussed with the LibreSSL cabal during c2k15; ok deraadt@ | ||||
| * | Remove support for the SSL_OP_TLS_D5_BUG compat hack from SSLeay. | doug | 2015-07-18 | 1 | -8/+4 |
| | | | | | | | | | This is a 17 year old workaround from SSLeay 0.9.0b. It was for clients that send RSA client key exchange in TLS using SSLv3 format (no length prefix). ok jsing@ | ||||
| * | Convert ssl3_get_client_certificate to CBS. | doug | 2015-07-14 | 1 | -15/+19 |
| | | | | | ok miod@ jsing@ | ||||
| * | Convert ssl3_get_next_proto to CBS. | doug | 2015-06-20 | 1 | -14/+19 |
| | | | | | tweak + ok miod@ jsing@ | ||||
| * | Remove Microsoft Server Gated Crypto. | doug | 2015-06-18 | 1 | -56/+7 |
| | | | | | | | | | | Another relic due to the old US crypto policy. From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and 95275599399e277e71d064790a1f828a99fc661a. ok jsing@ miod@ | ||||
| * | KNF whitespace. | doug | 2015-06-17 | 1 | -2/+3 |
| | | | | | ok miod@ jsing@ | ||||
| * | Remove ancient SSL_OP_NETSCAPE_CA_DN_BUG from SSLeay days. | doug | 2015-06-15 | 1 | -15/+5 |
| | | | | | | | | This commit matches the OpenSSL removal in commit 3c33c6f6b10864355553961e638514a6d1bb00f6. ok deraadt@ | ||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |