openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Currently, ssl3_put_char_by_bytes(NULL, NULL) is just a long handed way	jsing	2014-08-11	1	-1/+2
\| \| \| \| \| \| \| \|	of writing "2". Add a define for the SSL3_CIPHER_VALUE_SIZE (rather than using a less-readable hardcoded constant everywhere) and replace the ssl3_put_char_by_bytes(NULL, NULL) calls with it. ok bcook@ miod@
*	Put back some parts of the public SSL API that should not have been	jsing	2014-07-10	1	-2/+1
\| \| \| \|	completely decompressed.
*	decompress libssl. ok beck jsing	tedu	2014-07-10	1	-15/+1
\|
*	Add support for handling SSL_CIPHER_ALGORITHM2_AEAD ciphers, which are	jsing	2014-06-13	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \| \|	those that use EVP_AEAD instead ov EVP_CIPHER. This means being able to change cipher state with an EVP_AEAD and being able to encrypt/decrypt TLS using the EVP_AEAD. This has no change on existing non-SSL_CIPHER_ALGORITHM2_AEAD ciphers. Based on Adam Langley's chromium patches. Rides the recent libssl bump. Tested by sthen@
*	Remove support for the `opaque PRF input' extension, which draft has expired	miod	2014-06-13	1	-10/+1
\| \| \| \| \| \| \| \|	7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
*	tags as requested by miod and tedu	deraadt	2014-06-12	1	-1/+1
\|
*	Add a define for the SSLv3 sequence size and use it, rather than sprinkling	jsing	2014-06-08	1	-2/+3
\| \| \| \| \| \|	magic numbers around. ok deraadt@
*	Be selective as to when ChangeCipherSpec messages will be accepted.	jsing	2014-06-05	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Without this an early ChangeCipherSpec message would result in session keys being generated, along with the Finished hash for the handshake, using an empty master secret. For a detailed analysis see: https://www.imperialviolet.org/2014/06/05/earlyccs.html This is a fix for CVE-2014-0224, from OpenSSL. This issue was reported to OpenSSL by KIKUCHI Masashi. Unfortunately the recent OpenSSL commit was the first we were made aware of the issue. ok deraadt@ sthen@
*	ECDH and ECDSA will not work overly well if there is no EC, so unifdef	jsing	2014-05-31	1	-2/+0
\| \| \| \| \| \|	OPENSSL_NO_EC. ok tedu@
*	TLS would not be entirely functional without extensions, so unifdef	jsing	2014-05-31	1	-2/+0
\| \| \| \| \| \|	OPENSSL_NO_TLSEXT. ok tedu@
*	remove some #if 0 code. we don't need any more reminders that we're using	tedu	2014-05-30	1	-16/+0
\| \| \| \|	a not quite appropriate data structure. ok jsing
*	unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.	tedu	2014-05-29	1	-4/+0
\| \| \| \|	ok deraadt jsing
*	Whitespace fixes to align define values.	jsing	2014-05-25	1	-85/+86
\|
*	First pass at applying KNF to the OpenSSL code, which almost makes it	jsing	2014-04-15	1	-36/+34
\| \| \| \| \| \| \|	readable. This pass is whitespace only and can readily be verified using tr and md5. There is still a huge amount of inconsistency within these headers.
*	Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.	miod	2014-04-13	1	-0/+15
\|
*	resolve conflicts	djm	2012-10-13	1	-1/+31
\|
*	OpenSSL 1.0.0f: merge	djm	2012-01-05	1	-0/+11
\|
*	resolve conflicts, fix local changes	djm	2010-10-01	1	-31/+102
\|
*	pull Ben Lauries blind prefix injection fix for CVE-2009-3555 from	markus	2009-11-10	1	-4/+5
\| \| \| \|	openssl 0.9.8l; crank minor version; ok djm@ deraadt@; initially from jsg@
*	resolve conflicts	djm	2008-09-06	1	-1/+40
\|
*	merge 0.9.7b with local changes; crank majors for libssl/libcrypto	markus	2003-05-12	1	-13/+35
\|
*	OpenSSL 0.9.7 stable 2002 05 08 merge	beck	2002-05-15	1	-8/+83
\|
*	openssl-engine-0.9.6 merge	beck	2000-12-15	1	-1/+4
\|
*	OpenSSL 0.9.5 merge	beck	2000-03-19	1	-64/+31
\| \| \| \| \| \|	warning this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
*	OpenSSL 0.9.4 merge	beck	1999-09-29	1	-14/+18
\|
*	Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build	ryker	1998-10-05	1	-0/+455
	functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.