summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix library search path so we link against the freshly built libcrypto.sotobiasu2015-06-051-2/+2
| | | | | | instead of a stale one. ok miod@ mpi@
* Use a relative path against BSDOBJDIR to pick libcrypto; makes cross-libmiod2015-05-261-2/+2
| | | | work again.
* Record inter-library dependencies between libcrypto, libssl and libtlskettenis2015-05-172-1/+4
|
* Bump libcrypto and libssl majors, due to various recent churn.jsing2015-02-221-1/+1
| | | | Discussed with/requested by deraadt@ at the conclusion of s2k15.
* Crank libssl major due to the recent changes and removals.jsing2015-02-071-2/+2
| | | | ok beck@ deraadt@ miod@
* Stop defining TERMIOS, ANSI_SOURCE and OPENSSL_NO_RC5 for libssl builds.jsing2015-02-071-3/+1
| | | | | | | The first two are unused in libssl/libcrypto and OPENSSL_NO_RC5 is already defined via openssl/opensslfeatures.h. ok beck@ doug@ miod@
* Import BoringSSL's crypto bytestring and crypto bytebuilder APIs.doug2015-02-061-1/+2
| | | | | | | | | | | | | | This is imported with as few changes as possible for the initial commit. I removed OPENSSL_EXPORT, replaced OPENSSL_malloc() etc with malloc() and changed a few header includes. BoringSSL has this as part of their public API. We're leaving it internal to libssl for now. Based on BoringSSL's CBB/CBS API as of commit c5cc15b4f5b1d6e9b9112cb8d30205a638aa2c54. input + ok jsing@, miod@
* Support CA verification in chroot'ed processes without direct filereyk2015-01-221-1/+1
| | | | | | | | | | access to the certificates. SSL_CTX_load_verify_mem() is a frontend to the new X509_STORE_load_mem() function that allows to load the CA chain from a memory buffer that is holding the PEM-encoded files. This function allows to handle the verification in privsep'ed code. Adopted for LibreSSL based on older code from relayd (by pyr@ and myself) With feedback and OK bluhm@
* libssl major++jsing2014-12-101-1/+1
|
* Update the GOST code in libssl, as contributed by Dmitry Eremin-Solenikov.miod2014-11-181-1/+1
| | | | | This causes a libssl major version bump as this affects the layout of some internal-but-unfortunately-made-visible structs.
* Crank libssl major due to recent additions, removals and changes.jsing2014-10-311-2/+2
|
* Bump minor version for ECDH auto.jsing2014-10-031-1/+1
| | | | | While there are no additional symbols, there is an additional command that clients will potentially depend on.
* Bump minor after adding SSL_CTX_use_certificate_chain().reyk2014-09-281-1/+1
| | | | ok jsing@ miod@
* -DOPENSSL_NO_KRB5 is no longer neededderaadt2014-07-121-2/+2
| | | | ok guenther
* enough churn, a crank is advised by guenther..deraadt2014-07-121-1/+1
|
* crank major for decompression featuretedu2014-07-101-1/+1
|
* Remove support for the `opaque PRF input' extension, which draft has expiredmiod2014-06-131-2/+2
| | | | | | | | 7 years ago and never made it into an RFC. That code wasn't compiled in anyway unless one would define the actual on-the-wire extension id bytes; crank libssl major. With help and enlightenment from Brendan MacDonell.
* Make make includes work again without kssl.hbeck2014-05-291-2/+2
|
* define LIBRESSL_INTERNAL, and use it to hide the bad stuff from ourselvestedu2014-05-251-1/+2
| | | | ok beck
* Omit -Werror if building with gcc3, for it triggers "redefinition of `pqueue'"miod2014-05-181-2/+6
| | | | warnings now that pqueue.h has been removed from public scope.
* No longer make pqueue.h a public (and installed) header file. Replace itsmiod2014-05-151-2/+2
| | | | | | | | | inclusion in <ssl/dtls1.h> by the benign `struct _pqueue; typedef struct _pqueue *pqueue;'. Note that said dtls1.h should probably be considered a private header as well... ok beck@
* Move the `pqueue' part of libcrypto, which is a glorified sorted linked listmiod2014-05-122-4/+5
| | | | | | | | | | | | | of 64-bit data, and only used by DTLS, to libssl where it belongs. Remove pqueue_print() which is a debugging interface and serves no useful purpose, except for the regress test, which grows its own pqueue_print() routine. Bump libcrypto major and libssl minor. WARNING: do not update your tree right now, more changes are coming, which will ride the libcrypto major bump.
* Remove SRP and Kerberos support from libssl. These are complex protocolstedu2014-05-051-2/+2
| | | | | all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
* Make libssl and libcrypto compile with -Werrorbeck2014-04-231-2/+2
| | | | ok miod@
* Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.guenther2014-04-201-1/+1
| | | | | | | APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl. ok tedu@
* -Walltedu2014-04-171-1/+2
|
* TANSTAAFL - delete the buf freelist code. if you need a better malloc, gettedu2014-04-161-2/+1
| | | | a better malloc. ok beck deraadt
* add back SRP. i was being too greedy.tedu2014-04-161-2/+2
|
* disentangle SRP code from TLStedu2014-04-161-2/+2
|
* remove ssl2 support even more completely.tedu2014-04-151-3/+1
| | | | | | in the process, always include ssl3 and tls1, we don't need config options for them. when the time comes to expire ssl3, it will be with an ax. checked by miod
* Crank major for libcrypto and libssl; more symbol removals to occur during themiod2014-04-151-1/+1
| | | | | next few moments, don't rush your update. Requested by deraadt@
* o_dir.c has a questionable odor.. now that we got rid of OPENSSL_DIR_XXXbeck2014-04-141-2/+1
| | | | | | remove it from the build.. we can cvs rm it and the files it includes once we know for sure ports are good. ok deraadt@
* make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miodtedu2014-04-141-2/+2
|
* Move undocumented internal OPENSSL_DIR interface from libcrypto to libssl,miod2014-04-131-2/+3
| | | | | | so that libssl no longer need to access the non-external headers of libcrypto to build. No library bump, riding upon the recent update.
* Crank libcrypto minor (addition of BN_consttime_swap and CRYPTO_memcmp)miod2014-04-131-1/+1
| | | | and libssl major (ssl_check_clienthello_tlsext split into two functions)
* Move build machinery for libcrypto from libssl/crypto to libcrypto, as wellmiod2014-04-111-5/+4
| | | | | | | | | as configuration files; split manpages and .pc files between libcrypto and libssl. No functional change, only there to make engineering easier, and libcrypto sources are still found in libssl/src/crypto at the moment. ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.
* oops, typo, spotted by Matthias Schelerderaadt2014-04-101-2/+2
|
* crank major; struct ssl_ctx_st changes; ok teduderaadt2014-04-101-1/+1
|
* Disable Segglemann's RFC520 hearbeat.deraadt2014-04-101-2/+2
| | | | | | | | | | | | I am completely blown away that the same IETF that cannot efficiently allocate needed protocol, service numbers, or other such things when they are needed, can so quickly and easily rubber stamp the addition of a 64K Covert Channel in a critical protocol. The organization should look at itself very carefully, find out how this this happened, and everyone who allowed this to happen on their watch should be evicted from the decision making process. IETF, I don't trust you. ok tedu markus
* disable buf freelists. we'll see what happens next.tedu2014-04-101-1/+2
| | | | ok deraadt
* Switch time_t, ino_t, clock_t, and struct kevent's ident and dataguenther2013-08-131-1/+1
| | | | | | | | | | | | | | | | | | | | members to 64bit types. Assign new syscall numbers for (almost all) the syscalls that involve the affected types, including anything with time_t, timeval, itimerval, timespec, rusage, dirent, stat, or kevent arguments. Add a d_off member to struct dirent and replace getdirentries() with getdents(), thus immensely simplifying and accelerating telldir/seekdir. Build perl with -DBIG_TIME. Bump the major on every single base library: the compat bits included here are only good enough to make the transition; the T32 compat option will be burned as soon as we've reached the new world are are happy with the snapshots for all architectures. DANGER: ABI incompatibility. Updating to this kernel requires extra work or you won't be able to login: install a snapshot instead. Much assistance in fixing userland issues from deraadt@ and tedu@ and build assistance from todd@ and otto@
* cherry pick bugfixes for http://www.openssl.org/news/secadv_20130205.txtmarkus2013-02-141-1/+2
| | | | | from the openssl git (changes between openssl 1.0.1c and 1.0.1d). ok djm@
* Makefile and header changes for OpenSSL-1.0.1cdjm2012-10-132-7/+6
| | | | major cranks
* remove leftover NOLINT, WANTLINT, LINTFLAGS, LOBJ vars and lint targets.okan2012-08-021-2/+1
| | | | ok guenther@
* Disable SSLv2 in OpenSSL. No objections from djm.sthen2012-07-112-3/+4
| | | | Brad, jasper and naddy helped with test builds, fixing ports, etc.
* OpenSSL 1.0.0f: crank minordjm2012-01-051-1/+1
|
* crank major for openssl-1.0.0edjm2011-11-031-1/+1
|
* update supporting files, crank library majorsdjm2010-10-012-29/+18
|
* pull Ben Lauries blind prefix injection fix for CVE-2009-3555 frommarkus2009-11-101-1/+1
| | | | openssl 0.9.8l; crank minor version; ok djm@ deraadt@; initially from jsg@
* crankus majorisdjm2009-04-061-1/+1
|