summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_locl.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* TLS would not be entirely functional without extensions, so unifdefjsing2014-05-311-4/+0
| | | | | | OPENSSL_NO_TLSEXT. ok tedu@
* While working on another diff I ended up looking to see why on earth thejsing2014-05-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | DTLS code had a chunk that checked to see if the SSL version was *not* DTLS. Turns out that this is inside a big #if 0 block with a comment explaining why DTLS will never need this code... The DTLS code was clearly written by wholesale copying the SSLv3 code. Any code not applicable to DTLS was seemingly #if 0'd or commented out and left for others to find. d1_pkt.c is copied from s3_pkt.c and it has a do_dtls1_write() function that has the same function signature as do_ssl3_write(), except that the create_empty_fragement (yes, that is the spelling in ssl_locl.h) argument is unused for DTLS (although there is code that pretends to use it) since it uses explicit IV (as the comment notes). Instead of leaving this turd lying around, nuke the #if 0'd code (along with the check for *not* DTLS) and remove the pointless create_empty_fragment argument given the only two do_dtls1_write() calls specify zero. This kind of thing also makes you wonder how much actual peer review occurred before the code was initially committed... ok beck@
* we no longer care that these aren't used for ssl2tedu2014-05-291-2/+2
|
* unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.tedu2014-05-291-10/+0
| | | | ok deraadt jsing
* Make it substantially easier to identify protocol version requirementsjsing2014-05-291-2/+35
| | | | | | | | | | | | | | by adding an enc_flags field to the ssl3_enc_method, specifying four flags that are used with this field and providing macros for evaluating these conditions. Currently the version requirements are identified by continually checking the version number and other criteria. This change also adds separate SSL3_ENC_METHOD data for TLS v1.1 and v1.2, since they have different enc_flags from TLS v1. Based on changes in OpenSSL head. No objection from miod@
* Remove unused defines.miod2014-05-271-9/+0
|
* remove unused shit. from Alexander Schrijvertedu2014-05-251-13/+0
|
* The ssl_ciper_get_evp() function is currently overloaded to also return thejsing2014-05-251-2/+2
| | | | | | | | | | | compression associated with the SSL session. Based on one of Adam Langley's chromium diffs, factor out the compression handling code into a separate ssl_cipher_get_comp() function. Rewrite the compression handling code to avoid pointless duplication and so that failures are actually returned to and detectable by the caller. ok miod@
* DeIMPLEMENT libssl. Expand the IMPLEMENT_* macros since it is far morejsing2014-05-241-153/+2
| | | | | | | | readable and one less layer of abstraction. Use C99 initialisers for clarity, grepability and to protect from future field reordering/removal. ok miod@ (tedu@ also thought it was a wonderful idea, beck@ also agreed, but ran away squealing since it reminded him of the VOP layer...)
* There are two actual uses of e_os2.h in libssl - an OPENSSL_GLOBAL (anjsing2014-05-221-3/+1
| | | | | | | | | empty define) and an OPENSSL_EXTERN (which is defined as, well... extern). The use of OPENSSL_EXTERN is already inconsistent since the lines above and below just use plain old "extern". Expand the two uses of these macros and stop including e_os2.h in libssl. ok miod@
* Stop pulling pqueue.h into ssl_locl.h since only a small part of libssljsing2014-05-221-2/+0
| | | | | | | | | | actually needs it. Instead, just include it in the files where it is actually necessary. Also remove standard includes from pqueue.h so that they are not available as a side effect. Just add the two includes that are needed to pqueue.c. ok miod@
* No longer make pqueue.h a public (and installed) header file. Replace itsmiod2014-05-151-0/+2
| | | | | | | | | inclusion in <ssl/dtls1.h> by the benign `struct _pqueue; typedef struct _pqueue *pqueue;'. Note that said dtls1.h should probably be considered a private header as well... ok beck@
* Remove orphaned l2n6 and n2l6 macros.miod2014-04-271-14/+0
|
* Unifdef -U OPENSSL_BUILD_SHLIBCRYPTO, since all it causes under Unix is tomiod2014-04-271-5/+0
| | | | redefine OPENSSL_EXTERN from `extern' to `extern'.
* Unifdef -UPKCS1_CHECK and remove SSL_OP_PKCS1_CHECK_[12], this is leftovermiod2014-04-231-2/+0
| | | | | | | | ``debug'' code from a 15+ years old bugfix and the SSL_OP_PKCS1_CHECK_* constants have had a value of zero since ages. No production code should use them. ok beck@
* The internal ssl2_* functions and variables are goneguenther2014-04-191-30/+0
|
* always build in RSA and DSA. ok deraadt miodtedu2014-04-171-8/+0
|
* quick pass at removing ability to disable sha256 and sha512. ok miodtedu2014-04-171-4/+0
|
* TANSTAAFL - delete the buf freelist code. if you need a better malloc, gettedu2014-04-161-12/+0
| | | | a better malloc. ok beck deraadt
* Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap fromguenther2014-04-161-38/+1
| | | | | | | | | the SSLv23_* client code. The server continues to accept it. It also kills the bits for SSL2 SESSIONs; even when the server gets an SSLv2-style compat handshake, the session that it creates has the correct version internally. ok tedu@ beck@
* First pass at applying KNF to the OpenSSL code, which almost makes itjsing2014-04-151-134/+129
| | | | | | | readable. This pass is whitespace only and can readily be verified using tr and md5. There is still a huge amount of inconsistency within these headers.
* make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miodtedu2014-04-141-7/+0
|
* Cope with the removal of openssl/symhacks.hderaadt2014-04-131-1/+0
|
* Do not include "e_os.h" anymore. Simply pull in the necessary headers.mpi2014-04-131-2/+6
| | | | ok miod@, deraadt@
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-2/+5
|
* SECURITY fixes backported from openssl-1.0.1f. ok mikeb@jca2014-02-271-0/+2
| | | | | | | | | | | | CVE-2013-4353 NULL pointer dereference with crafted Next Protocol Negotiation record in TLS handshake. Upstream: 197e0ea CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client. Upstream: ca98926, 0294b2b CVE-2013-6450 Fix DTLS retransmission from previous session. Upstream: 3462896
* cherry pick bugfixes for http://www.openssl.org/news/secadv_20130205.txtmarkus2013-02-141-0/+38
| | | | | from the openssl git (changes between openssl 1.0.1c and 1.0.1d). ok djm@
* resolve conflictsdjm2012-10-131-10/+65
|
* OpenSSL 1.0.0f: mergedjm2012-01-051-0/+1
|
* resolve conflicts, fix local changesdjm2010-10-011-102/+198
|
* resolve conflictsdjm2009-01-091-0/+4
|
* update to openssl-0.9.8i; tested by several, especially krw@djm2009-01-051-1/+3
|
* resolve conflictsdjm2008-09-061-44/+397
|
* resolve conflictsdjm2006-06-271-2/+3
|
* resolve conflictsdjm2005-04-291-5/+7
|
* merge with openssl-0.9.7-stable-SNAP-20020911,markus2002-09-141-4/+1
| | | | | new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
* merge openssl-0.9.7-beta3, tested on vax by miod@markus2002-09-101-7/+8
|
* merge with 0.9.7-beta1markus2002-09-051-1/+1
|
* apply patches from OpenSSL Security Advisory [30 July 2002],markus2002-07-301-0/+3
| | | | http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
* OpenSSL 0.9.7 stable 2002 05 08 mergebeck2002-05-151-39/+49
|
* openssl-engine-0.9.6a mergebeck2001-06-221-3/+56
|
* openssl-engine-0.9.6 mergebeck2000-12-151-2/+3
|
* OpenSSL 0.9.5 mergebeck2000-03-191-48/+104
| | | | | | *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
* OpenSSL 0.9.4 mergebeck1999-09-291-179/+120
|
* Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD buildryker1998-10-051-0/+558
functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-27 20:53:06 +0000