summaryrefslogtreecommitdiff
path: root/src/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Convert ssl3_get_client_kex_ecdhe_ecp() to CBS.jsing2018-06-021-44/+42
| | | | | | | Also allocate a dedicated buffer to hold the shared secret, rather than reusing init_buf. ok inoguchi@ tb@
* Remove the three remaining single DES cipher suites.jsing2018-06-021-49/+1
| | | | | | | | | These are insecure and should not be used - furthermore, we would should not have been allowing their negotiation with TLSv1.2 (as noted by Robert Merget, Juraj Somorovsky and Simon Friedberger). Removing these cipher suites also fixes this issue. ok beck@ inoguchi@
* Clean out a pile of cruft from ssl3_get_client_kex_ecdhe_ecp().jsing2018-05-191-93/+38
| | | | | | | | | For pure ECDHE we do not need to construct a new key using the one that was set up during the other half of the key exchange. Also, since we do not support any form of ECDH the n == 0 case is not valid (per RFC 4492 section 5.7), so we can ditch this entirely. ok inoguchi@ tb@
* Convert ssl3_get_client_kex_gost() to CBS.jsing2018-05-191-21/+23
| | | | ok beck@ tb@
* Fix a malloc() NULL check in ssl3_send_client_kex_ecdhe_ecp(), by addingjsing2018-05-131-2/+3
| | | | the missing goto. While here also remove a set of unnecessary parentheses.
* More clean up of the RSA key exchange code.jsing2018-05-131-24/+34
| | | | | | | | Convert to CBS, use more appropriate variable names and improve validation. Allocate a dedicated buffer to hold the decrypted result, rather than decrypting into the handshake buffer (which is also used to send data). ok beck@ inoguchi@ tb@
* If we fail to decode an EC point format extension, send a decode_errorjsing2018-05-121-4/+6
| | | | | | | | alert rather than an internal_error alert. Issue found by Simon Friedberger, Robert Merget and Juraj Somorovsky. ok beck@ inoguchi@
* In ssl.h rev. 1.158 2018/05/01 13:30:24, tb@ changed BIO_f_ssl(3)schwarze2018-05-011-3/+3
| | | | to return const. Update the documentation.
* const for BIO_f_ssl(), the last const difference to OpenSSL in ourtb2018-05-012-5/+5
| | | | | | public API in libssl. ok beck, jsing
* Correct direction of SSL_ERROR_ZERO_RETURN caseguenther2018-04-291-3/+3
| | | | ok schwarze@
* Avoid talking about the innternal, undocumented data type "struct lhash_st",schwarze2018-04-251-3/+3
| | | | show the public data type name "LHASH_OF(SSL_SESSION)" instead.
* Document the callbacks as taking "SSL *" and "SSL_CTX *" argumentsschwarze2018-04-251-7/+7
| | | | | and avoid the internal, undocumented names "struct ssl_st *" and "struct ssl_ctx_st *".
* In ssl.h rev. 1.156 2018/04/25 07:10:39, tb@ added const qualifiersschwarze2018-04-255-16/+16
| | | | | to some parameters and return values of some functions. Update the documentation.
* Fix capitalization of data. Pointed out by jsing and forgotten intb2018-04-251-2/+2
| | | | previous commit.
* OpenSSL started adding const to functions all over the place. Make alltb2018-04-257-38/+30
| | | | | | | | our libssl functions match theirs wrt const, except for BIO_f_ssl(3) which will be fixed in a later step. this went through a i386 bulk by sthen ok jsing
* make ENGINE_finish() succeed on NULL and simplify callers as intb2018-04-141-3/+2
| | | | | | | | | | | OpenSSL commit 7c96dbcdab9 by Rich Salz. This cleans up the caller side quite a bit and reduces the number of lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net shows that almost nothing checks the return value of ENGINE_finish(). While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'. ok jsing, tested by & ok inoguchi
* In ssl.h rev. 1.155 2018/04/11 17:47:36, jsing@ changedschwarze2018-04-111-13/+3
| | | | | SSL_OP_TLS_ROLLBACK_BUG to no longer have any effect. Update the manual page.
* Nuke SSL_OP_TLS_ROLLBACK_BUG - this is a workaround for buggy clients fromjsing2018-04-112-36/+17
| | | | | | | around the SSLv3/TLSv1.0 period... and buggy clients are buggy. This also helps to clean up the RSA key exchange code. ok "kill it with fire" beck@ tb@
* Write documentation for the control string parameter from scratch,schwarze2018-04-101-30/+273
| | | | collecting the information by inspecting the source code.
* Remove function pointers for ssl_{read,write,peek}.jsing2018-04-078-59/+11
| | | | | | | Now that everything goes through the same code path, we can remove a layer of indirection and just call ssl3_{read,write,peek} directly. ok beck@ inoguchi@
* Nuke SSL3_FLAGS_DELAY_CLIENT_FINISHED and SSL3_FLAGS_POP_BUFFER.jsing2018-04-074-70/+8
| | | | | | | These flags enabled experimental behaviour in the write path, which nothing uses. Removing this code greatly simplifies ssl3_write(). ok beck@ inoguchi@ sthen@ tb@
* In ssl.h rev. 1.151 2018/03/17 15:48:31, tb@ providedschwarze2018-04-021-6/+34
| | | | | | | | SSL_CTX_get_default_passwd_cb(3) and SSL_CTX_get_default_passwd_cb_userdata(3). Merge the documentation, tweaked by me; from Christian Heimes <cheimes at redhat dot com> via OpenSSL commit 0c452abc Mar 2 12:53:40 2016 +0100.
* fix typo; from <Alex dot Gaynor at gmail dot com>schwarze2018-03-301-4/+4
| | | | via OpenSSL commit 3266cf58 Mar 10 13:13:23 2018 -0500
* Add missing $OpenBSD$.jsing2018-03-301-0/+1
|
* found a complete archive of SSLeay-0.4 to SSLeay-0.8.1b tarballsschwarze2018-03-2779-270/+342
| | | | on the web, so fix up SSLeay HISTORY accordingly
* finish ssl HISTORY; mostly 1.1.0/6.3, but also various other fixeslibressl-v2.7.1schwarze2018-03-2418-47/+104
|
* ouch, previous was wrong; revert it and fix HISTORY insteadschwarze2018-03-241-2/+29
|
* delete two functions that do not existschwarze2018-03-231-22/+1
|
* ssl.h HISTORY up to 1.0.2; researched from OpenSSL git and OpenBSD CVSschwarze2018-03-236-9/+41
|
* ssl.h HISTORY up to 1.0.1; researched from OpenSSL gitschwarze2018-03-239-18/+60
|
* ssl.h HISTORY up to 1.0.0; researched from OpenSSL gitschwarze2018-03-232-5/+15
|
* ssl.h HISTORY up to 0.9.8zh; researched from OpenSSL gitschwarze2018-03-232-8/+11
|
* ssl.h HISTORY up to 0.9.8h; researched from OpenSSL gitschwarze2018-03-233-6/+23
|
* ssl.h HISTORY up to 0.9.8; researched from OpenSSL gitschwarze2018-03-234-8/+31
|
* ssl.h HISTORY up to 0.9.7; researched from OpenSSL gitschwarze2018-03-224-12/+19
|
* ssl.h HISTORY up to 0.9.6c; researched from OpenSSL gitschwarze2018-03-221-2/+8
|
* ssl.h HISTORY up to 0.9.5; researched from OpenSSL gitschwarze2018-03-223-6/+22
|
* ssl.h HISTORY up to 0.9.4; researched from OpenSSL gitschwarze2018-03-212-3/+15
|
* ssl.h HISTORY up to 0.9.3; researched from OpenSSL gitlibressl-v2.7.0schwarze2018-03-213-4/+19
|
* ssl.h HISTORY up to 0.9.2b; researched from OpenSSL gitschwarze2018-03-218-11/+49
|
* ssl.h HISTORY up to SSLeay 0.9.1; researched from OpenSSL gitschwarze2018-03-212-4/+12
|
* ssl.h HISTORY up to SSLeay 0.9.0; researched from OpenSSL gitschwarze2018-03-2111-23/+86
|
* ssl.h HISTORY up to SSLeay 0.8.1b; researched from OpenSSL gitschwarze2018-03-2177-163/+552
|
* In ssl.h rev. 1.154 2018/03/20 15:28:12, tb@ providedschwarze2018-03-201-9/+37
| | | | | SSL_SESSION_set1_id(3). Merge the documentation from OpenSSL, slightly tweaked by me.
* In i2d_SSL_SESSION(), on error call CBB_cleanup() with the correct CBB.jsing2018-03-201-2/+2
| | | | Spotted by Coverity, although reported as a different issue.
* bump minors after symbol additiontb2018-03-201-1/+1
|
* Provide SSL_SESSION_set1_id()tb2018-03-204-3/+21
| | | | ok jsing
* In ssl.h rev. 1.149 2018/03/17 14:40:45, jsing@ providedschwarze2018-03-181-6/+79
| | | | | | SSL_CIPHER_get_cipher_nid(3), SSL_CIPHER_get_digest_nid(3), SSL_CIPHER_get_kx_nid(3), SSL_CIPHER_get_auth_nid(3), and SSL_CIPHER_is_aead(3). Merge the documentation from OpenSSL.
* In ssl.h rev. 1.148 2018/03/17 14:26:13, jsing@ providedschwarze2018-03-181-4/+30
| | | | | SSL_SESSION_get0_id_context(3). Merge the documentation from OpenSSL, tweaked by me.
* In crypto.h rev. 1.43 and ssl.h rev. 1.153 2018/03/17 16:20:01, beck@schwarze2018-03-172-1/+62
| | | | | | provided OPENSSL_init_crypto(3) and OPENSSL_init_ssl(3). Write the documentation from scratch because the text OpenSSL provides is full of bloat.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 11:12:35 +0000